[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/ - gentoo-commits

From:	Jory Pratt <anarchy@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date:	Wed, 08 Feb 2017 00:39:57
Message-Id:	`1486514259.fd2d4c8bc8e4cfdcc99bf3bb632179e22f52ff99.anarchy@gentoo`

1

commit:     fd2d4c8bc8e4cfdcc99bf3bb632179e22f52ff99

2

Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>

3

AuthorDate: Wed Feb  8 00:37:39 2017 +0000

4

Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>

5

CommitDate: Wed Feb  8 00:37:39 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd2d4c8b

7

8

dev-libs/nss: Version bump

9

10

Package-Manager: Portage-2.3.3, Repoman-2.3.1

11

12

 dev-libs/nss/Manifest        |   1 +

13

 dev-libs/nss/nss-3.29.ebuild | 339 +++++++++++++++++++++++++++++++++++++++++++

14

 2 files changed, 340 insertions(+)

15

16

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest

17

index e485949..6f2e627 100644

18

--- a/dev-libs/nss/Manifest

19

+++ b/dev-libs/nss/Manifest

20

@@ -1,3 +1,4 @@

21

 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b

22

+DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c

23

 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

24

 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

25

26

diff --git a/dev-libs/nss/nss-3.29.ebuild b/dev-libs/nss/nss-3.29.ebuild

27

new file mode 100644

28

index 00000000..a253567

29

--- /dev/null

30

+++ b/dev-libs/nss/nss-3.29.ebuild

31

@@ -0,0 +1,339 @@

32

+# Copyright 1999-2017 Gentoo Foundation

33

+# Distributed under the terms of the GNU General Public License v2

34

+# $Id$

35

+

36

+EAPI=6

37

+

38

+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal

39

+

40

+NSPR_VER="4.13.1"

41

+RTM_NAME="NSS_${PV//./_}_RTM"

42

+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git

43

+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"

44

+PEM_P="${PN}-pem-20160329"

45

+

46

+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

47

+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"

48

+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

49

+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )

50

+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"

51

+

52

+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

53

+SLOT="0"

54

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

55

+IUSE="cacert +nss-pem utils"

56

+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

57

+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"

58

+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]

59

+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

60

+	${CDEPEND}"

61

+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

62

+	${CDEPEND}

63

+	abi_x86_32? (

64

+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12

65

+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

66

+	)"

67

+

68

+RESTRICT="test"

69

+

70

+S="${WORKDIR}/${P}/${PN}"

71

+

72

+MULTILIB_CHOST_TOOLS=(

73

+	/usr/bin/nss-config

74

+)

75

+

76

+PATCHES=(

77

+	# Custom changes for gentoo

78

+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"

79

+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

80

+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"

81

+)

82

+

83

+src_unpack() {

84

+	unpack ${A}

85

+	if use nss-pem ; then

86

+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die

87

+	fi

88

+}

89

+

90

+src_prepare() {

91

+	if use nss-pem ; then

92

+		PATCHES+=(

93

+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"

94

+		)

95

+	fi

96

+	if use cacert ; then #521462

97

+		PATCHES+=(

98

+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"

99

+		)

100

+	fi

101

+

102

+	default

103

+

104

+	pushd coreconf >/dev/null || die

105

+	# hack nspr paths

106

+	echo 'INCLUDES += -I$(DIST)/include/dbm' \

107

+		>> headers.mk || die "failed to append include"

108

+

109

+	# modify install path

110

+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

111

+		-i source.mk || die

112

+

113

+	# Respect LDFLAGS

114

+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

115

+	popd >/dev/null || die

116

+

117

+	# Fix pkgconfig file for Prefix

118

+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

119

+		config/Makefile || die

120

+

121

+	# use host shlibsign if need be #436216

122

+	if tc-is-cross-compiler ; then

123

+		sed -i \

124

+			-e 's:"${2}"/shlibsign:shlibsign:' \

125

+			cmd/shlibsign/sign.sh || die

126

+	fi

127

+

128

+	# dirty hack

129

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

130

+		lib/ssl/config.mk || die

131

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

132

+		cmd/platlibs.mk || die

133

+

134

+	multilib_copy_sources

135

+

136

+	strip-flags

137

+}

138

+

139

+multilib_src_configure() {

140

+	# Ensure we stay multilib aware

141

+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

142

+}

143

+

144

+nssarch() {

145

+	# Most of the arches are the same as $ARCH

146

+	local t=${1:-${CHOST}}

147

+	case ${t} in

148

+		aarch64*)echo "aarch64";;

149

+		hppa*)   echo "parisc";;

150

+		i?86*)   echo "i686";;

151

+		x86_64*) echo "x86_64";;

152

+		*)       tc-arch ${t};;

153

+	esac

154

+}

155

+

156

+nssbits() {

157

+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

158

+	if [[ ${1} == BUILD_ ]]; then

159

+		cc=$(tc-getBUILD_CC)

160

+	else

161

+		cc=$(tc-getCC)

162

+	fi

163

+	echo > "${T}"/test.c || die

164

+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

165

+	case $(file "${T}/${1}test.o") in

166

+		*32-bit*x86-64*) echo USE_X32=1;;

167

+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

168

+		*32-bit*|*ppc*|*i386*) ;;

169

+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

170

+	esac

171

+}

172

+

173

+multilib_src_compile() {

174

+	# use ABI to determine bit'ness, or fallback if unset

175

+	local buildbits mybits

176

+	case "${ABI}" in

177

+		n32) mybits="USE_N32=1";;

178

+		x32) mybits="USE_X32=1";;

179

+		s390x|*64) mybits="USE_64=1";;

180

+		${DEFAULT_ABI})

181

+			einfo "Running compilation test to determine bit'ness"

182

+			mybits=$(nssbits)

183

+			;;

184

+	esac

185

+	# bitness of host may differ from target

186

+	if tc-is-cross-compiler; then

187

+		buildbits=$(nssbits BUILD_)

188

+	fi

189

+

190

+	local makeargs=(

191

+		CC="$(tc-getCC)"

192

+		AR="$(tc-getAR) rc \$@"

193

+		RANLIB="$(tc-getRANLIB)"

194

+		OPTIMIZER=

195

+		${mybits}

196

+	)

197

+

198

+	# Take care of nspr settings #436216

199

+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

200

+	unset NSPR_INCLUDE_DIR

201

+

202

+	# Do not let `uname` be used.

203

+	if use kernel_linux ; then

204

+		makeargs+=(

205

+			OS_TARGET=Linux

206

+			OS_RELEASE=2.6

207

+			OS_TEST="$(nssarch)"

208

+		)

209

+	fi

210

+

211

+	export NSS_ENABLE_WERROR=0 #567158

212

+	export BUILD_OPT=1

213

+	export NSS_USE_SYSTEM_SQLITE=1

214

+	export NSDISTMODE=copy

215

+	export NSS_ENABLE_ECC=1

216

+	export FREEBL_NO_DEPEND=1

217

+	export ASFLAGS=""

218

+

219

+	local d

220

+

221

+	# Build the host tools first.

222

+	LDFLAGS="${BUILD_LDFLAGS}" \

223

+	XCFLAGS="${BUILD_CFLAGS}" \

224

+	NSPR_LIB_DIR="${T}/fakedir" \

225

+	emake -j1 -C coreconf \

226

+		CC="$(tc-getBUILD_CC)" \

227

+		${buildbits:-${mybits}}

228

+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

229

+

230

+	# Then build the target tools.

231

+	for d in . lib/dbm ; do

232

+		CPPFLAGS="${myCPPFLAGS}" \

233

+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

234

+		NSPR_LIB_DIR="${T}/fakedir" \

235

+		emake -j1 "${makeargs[@]}" -C ${d}

236

+	done

237

+}

238

+

239

+# Altering these 3 libraries breaks the CHK verification.

240

+# All of the following cause it to break:

241

+# - stripping

242

+# - prelink

243

+# - ELF signing

244

+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

245

+# Either we have to NOT strip them, or we have to forcibly resign after

246

+# stripping.

247

+#local_libdir="$(get_libdir)"

248

+#export STRIP_MASK="

249

+#	*/${local_libdir}/libfreebl3.so*

250

+#	*/${local_libdir}/libnssdbm3.so*

251

+#	*/${local_libdir}/libsoftokn3.so*"

252

+

253

+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

254

+

255

+generate_chk() {

256

+	local shlibsign="$1"

257

+	local libdir="$2"

258

+	einfo "Resigning core NSS libraries for FIPS validation"

259

+	shift 2

260

+	local i

261

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

262

+		local libname=lib${i}.so

263

+		local chkname=lib${i}.chk

264

+		"${shlibsign}" \

265

+			-i "${libdir}"/${libname} \

266

+			-o "${libdir}"/${chkname}.tmp \

267

+		&& mv -f \

268

+			"${libdir}"/${chkname}.tmp \

269

+			"${libdir}"/${chkname} \

270

+		|| die "Failed to sign ${libname}"

271

+	done

272

+}

273

+

274

+cleanup_chk() {

275

+	local libdir="$1"

276

+	shift 1

277

+	local i

278

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

279

+		local libfname="${libdir}/lib${i}.so"

280

+		# If the major version has changed, then we have old chk files.

281

+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

282

+			&& rm -f "${libfname}.chk"

283

+	done

284

+}

285

+

286

+multilib_src_install() {

287

+	pushd dist >/dev/null || die

288

+

289

+	dodir /usr/$(get_libdir)

290

+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

291

+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

292

+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

293

+

294

+	# Install nss-config and pkgconfig file

295

+	dodir /usr/bin

296

+	cp -L */bin/nss-config "${ED}"/usr/bin || die

297

+	dodir /usr/$(get_libdir)/pkgconfig

298

+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

299

+

300

+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

301

+	# bug 517266

302

+	sed 	-e 's#Libs:#Libs: -lfreebl#' \

303

+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

304

+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

305

+		|| die "could not create nss-softokn.pc"

306

+

307

+	# all the include files

308

+	insinto /usr/include/nss

309

+	doins public/nss/*.h

310

+	insinto /usr/include/nss/private

311

+	doins private/nss/{blapi,alghmac}.h

312

+

313

+	popd >/dev/null || die

314

+

315

+	local f nssutils

316

+	# Always enabled because we need it for chk generation.

317

+	nssutils="shlibsign"

318

+

319

+	if multilib_is_native_abi ; then

320

+		if use utils; then

321

+			# The tests we do not need to install.

322

+			#nssutils_test="bltest crmftest dbtest dertimetest

323

+			#fipstest remtest sdrtest"

324

+			# checkcert utils has been removed in nss-3.22:

325

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545

326

+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870

327

+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil

328

+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit

329

+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode

330

+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt

331

+			symkeyutil tstclnt vfychain vfyserv"

332

+			# install man-pages for utils (bug #516810)

333

+			doman doc/nroff/*.1

334

+		fi

335

+		pushd dist/*/bin >/dev/null || die

336

+		for f in ${nssutils}; do

337

+			dobin ${f}

338

+		done

339

+		popd >/dev/null || die

340

+	fi

341

+

342

+	# Prelink breaks the CHK files. We don't have any reliable way to run

343

+	# shlibsign after prelink.

344

+	dodir /etc/prelink.conf.d

345

+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \

346

+		> "${ED}"/etc/prelink.conf.d/nss.conf

347

+}

348

+

349

+pkg_postinst() {

350

+	multilib_pkg_postinst() {

351

+		# We must re-sign the libraries AFTER they are stripped.

352

+		local shlibsign="${EROOT}/usr/bin/shlibsign"

353

+		# See if we can execute it (cross-compiling & such). #436216

354

+		"${shlibsign}" -h >&/dev/null

355

+		if [[ $? -gt 1 ]] ; then

356

+			shlibsign="shlibsign"

357

+		fi

358

+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

359

+	}

360

+

361

+	multilib_foreach_abi multilib_pkg_postinst

362

+}

363

+

364

+pkg_postrm() {

365

+	multilib_pkg_postrm() {

366

+		cleanup_chk "${EROOT}"/usr/$(get_libdir)

367

+	}

368

+

369

+	multilib_foreach_abi multilib_pkg_postrm

370

+}

1	commit: fd2d4c8bc8e4cfdcc99bf3bb632179e22f52ff99
2	Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
3	AuthorDate: Wed Feb 8 00:37:39 2017 +0000
4	Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
5	CommitDate: Wed Feb 8 00:37:39 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd2d4c8b
7
8	dev-libs/nss: Version bump
9
10	Package-Manager: Portage-2.3.3, Repoman-2.3.1
11
12	dev-libs/nss/Manifest \| 1 +
13	dev-libs/nss/nss-3.29.ebuild \| 339 +++++++++++++++++++++++++++++++++++++++++++
14	2 files changed, 340 insertions(+)
15
16	diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
17	index e485949..6f2e627 100644
18	--- a/dev-libs/nss/Manifest
19	+++ b/dev-libs/nss/Manifest
20	@@ -1,3 +1,4 @@
21	DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
22	+DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
23	DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
24	DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836
25
26	diff --git a/dev-libs/nss/nss-3.29.ebuild b/dev-libs/nss/nss-3.29.ebuild
27	new file mode 100644
28	index 00000000..a253567
29	--- /dev/null
30	+++ b/dev-libs/nss/nss-3.29.ebuild
31	@@ -0,0 +1,339 @@
32	+# Copyright 1999-2017 Gentoo Foundation
33	+# Distributed under the terms of the GNU General Public License v2
34	+# $Id$
35	+
36	+EAPI=6
37	+
38	+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
39	+
40	+NSPR_VER="4.13.1"
41	+RTM_NAME="NSS_${PV//./_}_RTM"
42	+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
43	+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
44	+PEM_P="${PN}-pem-20160329"
45	+
46	+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
47	+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
48	+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
49	+ cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
50	+ nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
51	+
52	+LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
53	+SLOT="0"
54	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
55	+IUSE="cacert +nss-pem utils"
56	+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
57	+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
58	+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
59	+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
60	+ ${CDEPEND}"
61	+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
62	+ ${CDEPEND}
63	+ abi_x86_32? (
64	+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
65	+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
66	+ )"
67	+
68	+RESTRICT="test"
69	+
70	+S="${WORKDIR}/${P}/${PN}"
71	+
72	+MULTILIB_CHOST_TOOLS=(
73	+ /usr/bin/nss-config
74	+)
75	+
76	+PATCHES=(
77	+ # Custom changes for gentoo
78	+ "${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
79	+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
80	+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
81	+)
82	+
83	+src_unpack() {
84	+ unpack ${A}
85	+ if use nss-pem ; then
86	+ mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ \|\| die
87	+ fi
88	+}
89	+
90	+src_prepare() {
91	+ if use nss-pem ; then
92	+ PATCHES+=(
93	+ "${FILESDIR}/${PN}-3.21-enable-pem.patch"
94	+ )
95	+ fi
96	+ if use cacert ; then #521462
97	+ PATCHES+=(
98	+ "${DISTDIR}/${PN}-cacert-class1-class3.patch"
99	+ )
100	+ fi
101	+
102	+ default
103	+
104	+ pushd coreconf >/dev/null \|\| die
105	+ # hack nspr paths
106	+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
107	+ >> headers.mk \|\| die "failed to append include"
108	+
109	+ # modify install path
110	+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
111	+ -i source.mk \|\| die
112	+
113	+ # Respect LDFLAGS
114	+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
115	+ popd >/dev/null \|\| die
116	+
117	+ # Fix pkgconfig file for Prefix
118	+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
119	+ config/Makefile \|\| die
120	+
121	+ # use host shlibsign if need be #436216
122	+ if tc-is-cross-compiler ; then
123	+ sed -i \
124	+ -e 's:"${2}"/shlibsign:shlibsign:' \
125	+ cmd/shlibsign/sign.sh \|\| die
126	+ fi
127	+
128	+ # dirty hack
129	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
130	+ lib/ssl/config.mk \|\| die
131	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
132	+ cmd/platlibs.mk \|\| die
133	+
134	+ multilib_copy_sources
135	+
136	+ strip-flags
137	+}
138	+
139	+multilib_src_configure() {
140	+ # Ensure we stay multilib aware
141	+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
142	+}
143	+
144	+nssarch() {
145	+ # Most of the arches are the same as $ARCH
146	+ local t=${1:-${CHOST}}
147	+ case ${t} in
148	+ aarch64*)echo "aarch64";;
149	+ hppa*) echo "parisc";;
150	+ i?86*) echo "i686";;
151	+ x86_64*) echo "x86_64";;
152	+ *) tc-arch ${t};;
153	+ esac
154	+}
155	+
156	+nssbits() {
157	+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
158	+ if [[ ${1} == BUILD_ ]]; then
159	+ cc=$(tc-getBUILD_CC)
160	+ else
161	+ cc=$(tc-getCC)
162	+ fi
163	+ echo > "${T}"/test.c \|\| die
164	+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
165	+ case $(file "${T}/${1}test.o") in
166	+ 32-bitx86-64*) echo USE_X32=1;;
167	+ 64-bit\|ppc64\|x86_64) echo USE_64=1;;
168	+ 32-bit\|ppc\|i386) ;;
169	+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
170	+ esac
171	+}
172	+
173	+multilib_src_compile() {
174	+ # use ABI to determine bit'ness, or fallback if unset
175	+ local buildbits mybits
176	+ case "${ABI}" in
177	+ n32) mybits="USE_N32=1";;
178	+ x32) mybits="USE_X32=1";;
179	+ s390x\|*64) mybits="USE_64=1";;
180	+ ${DEFAULT_ABI})
181	+ einfo "Running compilation test to determine bit'ness"
182	+ mybits=$(nssbits)
183	+ ;;
184	+ esac
185	+ # bitness of host may differ from target
186	+ if tc-is-cross-compiler; then
187	+ buildbits=$(nssbits BUILD_)
188	+ fi
189	+
190	+ local makeargs=(
191	+ CC="$(tc-getCC)"
192	+ AR="$(tc-getAR) rc \$@"
193	+ RANLIB="$(tc-getRANLIB)"
194	+ OPTIMIZER=
195	+ ${mybits}
196	+ )
197	+
198	+ # Take care of nspr settings #436216
199	+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
200	+ unset NSPR_INCLUDE_DIR
201	+
202	+ # Do not let `uname` be used.
203	+ if use kernel_linux ; then
204	+ makeargs+=(
205	+ OS_TARGET=Linux
206	+ OS_RELEASE=2.6
207	+ OS_TEST="$(nssarch)"
208	+ )
209	+ fi
210	+
211	+ export NSS_ENABLE_WERROR=0 #567158
212	+ export BUILD_OPT=1
213	+ export NSS_USE_SYSTEM_SQLITE=1
214	+ export NSDISTMODE=copy
215	+ export NSS_ENABLE_ECC=1
216	+ export FREEBL_NO_DEPEND=1
217	+ export ASFLAGS=""
218	+
219	+ local d
220	+
221	+ # Build the host tools first.
222	+ LDFLAGS="${BUILD_LDFLAGS}" \
223	+ XCFLAGS="${BUILD_CFLAGS}" \
224	+ NSPR_LIB_DIR="${T}/fakedir" \
225	+ emake -j1 -C coreconf \
226	+ CC="$(tc-getBUILD_CC)" \
227	+ ${buildbits:-${mybits}}
228	+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
229	+
230	+ # Then build the target tools.
231	+ for d in . lib/dbm ; do
232	+ CPPFLAGS="${myCPPFLAGS}" \
233	+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
234	+ NSPR_LIB_DIR="${T}/fakedir" \
235	+ emake -j1 "${makeargs[@]}" -C ${d}
236	+ done
237	+}
238	+
239	+# Altering these 3 libraries breaks the CHK verification.
240	+# All of the following cause it to break:
241	+# - stripping
242	+# - prelink
243	+# - ELF signing
244	+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
245	+# Either we have to NOT strip them, or we have to forcibly resign after
246	+# stripping.
247	+#local_libdir="$(get_libdir)"
248	+#export STRIP_MASK="
249	+# /${local_libdir}/libfreebl3.so
250	+# /${local_libdir}/libnssdbm3.so
251	+# /${local_libdir}/libsoftokn3.so"
252	+
253	+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
254	+
255	+generate_chk() {
256	+ local shlibsign="$1"
257	+ local libdir="$2"
258	+ einfo "Resigning core NSS libraries for FIPS validation"
259	+ shift 2
260	+ local i
261	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
262	+ local libname=lib${i}.so
263	+ local chkname=lib${i}.chk
264	+ "${shlibsign}" \
265	+ -i "${libdir}"/${libname} \
266	+ -o "${libdir}"/${chkname}.tmp \
267	+ && mv -f \
268	+ "${libdir}"/${chkname}.tmp \
269	+ "${libdir}"/${chkname} \
270	+ \|\| die "Failed to sign ${libname}"
271	+ done
272	+}
273	+
274	+cleanup_chk() {
275	+ local libdir="$1"
276	+ shift 1
277	+ local i
278	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
279	+ local libfname="${libdir}/lib${i}.so"
280	+ # If the major version has changed, then we have old chk files.
281	+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
282	+ && rm -f "${libfname}.chk"
283	+ done
284	+}
285	+
286	+multilib_src_install() {
287	+ pushd dist >/dev/null \|\| die
288	+
289	+ dodir /usr/$(get_libdir)
290	+ cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
291	+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
292	+ cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
293	+
294	+ # Install nss-config and pkgconfig file
295	+ dodir /usr/bin
296	+ cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
297	+ dodir /usr/$(get_libdir)/pkgconfig
298	+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
299	+
300	+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
301	+ # bug 517266
302	+ sed -e 's#Libs:#Libs: -lfreebl#' \
303	+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
304	+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
305	+ \|\| die "could not create nss-softokn.pc"
306	+
307	+ # all the include files
308	+ insinto /usr/include/nss
309	+ doins public/nss/*.h
310	+ insinto /usr/include/nss/private
311	+ doins private/nss/{blapi,alghmac}.h
312	+
313	+ popd >/dev/null \|\| die
314	+
315	+ local f nssutils
316	+ # Always enabled because we need it for chk generation.
317	+ nssutils="shlibsign"
318	+
319	+ if multilib_is_native_abi ; then
320	+ if use utils; then
321	+ # The tests we do not need to install.
322	+ #nssutils_test="bltest crmftest dbtest dertimetest
323	+ #fipstest remtest sdrtest"
324	+ # checkcert utils has been removed in nss-3.22:
325	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
326	+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
327	+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil
328	+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
329	+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
330	+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
331	+ symkeyutil tstclnt vfychain vfyserv"
332	+ # install man-pages for utils (bug #516810)
333	+ doman doc/nroff/*.1
334	+ fi
335	+ pushd dist/*/bin >/dev/null \|\| die
336	+ for f in ${nssutils}; do
337	+ dobin ${f}
338	+ done
339	+ popd >/dev/null \|\| die
340	+ fi
341	+
342	+ # Prelink breaks the CHK files. We don't have any reliable way to run
343	+ # shlibsign after prelink.
344	+ dodir /etc/prelink.conf.d
345	+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
346	+ > "${ED}"/etc/prelink.conf.d/nss.conf
347	+}
348	+
349	+pkg_postinst() {
350	+ multilib_pkg_postinst() {
351	+ # We must re-sign the libraries AFTER they are stripped.
352	+ local shlibsign="${EROOT}/usr/bin/shlibsign"
353	+ # See if we can execute it (cross-compiling & such). #436216
354	+ "${shlibsign}" -h >&/dev/null
355	+ if [[ $? -gt 1 ]] ; then
356	+ shlibsign="shlibsign"
357	+ fi
358	+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
359	+ }
360	+
361	+ multilib_foreach_abi multilib_pkg_postinst
362	+}
363	+
364	+pkg_postrm() {
365	+ multilib_pkg_postrm() {
366	+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
367	+ }
368	+
369	+ multilib_foreach_abi multilib_pkg_postrm
370	+}

Gentoo Archives: gentoo-commits