Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/, dev-libs/nss/files/
Date: Sun, 30 Aug 2020 22:57:57
Message-Id: 1598828195.9522aa465f097bca10a2e9ee5c3e2586d3fcd26e.whissi@gentoo
1 commit: 9522aa465f097bca10a2e9ee5c3e2586d3fcd26e
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Sun Aug 30 22:56:35 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Sun Aug 30 22:56:35 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9522aa46
7
8 dev-libs/nss: security cleanup
9
10 Bug: https://bugs.gentoo.org/734986
11 Package-Manager: Portage-3.0.4, Repoman-3.0.1
12 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14 dev-libs/nss/Manifest | 4 -
15 dev-libs/nss/files/nss-3.47-gentoo-fixups.patch | 242 ----------------
16 dev-libs/nss/nss-3.51.ebuild | 357 -----------------------
17 dev-libs/nss/nss-3.52.1-r1.ebuild | 361 ------------------------
18 dev-libs/nss/nss-3.53.1.ebuild | 351 -----------------------
19 dev-libs/nss/nss-3.54-r1.ebuild | 351 -----------------------
20 6 files changed, 1666 deletions(-)
21
22 diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
23 index e2468639f8b..a4426510d65 100644
24 --- a/dev-libs/nss/Manifest
25 +++ b/dev-libs/nss/Manifest
26 @@ -1,7 +1,3 @@
27 -DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
28 -DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6
29 -DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0
30 -DIST nss-3.54.tar.gz 81190188 BLAKE2B bf91aa3e2081f0d123d3adfbfc2e3cadfeccf6b15ce03f429fede73bd57ebf96ba7317b890762b01820d75020bb99383c022e2e6558aa1a6d44e8c92cd533bd2 SHA512 9b9253469514c085730ae580f6544e882a8264e253687950627a4fa1eeb956287c9da46caf7d8988cd6363f6dee26cb8db755203375751fe53795697d7ae9b7b
31 DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e
32 DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
33 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
34
35 diff --git a/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch
36 deleted file mode 100644
37 index 29b3a2a7232..00000000000
38 --- a/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch
39 +++ /dev/null
40 @@ -1,242 +0,0 @@
41 ---- a/config/Makefile
42 -+++ b/config/Makefile
43 -@@ -0,0 +1,40 @@
44 -+CORE_DEPTH = ..
45 -+DEPTH = ..
46 -+
47 -+include $(CORE_DEPTH)/coreconf/config.mk
48 -+
49 -+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
50 -+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
51 -+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
52 -+PREFIX = /usr
53 -+
54 -+all: export libs
55 -+
56 -+export:
57 -+ # Create the nss.pc file
58 -+ mkdir -p $(DIST)/lib/pkgconfig
59 -+ sed -e "s,@prefix@,$(PREFIX)," \
60 -+ -e "s,@exec_prefix@,\$${prefix}," \
61 -+ -e "s,@libdir@,\$${prefix}/lib64," \
62 -+ -e "s,@includedir@,\$${prefix}/include/nss," \
63 -+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
64 -+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
65 -+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
66 -+ nss.pc.in > nss.pc
67 -+ chmod 0644 nss.pc
68 -+ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
69 -+
70 -+ # Create the nss-config script
71 -+ mkdir -p $(DIST)/bin
72 -+ sed -e "s,@prefix@,$(PREFIX)," \
73 -+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
74 -+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
75 -+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
76 -+ nss-config.in > nss-config
77 -+ chmod 0755 nss-config
78 -+ ln -sf ../../../config/nss-config $(DIST)/bin
79 -+
80 -+libs:
81 -+
82 -+dummy: all export libs
83 -+
84 ---- a/config/nss-config.in
85 -+++ b/config/nss-config.in
86 -@@ -0,0 +1,145 @@
87 -+#!/bin/sh
88 -+
89 -+prefix=@prefix@
90 -+
91 -+major_version=@NSS_MAJOR_VERSION@
92 -+minor_version=@NSS_MINOR_VERSION@
93 -+patch_version=@NSS_PATCH_VERSION@
94 -+
95 -+usage()
96 -+{
97 -+ cat <<EOF
98 -+Usage: nss-config [OPTIONS] [LIBRARIES]
99 -+Options:
100 -+ [--prefix[=DIR]]
101 -+ [--exec-prefix[=DIR]]
102 -+ [--includedir[=DIR]]
103 -+ [--libdir[=DIR]]
104 -+ [--version]
105 -+ [--libs]
106 -+ [--cflags]
107 -+Dynamic Libraries:
108 -+ nss
109 -+ ssl
110 -+ smime
111 -+ nssutil
112 -+EOF
113 -+ exit $1
114 -+}
115 -+
116 -+if test $# -eq 0; then
117 -+ usage 1 1>&2
118 -+fi
119 -+
120 -+lib_ssl=yes
121 -+lib_smime=yes
122 -+lib_nss=yes
123 -+lib_nssutil=yes
124 -+
125 -+while test $# -gt 0; do
126 -+ case "$1" in
127 -+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
128 -+ *) optarg= ;;
129 -+ esac
130 -+
131 -+ case $1 in
132 -+ --prefix=*)
133 -+ prefix=$optarg
134 -+ ;;
135 -+ --prefix)
136 -+ echo_prefix=yes
137 -+ ;;
138 -+ --exec-prefix=*)
139 -+ exec_prefix=$optarg
140 -+ ;;
141 -+ --exec-prefix)
142 -+ echo_exec_prefix=yes
143 -+ ;;
144 -+ --includedir=*)
145 -+ includedir=$optarg
146 -+ ;;
147 -+ --includedir)
148 -+ echo_includedir=yes
149 -+ ;;
150 -+ --libdir=*)
151 -+ libdir=$optarg
152 -+ ;;
153 -+ --libdir)
154 -+ echo_libdir=yes
155 -+ ;;
156 -+ --version)
157 -+ echo ${major_version}.${minor_version}.${patch_version}
158 -+ ;;
159 -+ --cflags)
160 -+ echo_cflags=yes
161 -+ ;;
162 -+ --libs)
163 -+ echo_libs=yes
164 -+ ;;
165 -+ ssl)
166 -+ lib_ssl=yes
167 -+ ;;
168 -+ smime)
169 -+ lib_smime=yes
170 -+ ;;
171 -+ nss)
172 -+ lib_nss=yes
173 -+ ;;
174 -+ nssutil)
175 -+ lib_nssutil=yes
176 -+ ;;
177 -+ *)
178 -+ usage 1 1>&2
179 -+ ;;
180 -+ esac
181 -+ shift
182 -+done
183 -+
184 -+# Set variables that may be dependent upon other variables
185 -+if test -z "$exec_prefix"; then
186 -+ exec_prefix=`pkg-config --variable=exec_prefix nss`
187 -+fi
188 -+if test -z "$includedir"; then
189 -+ includedir=`pkg-config --variable=includedir nss`
190 -+fi
191 -+if test -z "$libdir"; then
192 -+ libdir=`pkg-config --variable=libdir nss`
193 -+fi
194 -+
195 -+if test "$echo_prefix" = "yes"; then
196 -+ echo $prefix
197 -+fi
198 -+
199 -+if test "$echo_exec_prefix" = "yes"; then
200 -+ echo $exec_prefix
201 -+fi
202 -+
203 -+if test "$echo_includedir" = "yes"; then
204 -+ echo $includedir
205 -+fi
206 -+
207 -+if test "$echo_libdir" = "yes"; then
208 -+ echo $libdir
209 -+fi
210 -+
211 -+if test "$echo_cflags" = "yes"; then
212 -+ echo -I$includedir
213 -+fi
214 -+
215 -+if test "$echo_libs" = "yes"; then
216 -+ libdirs=""
217 -+ if test -n "$lib_ssl"; then
218 -+ libdirs="$libdirs -lssl${major_version}"
219 -+ fi
220 -+ if test -n "$lib_smime"; then
221 -+ libdirs="$libdirs -lsmime${major_version}"
222 -+ fi
223 -+ if test -n "$lib_nss"; then
224 -+ libdirs="$libdirs -lnss${major_version}"
225 -+ fi
226 -+ if test -n "$lib_nssutil"; then
227 -+ libdirs="$libdirs -lnssutil${major_version}"
228 -+ fi
229 -+ echo $libdirs
230 -+fi
231 -+
232 ---- a/config/nss.pc.in
233 -+++ b/config/nss.pc.in
234 -@@ -0,0 +1,12 @@
235 -+prefix=@prefix@
236 -+exec_prefix=@exec_prefix@
237 -+libdir=@libdir@
238 -+includedir=@includedir@
239 -+
240 -+Name: NSS
241 -+Description: Network Security Services
242 -+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
243 -+Requires: nspr >= 4.8
244 -+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
245 -+Cflags: -I${includedir}
246 -+
247 ---- a/Makefile
248 -+++ b/Makefile
249 -@@ -47,7 +47,7 @@
250 - # (7) Execute "local" rules. (OPTIONAL). #
251 - #######################################################################
252 -
253 --nss_build_all: build_nspr all latest
254 -+nss_build_all: all latest
255 -
256 - nss_clean_all: clobber_nspr clobber
257 -
258 -@@ -133,16 +133,6 @@
259 - --prefix='$(NSS_GYP_PREFIX)'
260 - endif
261 -
262 --build_nspr: $(NSPR_CONFIG_STATUS)
263 -- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
264 -- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
265 --
266 --install_nspr: build_nspr
267 -- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
268 --
269 --clobber_nspr: $(NSPR_CONFIG_STATUS)
270 -- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
271 --
272 - build_docs:
273 - $(MAKE) -C $(CORE_DEPTH)/doc
274 -
275 ---- a/manifest.mn
276 -+++ b/manifest.mn
277 -@@ -10,4 +10,4 @@
278 -
279 - RELEASE = nss
280 -
281 --DIRS = coreconf lib cmd cpputil gtests
282 -+DIRS = coreconf lib cmd cpputil config
283
284 diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
285 deleted file mode 100644
286 index 25170cb99d3..00000000000
287 --- a/dev-libs/nss/nss-3.51.ebuild
288 +++ /dev/null
289 @@ -1,357 +0,0 @@
290 -# Copyright 1999-2020 Gentoo Authors
291 -# Distributed under the terms of the GNU General Public License v2
292 -
293 -EAPI=7
294 -
295 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
296 -
297 -NSPR_VER="4.25"
298 -RTM_NAME="NSS_${PV//./_}_RTM"
299 -
300 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
301 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
302 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
303 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
304 -
305 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
306 -SLOT="0"
307 -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
308 -IUSE="cacert utils"
309 -RDEPEND="
310 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
311 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
312 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
313 - virtual/pkgconfig
314 -"
315 -DEPEND="${RDEPEND}"
316 -
317 -RESTRICT="test"
318 -
319 -S="${WORKDIR}/${P}/${PN}"
320 -
321 -MULTILIB_CHOST_TOOLS=(
322 - /usr/bin/nss-config
323 -)
324 -
325 -PATCHES=(
326 - # Custom changes for gentoo
327 - "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
328 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
329 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
330 -)
331 -
332 -src_prepare() {
333 - if use cacert ; then #521462
334 - PATCHES+=(
335 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
336 - )
337 - fi
338 -
339 - default
340 -
341 - pushd coreconf >/dev/null || die
342 - # hack nspr paths
343 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
344 - >> headers.mk || die "failed to append include"
345 -
346 - # modify install path
347 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
348 - -i source.mk || die
349 -
350 - # Respect LDFLAGS
351 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
352 - popd >/dev/null || die
353 -
354 - # Fix pkgconfig file for Prefix
355 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
356 - config/Makefile || die
357 -
358 - # use host shlibsign if need be #436216
359 - if tc-is-cross-compiler ; then
360 - sed -i \
361 - -e 's:"${2}"/shlibsign:shlibsign:' \
362 - cmd/shlibsign/sign.sh || die
363 - fi
364 -
365 - # dirty hack
366 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
367 - lib/ssl/config.mk || die
368 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
369 - cmd/platlibs.mk || die
370 -
371 - multilib_copy_sources
372 -
373 - strip-flags
374 -}
375 -
376 -multilib_src_configure() {
377 - # Ensure we stay multilib aware
378 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
379 -}
380 -
381 -nssarch() {
382 - # Most of the arches are the same as $ARCH
383 - local t=${1:-${CHOST}}
384 - case ${t} in
385 - aarch64*)echo "aarch64";;
386 - hppa*) echo "parisc";;
387 - i?86*) echo "i686";;
388 - x86_64*) echo "x86_64";;
389 - *) tc-arch ${t};;
390 - esac
391 -}
392 -
393 -nssbits() {
394 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
395 - if [[ ${1} == BUILD_ ]]; then
396 - cc=$(tc-getBUILD_CC)
397 - else
398 - cc=$(tc-getCC)
399 - fi
400 - echo > "${T}"/test.c || die
401 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
402 - case $(file "${T}/${1}test.o") in
403 - *32-bit*x86-64*) echo USE_X32=1;;
404 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
405 - *32-bit*|*ppc*|*i386*) ;;
406 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
407 - esac
408 -}
409 -
410 -multilib_src_compile() {
411 - # use ABI to determine bit'ness, or fallback if unset
412 - local buildbits mybits
413 - case "${ABI}" in
414 - n32) mybits="USE_N32=1";;
415 - x32) mybits="USE_X32=1";;
416 - s390x|*64) mybits="USE_64=1";;
417 - ${DEFAULT_ABI})
418 - einfo "Running compilation test to determine bit'ness"
419 - mybits=$(nssbits)
420 - ;;
421 - esac
422 - # bitness of host may differ from target
423 - if tc-is-cross-compiler; then
424 - buildbits=$(nssbits BUILD_)
425 - fi
426 -
427 - local makeargs=(
428 - CC="$(tc-getCC)"
429 - CCC="$(tc-getCXX)"
430 - AR="$(tc-getAR) rc \$@"
431 - RANLIB="$(tc-getRANLIB)"
432 - OPTIMIZER=
433 - ${mybits}
434 - )
435 -
436 - # Take care of nspr settings #436216
437 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
438 - unset NSPR_INCLUDE_DIR
439 -
440 - # Do not let `uname` be used.
441 - if use kernel_linux ; then
442 - makeargs+=(
443 - OS_TARGET=Linux
444 - OS_RELEASE=2.6
445 - OS_TEST="$(nssarch)"
446 - )
447 - fi
448 -
449 - export NSS_ALLOW_SSLKEYLOGFILE=1
450 - export NSS_ENABLE_WERROR=0 #567158
451 - export BUILD_OPT=1
452 - export NSS_USE_SYSTEM_SQLITE=1
453 - export NSDISTMODE=copy
454 - export NSS_ENABLE_ECC=1
455 - export FREEBL_NO_DEPEND=1
456 - export FREEBL_LOWHASH=1
457 - export NSS_SEED_ONLY_DEV_URANDOM=1
458 - export ASFLAGS=""
459 -
460 - local d
461 -
462 - # Build the host tools first.
463 - LDFLAGS="${BUILD_LDFLAGS}" \
464 - XCFLAGS="${BUILD_CFLAGS}" \
465 - NSPR_LIB_DIR="${T}/fakedir" \
466 - emake -j1 -C coreconf \
467 - CC="$(tc-getBUILD_CC)" \
468 - ${buildbits-${mybits}}
469 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
470 -
471 - # Then build the target tools.
472 - for d in . lib/dbm ; do
473 - CPPFLAGS="${myCPPFLAGS}" \
474 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
475 - NSPR_LIB_DIR="${T}/fakedir" \
476 - emake -j1 "${makeargs[@]}" -C ${d}
477 - done
478 -}
479 -
480 -# Altering these 3 libraries breaks the CHK verification.
481 -# All of the following cause it to break:
482 -# - stripping
483 -# - prelink
484 -# - ELF signing
485 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
486 -# Either we have to NOT strip them, or we have to forcibly resign after
487 -# stripping.
488 -#local_libdir="$(get_libdir)"
489 -#export STRIP_MASK="
490 -# */${local_libdir}/libfreebl3.so*
491 -# */${local_libdir}/libnssdbm3.so*
492 -# */${local_libdir}/libsoftokn3.so*"
493 -
494 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
495 -
496 -generate_chk() {
497 - local shlibsign="$1"
498 - local libdir="$2"
499 - einfo "Resigning core NSS libraries for FIPS validation"
500 - shift 2
501 - local i
502 - for i in ${NSS_CHK_SIGN_LIBS} ; do
503 - local libname=lib${i}.so
504 - local chkname=lib${i}.chk
505 - "${shlibsign}" \
506 - -i "${libdir}"/${libname} \
507 - -o "${libdir}"/${chkname}.tmp \
508 - && mv -f \
509 - "${libdir}"/${chkname}.tmp \
510 - "${libdir}"/${chkname} \
511 - || die "Failed to sign ${libname}"
512 - done
513 -}
514 -
515 -cleanup_chk() {
516 - local libdir="$1"
517 - shift 1
518 - local i
519 - for i in ${NSS_CHK_SIGN_LIBS} ; do
520 - local libfname="${libdir}/lib${i}.so"
521 - # If the major version has changed, then we have old chk files.
522 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
523 - && rm -f "${libfname}.chk"
524 - done
525 -}
526 -
527 -multilib_src_install() {
528 - pushd dist >/dev/null || die
529 -
530 - dodir /usr/$(get_libdir)
531 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
532 - local i
533 - for i in crmf freebl nssb nssckfw ; do
534 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
535 - done
536 -
537 - # Install nss-config and pkgconfig file
538 - dodir /usr/bin
539 - cp -L */bin/nss-config "${ED}"/usr/bin || die
540 - dodir /usr/$(get_libdir)/pkgconfig
541 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
542 -
543 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
544 - # bug 517266
545 - sed -e 's#Libs:#Libs: -lfreebl#' \
546 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
547 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
548 - || die "could not create nss-softokn.pc"
549 -
550 - # all the include files
551 - insinto /usr/include/nss
552 - doins public/nss/*.{h,api}
553 - insinto /usr/include/nss/private
554 - doins private/nss/{blapi,alghmac,cmac}.h
555 -
556 - popd >/dev/null || die
557 -
558 - local f nssutils
559 - # Always enabled because we need it for chk generation.
560 - nssutils=( shlibsign )
561 -
562 - if multilib_is_native_abi ; then
563 - if use utils; then
564 - # The tests we do not need to install.
565 - #nssutils_test="bltest crmftest dbtest dertimetest
566 - #fipstest remtest sdrtest"
567 - # checkcert utils has been removed in nss-3.22:
568 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
569 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
570 - # certcgi has been removed in nss-3.36:
571 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
572 - nssutils+=(
573 - addbuiltin
574 - atob
575 - baddbdir
576 - btoa
577 - certutil
578 - cmsutil
579 - conflict
580 - crlutil
581 - derdump
582 - digest
583 - makepqg
584 - mangle
585 - modutil
586 - multinit
587 - nonspr10
588 - ocspclnt
589 - oidcalc
590 - p7content
591 - p7env
592 - p7sign
593 - p7verify
594 - pk11mode
595 - pk12util
596 - pp
597 - rsaperf
598 - selfserv
599 - signtool
600 - signver
601 - ssltap
602 - strsclnt
603 - symkeyutil
604 - tstclnt
605 - vfychain
606 - vfyserv
607 - )
608 - # install man-pages for utils (bug #516810)
609 - doman doc/nroff/*.1
610 - fi
611 - pushd dist/*/bin >/dev/null || die
612 - for f in ${nssutils[@]}; do
613 - dobin ${f}
614 - done
615 - popd >/dev/null || die
616 - fi
617 -
618 - # Prelink breaks the CHK files. We don't have any reliable way to run
619 - # shlibsign after prelink.
620 - dodir /etc/prelink.conf.d
621 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
622 - > "${ED}"/etc/prelink.conf.d/nss.conf
623 -}
624 -
625 -pkg_postinst() {
626 - multilib_pkg_postinst() {
627 - # We must re-sign the libraries AFTER they are stripped.
628 - local shlibsign="${EROOT}/usr/bin/shlibsign"
629 - # See if we can execute it (cross-compiling & such). #436216
630 - "${shlibsign}" -h >&/dev/null
631 - if [[ $? -gt 1 ]] ; then
632 - shlibsign="shlibsign"
633 - fi
634 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
635 - }
636 -
637 - multilib_foreach_abi multilib_pkg_postinst
638 -}
639 -
640 -pkg_postrm() {
641 - multilib_pkg_postrm() {
642 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
643 - }
644 -
645 - multilib_foreach_abi multilib_pkg_postrm
646 -}
647
648 diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
649 deleted file mode 100644
650 index ac5506ab597..00000000000
651 --- a/dev-libs/nss/nss-3.52.1-r1.ebuild
652 +++ /dev/null
653 @@ -1,361 +0,0 @@
654 -# Copyright 1999-2020 Gentoo Authors
655 -# Distributed under the terms of the GNU General Public License v2
656 -
657 -EAPI=7
658 -
659 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
660 -
661 -NSPR_VER="4.25"
662 -RTM_NAME="NSS_${PV//./_}_RTM"
663 -
664 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
665 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
666 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
667 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
668 -
669 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
670 -SLOT="0"
671 -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
672 -IUSE="cacert utils"
673 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
674 -RDEPEND="
675 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
676 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
677 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
678 - virtual/pkgconfig
679 -"
680 -DEPEND="${RDEPEND}"
681 -
682 -RESTRICT="test"
683 -
684 -S="${WORKDIR}/${P}/${PN}"
685 -
686 -MULTILIB_CHOST_TOOLS=(
687 - /usr/bin/nss-config
688 -)
689 -
690 -PATCHES=(
691 - # Custom changes for gentoo
692 - "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
693 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
694 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
695 - "${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
696 -)
697 -
698 -src_prepare() {
699 - if use cacert ; then #521462
700 - PATCHES+=(
701 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
702 - )
703 - fi
704 -
705 - default
706 -
707 - pushd coreconf >/dev/null || die
708 - # hack nspr paths
709 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
710 - >> headers.mk || die "failed to append include"
711 -
712 - # modify install path
713 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
714 - -i source.mk || die
715 -
716 - # Respect LDFLAGS
717 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
718 - popd >/dev/null || die
719 -
720 - # Fix pkgconfig file for Prefix
721 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
722 - config/Makefile || die
723 -
724 - # use host shlibsign if need be #436216
725 - if tc-is-cross-compiler ; then
726 - sed -i \
727 - -e 's:"${2}"/shlibsign:shlibsign:' \
728 - cmd/shlibsign/sign.sh || die
729 - fi
730 -
731 - # dirty hack
732 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
733 - lib/ssl/config.mk || die
734 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
735 - cmd/platlibs.mk || die
736 -
737 - multilib_copy_sources
738 -
739 - strip-flags
740 -}
741 -
742 -multilib_src_configure() {
743 - # Ensure we stay multilib aware
744 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
745 -}
746 -
747 -nssarch() {
748 - # Most of the arches are the same as $ARCH
749 - local t=${1:-${CHOST}}
750 - case ${t} in
751 - aarch64*)echo "aarch64";;
752 - hppa*) echo "parisc";;
753 - i?86*) echo "i686";;
754 - x86_64*) echo "x86_64";;
755 - *) tc-arch ${t};;
756 - esac
757 -}
758 -
759 -nssbits() {
760 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
761 - if [[ ${1} == BUILD_ ]]; then
762 - cc=$(tc-getBUILD_CC)
763 - else
764 - cc=$(tc-getCC)
765 - fi
766 - echo > "${T}"/test.c || die
767 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
768 - case $(file "${T}/${1}test.o") in
769 - *32-bit*x86-64*) echo USE_X32=1;;
770 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
771 - *32-bit*|*ppc*|*i386*) ;;
772 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
773 - esac
774 -}
775 -
776 -multilib_src_compile() {
777 - # use ABI to determine bit'ness, or fallback if unset
778 - local buildbits mybits
779 - case "${ABI}" in
780 - n32) mybits="USE_N32=1";;
781 - x32) mybits="USE_X32=1";;
782 - s390x|*64) mybits="USE_64=1";;
783 - ${DEFAULT_ABI})
784 - einfo "Running compilation test to determine bit'ness"
785 - mybits=$(nssbits)
786 - ;;
787 - esac
788 - # bitness of host may differ from target
789 - if tc-is-cross-compiler; then
790 - buildbits=$(nssbits BUILD_)
791 - fi
792 -
793 - local makeargs=(
794 - CC="$(tc-getCC)"
795 - CCC="$(tc-getCXX)"
796 - AR="$(tc-getAR) rc \$@"
797 - RANLIB="$(tc-getRANLIB)"
798 - OPTIMIZER=
799 - ${mybits}
800 - )
801 -
802 - # Take care of nspr settings #436216
803 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
804 - unset NSPR_INCLUDE_DIR
805 -
806 - # Do not let `uname` be used.
807 - if use kernel_linux ; then
808 - makeargs+=(
809 - OS_TARGET=Linux
810 - OS_RELEASE=2.6
811 - OS_TEST="$(nssarch)"
812 - )
813 - fi
814 -
815 - export NSS_ALLOW_SSLKEYLOGFILE=1
816 - export NSS_ENABLE_WERROR=0 #567158
817 - export BUILD_OPT=1
818 - export NSS_USE_SYSTEM_SQLITE=1
819 - export NSDISTMODE=copy
820 - export NSS_ENABLE_ECC=1
821 - export FREEBL_NO_DEPEND=1
822 - export FREEBL_LOWHASH=1
823 - export NSS_SEED_ONLY_DEV_URANDOM=1
824 - export ASFLAGS=""
825 - export USE_SYSTEM_ZLIB=1
826 - export ZLIB_LIBS=-lz
827 -
828 - local d
829 -
830 - # Build the host tools first.
831 - LDFLAGS="${BUILD_LDFLAGS}" \
832 - XCFLAGS="${BUILD_CFLAGS}" \
833 - NSPR_LIB_DIR="${T}/fakedir" \
834 - emake -j1 -C coreconf \
835 - CC="$(tc-getBUILD_CC)" \
836 - ${buildbits-${mybits}}
837 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
838 -
839 - # Then build the target tools.
840 - for d in . lib/dbm ; do
841 - CPPFLAGS="${myCPPFLAGS}" \
842 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
843 - NSPR_LIB_DIR="${T}/fakedir" \
844 - emake -j1 "${makeargs[@]}" -C ${d}
845 - done
846 -}
847 -
848 -# Altering these 3 libraries breaks the CHK verification.
849 -# All of the following cause it to break:
850 -# - stripping
851 -# - prelink
852 -# - ELF signing
853 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
854 -# Either we have to NOT strip them, or we have to forcibly resign after
855 -# stripping.
856 -#local_libdir="$(get_libdir)"
857 -#export STRIP_MASK="
858 -# */${local_libdir}/libfreebl3.so*
859 -# */${local_libdir}/libnssdbm3.so*
860 -# */${local_libdir}/libsoftokn3.so*"
861 -
862 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
863 -
864 -generate_chk() {
865 - local shlibsign="$1"
866 - local libdir="$2"
867 - einfo "Resigning core NSS libraries for FIPS validation"
868 - shift 2
869 - local i
870 - for i in ${NSS_CHK_SIGN_LIBS} ; do
871 - local libname=lib${i}.so
872 - local chkname=lib${i}.chk
873 - "${shlibsign}" \
874 - -i "${libdir}"/${libname} \
875 - -o "${libdir}"/${chkname}.tmp \
876 - && mv -f \
877 - "${libdir}"/${chkname}.tmp \
878 - "${libdir}"/${chkname} \
879 - || die "Failed to sign ${libname}"
880 - done
881 -}
882 -
883 -cleanup_chk() {
884 - local libdir="$1"
885 - shift 1
886 - local i
887 - for i in ${NSS_CHK_SIGN_LIBS} ; do
888 - local libfname="${libdir}/lib${i}.so"
889 - # If the major version has changed, then we have old chk files.
890 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
891 - && rm -f "${libfname}.chk"
892 - done
893 -}
894 -
895 -multilib_src_install() {
896 - pushd dist >/dev/null || die
897 -
898 - dodir /usr/$(get_libdir)
899 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
900 - local i
901 - for i in crmf freebl nssb nssckfw ; do
902 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
903 - done
904 -
905 - # Install nss-config and pkgconfig file
906 - dodir /usr/bin
907 - cp -L */bin/nss-config "${ED}"/usr/bin || die
908 - dodir /usr/$(get_libdir)/pkgconfig
909 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
910 -
911 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
912 - # bug 517266
913 - sed -e 's#Libs:#Libs: -lfreebl#' \
914 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
915 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
916 - || die "could not create nss-softokn.pc"
917 -
918 - # all the include files
919 - insinto /usr/include/nss
920 - doins public/nss/*.{h,api}
921 - insinto /usr/include/nss/private
922 - doins private/nss/{blapi,alghmac,cmac}.h
923 -
924 - popd >/dev/null || die
925 -
926 - local f nssutils
927 - # Always enabled because we need it for chk generation.
928 - nssutils=( shlibsign )
929 -
930 - if multilib_is_native_abi ; then
931 - if use utils; then
932 - # The tests we do not need to install.
933 - #nssutils_test="bltest crmftest dbtest dertimetest
934 - #fipstest remtest sdrtest"
935 - # checkcert utils has been removed in nss-3.22:
936 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
937 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
938 - # certcgi has been removed in nss-3.36:
939 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
940 - nssutils+=(
941 - addbuiltin
942 - atob
943 - baddbdir
944 - btoa
945 - certutil
946 - cmsutil
947 - conflict
948 - crlutil
949 - derdump
950 - digest
951 - makepqg
952 - mangle
953 - modutil
954 - multinit
955 - nonspr10
956 - ocspclnt
957 - oidcalc
958 - p7content
959 - p7env
960 - p7sign
961 - p7verify
962 - pk11mode
963 - pk12util
964 - pp
965 - rsaperf
966 - selfserv
967 - signtool
968 - signver
969 - ssltap
970 - strsclnt
971 - symkeyutil
972 - tstclnt
973 - vfychain
974 - vfyserv
975 - )
976 - # install man-pages for utils (bug #516810)
977 - doman doc/nroff/*.1
978 - fi
979 - pushd dist/*/bin >/dev/null || die
980 - for f in ${nssutils[@]}; do
981 - dobin ${f}
982 - done
983 - popd >/dev/null || die
984 - fi
985 -
986 - # Prelink breaks the CHK files. We don't have any reliable way to run
987 - # shlibsign after prelink.
988 - dodir /etc/prelink.conf.d
989 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
990 - > "${ED}"/etc/prelink.conf.d/nss.conf
991 -}
992 -
993 -pkg_postinst() {
994 - multilib_pkg_postinst() {
995 - # We must re-sign the libraries AFTER they are stripped.
996 - local shlibsign="${EROOT}/usr/bin/shlibsign"
997 - # See if we can execute it (cross-compiling & such). #436216
998 - "${shlibsign}" -h >&/dev/null
999 - if [[ $? -gt 1 ]] ; then
1000 - shlibsign="shlibsign"
1001 - fi
1002 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1003 - }
1004 -
1005 - multilib_foreach_abi multilib_pkg_postinst
1006 -}
1007 -
1008 -pkg_postrm() {
1009 - multilib_pkg_postrm() {
1010 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1011 - }
1012 -
1013 - multilib_foreach_abi multilib_pkg_postrm
1014 -}
1015
1016 diff --git a/dev-libs/nss/nss-3.53.1.ebuild b/dev-libs/nss/nss-3.53.1.ebuild
1017 deleted file mode 100644
1018 index d94d193dbe9..00000000000
1019 --- a/dev-libs/nss/nss-3.53.1.ebuild
1020 +++ /dev/null
1021 @@ -1,351 +0,0 @@
1022 -# Copyright 1999-2020 Gentoo Authors
1023 -# Distributed under the terms of the GNU General Public License v2
1024 -
1025 -EAPI=7
1026 -
1027 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
1028 -
1029 -NSPR_VER="4.25"
1030 -RTM_NAME="NSS_${PV//./_}_RTM"
1031 -
1032 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
1033 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
1034 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
1035 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
1036 -
1037 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
1038 -SLOT="0"
1039 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
1040 -IUSE="cacert utils"
1041 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
1042 -RDEPEND="
1043 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
1044 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
1045 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
1046 - virtual/pkgconfig
1047 -"
1048 -DEPEND="${RDEPEND}"
1049 -
1050 -RESTRICT="test"
1051 -
1052 -S="${WORKDIR}/${P}/${PN}"
1053 -
1054 -MULTILIB_CHOST_TOOLS=(
1055 - /usr/bin/nss-config
1056 -)
1057 -
1058 -PATCHES=(
1059 - # Custom changes for gentoo
1060 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
1061 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
1062 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
1063 - "${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
1064 -)
1065 -
1066 -src_prepare() {
1067 - if use cacert ; then #521462
1068 - PATCHES+=(
1069 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
1070 - )
1071 - fi
1072 -
1073 - default
1074 -
1075 - pushd coreconf >/dev/null || die
1076 - # hack nspr paths
1077 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
1078 - >> headers.mk || die "failed to append include"
1079 -
1080 - # modify install path
1081 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
1082 - -i source.mk || die
1083 -
1084 - # Respect LDFLAGS
1085 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
1086 - popd >/dev/null || die
1087 -
1088 - # Fix pkgconfig file for Prefix
1089 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
1090 - config/Makefile || die
1091 -
1092 - # use host shlibsign if need be #436216
1093 - if tc-is-cross-compiler ; then
1094 - sed -i \
1095 - -e 's:"${2}"/shlibsign:shlibsign:' \
1096 - cmd/shlibsign/sign.sh || die
1097 - fi
1098 -
1099 - # dirty hack
1100 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
1101 - lib/ssl/config.mk || die
1102 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
1103 - cmd/platlibs.mk || die
1104 -
1105 - multilib_copy_sources
1106 -
1107 - strip-flags
1108 -}
1109 -
1110 -multilib_src_configure() {
1111 - # Ensure we stay multilib aware
1112 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
1113 -}
1114 -
1115 -nssarch() {
1116 - # Most of the arches are the same as $ARCH
1117 - local t=${1:-${CHOST}}
1118 - case ${t} in
1119 - aarch64*)echo "aarch64";;
1120 - hppa*) echo "parisc";;
1121 - i?86*) echo "i686";;
1122 - x86_64*) echo "x86_64";;
1123 - *) tc-arch ${t};;
1124 - esac
1125 -}
1126 -
1127 -nssbits() {
1128 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
1129 - if [[ ${1} == BUILD_ ]]; then
1130 - cc=$(tc-getBUILD_CC)
1131 - else
1132 - cc=$(tc-getCC)
1133 - fi
1134 - echo > "${T}"/test.c || die
1135 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
1136 - case $(file "${T}/${1}test.o") in
1137 - *32-bit*x86-64*) echo USE_X32=1;;
1138 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
1139 - *32-bit*|*ppc*|*i386*) ;;
1140 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
1141 - esac
1142 -}
1143 -
1144 -multilib_src_compile() {
1145 - # use ABI to determine bit'ness, or fallback if unset
1146 - local buildbits mybits
1147 - case "${ABI}" in
1148 - n32) mybits="USE_N32=1";;
1149 - x32) mybits="USE_X32=1";;
1150 - s390x|*64) mybits="USE_64=1";;
1151 - ${DEFAULT_ABI})
1152 - einfo "Running compilation test to determine bit'ness"
1153 - mybits=$(nssbits)
1154 - ;;
1155 - esac
1156 - # bitness of host may differ from target
1157 - if tc-is-cross-compiler; then
1158 - buildbits=$(nssbits BUILD_)
1159 - fi
1160 -
1161 - local makeargs=(
1162 - CC="$(tc-getCC)"
1163 - CCC="$(tc-getCXX)"
1164 - AR="$(tc-getAR) rc \$@"
1165 - RANLIB="$(tc-getRANLIB)"
1166 - OPTIMIZER=
1167 - ${mybits}
1168 - )
1169 -
1170 - # Take care of nspr settings #436216
1171 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
1172 - unset NSPR_INCLUDE_DIR
1173 -
1174 - export NSS_ALLOW_SSLKEYLOGFILE=1
1175 - export NSS_ENABLE_WERROR=0 #567158
1176 - export BUILD_OPT=1
1177 - export NSS_USE_SYSTEM_SQLITE=1
1178 - export NSDISTMODE=copy
1179 - export FREEBL_NO_DEPEND=1
1180 - export FREEBL_LOWHASH=1
1181 - export NSS_SEED_ONLY_DEV_URANDOM=1
1182 - export USE_SYSTEM_ZLIB=1
1183 - export ZLIB_LIBS=-lz
1184 - export ASFLAGS=""
1185 -
1186 - local d
1187 -
1188 - # Build the host tools first.
1189 - LDFLAGS="${BUILD_LDFLAGS}" \
1190 - XCFLAGS="${BUILD_CFLAGS}" \
1191 - NSPR_LIB_DIR="${T}/fakedir" \
1192 - emake -j1 -C coreconf \
1193 - CC="$(tc-getBUILD_CC)" \
1194 - ${buildbits-${mybits}}
1195 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
1196 -
1197 - # Then build the target tools.
1198 - for d in . lib/dbm ; do
1199 - CPPFLAGS="${myCPPFLAGS}" \
1200 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
1201 - NSPR_LIB_DIR="${T}/fakedir" \
1202 - emake -j1 "${makeargs[@]}" -C ${d}
1203 - done
1204 -}
1205 -
1206 -# Altering these 3 libraries breaks the CHK verification.
1207 -# All of the following cause it to break:
1208 -# - stripping
1209 -# - prelink
1210 -# - ELF signing
1211 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
1212 -# Either we have to NOT strip them, or we have to forcibly resign after
1213 -# stripping.
1214 -#local_libdir="$(get_libdir)"
1215 -#export STRIP_MASK="
1216 -# */${local_libdir}/libfreebl3.so*
1217 -# */${local_libdir}/libnssdbm3.so*
1218 -# */${local_libdir}/libsoftokn3.so*"
1219 -
1220 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
1221 -
1222 -generate_chk() {
1223 - local shlibsign="$1"
1224 - local libdir="$2"
1225 - einfo "Resigning core NSS libraries for FIPS validation"
1226 - shift 2
1227 - local i
1228 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1229 - local libname=lib${i}.so
1230 - local chkname=lib${i}.chk
1231 - "${shlibsign}" \
1232 - -i "${libdir}"/${libname} \
1233 - -o "${libdir}"/${chkname}.tmp \
1234 - && mv -f \
1235 - "${libdir}"/${chkname}.tmp \
1236 - "${libdir}"/${chkname} \
1237 - || die "Failed to sign ${libname}"
1238 - done
1239 -}
1240 -
1241 -cleanup_chk() {
1242 - local libdir="$1"
1243 - shift 1
1244 - local i
1245 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1246 - local libfname="${libdir}/lib${i}.so"
1247 - # If the major version has changed, then we have old chk files.
1248 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
1249 - && rm -f "${libfname}.chk"
1250 - done
1251 -}
1252 -
1253 -multilib_src_install() {
1254 - pushd dist >/dev/null || die
1255 -
1256 - dodir /usr/$(get_libdir)
1257 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
1258 - local i
1259 - for i in crmf freebl nssb nssckfw ; do
1260 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
1261 - done
1262 -
1263 - # Install nss-config and pkgconfig file
1264 - dodir /usr/bin
1265 - cp -L */bin/nss-config "${ED}"/usr/bin || die
1266 - dodir /usr/$(get_libdir)/pkgconfig
1267 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
1268 -
1269 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
1270 - # bug 517266
1271 - sed -e 's#Libs:#Libs: -lfreebl#' \
1272 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
1273 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
1274 - || die "could not create nss-softokn.pc"
1275 -
1276 - # all the include files
1277 - insinto /usr/include/nss
1278 - doins public/nss/*.{h,api}
1279 - insinto /usr/include/nss/private
1280 - doins private/nss/{blapi,alghmac,cmac}.h
1281 -
1282 - popd >/dev/null || die
1283 -
1284 - local f nssutils
1285 - # Always enabled because we need it for chk generation.
1286 - nssutils=( shlibsign )
1287 -
1288 - if multilib_is_native_abi ; then
1289 - if use utils; then
1290 - # The tests we do not need to install.
1291 - #nssutils_test="bltest crmftest dbtest dertimetest
1292 - #fipstest remtest sdrtest"
1293 - # checkcert utils has been removed in nss-3.22:
1294 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
1295 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
1296 - # certcgi has been removed in nss-3.36:
1297 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
1298 - nssutils+=(
1299 - addbuiltin
1300 - atob
1301 - baddbdir
1302 - btoa
1303 - certutil
1304 - cmsutil
1305 - conflict
1306 - crlutil
1307 - derdump
1308 - digest
1309 - makepqg
1310 - mangle
1311 - modutil
1312 - multinit
1313 - nonspr10
1314 - ocspclnt
1315 - oidcalc
1316 - p7content
1317 - p7env
1318 - p7sign
1319 - p7verify
1320 - pk11mode
1321 - pk12util
1322 - pp
1323 - rsaperf
1324 - selfserv
1325 - signtool
1326 - signver
1327 - ssltap
1328 - strsclnt
1329 - symkeyutil
1330 - tstclnt
1331 - vfychain
1332 - vfyserv
1333 - )
1334 - # install man-pages for utils (bug #516810)
1335 - doman doc/nroff/*.1
1336 - fi
1337 - pushd dist/*/bin >/dev/null || die
1338 - for f in ${nssutils[@]}; do
1339 - dobin ${f}
1340 - done
1341 - popd >/dev/null || die
1342 - fi
1343 -
1344 - # Prelink breaks the CHK files. We don't have any reliable way to run
1345 - # shlibsign after prelink.
1346 - dodir /etc/prelink.conf.d
1347 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
1348 - > "${ED}"/etc/prelink.conf.d/nss.conf
1349 -}
1350 -
1351 -pkg_postinst() {
1352 - multilib_pkg_postinst() {
1353 - # We must re-sign the libraries AFTER they are stripped.
1354 - local shlibsign="${EROOT}/usr/bin/shlibsign"
1355 - # See if we can execute it (cross-compiling & such). #436216
1356 - "${shlibsign}" -h >&/dev/null
1357 - if [[ $? -gt 1 ]] ; then
1358 - shlibsign="shlibsign"
1359 - fi
1360 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1361 - }
1362 -
1363 - multilib_foreach_abi multilib_pkg_postinst
1364 -}
1365 -
1366 -pkg_postrm() {
1367 - multilib_pkg_postrm() {
1368 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1369 - }
1370 -
1371 - multilib_foreach_abi multilib_pkg_postrm
1372 -}
1373
1374 diff --git a/dev-libs/nss/nss-3.54-r1.ebuild b/dev-libs/nss/nss-3.54-r1.ebuild
1375 deleted file mode 100644
1376 index 5d96e159be4..00000000000
1377 --- a/dev-libs/nss/nss-3.54-r1.ebuild
1378 +++ /dev/null
1379 @@ -1,351 +0,0 @@
1380 -# Copyright 1999-2020 Gentoo Authors
1381 -# Distributed under the terms of the GNU General Public License v2
1382 -
1383 -EAPI=7
1384 -
1385 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
1386 -
1387 -NSPR_VER="4.26"
1388 -RTM_NAME="NSS_${PV//./_}_RTM"
1389 -
1390 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
1391 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
1392 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
1393 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
1394 -
1395 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
1396 -SLOT="0"
1397 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
1398 -IUSE="cacert utils"
1399 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
1400 -RDEPEND="
1401 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
1402 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
1403 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
1404 - virtual/pkgconfig
1405 -"
1406 -DEPEND="${RDEPEND}"
1407 -
1408 -RESTRICT="test"
1409 -
1410 -S="${WORKDIR}/${P}/${PN}"
1411 -
1412 -MULTILIB_CHOST_TOOLS=(
1413 - /usr/bin/nss-config
1414 -)
1415 -
1416 -PATCHES=(
1417 - # Custom changes for gentoo
1418 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
1419 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
1420 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
1421 - "${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
1422 -)
1423 -
1424 -src_prepare() {
1425 - if use cacert ; then #521462
1426 - PATCHES+=(
1427 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
1428 - )
1429 - fi
1430 -
1431 - default
1432 -
1433 - pushd coreconf >/dev/null || die
1434 - # hack nspr paths
1435 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
1436 - >> headers.mk || die "failed to append include"
1437 -
1438 - # modify install path
1439 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
1440 - -i source.mk || die
1441 -
1442 - # Respect LDFLAGS
1443 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
1444 - popd >/dev/null || die
1445 -
1446 - # Fix pkgconfig file for Prefix
1447 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
1448 - config/Makefile || die
1449 -
1450 - # use host shlibsign if need be #436216
1451 - if tc-is-cross-compiler ; then
1452 - sed -i \
1453 - -e 's:"${2}"/shlibsign:shlibsign:' \
1454 - cmd/shlibsign/sign.sh || die
1455 - fi
1456 -
1457 - # dirty hack
1458 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
1459 - lib/ssl/config.mk || die
1460 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
1461 - cmd/platlibs.mk || die
1462 -
1463 - multilib_copy_sources
1464 -
1465 - strip-flags
1466 -}
1467 -
1468 -multilib_src_configure() {
1469 - # Ensure we stay multilib aware
1470 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
1471 -}
1472 -
1473 -nssarch() {
1474 - # Most of the arches are the same as $ARCH
1475 - local t=${1:-${CHOST}}
1476 - case ${t} in
1477 - aarch64*)echo "aarch64";;
1478 - hppa*) echo "parisc";;
1479 - i?86*) echo "i686";;
1480 - x86_64*) echo "x86_64";;
1481 - *) tc-arch ${t};;
1482 - esac
1483 -}
1484 -
1485 -nssbits() {
1486 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
1487 - if [[ ${1} == BUILD_ ]]; then
1488 - cc=$(tc-getBUILD_CC)
1489 - else
1490 - cc=$(tc-getCC)
1491 - fi
1492 - echo > "${T}"/test.c || die
1493 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
1494 - case $(file "${T}/${1}test.o") in
1495 - *32-bit*x86-64*) echo USE_X32=1;;
1496 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
1497 - *32-bit*|*ppc*|*i386*) ;;
1498 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
1499 - esac
1500 -}
1501 -
1502 -multilib_src_compile() {
1503 - # use ABI to determine bit'ness, or fallback if unset
1504 - local buildbits mybits
1505 - case "${ABI}" in
1506 - n32) mybits="USE_N32=1";;
1507 - x32) mybits="USE_X32=1";;
1508 - s390x|*64) mybits="USE_64=1";;
1509 - ${DEFAULT_ABI})
1510 - einfo "Running compilation test to determine bit'ness"
1511 - mybits=$(nssbits)
1512 - ;;
1513 - esac
1514 - # bitness of host may differ from target
1515 - if tc-is-cross-compiler; then
1516 - buildbits=$(nssbits BUILD_)
1517 - fi
1518 -
1519 - local makeargs=(
1520 - CC="$(tc-getCC)"
1521 - CCC="$(tc-getCXX)"
1522 - AR="$(tc-getAR) rc \$@"
1523 - RANLIB="$(tc-getRANLIB)"
1524 - OPTIMIZER=
1525 - ${mybits}
1526 - )
1527 -
1528 - # Take care of nspr settings #436216
1529 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
1530 - unset NSPR_INCLUDE_DIR
1531 -
1532 - export NSS_ALLOW_SSLKEYLOGFILE=1
1533 - export NSS_ENABLE_WERROR=0 #567158
1534 - export BUILD_OPT=1
1535 - export NSS_USE_SYSTEM_SQLITE=1
1536 - export NSDISTMODE=copy
1537 - export FREEBL_NO_DEPEND=1
1538 - export FREEBL_LOWHASH=1
1539 - export NSS_SEED_ONLY_DEV_URANDOM=1
1540 - export USE_SYSTEM_ZLIB=1
1541 - export ZLIB_LIBS=-lz
1542 - export ASFLAGS=""
1543 -
1544 - local d
1545 -
1546 - # Build the host tools first.
1547 - LDFLAGS="${BUILD_LDFLAGS}" \
1548 - XCFLAGS="${BUILD_CFLAGS}" \
1549 - NSPR_LIB_DIR="${T}/fakedir" \
1550 - emake -j1 -C coreconf \
1551 - CC="$(tc-getBUILD_CC)" \
1552 - ${buildbits-${mybits}}
1553 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
1554 -
1555 - # Then build the target tools.
1556 - for d in . lib/dbm ; do
1557 - CPPFLAGS="${myCPPFLAGS}" \
1558 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
1559 - NSPR_LIB_DIR="${T}/fakedir" \
1560 - emake -j1 "${makeargs[@]}" -C ${d}
1561 - done
1562 -}
1563 -
1564 -# Altering these 3 libraries breaks the CHK verification.
1565 -# All of the following cause it to break:
1566 -# - stripping
1567 -# - prelink
1568 -# - ELF signing
1569 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
1570 -# Either we have to NOT strip them, or we have to forcibly resign after
1571 -# stripping.
1572 -#local_libdir="$(get_libdir)"
1573 -#export STRIP_MASK="
1574 -# */${local_libdir}/libfreebl3.so*
1575 -# */${local_libdir}/libnssdbm3.so*
1576 -# */${local_libdir}/libsoftokn3.so*"
1577 -
1578 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
1579 -
1580 -generate_chk() {
1581 - local shlibsign="$1"
1582 - local libdir="$2"
1583 - einfo "Resigning core NSS libraries for FIPS validation"
1584 - shift 2
1585 - local i
1586 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1587 - local libname=lib${i}.so
1588 - local chkname=lib${i}.chk
1589 - "${shlibsign}" \
1590 - -i "${libdir}"/${libname} \
1591 - -o "${libdir}"/${chkname}.tmp \
1592 - && mv -f \
1593 - "${libdir}"/${chkname}.tmp \
1594 - "${libdir}"/${chkname} \
1595 - || die "Failed to sign ${libname}"
1596 - done
1597 -}
1598 -
1599 -cleanup_chk() {
1600 - local libdir="$1"
1601 - shift 1
1602 - local i
1603 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1604 - local libfname="${libdir}/lib${i}.so"
1605 - # If the major version has changed, then we have old chk files.
1606 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
1607 - && rm -f "${libfname}.chk"
1608 - done
1609 -}
1610 -
1611 -multilib_src_install() {
1612 - pushd dist >/dev/null || die
1613 -
1614 - dodir /usr/$(get_libdir)
1615 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
1616 - local i
1617 - for i in crmf freebl nssb nssckfw ; do
1618 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
1619 - done
1620 -
1621 - # Install nss-config and pkgconfig file
1622 - dodir /usr/bin
1623 - cp -L */bin/nss-config "${ED}"/usr/bin || die
1624 - dodir /usr/$(get_libdir)/pkgconfig
1625 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
1626 -
1627 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
1628 - # bug 517266
1629 - sed -e 's#Libs:#Libs: -lfreebl#' \
1630 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
1631 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
1632 - || die "could not create nss-softokn.pc"
1633 -
1634 - # all the include files
1635 - insinto /usr/include/nss
1636 - doins public/nss/*.{h,api}
1637 - insinto /usr/include/nss/private
1638 - doins private/nss/{blapi,alghmac,cmac}.h
1639 -
1640 - popd >/dev/null || die
1641 -
1642 - local f nssutils
1643 - # Always enabled because we need it for chk generation.
1644 - nssutils=( shlibsign )
1645 -
1646 - if multilib_is_native_abi ; then
1647 - if use utils; then
1648 - # The tests we do not need to install.
1649 - #nssutils_test="bltest crmftest dbtest dertimetest
1650 - #fipstest remtest sdrtest"
1651 - # checkcert utils has been removed in nss-3.22:
1652 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
1653 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
1654 - # certcgi has been removed in nss-3.36:
1655 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
1656 - nssutils+=(
1657 - addbuiltin
1658 - atob
1659 - baddbdir
1660 - btoa
1661 - certutil
1662 - cmsutil
1663 - conflict
1664 - crlutil
1665 - derdump
1666 - digest
1667 - makepqg
1668 - mangle
1669 - modutil
1670 - multinit
1671 - nonspr10
1672 - ocspclnt
1673 - oidcalc
1674 - p7content
1675 - p7env
1676 - p7sign
1677 - p7verify
1678 - pk11mode
1679 - pk12util
1680 - pp
1681 - rsaperf
1682 - selfserv
1683 - signtool
1684 - signver
1685 - ssltap
1686 - strsclnt
1687 - symkeyutil
1688 - tstclnt
1689 - vfychain
1690 - vfyserv
1691 - )
1692 - # install man-pages for utils (bug #516810)
1693 - doman doc/nroff/*.1
1694 - fi
1695 - pushd dist/*/bin >/dev/null || die
1696 - for f in ${nssutils[@]}; do
1697 - dobin ${f}
1698 - done
1699 - popd >/dev/null || die
1700 - fi
1701 -
1702 - # Prelink breaks the CHK files. We don't have any reliable way to run
1703 - # shlibsign after prelink.
1704 - dodir /etc/prelink.conf.d
1705 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
1706 - > "${ED}"/etc/prelink.conf.d/nss.conf
1707 -}
1708 -
1709 -pkg_postinst() {
1710 - multilib_pkg_postinst() {
1711 - # We must re-sign the libraries AFTER they are stripped.
1712 - local shlibsign="${EROOT}/usr/bin/shlibsign"
1713 - # See if we can execute it (cross-compiling & such). #436216
1714 - "${shlibsign}" -h >&/dev/null
1715 - if [[ $? -gt 1 ]] ; then
1716 - shlibsign="shlibsign"
1717 - fi
1718 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1719 - }
1720 -
1721 - multilib_foreach_abi multilib_pkg_postinst
1722 -}
1723 -
1724 -pkg_postrm() {
1725 - multilib_pkg_postrm() {
1726 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1727 - }
1728 -
1729 - multilib_foreach_abi multilib_pkg_postrm
1730 -}
Report Message
Find on MARC Find on Google Groups