1 |
commit: 9522aa465f097bca10a2e9ee5c3e2586d3fcd26e |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Aug 30 22:56:35 2020 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Aug 30 22:56:35 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9522aa46 |
7 |
|
8 |
dev-libs/nss: security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/734986 |
11 |
Package-Manager: Portage-3.0.4, Repoman-3.0.1 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
dev-libs/nss/Manifest | 4 - |
15 |
dev-libs/nss/files/nss-3.47-gentoo-fixups.patch | 242 ---------------- |
16 |
dev-libs/nss/nss-3.51.ebuild | 357 ----------------------- |
17 |
dev-libs/nss/nss-3.52.1-r1.ebuild | 361 ------------------------ |
18 |
dev-libs/nss/nss-3.53.1.ebuild | 351 ----------------------- |
19 |
dev-libs/nss/nss-3.54-r1.ebuild | 351 ----------------------- |
20 |
6 files changed, 1666 deletions(-) |
21 |
|
22 |
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest |
23 |
index e2468639f8b..a4426510d65 100644 |
24 |
--- a/dev-libs/nss/Manifest |
25 |
+++ b/dev-libs/nss/Manifest |
26 |
@@ -1,7 +1,3 @@ |
27 |
-DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd |
28 |
-DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6 |
29 |
-DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0 |
30 |
-DIST nss-3.54.tar.gz 81190188 BLAKE2B bf91aa3e2081f0d123d3adfbfc2e3cadfeccf6b15ce03f429fede73bd57ebf96ba7317b890762b01820d75020bb99383c022e2e6558aa1a6d44e8c92cd533bd2 SHA512 9b9253469514c085730ae580f6544e882a8264e253687950627a4fa1eeb956287c9da46caf7d8988cd6363f6dee26cb8db755203375751fe53795697d7ae9b7b |
31 |
DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e |
32 |
DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845 |
33 |
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 |
34 |
|
35 |
diff --git a/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch |
36 |
deleted file mode 100644 |
37 |
index 29b3a2a7232..00000000000 |
38 |
--- a/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch |
39 |
+++ /dev/null |
40 |
@@ -1,242 +0,0 @@ |
41 |
---- a/config/Makefile |
42 |
-+++ b/config/Makefile |
43 |
-@@ -0,0 +1,40 @@ |
44 |
-+CORE_DEPTH = .. |
45 |
-+DEPTH = .. |
46 |
-+ |
47 |
-+include $(CORE_DEPTH)/coreconf/config.mk |
48 |
-+ |
49 |
-+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` |
50 |
-+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` |
51 |
-+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` |
52 |
-+PREFIX = /usr |
53 |
-+ |
54 |
-+all: export libs |
55 |
-+ |
56 |
-+export: |
57 |
-+ # Create the nss.pc file |
58 |
-+ mkdir -p $(DIST)/lib/pkgconfig |
59 |
-+ sed -e "s,@prefix@,$(PREFIX)," \ |
60 |
-+ -e "s,@exec_prefix@,\$${prefix}," \ |
61 |
-+ -e "s,@libdir@,\$${prefix}/lib64," \ |
62 |
-+ -e "s,@includedir@,\$${prefix}/include/nss," \ |
63 |
-+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ |
64 |
-+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ |
65 |
-+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ |
66 |
-+ nss.pc.in > nss.pc |
67 |
-+ chmod 0644 nss.pc |
68 |
-+ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig |
69 |
-+ |
70 |
-+ # Create the nss-config script |
71 |
-+ mkdir -p $(DIST)/bin |
72 |
-+ sed -e "s,@prefix@,$(PREFIX)," \ |
73 |
-+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ |
74 |
-+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ |
75 |
-+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ |
76 |
-+ nss-config.in > nss-config |
77 |
-+ chmod 0755 nss-config |
78 |
-+ ln -sf ../../../config/nss-config $(DIST)/bin |
79 |
-+ |
80 |
-+libs: |
81 |
-+ |
82 |
-+dummy: all export libs |
83 |
-+ |
84 |
---- a/config/nss-config.in |
85 |
-+++ b/config/nss-config.in |
86 |
-@@ -0,0 +1,145 @@ |
87 |
-+#!/bin/sh |
88 |
-+ |
89 |
-+prefix=@prefix@ |
90 |
-+ |
91 |
-+major_version=@NSS_MAJOR_VERSION@ |
92 |
-+minor_version=@NSS_MINOR_VERSION@ |
93 |
-+patch_version=@NSS_PATCH_VERSION@ |
94 |
-+ |
95 |
-+usage() |
96 |
-+{ |
97 |
-+ cat <<EOF |
98 |
-+Usage: nss-config [OPTIONS] [LIBRARIES] |
99 |
-+Options: |
100 |
-+ [--prefix[=DIR]] |
101 |
-+ [--exec-prefix[=DIR]] |
102 |
-+ [--includedir[=DIR]] |
103 |
-+ [--libdir[=DIR]] |
104 |
-+ [--version] |
105 |
-+ [--libs] |
106 |
-+ [--cflags] |
107 |
-+Dynamic Libraries: |
108 |
-+ nss |
109 |
-+ ssl |
110 |
-+ smime |
111 |
-+ nssutil |
112 |
-+EOF |
113 |
-+ exit $1 |
114 |
-+} |
115 |
-+ |
116 |
-+if test $# -eq 0; then |
117 |
-+ usage 1 1>&2 |
118 |
-+fi |
119 |
-+ |
120 |
-+lib_ssl=yes |
121 |
-+lib_smime=yes |
122 |
-+lib_nss=yes |
123 |
-+lib_nssutil=yes |
124 |
-+ |
125 |
-+while test $# -gt 0; do |
126 |
-+ case "$1" in |
127 |
-+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; |
128 |
-+ *) optarg= ;; |
129 |
-+ esac |
130 |
-+ |
131 |
-+ case $1 in |
132 |
-+ --prefix=*) |
133 |
-+ prefix=$optarg |
134 |
-+ ;; |
135 |
-+ --prefix) |
136 |
-+ echo_prefix=yes |
137 |
-+ ;; |
138 |
-+ --exec-prefix=*) |
139 |
-+ exec_prefix=$optarg |
140 |
-+ ;; |
141 |
-+ --exec-prefix) |
142 |
-+ echo_exec_prefix=yes |
143 |
-+ ;; |
144 |
-+ --includedir=*) |
145 |
-+ includedir=$optarg |
146 |
-+ ;; |
147 |
-+ --includedir) |
148 |
-+ echo_includedir=yes |
149 |
-+ ;; |
150 |
-+ --libdir=*) |
151 |
-+ libdir=$optarg |
152 |
-+ ;; |
153 |
-+ --libdir) |
154 |
-+ echo_libdir=yes |
155 |
-+ ;; |
156 |
-+ --version) |
157 |
-+ echo ${major_version}.${minor_version}.${patch_version} |
158 |
-+ ;; |
159 |
-+ --cflags) |
160 |
-+ echo_cflags=yes |
161 |
-+ ;; |
162 |
-+ --libs) |
163 |
-+ echo_libs=yes |
164 |
-+ ;; |
165 |
-+ ssl) |
166 |
-+ lib_ssl=yes |
167 |
-+ ;; |
168 |
-+ smime) |
169 |
-+ lib_smime=yes |
170 |
-+ ;; |
171 |
-+ nss) |
172 |
-+ lib_nss=yes |
173 |
-+ ;; |
174 |
-+ nssutil) |
175 |
-+ lib_nssutil=yes |
176 |
-+ ;; |
177 |
-+ *) |
178 |
-+ usage 1 1>&2 |
179 |
-+ ;; |
180 |
-+ esac |
181 |
-+ shift |
182 |
-+done |
183 |
-+ |
184 |
-+# Set variables that may be dependent upon other variables |
185 |
-+if test -z "$exec_prefix"; then |
186 |
-+ exec_prefix=`pkg-config --variable=exec_prefix nss` |
187 |
-+fi |
188 |
-+if test -z "$includedir"; then |
189 |
-+ includedir=`pkg-config --variable=includedir nss` |
190 |
-+fi |
191 |
-+if test -z "$libdir"; then |
192 |
-+ libdir=`pkg-config --variable=libdir nss` |
193 |
-+fi |
194 |
-+ |
195 |
-+if test "$echo_prefix" = "yes"; then |
196 |
-+ echo $prefix |
197 |
-+fi |
198 |
-+ |
199 |
-+if test "$echo_exec_prefix" = "yes"; then |
200 |
-+ echo $exec_prefix |
201 |
-+fi |
202 |
-+ |
203 |
-+if test "$echo_includedir" = "yes"; then |
204 |
-+ echo $includedir |
205 |
-+fi |
206 |
-+ |
207 |
-+if test "$echo_libdir" = "yes"; then |
208 |
-+ echo $libdir |
209 |
-+fi |
210 |
-+ |
211 |
-+if test "$echo_cflags" = "yes"; then |
212 |
-+ echo -I$includedir |
213 |
-+fi |
214 |
-+ |
215 |
-+if test "$echo_libs" = "yes"; then |
216 |
-+ libdirs="" |
217 |
-+ if test -n "$lib_ssl"; then |
218 |
-+ libdirs="$libdirs -lssl${major_version}" |
219 |
-+ fi |
220 |
-+ if test -n "$lib_smime"; then |
221 |
-+ libdirs="$libdirs -lsmime${major_version}" |
222 |
-+ fi |
223 |
-+ if test -n "$lib_nss"; then |
224 |
-+ libdirs="$libdirs -lnss${major_version}" |
225 |
-+ fi |
226 |
-+ if test -n "$lib_nssutil"; then |
227 |
-+ libdirs="$libdirs -lnssutil${major_version}" |
228 |
-+ fi |
229 |
-+ echo $libdirs |
230 |
-+fi |
231 |
-+ |
232 |
---- a/config/nss.pc.in |
233 |
-+++ b/config/nss.pc.in |
234 |
-@@ -0,0 +1,12 @@ |
235 |
-+prefix=@prefix@ |
236 |
-+exec_prefix=@exec_prefix@ |
237 |
-+libdir=@libdir@ |
238 |
-+includedir=@includedir@ |
239 |
-+ |
240 |
-+Name: NSS |
241 |
-+Description: Network Security Services |
242 |
-+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ |
243 |
-+Requires: nspr >= 4.8 |
244 |
-+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 |
245 |
-+Cflags: -I${includedir} |
246 |
-+ |
247 |
---- a/Makefile |
248 |
-+++ b/Makefile |
249 |
-@@ -47,7 +47,7 @@ |
250 |
- # (7) Execute "local" rules. (OPTIONAL). # |
251 |
- ####################################################################### |
252 |
- |
253 |
--nss_build_all: build_nspr all latest |
254 |
-+nss_build_all: all latest |
255 |
- |
256 |
- nss_clean_all: clobber_nspr clobber |
257 |
- |
258 |
-@@ -133,16 +133,6 @@ |
259 |
- --prefix='$(NSS_GYP_PREFIX)' |
260 |
- endif |
261 |
- |
262 |
--build_nspr: $(NSPR_CONFIG_STATUS) |
263 |
-- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) |
264 |
-- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests |
265 |
-- |
266 |
--install_nspr: build_nspr |
267 |
-- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install |
268 |
-- |
269 |
--clobber_nspr: $(NSPR_CONFIG_STATUS) |
270 |
-- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber |
271 |
-- |
272 |
- build_docs: |
273 |
- $(MAKE) -C $(CORE_DEPTH)/doc |
274 |
- |
275 |
---- a/manifest.mn |
276 |
-+++ b/manifest.mn |
277 |
-@@ -10,4 +10,4 @@ |
278 |
- |
279 |
- RELEASE = nss |
280 |
- |
281 |
--DIRS = coreconf lib cmd cpputil gtests |
282 |
-+DIRS = coreconf lib cmd cpputil config |
283 |
|
284 |
diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild |
285 |
deleted file mode 100644 |
286 |
index 25170cb99d3..00000000000 |
287 |
--- a/dev-libs/nss/nss-3.51.ebuild |
288 |
+++ /dev/null |
289 |
@@ -1,357 +0,0 @@ |
290 |
-# Copyright 1999-2020 Gentoo Authors |
291 |
-# Distributed under the terms of the GNU General Public License v2 |
292 |
- |
293 |
-EAPI=7 |
294 |
- |
295 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
296 |
- |
297 |
-NSPR_VER="4.25" |
298 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
299 |
- |
300 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
301 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
302 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
303 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )" |
304 |
- |
305 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
306 |
-SLOT="0" |
307 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
308 |
-IUSE="cacert utils" |
309 |
-RDEPEND=" |
310 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
311 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
312 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
313 |
- virtual/pkgconfig |
314 |
-" |
315 |
-DEPEND="${RDEPEND}" |
316 |
- |
317 |
-RESTRICT="test" |
318 |
- |
319 |
-S="${WORKDIR}/${P}/${PN}" |
320 |
- |
321 |
-MULTILIB_CHOST_TOOLS=( |
322 |
- /usr/bin/nss-config |
323 |
-) |
324 |
- |
325 |
-PATCHES=( |
326 |
- # Custom changes for gentoo |
327 |
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
328 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
329 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
330 |
-) |
331 |
- |
332 |
-src_prepare() { |
333 |
- if use cacert ; then #521462 |
334 |
- PATCHES+=( |
335 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
336 |
- ) |
337 |
- fi |
338 |
- |
339 |
- default |
340 |
- |
341 |
- pushd coreconf >/dev/null || die |
342 |
- # hack nspr paths |
343 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
344 |
- >> headers.mk || die "failed to append include" |
345 |
- |
346 |
- # modify install path |
347 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
348 |
- -i source.mk || die |
349 |
- |
350 |
- # Respect LDFLAGS |
351 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
352 |
- popd >/dev/null || die |
353 |
- |
354 |
- # Fix pkgconfig file for Prefix |
355 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
356 |
- config/Makefile || die |
357 |
- |
358 |
- # use host shlibsign if need be #436216 |
359 |
- if tc-is-cross-compiler ; then |
360 |
- sed -i \ |
361 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
362 |
- cmd/shlibsign/sign.sh || die |
363 |
- fi |
364 |
- |
365 |
- # dirty hack |
366 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
367 |
- lib/ssl/config.mk || die |
368 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
369 |
- cmd/platlibs.mk || die |
370 |
- |
371 |
- multilib_copy_sources |
372 |
- |
373 |
- strip-flags |
374 |
-} |
375 |
- |
376 |
-multilib_src_configure() { |
377 |
- # Ensure we stay multilib aware |
378 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
379 |
-} |
380 |
- |
381 |
-nssarch() { |
382 |
- # Most of the arches are the same as $ARCH |
383 |
- local t=${1:-${CHOST}} |
384 |
- case ${t} in |
385 |
- aarch64*)echo "aarch64";; |
386 |
- hppa*) echo "parisc";; |
387 |
- i?86*) echo "i686";; |
388 |
- x86_64*) echo "x86_64";; |
389 |
- *) tc-arch ${t};; |
390 |
- esac |
391 |
-} |
392 |
- |
393 |
-nssbits() { |
394 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
395 |
- if [[ ${1} == BUILD_ ]]; then |
396 |
- cc=$(tc-getBUILD_CC) |
397 |
- else |
398 |
- cc=$(tc-getCC) |
399 |
- fi |
400 |
- echo > "${T}"/test.c || die |
401 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
402 |
- case $(file "${T}/${1}test.o") in |
403 |
- *32-bit*x86-64*) echo USE_X32=1;; |
404 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
405 |
- *32-bit*|*ppc*|*i386*) ;; |
406 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
407 |
- esac |
408 |
-} |
409 |
- |
410 |
-multilib_src_compile() { |
411 |
- # use ABI to determine bit'ness, or fallback if unset |
412 |
- local buildbits mybits |
413 |
- case "${ABI}" in |
414 |
- n32) mybits="USE_N32=1";; |
415 |
- x32) mybits="USE_X32=1";; |
416 |
- s390x|*64) mybits="USE_64=1";; |
417 |
- ${DEFAULT_ABI}) |
418 |
- einfo "Running compilation test to determine bit'ness" |
419 |
- mybits=$(nssbits) |
420 |
- ;; |
421 |
- esac |
422 |
- # bitness of host may differ from target |
423 |
- if tc-is-cross-compiler; then |
424 |
- buildbits=$(nssbits BUILD_) |
425 |
- fi |
426 |
- |
427 |
- local makeargs=( |
428 |
- CC="$(tc-getCC)" |
429 |
- CCC="$(tc-getCXX)" |
430 |
- AR="$(tc-getAR) rc \$@" |
431 |
- RANLIB="$(tc-getRANLIB)" |
432 |
- OPTIMIZER= |
433 |
- ${mybits} |
434 |
- ) |
435 |
- |
436 |
- # Take care of nspr settings #436216 |
437 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
438 |
- unset NSPR_INCLUDE_DIR |
439 |
- |
440 |
- # Do not let `uname` be used. |
441 |
- if use kernel_linux ; then |
442 |
- makeargs+=( |
443 |
- OS_TARGET=Linux |
444 |
- OS_RELEASE=2.6 |
445 |
- OS_TEST="$(nssarch)" |
446 |
- ) |
447 |
- fi |
448 |
- |
449 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
450 |
- export NSS_ENABLE_WERROR=0 #567158 |
451 |
- export BUILD_OPT=1 |
452 |
- export NSS_USE_SYSTEM_SQLITE=1 |
453 |
- export NSDISTMODE=copy |
454 |
- export NSS_ENABLE_ECC=1 |
455 |
- export FREEBL_NO_DEPEND=1 |
456 |
- export FREEBL_LOWHASH=1 |
457 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
458 |
- export ASFLAGS="" |
459 |
- |
460 |
- local d |
461 |
- |
462 |
- # Build the host tools first. |
463 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
464 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
465 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
466 |
- emake -j1 -C coreconf \ |
467 |
- CC="$(tc-getBUILD_CC)" \ |
468 |
- ${buildbits-${mybits}} |
469 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
470 |
- |
471 |
- # Then build the target tools. |
472 |
- for d in . lib/dbm ; do |
473 |
- CPPFLAGS="${myCPPFLAGS}" \ |
474 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
475 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
476 |
- emake -j1 "${makeargs[@]}" -C ${d} |
477 |
- done |
478 |
-} |
479 |
- |
480 |
-# Altering these 3 libraries breaks the CHK verification. |
481 |
-# All of the following cause it to break: |
482 |
-# - stripping |
483 |
-# - prelink |
484 |
-# - ELF signing |
485 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
486 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
487 |
-# stripping. |
488 |
-#local_libdir="$(get_libdir)" |
489 |
-#export STRIP_MASK=" |
490 |
-# */${local_libdir}/libfreebl3.so* |
491 |
-# */${local_libdir}/libnssdbm3.so* |
492 |
-# */${local_libdir}/libsoftokn3.so*" |
493 |
- |
494 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
495 |
- |
496 |
-generate_chk() { |
497 |
- local shlibsign="$1" |
498 |
- local libdir="$2" |
499 |
- einfo "Resigning core NSS libraries for FIPS validation" |
500 |
- shift 2 |
501 |
- local i |
502 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
503 |
- local libname=lib${i}.so |
504 |
- local chkname=lib${i}.chk |
505 |
- "${shlibsign}" \ |
506 |
- -i "${libdir}"/${libname} \ |
507 |
- -o "${libdir}"/${chkname}.tmp \ |
508 |
- && mv -f \ |
509 |
- "${libdir}"/${chkname}.tmp \ |
510 |
- "${libdir}"/${chkname} \ |
511 |
- || die "Failed to sign ${libname}" |
512 |
- done |
513 |
-} |
514 |
- |
515 |
-cleanup_chk() { |
516 |
- local libdir="$1" |
517 |
- shift 1 |
518 |
- local i |
519 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
520 |
- local libfname="${libdir}/lib${i}.so" |
521 |
- # If the major version has changed, then we have old chk files. |
522 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
523 |
- && rm -f "${libfname}.chk" |
524 |
- done |
525 |
-} |
526 |
- |
527 |
-multilib_src_install() { |
528 |
- pushd dist >/dev/null || die |
529 |
- |
530 |
- dodir /usr/$(get_libdir) |
531 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
532 |
- local i |
533 |
- for i in crmf freebl nssb nssckfw ; do |
534 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
535 |
- done |
536 |
- |
537 |
- # Install nss-config and pkgconfig file |
538 |
- dodir /usr/bin |
539 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
540 |
- dodir /usr/$(get_libdir)/pkgconfig |
541 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
542 |
- |
543 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
544 |
- # bug 517266 |
545 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
546 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
547 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
548 |
- || die "could not create nss-softokn.pc" |
549 |
- |
550 |
- # all the include files |
551 |
- insinto /usr/include/nss |
552 |
- doins public/nss/*.{h,api} |
553 |
- insinto /usr/include/nss/private |
554 |
- doins private/nss/{blapi,alghmac,cmac}.h |
555 |
- |
556 |
- popd >/dev/null || die |
557 |
- |
558 |
- local f nssutils |
559 |
- # Always enabled because we need it for chk generation. |
560 |
- nssutils=( shlibsign ) |
561 |
- |
562 |
- if multilib_is_native_abi ; then |
563 |
- if use utils; then |
564 |
- # The tests we do not need to install. |
565 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
566 |
- #fipstest remtest sdrtest" |
567 |
- # checkcert utils has been removed in nss-3.22: |
568 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
569 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
570 |
- # certcgi has been removed in nss-3.36: |
571 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
572 |
- nssutils+=( |
573 |
- addbuiltin |
574 |
- atob |
575 |
- baddbdir |
576 |
- btoa |
577 |
- certutil |
578 |
- cmsutil |
579 |
- conflict |
580 |
- crlutil |
581 |
- derdump |
582 |
- digest |
583 |
- makepqg |
584 |
- mangle |
585 |
- modutil |
586 |
- multinit |
587 |
- nonspr10 |
588 |
- ocspclnt |
589 |
- oidcalc |
590 |
- p7content |
591 |
- p7env |
592 |
- p7sign |
593 |
- p7verify |
594 |
- pk11mode |
595 |
- pk12util |
596 |
- pp |
597 |
- rsaperf |
598 |
- selfserv |
599 |
- signtool |
600 |
- signver |
601 |
- ssltap |
602 |
- strsclnt |
603 |
- symkeyutil |
604 |
- tstclnt |
605 |
- vfychain |
606 |
- vfyserv |
607 |
- ) |
608 |
- # install man-pages for utils (bug #516810) |
609 |
- doman doc/nroff/*.1 |
610 |
- fi |
611 |
- pushd dist/*/bin >/dev/null || die |
612 |
- for f in ${nssutils[@]}; do |
613 |
- dobin ${f} |
614 |
- done |
615 |
- popd >/dev/null || die |
616 |
- fi |
617 |
- |
618 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
619 |
- # shlibsign after prelink. |
620 |
- dodir /etc/prelink.conf.d |
621 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
622 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
623 |
-} |
624 |
- |
625 |
-pkg_postinst() { |
626 |
- multilib_pkg_postinst() { |
627 |
- # We must re-sign the libraries AFTER they are stripped. |
628 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
629 |
- # See if we can execute it (cross-compiling & such). #436216 |
630 |
- "${shlibsign}" -h >&/dev/null |
631 |
- if [[ $? -gt 1 ]] ; then |
632 |
- shlibsign="shlibsign" |
633 |
- fi |
634 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
635 |
- } |
636 |
- |
637 |
- multilib_foreach_abi multilib_pkg_postinst |
638 |
-} |
639 |
- |
640 |
-pkg_postrm() { |
641 |
- multilib_pkg_postrm() { |
642 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
643 |
- } |
644 |
- |
645 |
- multilib_foreach_abi multilib_pkg_postrm |
646 |
-} |
647 |
|
648 |
diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild |
649 |
deleted file mode 100644 |
650 |
index ac5506ab597..00000000000 |
651 |
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild |
652 |
+++ /dev/null |
653 |
@@ -1,361 +0,0 @@ |
654 |
-# Copyright 1999-2020 Gentoo Authors |
655 |
-# Distributed under the terms of the GNU General Public License v2 |
656 |
- |
657 |
-EAPI=7 |
658 |
- |
659 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
660 |
- |
661 |
-NSPR_VER="4.25" |
662 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
663 |
- |
664 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
665 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
666 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
667 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )" |
668 |
- |
669 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
670 |
-SLOT="0" |
671 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
672 |
-IUSE="cacert utils" |
673 |
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND |
674 |
-RDEPEND=" |
675 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
676 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
677 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
678 |
- virtual/pkgconfig |
679 |
-" |
680 |
-DEPEND="${RDEPEND}" |
681 |
- |
682 |
-RESTRICT="test" |
683 |
- |
684 |
-S="${WORKDIR}/${P}/${PN}" |
685 |
- |
686 |
-MULTILIB_CHOST_TOOLS=( |
687 |
- /usr/bin/nss-config |
688 |
-) |
689 |
- |
690 |
-PATCHES=( |
691 |
- # Custom changes for gentoo |
692 |
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
693 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
694 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
695 |
- "${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch" |
696 |
-) |
697 |
- |
698 |
-src_prepare() { |
699 |
- if use cacert ; then #521462 |
700 |
- PATCHES+=( |
701 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
702 |
- ) |
703 |
- fi |
704 |
- |
705 |
- default |
706 |
- |
707 |
- pushd coreconf >/dev/null || die |
708 |
- # hack nspr paths |
709 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
710 |
- >> headers.mk || die "failed to append include" |
711 |
- |
712 |
- # modify install path |
713 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
714 |
- -i source.mk || die |
715 |
- |
716 |
- # Respect LDFLAGS |
717 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
718 |
- popd >/dev/null || die |
719 |
- |
720 |
- # Fix pkgconfig file for Prefix |
721 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
722 |
- config/Makefile || die |
723 |
- |
724 |
- # use host shlibsign if need be #436216 |
725 |
- if tc-is-cross-compiler ; then |
726 |
- sed -i \ |
727 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
728 |
- cmd/shlibsign/sign.sh || die |
729 |
- fi |
730 |
- |
731 |
- # dirty hack |
732 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
733 |
- lib/ssl/config.mk || die |
734 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
735 |
- cmd/platlibs.mk || die |
736 |
- |
737 |
- multilib_copy_sources |
738 |
- |
739 |
- strip-flags |
740 |
-} |
741 |
- |
742 |
-multilib_src_configure() { |
743 |
- # Ensure we stay multilib aware |
744 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
745 |
-} |
746 |
- |
747 |
-nssarch() { |
748 |
- # Most of the arches are the same as $ARCH |
749 |
- local t=${1:-${CHOST}} |
750 |
- case ${t} in |
751 |
- aarch64*)echo "aarch64";; |
752 |
- hppa*) echo "parisc";; |
753 |
- i?86*) echo "i686";; |
754 |
- x86_64*) echo "x86_64";; |
755 |
- *) tc-arch ${t};; |
756 |
- esac |
757 |
-} |
758 |
- |
759 |
-nssbits() { |
760 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
761 |
- if [[ ${1} == BUILD_ ]]; then |
762 |
- cc=$(tc-getBUILD_CC) |
763 |
- else |
764 |
- cc=$(tc-getCC) |
765 |
- fi |
766 |
- echo > "${T}"/test.c || die |
767 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
768 |
- case $(file "${T}/${1}test.o") in |
769 |
- *32-bit*x86-64*) echo USE_X32=1;; |
770 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
771 |
- *32-bit*|*ppc*|*i386*) ;; |
772 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
773 |
- esac |
774 |
-} |
775 |
- |
776 |
-multilib_src_compile() { |
777 |
- # use ABI to determine bit'ness, or fallback if unset |
778 |
- local buildbits mybits |
779 |
- case "${ABI}" in |
780 |
- n32) mybits="USE_N32=1";; |
781 |
- x32) mybits="USE_X32=1";; |
782 |
- s390x|*64) mybits="USE_64=1";; |
783 |
- ${DEFAULT_ABI}) |
784 |
- einfo "Running compilation test to determine bit'ness" |
785 |
- mybits=$(nssbits) |
786 |
- ;; |
787 |
- esac |
788 |
- # bitness of host may differ from target |
789 |
- if tc-is-cross-compiler; then |
790 |
- buildbits=$(nssbits BUILD_) |
791 |
- fi |
792 |
- |
793 |
- local makeargs=( |
794 |
- CC="$(tc-getCC)" |
795 |
- CCC="$(tc-getCXX)" |
796 |
- AR="$(tc-getAR) rc \$@" |
797 |
- RANLIB="$(tc-getRANLIB)" |
798 |
- OPTIMIZER= |
799 |
- ${mybits} |
800 |
- ) |
801 |
- |
802 |
- # Take care of nspr settings #436216 |
803 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
804 |
- unset NSPR_INCLUDE_DIR |
805 |
- |
806 |
- # Do not let `uname` be used. |
807 |
- if use kernel_linux ; then |
808 |
- makeargs+=( |
809 |
- OS_TARGET=Linux |
810 |
- OS_RELEASE=2.6 |
811 |
- OS_TEST="$(nssarch)" |
812 |
- ) |
813 |
- fi |
814 |
- |
815 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
816 |
- export NSS_ENABLE_WERROR=0 #567158 |
817 |
- export BUILD_OPT=1 |
818 |
- export NSS_USE_SYSTEM_SQLITE=1 |
819 |
- export NSDISTMODE=copy |
820 |
- export NSS_ENABLE_ECC=1 |
821 |
- export FREEBL_NO_DEPEND=1 |
822 |
- export FREEBL_LOWHASH=1 |
823 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
824 |
- export ASFLAGS="" |
825 |
- export USE_SYSTEM_ZLIB=1 |
826 |
- export ZLIB_LIBS=-lz |
827 |
- |
828 |
- local d |
829 |
- |
830 |
- # Build the host tools first. |
831 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
832 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
833 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
834 |
- emake -j1 -C coreconf \ |
835 |
- CC="$(tc-getBUILD_CC)" \ |
836 |
- ${buildbits-${mybits}} |
837 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
838 |
- |
839 |
- # Then build the target tools. |
840 |
- for d in . lib/dbm ; do |
841 |
- CPPFLAGS="${myCPPFLAGS}" \ |
842 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
843 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
844 |
- emake -j1 "${makeargs[@]}" -C ${d} |
845 |
- done |
846 |
-} |
847 |
- |
848 |
-# Altering these 3 libraries breaks the CHK verification. |
849 |
-# All of the following cause it to break: |
850 |
-# - stripping |
851 |
-# - prelink |
852 |
-# - ELF signing |
853 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
854 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
855 |
-# stripping. |
856 |
-#local_libdir="$(get_libdir)" |
857 |
-#export STRIP_MASK=" |
858 |
-# */${local_libdir}/libfreebl3.so* |
859 |
-# */${local_libdir}/libnssdbm3.so* |
860 |
-# */${local_libdir}/libsoftokn3.so*" |
861 |
- |
862 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
863 |
- |
864 |
-generate_chk() { |
865 |
- local shlibsign="$1" |
866 |
- local libdir="$2" |
867 |
- einfo "Resigning core NSS libraries for FIPS validation" |
868 |
- shift 2 |
869 |
- local i |
870 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
871 |
- local libname=lib${i}.so |
872 |
- local chkname=lib${i}.chk |
873 |
- "${shlibsign}" \ |
874 |
- -i "${libdir}"/${libname} \ |
875 |
- -o "${libdir}"/${chkname}.tmp \ |
876 |
- && mv -f \ |
877 |
- "${libdir}"/${chkname}.tmp \ |
878 |
- "${libdir}"/${chkname} \ |
879 |
- || die "Failed to sign ${libname}" |
880 |
- done |
881 |
-} |
882 |
- |
883 |
-cleanup_chk() { |
884 |
- local libdir="$1" |
885 |
- shift 1 |
886 |
- local i |
887 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
888 |
- local libfname="${libdir}/lib${i}.so" |
889 |
- # If the major version has changed, then we have old chk files. |
890 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
891 |
- && rm -f "${libfname}.chk" |
892 |
- done |
893 |
-} |
894 |
- |
895 |
-multilib_src_install() { |
896 |
- pushd dist >/dev/null || die |
897 |
- |
898 |
- dodir /usr/$(get_libdir) |
899 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
900 |
- local i |
901 |
- for i in crmf freebl nssb nssckfw ; do |
902 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
903 |
- done |
904 |
- |
905 |
- # Install nss-config and pkgconfig file |
906 |
- dodir /usr/bin |
907 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
908 |
- dodir /usr/$(get_libdir)/pkgconfig |
909 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
910 |
- |
911 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
912 |
- # bug 517266 |
913 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
914 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
915 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
916 |
- || die "could not create nss-softokn.pc" |
917 |
- |
918 |
- # all the include files |
919 |
- insinto /usr/include/nss |
920 |
- doins public/nss/*.{h,api} |
921 |
- insinto /usr/include/nss/private |
922 |
- doins private/nss/{blapi,alghmac,cmac}.h |
923 |
- |
924 |
- popd >/dev/null || die |
925 |
- |
926 |
- local f nssutils |
927 |
- # Always enabled because we need it for chk generation. |
928 |
- nssutils=( shlibsign ) |
929 |
- |
930 |
- if multilib_is_native_abi ; then |
931 |
- if use utils; then |
932 |
- # The tests we do not need to install. |
933 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
934 |
- #fipstest remtest sdrtest" |
935 |
- # checkcert utils has been removed in nss-3.22: |
936 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
937 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
938 |
- # certcgi has been removed in nss-3.36: |
939 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
940 |
- nssutils+=( |
941 |
- addbuiltin |
942 |
- atob |
943 |
- baddbdir |
944 |
- btoa |
945 |
- certutil |
946 |
- cmsutil |
947 |
- conflict |
948 |
- crlutil |
949 |
- derdump |
950 |
- digest |
951 |
- makepqg |
952 |
- mangle |
953 |
- modutil |
954 |
- multinit |
955 |
- nonspr10 |
956 |
- ocspclnt |
957 |
- oidcalc |
958 |
- p7content |
959 |
- p7env |
960 |
- p7sign |
961 |
- p7verify |
962 |
- pk11mode |
963 |
- pk12util |
964 |
- pp |
965 |
- rsaperf |
966 |
- selfserv |
967 |
- signtool |
968 |
- signver |
969 |
- ssltap |
970 |
- strsclnt |
971 |
- symkeyutil |
972 |
- tstclnt |
973 |
- vfychain |
974 |
- vfyserv |
975 |
- ) |
976 |
- # install man-pages for utils (bug #516810) |
977 |
- doman doc/nroff/*.1 |
978 |
- fi |
979 |
- pushd dist/*/bin >/dev/null || die |
980 |
- for f in ${nssutils[@]}; do |
981 |
- dobin ${f} |
982 |
- done |
983 |
- popd >/dev/null || die |
984 |
- fi |
985 |
- |
986 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
987 |
- # shlibsign after prelink. |
988 |
- dodir /etc/prelink.conf.d |
989 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
990 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
991 |
-} |
992 |
- |
993 |
-pkg_postinst() { |
994 |
- multilib_pkg_postinst() { |
995 |
- # We must re-sign the libraries AFTER they are stripped. |
996 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
997 |
- # See if we can execute it (cross-compiling & such). #436216 |
998 |
- "${shlibsign}" -h >&/dev/null |
999 |
- if [[ $? -gt 1 ]] ; then |
1000 |
- shlibsign="shlibsign" |
1001 |
- fi |
1002 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
1003 |
- } |
1004 |
- |
1005 |
- multilib_foreach_abi multilib_pkg_postinst |
1006 |
-} |
1007 |
- |
1008 |
-pkg_postrm() { |
1009 |
- multilib_pkg_postrm() { |
1010 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
1011 |
- } |
1012 |
- |
1013 |
- multilib_foreach_abi multilib_pkg_postrm |
1014 |
-} |
1015 |
|
1016 |
diff --git a/dev-libs/nss/nss-3.53.1.ebuild b/dev-libs/nss/nss-3.53.1.ebuild |
1017 |
deleted file mode 100644 |
1018 |
index d94d193dbe9..00000000000 |
1019 |
--- a/dev-libs/nss/nss-3.53.1.ebuild |
1020 |
+++ /dev/null |
1021 |
@@ -1,351 +0,0 @@ |
1022 |
-# Copyright 1999-2020 Gentoo Authors |
1023 |
-# Distributed under the terms of the GNU General Public License v2 |
1024 |
- |
1025 |
-EAPI=7 |
1026 |
- |
1027 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
1028 |
- |
1029 |
-NSPR_VER="4.25" |
1030 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
1031 |
- |
1032 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
1033 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
1034 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
1035 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )" |
1036 |
- |
1037 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
1038 |
-SLOT="0" |
1039 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
1040 |
-IUSE="cacert utils" |
1041 |
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND |
1042 |
-RDEPEND=" |
1043 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
1044 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
1045 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
1046 |
- virtual/pkgconfig |
1047 |
-" |
1048 |
-DEPEND="${RDEPEND}" |
1049 |
- |
1050 |
-RESTRICT="test" |
1051 |
- |
1052 |
-S="${WORKDIR}/${P}/${PN}" |
1053 |
- |
1054 |
-MULTILIB_CHOST_TOOLS=( |
1055 |
- /usr/bin/nss-config |
1056 |
-) |
1057 |
- |
1058 |
-PATCHES=( |
1059 |
- # Custom changes for gentoo |
1060 |
- "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch" |
1061 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
1062 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
1063 |
- "${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch" |
1064 |
-) |
1065 |
- |
1066 |
-src_prepare() { |
1067 |
- if use cacert ; then #521462 |
1068 |
- PATCHES+=( |
1069 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
1070 |
- ) |
1071 |
- fi |
1072 |
- |
1073 |
- default |
1074 |
- |
1075 |
- pushd coreconf >/dev/null || die |
1076 |
- # hack nspr paths |
1077 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
1078 |
- >> headers.mk || die "failed to append include" |
1079 |
- |
1080 |
- # modify install path |
1081 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
1082 |
- -i source.mk || die |
1083 |
- |
1084 |
- # Respect LDFLAGS |
1085 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
1086 |
- popd >/dev/null || die |
1087 |
- |
1088 |
- # Fix pkgconfig file for Prefix |
1089 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
1090 |
- config/Makefile || die |
1091 |
- |
1092 |
- # use host shlibsign if need be #436216 |
1093 |
- if tc-is-cross-compiler ; then |
1094 |
- sed -i \ |
1095 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
1096 |
- cmd/shlibsign/sign.sh || die |
1097 |
- fi |
1098 |
- |
1099 |
- # dirty hack |
1100 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
1101 |
- lib/ssl/config.mk || die |
1102 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
1103 |
- cmd/platlibs.mk || die |
1104 |
- |
1105 |
- multilib_copy_sources |
1106 |
- |
1107 |
- strip-flags |
1108 |
-} |
1109 |
- |
1110 |
-multilib_src_configure() { |
1111 |
- # Ensure we stay multilib aware |
1112 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
1113 |
-} |
1114 |
- |
1115 |
-nssarch() { |
1116 |
- # Most of the arches are the same as $ARCH |
1117 |
- local t=${1:-${CHOST}} |
1118 |
- case ${t} in |
1119 |
- aarch64*)echo "aarch64";; |
1120 |
- hppa*) echo "parisc";; |
1121 |
- i?86*) echo "i686";; |
1122 |
- x86_64*) echo "x86_64";; |
1123 |
- *) tc-arch ${t};; |
1124 |
- esac |
1125 |
-} |
1126 |
- |
1127 |
-nssbits() { |
1128 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
1129 |
- if [[ ${1} == BUILD_ ]]; then |
1130 |
- cc=$(tc-getBUILD_CC) |
1131 |
- else |
1132 |
- cc=$(tc-getCC) |
1133 |
- fi |
1134 |
- echo > "${T}"/test.c || die |
1135 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
1136 |
- case $(file "${T}/${1}test.o") in |
1137 |
- *32-bit*x86-64*) echo USE_X32=1;; |
1138 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
1139 |
- *32-bit*|*ppc*|*i386*) ;; |
1140 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
1141 |
- esac |
1142 |
-} |
1143 |
- |
1144 |
-multilib_src_compile() { |
1145 |
- # use ABI to determine bit'ness, or fallback if unset |
1146 |
- local buildbits mybits |
1147 |
- case "${ABI}" in |
1148 |
- n32) mybits="USE_N32=1";; |
1149 |
- x32) mybits="USE_X32=1";; |
1150 |
- s390x|*64) mybits="USE_64=1";; |
1151 |
- ${DEFAULT_ABI}) |
1152 |
- einfo "Running compilation test to determine bit'ness" |
1153 |
- mybits=$(nssbits) |
1154 |
- ;; |
1155 |
- esac |
1156 |
- # bitness of host may differ from target |
1157 |
- if tc-is-cross-compiler; then |
1158 |
- buildbits=$(nssbits BUILD_) |
1159 |
- fi |
1160 |
- |
1161 |
- local makeargs=( |
1162 |
- CC="$(tc-getCC)" |
1163 |
- CCC="$(tc-getCXX)" |
1164 |
- AR="$(tc-getAR) rc \$@" |
1165 |
- RANLIB="$(tc-getRANLIB)" |
1166 |
- OPTIMIZER= |
1167 |
- ${mybits} |
1168 |
- ) |
1169 |
- |
1170 |
- # Take care of nspr settings #436216 |
1171 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
1172 |
- unset NSPR_INCLUDE_DIR |
1173 |
- |
1174 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
1175 |
- export NSS_ENABLE_WERROR=0 #567158 |
1176 |
- export BUILD_OPT=1 |
1177 |
- export NSS_USE_SYSTEM_SQLITE=1 |
1178 |
- export NSDISTMODE=copy |
1179 |
- export FREEBL_NO_DEPEND=1 |
1180 |
- export FREEBL_LOWHASH=1 |
1181 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
1182 |
- export USE_SYSTEM_ZLIB=1 |
1183 |
- export ZLIB_LIBS=-lz |
1184 |
- export ASFLAGS="" |
1185 |
- |
1186 |
- local d |
1187 |
- |
1188 |
- # Build the host tools first. |
1189 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
1190 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
1191 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1192 |
- emake -j1 -C coreconf \ |
1193 |
- CC="$(tc-getBUILD_CC)" \ |
1194 |
- ${buildbits-${mybits}} |
1195 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
1196 |
- |
1197 |
- # Then build the target tools. |
1198 |
- for d in . lib/dbm ; do |
1199 |
- CPPFLAGS="${myCPPFLAGS}" \ |
1200 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
1201 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1202 |
- emake -j1 "${makeargs[@]}" -C ${d} |
1203 |
- done |
1204 |
-} |
1205 |
- |
1206 |
-# Altering these 3 libraries breaks the CHK verification. |
1207 |
-# All of the following cause it to break: |
1208 |
-# - stripping |
1209 |
-# - prelink |
1210 |
-# - ELF signing |
1211 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
1212 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
1213 |
-# stripping. |
1214 |
-#local_libdir="$(get_libdir)" |
1215 |
-#export STRIP_MASK=" |
1216 |
-# */${local_libdir}/libfreebl3.so* |
1217 |
-# */${local_libdir}/libnssdbm3.so* |
1218 |
-# */${local_libdir}/libsoftokn3.so*" |
1219 |
- |
1220 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
1221 |
- |
1222 |
-generate_chk() { |
1223 |
- local shlibsign="$1" |
1224 |
- local libdir="$2" |
1225 |
- einfo "Resigning core NSS libraries for FIPS validation" |
1226 |
- shift 2 |
1227 |
- local i |
1228 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1229 |
- local libname=lib${i}.so |
1230 |
- local chkname=lib${i}.chk |
1231 |
- "${shlibsign}" \ |
1232 |
- -i "${libdir}"/${libname} \ |
1233 |
- -o "${libdir}"/${chkname}.tmp \ |
1234 |
- && mv -f \ |
1235 |
- "${libdir}"/${chkname}.tmp \ |
1236 |
- "${libdir}"/${chkname} \ |
1237 |
- || die "Failed to sign ${libname}" |
1238 |
- done |
1239 |
-} |
1240 |
- |
1241 |
-cleanup_chk() { |
1242 |
- local libdir="$1" |
1243 |
- shift 1 |
1244 |
- local i |
1245 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1246 |
- local libfname="${libdir}/lib${i}.so" |
1247 |
- # If the major version has changed, then we have old chk files. |
1248 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
1249 |
- && rm -f "${libfname}.chk" |
1250 |
- done |
1251 |
-} |
1252 |
- |
1253 |
-multilib_src_install() { |
1254 |
- pushd dist >/dev/null || die |
1255 |
- |
1256 |
- dodir /usr/$(get_libdir) |
1257 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
1258 |
- local i |
1259 |
- for i in crmf freebl nssb nssckfw ; do |
1260 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
1261 |
- done |
1262 |
- |
1263 |
- # Install nss-config and pkgconfig file |
1264 |
- dodir /usr/bin |
1265 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
1266 |
- dodir /usr/$(get_libdir)/pkgconfig |
1267 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
1268 |
- |
1269 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
1270 |
- # bug 517266 |
1271 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
1272 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
1273 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
1274 |
- || die "could not create nss-softokn.pc" |
1275 |
- |
1276 |
- # all the include files |
1277 |
- insinto /usr/include/nss |
1278 |
- doins public/nss/*.{h,api} |
1279 |
- insinto /usr/include/nss/private |
1280 |
- doins private/nss/{blapi,alghmac,cmac}.h |
1281 |
- |
1282 |
- popd >/dev/null || die |
1283 |
- |
1284 |
- local f nssutils |
1285 |
- # Always enabled because we need it for chk generation. |
1286 |
- nssutils=( shlibsign ) |
1287 |
- |
1288 |
- if multilib_is_native_abi ; then |
1289 |
- if use utils; then |
1290 |
- # The tests we do not need to install. |
1291 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
1292 |
- #fipstest remtest sdrtest" |
1293 |
- # checkcert utils has been removed in nss-3.22: |
1294 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
1295 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
1296 |
- # certcgi has been removed in nss-3.36: |
1297 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
1298 |
- nssutils+=( |
1299 |
- addbuiltin |
1300 |
- atob |
1301 |
- baddbdir |
1302 |
- btoa |
1303 |
- certutil |
1304 |
- cmsutil |
1305 |
- conflict |
1306 |
- crlutil |
1307 |
- derdump |
1308 |
- digest |
1309 |
- makepqg |
1310 |
- mangle |
1311 |
- modutil |
1312 |
- multinit |
1313 |
- nonspr10 |
1314 |
- ocspclnt |
1315 |
- oidcalc |
1316 |
- p7content |
1317 |
- p7env |
1318 |
- p7sign |
1319 |
- p7verify |
1320 |
- pk11mode |
1321 |
- pk12util |
1322 |
- pp |
1323 |
- rsaperf |
1324 |
- selfserv |
1325 |
- signtool |
1326 |
- signver |
1327 |
- ssltap |
1328 |
- strsclnt |
1329 |
- symkeyutil |
1330 |
- tstclnt |
1331 |
- vfychain |
1332 |
- vfyserv |
1333 |
- ) |
1334 |
- # install man-pages for utils (bug #516810) |
1335 |
- doman doc/nroff/*.1 |
1336 |
- fi |
1337 |
- pushd dist/*/bin >/dev/null || die |
1338 |
- for f in ${nssutils[@]}; do |
1339 |
- dobin ${f} |
1340 |
- done |
1341 |
- popd >/dev/null || die |
1342 |
- fi |
1343 |
- |
1344 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
1345 |
- # shlibsign after prelink. |
1346 |
- dodir /etc/prelink.conf.d |
1347 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
1348 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
1349 |
-} |
1350 |
- |
1351 |
-pkg_postinst() { |
1352 |
- multilib_pkg_postinst() { |
1353 |
- # We must re-sign the libraries AFTER they are stripped. |
1354 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
1355 |
- # See if we can execute it (cross-compiling & such). #436216 |
1356 |
- "${shlibsign}" -h >&/dev/null |
1357 |
- if [[ $? -gt 1 ]] ; then |
1358 |
- shlibsign="shlibsign" |
1359 |
- fi |
1360 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
1361 |
- } |
1362 |
- |
1363 |
- multilib_foreach_abi multilib_pkg_postinst |
1364 |
-} |
1365 |
- |
1366 |
-pkg_postrm() { |
1367 |
- multilib_pkg_postrm() { |
1368 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
1369 |
- } |
1370 |
- |
1371 |
- multilib_foreach_abi multilib_pkg_postrm |
1372 |
-} |
1373 |
|
1374 |
diff --git a/dev-libs/nss/nss-3.54-r1.ebuild b/dev-libs/nss/nss-3.54-r1.ebuild |
1375 |
deleted file mode 100644 |
1376 |
index 5d96e159be4..00000000000 |
1377 |
--- a/dev-libs/nss/nss-3.54-r1.ebuild |
1378 |
+++ /dev/null |
1379 |
@@ -1,351 +0,0 @@ |
1380 |
-# Copyright 1999-2020 Gentoo Authors |
1381 |
-# Distributed under the terms of the GNU General Public License v2 |
1382 |
- |
1383 |
-EAPI=7 |
1384 |
- |
1385 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
1386 |
- |
1387 |
-NSPR_VER="4.26" |
1388 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
1389 |
- |
1390 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
1391 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
1392 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
1393 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )" |
1394 |
- |
1395 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
1396 |
-SLOT="0" |
1397 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
1398 |
-IUSE="cacert utils" |
1399 |
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND |
1400 |
-RDEPEND=" |
1401 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
1402 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
1403 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
1404 |
- virtual/pkgconfig |
1405 |
-" |
1406 |
-DEPEND="${RDEPEND}" |
1407 |
- |
1408 |
-RESTRICT="test" |
1409 |
- |
1410 |
-S="${WORKDIR}/${P}/${PN}" |
1411 |
- |
1412 |
-MULTILIB_CHOST_TOOLS=( |
1413 |
- /usr/bin/nss-config |
1414 |
-) |
1415 |
- |
1416 |
-PATCHES=( |
1417 |
- # Custom changes for gentoo |
1418 |
- "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch" |
1419 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
1420 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
1421 |
- "${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch" |
1422 |
-) |
1423 |
- |
1424 |
-src_prepare() { |
1425 |
- if use cacert ; then #521462 |
1426 |
- PATCHES+=( |
1427 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
1428 |
- ) |
1429 |
- fi |
1430 |
- |
1431 |
- default |
1432 |
- |
1433 |
- pushd coreconf >/dev/null || die |
1434 |
- # hack nspr paths |
1435 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
1436 |
- >> headers.mk || die "failed to append include" |
1437 |
- |
1438 |
- # modify install path |
1439 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
1440 |
- -i source.mk || die |
1441 |
- |
1442 |
- # Respect LDFLAGS |
1443 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
1444 |
- popd >/dev/null || die |
1445 |
- |
1446 |
- # Fix pkgconfig file for Prefix |
1447 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
1448 |
- config/Makefile || die |
1449 |
- |
1450 |
- # use host shlibsign if need be #436216 |
1451 |
- if tc-is-cross-compiler ; then |
1452 |
- sed -i \ |
1453 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
1454 |
- cmd/shlibsign/sign.sh || die |
1455 |
- fi |
1456 |
- |
1457 |
- # dirty hack |
1458 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
1459 |
- lib/ssl/config.mk || die |
1460 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
1461 |
- cmd/platlibs.mk || die |
1462 |
- |
1463 |
- multilib_copy_sources |
1464 |
- |
1465 |
- strip-flags |
1466 |
-} |
1467 |
- |
1468 |
-multilib_src_configure() { |
1469 |
- # Ensure we stay multilib aware |
1470 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
1471 |
-} |
1472 |
- |
1473 |
-nssarch() { |
1474 |
- # Most of the arches are the same as $ARCH |
1475 |
- local t=${1:-${CHOST}} |
1476 |
- case ${t} in |
1477 |
- aarch64*)echo "aarch64";; |
1478 |
- hppa*) echo "parisc";; |
1479 |
- i?86*) echo "i686";; |
1480 |
- x86_64*) echo "x86_64";; |
1481 |
- *) tc-arch ${t};; |
1482 |
- esac |
1483 |
-} |
1484 |
- |
1485 |
-nssbits() { |
1486 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
1487 |
- if [[ ${1} == BUILD_ ]]; then |
1488 |
- cc=$(tc-getBUILD_CC) |
1489 |
- else |
1490 |
- cc=$(tc-getCC) |
1491 |
- fi |
1492 |
- echo > "${T}"/test.c || die |
1493 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
1494 |
- case $(file "${T}/${1}test.o") in |
1495 |
- *32-bit*x86-64*) echo USE_X32=1;; |
1496 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
1497 |
- *32-bit*|*ppc*|*i386*) ;; |
1498 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
1499 |
- esac |
1500 |
-} |
1501 |
- |
1502 |
-multilib_src_compile() { |
1503 |
- # use ABI to determine bit'ness, or fallback if unset |
1504 |
- local buildbits mybits |
1505 |
- case "${ABI}" in |
1506 |
- n32) mybits="USE_N32=1";; |
1507 |
- x32) mybits="USE_X32=1";; |
1508 |
- s390x|*64) mybits="USE_64=1";; |
1509 |
- ${DEFAULT_ABI}) |
1510 |
- einfo "Running compilation test to determine bit'ness" |
1511 |
- mybits=$(nssbits) |
1512 |
- ;; |
1513 |
- esac |
1514 |
- # bitness of host may differ from target |
1515 |
- if tc-is-cross-compiler; then |
1516 |
- buildbits=$(nssbits BUILD_) |
1517 |
- fi |
1518 |
- |
1519 |
- local makeargs=( |
1520 |
- CC="$(tc-getCC)" |
1521 |
- CCC="$(tc-getCXX)" |
1522 |
- AR="$(tc-getAR) rc \$@" |
1523 |
- RANLIB="$(tc-getRANLIB)" |
1524 |
- OPTIMIZER= |
1525 |
- ${mybits} |
1526 |
- ) |
1527 |
- |
1528 |
- # Take care of nspr settings #436216 |
1529 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
1530 |
- unset NSPR_INCLUDE_DIR |
1531 |
- |
1532 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
1533 |
- export NSS_ENABLE_WERROR=0 #567158 |
1534 |
- export BUILD_OPT=1 |
1535 |
- export NSS_USE_SYSTEM_SQLITE=1 |
1536 |
- export NSDISTMODE=copy |
1537 |
- export FREEBL_NO_DEPEND=1 |
1538 |
- export FREEBL_LOWHASH=1 |
1539 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
1540 |
- export USE_SYSTEM_ZLIB=1 |
1541 |
- export ZLIB_LIBS=-lz |
1542 |
- export ASFLAGS="" |
1543 |
- |
1544 |
- local d |
1545 |
- |
1546 |
- # Build the host tools first. |
1547 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
1548 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
1549 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1550 |
- emake -j1 -C coreconf \ |
1551 |
- CC="$(tc-getBUILD_CC)" \ |
1552 |
- ${buildbits-${mybits}} |
1553 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
1554 |
- |
1555 |
- # Then build the target tools. |
1556 |
- for d in . lib/dbm ; do |
1557 |
- CPPFLAGS="${myCPPFLAGS}" \ |
1558 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
1559 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1560 |
- emake -j1 "${makeargs[@]}" -C ${d} |
1561 |
- done |
1562 |
-} |
1563 |
- |
1564 |
-# Altering these 3 libraries breaks the CHK verification. |
1565 |
-# All of the following cause it to break: |
1566 |
-# - stripping |
1567 |
-# - prelink |
1568 |
-# - ELF signing |
1569 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
1570 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
1571 |
-# stripping. |
1572 |
-#local_libdir="$(get_libdir)" |
1573 |
-#export STRIP_MASK=" |
1574 |
-# */${local_libdir}/libfreebl3.so* |
1575 |
-# */${local_libdir}/libnssdbm3.so* |
1576 |
-# */${local_libdir}/libsoftokn3.so*" |
1577 |
- |
1578 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
1579 |
- |
1580 |
-generate_chk() { |
1581 |
- local shlibsign="$1" |
1582 |
- local libdir="$2" |
1583 |
- einfo "Resigning core NSS libraries for FIPS validation" |
1584 |
- shift 2 |
1585 |
- local i |
1586 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1587 |
- local libname=lib${i}.so |
1588 |
- local chkname=lib${i}.chk |
1589 |
- "${shlibsign}" \ |
1590 |
- -i "${libdir}"/${libname} \ |
1591 |
- -o "${libdir}"/${chkname}.tmp \ |
1592 |
- && mv -f \ |
1593 |
- "${libdir}"/${chkname}.tmp \ |
1594 |
- "${libdir}"/${chkname} \ |
1595 |
- || die "Failed to sign ${libname}" |
1596 |
- done |
1597 |
-} |
1598 |
- |
1599 |
-cleanup_chk() { |
1600 |
- local libdir="$1" |
1601 |
- shift 1 |
1602 |
- local i |
1603 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1604 |
- local libfname="${libdir}/lib${i}.so" |
1605 |
- # If the major version has changed, then we have old chk files. |
1606 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
1607 |
- && rm -f "${libfname}.chk" |
1608 |
- done |
1609 |
-} |
1610 |
- |
1611 |
-multilib_src_install() { |
1612 |
- pushd dist >/dev/null || die |
1613 |
- |
1614 |
- dodir /usr/$(get_libdir) |
1615 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
1616 |
- local i |
1617 |
- for i in crmf freebl nssb nssckfw ; do |
1618 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
1619 |
- done |
1620 |
- |
1621 |
- # Install nss-config and pkgconfig file |
1622 |
- dodir /usr/bin |
1623 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
1624 |
- dodir /usr/$(get_libdir)/pkgconfig |
1625 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
1626 |
- |
1627 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
1628 |
- # bug 517266 |
1629 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
1630 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
1631 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
1632 |
- || die "could not create nss-softokn.pc" |
1633 |
- |
1634 |
- # all the include files |
1635 |
- insinto /usr/include/nss |
1636 |
- doins public/nss/*.{h,api} |
1637 |
- insinto /usr/include/nss/private |
1638 |
- doins private/nss/{blapi,alghmac,cmac}.h |
1639 |
- |
1640 |
- popd >/dev/null || die |
1641 |
- |
1642 |
- local f nssutils |
1643 |
- # Always enabled because we need it for chk generation. |
1644 |
- nssutils=( shlibsign ) |
1645 |
- |
1646 |
- if multilib_is_native_abi ; then |
1647 |
- if use utils; then |
1648 |
- # The tests we do not need to install. |
1649 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
1650 |
- #fipstest remtest sdrtest" |
1651 |
- # checkcert utils has been removed in nss-3.22: |
1652 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
1653 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
1654 |
- # certcgi has been removed in nss-3.36: |
1655 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
1656 |
- nssutils+=( |
1657 |
- addbuiltin |
1658 |
- atob |
1659 |
- baddbdir |
1660 |
- btoa |
1661 |
- certutil |
1662 |
- cmsutil |
1663 |
- conflict |
1664 |
- crlutil |
1665 |
- derdump |
1666 |
- digest |
1667 |
- makepqg |
1668 |
- mangle |
1669 |
- modutil |
1670 |
- multinit |
1671 |
- nonspr10 |
1672 |
- ocspclnt |
1673 |
- oidcalc |
1674 |
- p7content |
1675 |
- p7env |
1676 |
- p7sign |
1677 |
- p7verify |
1678 |
- pk11mode |
1679 |
- pk12util |
1680 |
- pp |
1681 |
- rsaperf |
1682 |
- selfserv |
1683 |
- signtool |
1684 |
- signver |
1685 |
- ssltap |
1686 |
- strsclnt |
1687 |
- symkeyutil |
1688 |
- tstclnt |
1689 |
- vfychain |
1690 |
- vfyserv |
1691 |
- ) |
1692 |
- # install man-pages for utils (bug #516810) |
1693 |
- doman doc/nroff/*.1 |
1694 |
- fi |
1695 |
- pushd dist/*/bin >/dev/null || die |
1696 |
- for f in ${nssutils[@]}; do |
1697 |
- dobin ${f} |
1698 |
- done |
1699 |
- popd >/dev/null || die |
1700 |
- fi |
1701 |
- |
1702 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
1703 |
- # shlibsign after prelink. |
1704 |
- dodir /etc/prelink.conf.d |
1705 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
1706 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
1707 |
-} |
1708 |
- |
1709 |
-pkg_postinst() { |
1710 |
- multilib_pkg_postinst() { |
1711 |
- # We must re-sign the libraries AFTER they are stripped. |
1712 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
1713 |
- # See if we can execute it (cross-compiling & such). #436216 |
1714 |
- "${shlibsign}" -h >&/dev/null |
1715 |
- if [[ $? -gt 1 ]] ; then |
1716 |
- shlibsign="shlibsign" |
1717 |
- fi |
1718 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
1719 |
- } |
1720 |
- |
1721 |
- multilib_foreach_abi multilib_pkg_postinst |
1722 |
-} |
1723 |
- |
1724 |
-pkg_postrm() { |
1725 |
- multilib_pkg_postrm() { |
1726 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
1727 |
- } |
1728 |
- |
1729 |
- multilib_foreach_abi multilib_pkg_postrm |
1730 |
-} |