From 0142d183c2d44dc2562beb0481f0fe71698e882e Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Fri, 14 Jun 2019 23:10:53 -0400
Subject: user/xmlsec: fix tests, add -gcrypt and -gnutls, and more

* URL changed to official website.
* Source changed to official download URL instead of GitHub archive.
* Tests were being skipped spuriously due to the test suite being
  broken. The relevant commits to fix this have been backported and
  applied.
* Add the -gnutls (for experimental/aqbanking) and -gcrypt (required in
  order to build -gnutls) subpackages.
* The *.la files have been removed from the main package (remove
  options=libtool). It is assumed these are no longer needed, since the
  only official reverse dependency at this time is libreoffice, which
  uses pkg-config and not libtool.
* usr/lib/libxmlsec1-nss.so was moved to -dev by running the -dev split
  function before the plugin split functions.
* usr/lib/xmlsec1Conf.sh was moved to -dev.
---
 user/xmlsec/APKBUILD        |  53 ++++++++-----
 user/xmlsec/fix-tests.patch | 176 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 211 insertions(+), 18 deletions(-)
 create mode 100644 user/xmlsec/fix-tests.patch

diff --git a/user/xmlsec/APKBUILD b/user/xmlsec/APKBUILD
index 171427b55..4b7f83509 100644
--- a/user/xmlsec/APKBUILD
+++ b/user/xmlsec/APKBUILD
@@ -1,25 +1,21 @@
 # Maintainer: Max Rees <maxcrees@me.com>
 pkgname=xmlsec
 pkgver=1.2.28
-_pkgver=1_2_28
-pkgrel=0
+_pkgname="$pkgname${pkgver%%.*}"
+pkgrel=1
 pkgdesc="C-based XML signature and encryption syntax and processing library"
-url="https://github.com/lsh123/$pkgname/"
+url="https://www.aleksey.com/xmlsec/"
 arch="all"
-options="libtool"
 license="MIT"
 depends=""
 checkdepends="nss-tools"
-makedepends="$depends_dev libxml2-dev libxslt-dev nss-dev openssl-dev
-	autoconf automake libtool"
-subpackages="$pkgname-nss $pkgname-dev $pkgname-doc"
-source="$url/archive/$pkgname-$_pkgver.tar.gz"
-builddir="$srcdir/$pkgname-$pkgname-$_pkgver"
-
-prepare() {
-	default_prepare
-	./autogen.sh
-}
+makedepends="libxml2-dev libxslt-dev openssl-dev
+	gnutls-dev libgcrypt-dev nss-dev"
+subpackages="$pkgname-dev $pkgname-doc
+	$pkgname-gcrypt $pkgname-gnutls $pkgname-nss"
+source="http://www.aleksey.com/xmlsec/download/$_pkgname-$pkgver.tar.gz
+	fix-tests.patch"
+builddir="$srcdir/$_pkgname-$pkgver"
 
 build() {
 	./configure \
@@ -28,9 +24,9 @@ build() {
 		--prefix=/usr \
 		--disable-static \
 		--enable-pkgconfig \
-		--with-openssl=/usr \
-		--without-gnutls \
-		--without-gcrypt \
+		--with-openssl \
+		--with-gnutls \
+		--with-gcrypt \
 		--with-default-crypto='openssl'
 	make
 }
@@ -46,6 +42,26 @@ package() {
 	install -m644 'COPYING' "$pkgdir/usr/share/licenses/$pkgname/"
 }
 
+dev() {
+	default_dev
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/xmlsec1Conf.sh "$subpkgdir"/usr/lib
+}
+
+gcrypt() {
+	pkgdesc="xmlsec gcrypt plugin"
+	install_if="$pkgname=$pkgver-r$pkgrel gcrypt"
+	mkdir -p "$subpkgdir"/usr/lib/
+	mv "$pkgdir"/usr/lib/libxmlsec1-gcrypt.so* "$subpkgdir"/usr/lib/
+}
+
+gnutls() {
+	pkgdesc="xmlsec gnutls plugin"
+	install_if="$pkgname=$pkgver-r$pkgrel gnutls"
+	mkdir -p "$subpkgdir"/usr/lib/
+	mv "$pkgdir"/usr/lib/libxmlsec1-gnutls.so* "$subpkgdir"/usr/lib/
+}
+
 nss() {
 	pkgdesc="xmlsec NSS plugin"
 	install_if="$pkgname=$pkgver-r$pkgrel nss"
@@ -53,4 +69,5 @@ nss() {
 	mv "$pkgdir"/usr/lib/libxmlsec1-nss.so* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="fb0c775f6455ce5a5579a69bb91d60fe90c023e538c32bdf2a70aa413a53b22ef938349a3ce6b42bb23f8f70b4e00f1b9917f877487bb1507c927ec70c3d95f5  xmlsec-1_2_28.tar.gz"
+sha512sums="17fa59e4ffee5e024caa4895e8ed21d1435f14e3a37d0ed781b1dd216333ae3b6099c460efd45d4a8097d0202522150b7b0ad543b47c1596d8473b6922270480  xmlsec1-1.2.28.tar.gz
+2f146b31460ae1843a696c77cef03b36a0bf212028189055834e2e50d7a3142f6a069ce18a5c6b2251b5846fad7e96a6d9e26a6445fd182ac4c44c70afc4f8a3  fix-tests.patch"
diff --git a/user/xmlsec/fix-tests.patch b/user/xmlsec/fix-tests.patch
new file mode 100644
index 000000000..73acdf800
--- /dev/null
+++ b/user/xmlsec/fix-tests.patch
@@ -0,0 +1,176 @@
+Backport of the following commits:
+
+b841f2c0b1e9cf24d991cc8b5d21e5a3b7c6ad80
+f25e8f07428b9475fa576bf78d77fb4fa366bc70
+106e7dbf39d96c46aedecf229d55a09e7593f1ec
+
+diff --git a/tests/testDSig.sh b/tests/testDSig.sh
+index 77372311..f2014464 100755
+--- a/tests/testDSig.sh
++++ b/tests/testDSig.sh
+@@ -805,98 +805,98 @@ execDSigTest $res_success \
+     "signature-rsa-detached-b64-transform" \
+     "base64 sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-detached" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-detached-xpath-transform" \
+     "xpath sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-detached-xslt-transform-retrieval-method" \
+     "xslt sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-detached-xslt-transform" \
+     "xslt sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00  $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-enveloped" \
+     "enveloped-signature sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-enveloping" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-manifest-x509-data-cert-chain" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-manifest-x509-data-cert" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-manifest-x509-data-issuer-serial" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-manifest-x509-data-ski" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-manifest-x509-data-subject-name" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-manifest" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+ 
+ execDSigTest $res_success \
+     "phaos-xmldsig-three" \
+     "signature-rsa-xpath-transform-enveloped" \
+     "enveloped-signature xpath sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
++    "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+ 
+ 
+ ##########################################################################
+@@ -940,7 +940,7 @@ execDSigTest $res_fail \
+     "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
+     "sha1 rsa-sha1" \
+     "rsa x509" \
+-    "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
++    "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
+ 
+ execDSigTest $res_fail \
+     "" \
+diff --git a/tests/testrun.sh b/tests/testrun.sh
+index ea65802b..fe0334c7 100755
+--- a/tests/testrun.sh
++++ b/tests/testrun.sh
+@@ -59,7 +59,7 @@ if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then
+ elif [ "z$crypto" != "z" ] ; then
+     xmlsec_params="$xmlsec_params --crypto $crypto"
+ fi
+-xmlsec_params="$xmlsec_params --X509-skip-strict-checks --crypto-config $crypto_config"
++xmlsec_params="$xmlsec_params --crypto-config $crypto_config"
+ 
+ #
+ # Setup keys config
+@@ -308,8 +308,8 @@ execDSigTest() {
+     # run tests
+     if [ -n "$params1" ] ; then
+         printf "    Verify existing signature                            "
+-        echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $curlogfile
+-        $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile
++        echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml" >> $curlogfile
++        $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile
+         printRes $expected_res $?
+         if [ $? != 0 ]; then
+             failures=`expr $failures + 1`
+@@ -328,8 +328,8 @@ execDSigTest() {
+ 
+     if [ -n "$params3" -a -z "$PERF_TEST" ] ; then
+         printf "    Verify new signature                                 "
+-        echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $curlogfile
+-        $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile
++        echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile" >> $curlogfile
++        $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile
+         printRes $res_success $?
+         if [ $? != 0 ]; then
+             failures=`expr $failures + 1`
+@@ -406,7 +406,7 @@ execEncTest() {
+     if [ -n "$params1" ] ; then
+         rm -f $tmpfile
+         printf "    Decrypt existing document                            "
+-        echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >>  $curlogfile 
++        echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >>  $curlogfile
+         $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 --output $tmpfile $full_file.xml >> $curlogfile  2>> $curlogfile
+         res=$?
+         echo "=== TEST RESULT: $res; expected: $expected_res" >> $curlogfile
-- 
cgit v1.2.3-60-g2f50