[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/ - gentoo-commits

From:	Ian Stakenvicius <axs@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date:	Mon, 29 Feb 2016 22:09:32
Message-Id:	`1456783750.59ad04d3596068ff02498cbe28a3ef196d3075f2.axs@gentoo`

1

commit:     59ad04d3596068ff02498cbe28a3ef196d3075f2

2

Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>

3

AuthorDate: Mon Feb 29 22:08:33 2016 +0000

4

Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>

5

CommitDate: Mon Feb 29 22:09:10 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59ad04d3

7

8

dev-libs/nss: recommit version bump to 3.22.2

9

10

This version uses the new PR_GetEnvSecure function in nspr-4.12, and contains

11

root CA updates

12

13

Package-Manager: portage-2.2.26

14

15

 dev-libs/nss/Manifest          |   1 +

16

 dev-libs/nss/nss-3.22.2.ebuild | 331 +++++++++++++++++++++++++++++++++++++++++

17

 2 files changed, 332 insertions(+)

18

19

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest

20

index f66349d..a32331d 100644

21

--- a/dev-libs/nss/Manifest

22

+++ b/dev-libs/nss/Manifest

23

@@ -2,6 +2,7 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad

24

 DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6

25

 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de

26

 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4

27

+DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142

28

 DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d

29

 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac

30

 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

31

32

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild

33

new file mode 100644

34

index 0000000..1c5d1d3

35

--- /dev/null

36

+++ b/dev-libs/nss/nss-3.22.2.ebuild

37

@@ -0,0 +1,331 @@

38

+# Copyright 1999-2016 Gentoo Foundation

39

+# Distributed under the terms of the GNU General Public License v2

40

+# $Id$

41

+

42

+EAPI="5"

43

+

44

+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal

45

+

46

+NSPR_VER="4.12"

47

+RTM_NAME="NSS_${PV//./_}_RTM"

48

+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git

49

+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"

50

+PEM_P="${PN}-pem-20140125"

51

+

52

+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

53

+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"

54

+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

55

+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )

56

+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"

57

+

58

+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

59

+SLOT="0"

60

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

61

+IUSE="+cacert +nss-pem utils"

62

+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

63

+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"

64

+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]

65

+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

66

+	${CDEPEND}"

67

+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

68

+	${CDEPEND}

69

+	abi_x86_32? (

70

+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12

71

+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

72

+	)"

73

+

74

+RESTRICT="test"

75

+

76

+S="${WORKDIR}/${P}/${PN}"

77

+

78

+MULTILIB_CHOST_TOOLS=(

79

+	/usr/bin/nss-config

80

+)

81

+

82

+src_unpack() {

83

+	unpack ${A}

84

+	if use nss-pem ; then

85

+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die

86

+	fi

87

+}

88

+

89

+src_prepare() {

90

+	# Custom changes for gentoo

91

+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"

92

+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

93

+	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"

94

+

95

+	if use cacert ; then

96

+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"

97

+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462

98

+	fi

99

+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \

100

+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"

101

+

102

+	pushd coreconf >/dev/null || die

103

+	# hack nspr paths

104

+	echo 'INCLUDES += -I$(DIST)/include/dbm' \

105

+		>> headers.mk || die "failed to append include"

106

+

107

+	# modify install path

108

+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

109

+		-i source.mk || die

110

+

111

+	# Respect LDFLAGS

112

+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

113

+	popd >/dev/null || die

114

+

115

+	# Fix pkgconfig file for Prefix

116

+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

117

+		config/Makefile || die

118

+

119

+	# use host shlibsign if need be #436216

120

+	if tc-is-cross-compiler ; then

121

+		sed -i \

122

+			-e 's:"${2}"/shlibsign:shlibsign:' \

123

+			cmd/shlibsign/sign.sh || die

124

+	fi

125

+

126

+	# dirty hack

127

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

128

+		lib/ssl/config.mk || die

129

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

130

+		cmd/platlibs.mk || die

131

+

132

+	multilib_copy_sources

133

+

134

+	strip-flags

135

+}

136

+

137

+multilib_src_configure() {

138

+	# Ensure we stay multilib aware

139

+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

140

+}

141

+

142

+nssarch() {

143

+	# Most of the arches are the same as $ARCH

144

+	local t=${1:-${CHOST}}

145

+	case ${t} in

146

+		aarch64*)echo "aarch64";;

147

+		hppa*)   echo "parisc";;

148

+		i?86*)   echo "i686";;

149

+		x86_64*) echo "x86_64";;

150

+		*)       tc-arch ${t};;

151

+	esac

152

+}

153

+

154

+nssbits() {

155

+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

156

+	if [[ ${1} == BUILD_ ]]; then

157

+		cc=$(tc-getBUILD_CC)

158

+	else

159

+		cc=$(tc-getCC)

160

+	fi

161

+	echo > "${T}"/test.c || die

162

+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

163

+	case $(file "${T}/${1}test.o") in

164

+		*32-bit*x86-64*) echo USE_X32=1;;

165

+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

166

+		*32-bit*|*ppc*|*i386*) ;;

167

+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

168

+	esac

169

+}

170

+

171

+multilib_src_compile() {

172

+	# use ABI to determine bit'ness, or fallback if unset

173

+	local buildbits mybits

174

+	case "${ABI}" in

175

+		n32) mybits="USE_N32=1";;

176

+		x32) mybits="USE_X32=1";;

177

+		s390x|*64) mybits="USE_64=1";;

178

+		${DEFAULT_ABI})

179

+			einfo "Running compilation test to determine bit'ness"

180

+			mybits=$(nssbits)

181

+			;;

182

+	esac

183

+	# bitness of host may differ from target

184

+	if tc-is-cross-compiler; then

185

+		buildbits=$(nssbits BUILD_)

186

+	fi

187

+

188

+	local makeargs=(

189

+		CC="$(tc-getCC)"

190

+		AR="$(tc-getAR) rc \$@"

191

+		RANLIB="$(tc-getRANLIB)"

192

+		OPTIMIZER=

193

+		${mybits}

194

+	)

195

+

196

+	# Take care of nspr settings #436216

197

+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

198

+	unset NSPR_INCLUDE_DIR

199

+

200

+	# Do not let `uname` be used.

201

+	if use kernel_linux ; then

202

+		makeargs+=(

203

+			OS_TARGET=Linux

204

+			OS_RELEASE=2.6

205

+			OS_TEST="$(nssarch)"

206

+		)

207

+	fi

208

+

209

+	export NSS_ENABLE_WERROR=0 #567158

210

+	export BUILD_OPT=1

211

+	export NSS_USE_SYSTEM_SQLITE=1

212

+	export NSDISTMODE=copy

213

+	export NSS_ENABLE_ECC=1

214

+	export FREEBL_NO_DEPEND=1

215

+	export ASFLAGS=""

216

+

217

+	local d

218

+

219

+	# Build the host tools first.

220

+	LDFLAGS="${BUILD_LDFLAGS}" \

221

+	XCFLAGS="${BUILD_CFLAGS}" \

222

+	NSPR_LIB_DIR="${T}/fakedir" \

223

+	emake -j1 -C coreconf \

224

+		CC="$(tc-getBUILD_CC)" \

225

+		${buildbits:-${mybits}}

226

+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

227

+

228

+	# Then build the target tools.

229

+	for d in . lib/dbm ; do

230

+		CPPFLAGS="${myCPPFLAGS}" \

231

+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

232

+		NSPR_LIB_DIR="${T}/fakedir" \

233

+		emake -j1 "${makeargs[@]}" -C ${d}

234

+	done

235

+}

236

+

237

+# Altering these 3 libraries breaks the CHK verification.

238

+# All of the following cause it to break:

239

+# - stripping

240

+# - prelink

241

+# - ELF signing

242

+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

243

+# Either we have to NOT strip them, or we have to forcibly resign after

244

+# stripping.

245

+#local_libdir="$(get_libdir)"

246

+#export STRIP_MASK="

247

+#	*/${local_libdir}/libfreebl3.so*

248

+#	*/${local_libdir}/libnssdbm3.so*

249

+#	*/${local_libdir}/libsoftokn3.so*"

250

+

251

+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

252

+

253

+generate_chk() {

254

+	local shlibsign="$1"

255

+	local libdir="$2"

256

+	einfo "Resigning core NSS libraries for FIPS validation"

257

+	shift 2

258

+	local i

259

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

260

+		local libname=lib${i}.so

261

+		local chkname=lib${i}.chk

262

+		"${shlibsign}" \

263

+			-i "${libdir}"/${libname} \

264

+			-o "${libdir}"/${chkname}.tmp \

265

+		&& mv -f \

266

+			"${libdir}"/${chkname}.tmp \

267

+			"${libdir}"/${chkname} \

268

+		|| die "Failed to sign ${libname}"

269

+	done

270

+}

271

+

272

+cleanup_chk() {

273

+	local libdir="$1"

274

+	shift 1

275

+	local i

276

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

277

+		local libfname="${libdir}/lib${i}.so"

278

+		# If the major version has changed, then we have old chk files.

279

+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

280

+			&& rm -f "${libfname}.chk"

281

+	done

282

+}

283

+

284

+multilib_src_install() {

285

+	pushd dist >/dev/null || die

286

+

287

+	dodir /usr/$(get_libdir)

288

+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

289

+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

290

+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

291

+

292

+	# Install nss-config and pkgconfig file

293

+	dodir /usr/bin

294

+	cp -L */bin/nss-config "${ED}"/usr/bin || die

295

+	dodir /usr/$(get_libdir)/pkgconfig

296

+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

297

+

298

+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

299

+	# bug 517266

300

+	sed 	-e 's#Libs:#Libs: -lfreebl#' \

301

+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

302

+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

303

+		|| die "could not create nss-softokn.pc"

304

+

305

+	# all the include files

306

+	insinto /usr/include/nss

307

+	doins public/nss/*.h

308

+	insinto /usr/include/nss/private

309

+	doins private/nss/{blapi,alghmac}.h

310

+

311

+	popd >/dev/null || die

312

+

313

+	local f nssutils

314

+	# Always enabled because we need it for chk generation.

315

+	nssutils="shlibsign"

316

+

317

+	if multilib_is_native_abi ; then

318

+		if use utils; then

319

+			# The tests we do not need to install.

320

+			#nssutils_test="bltest crmftest dbtest dertimetest

321

+			#fipstest remtest sdrtest"

322

+			# checkcert utils has been removed in nss-3.22:

323

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545

324

+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870

325

+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil

326

+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit

327

+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode

328

+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt

329

+			symkeyutil tstclnt vfychain vfyserv"

330

+			# install man-pages for utils (bug #516810)

331

+			doman doc/nroff/*.1

332

+		fi

333

+		pushd dist/*/bin >/dev/null || die

334

+		for f in ${nssutils}; do

335

+			dobin ${f}

336

+		done

337

+		popd >/dev/null || die

338

+	fi

339

+

340

+	# Prelink breaks the CHK files. We don't have any reliable way to run

341

+	# shlibsign after prelink.

342

+	dodir /etc/prelink.conf.d

343

+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \

344

+		> "${ED}"/etc/prelink.conf.d/nss.conf

345

+}

346

+

347

+pkg_postinst() {

348

+	multilib_pkg_postinst() {

349

+		# We must re-sign the libraries AFTER they are stripped.

350

+		local shlibsign="${EROOT}/usr/bin/shlibsign"

351

+		# See if we can execute it (cross-compiling & such). #436216

352

+		"${shlibsign}" -h >&/dev/null

353

+		if [[ $? -gt 1 ]] ; then

354

+			shlibsign="shlibsign"

355

+		fi

356

+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

357

+	}

358

+

359

+	multilib_foreach_abi multilib_pkg_postinst

360

+}

361

+

362

+pkg_postrm() {

363

+	multilib_pkg_postrm() {

364

+		cleanup_chk "${EROOT}"/usr/$(get_libdir)

365

+	}

366

+

367

+	multilib_foreach_abi multilib_pkg_postrm

368

+}

1	commit: 59ad04d3596068ff02498cbe28a3ef196d3075f2
2	Author: Ian Stakenvicius <axs <AT> gentoo <DOT> org>
3	AuthorDate: Mon Feb 29 22:08:33 2016 +0000
4	Commit: Ian Stakenvicius <axs <AT> gentoo <DOT> org>
5	CommitDate: Mon Feb 29 22:09:10 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59ad04d3
7
8	dev-libs/nss: recommit version bump to 3.22.2
9
10	This version uses the new PR_GetEnvSecure function in nspr-4.12, and contains
11	root CA updates
12
13	Package-Manager: portage-2.2.26
14
15	dev-libs/nss/Manifest \| 1 +
16	dev-libs/nss/nss-3.22.2.ebuild \| 331 +++++++++++++++++++++++++++++++++++++++++
17	2 files changed, 332 insertions(+)
18
19	diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
20	index f66349d..a32331d 100644
21	--- a/dev-libs/nss/Manifest
22	+++ b/dev-libs/nss/Manifest
23	@@ -2,6 +2,7 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
24	DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
25	DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
26	DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
27	+DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
28	DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
29	DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
30	DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
31
32	diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
33	new file mode 100644
34	index 0000000..1c5d1d3
35	--- /dev/null
36	+++ b/dev-libs/nss/nss-3.22.2.ebuild
37	@@ -0,0 +1,331 @@
38	+# Copyright 1999-2016 Gentoo Foundation
39	+# Distributed under the terms of the GNU General Public License v2
40	+# $Id$
41	+
42	+EAPI="5"
43	+
44	+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
45	+
46	+NSPR_VER="4.12"
47	+RTM_NAME="NSS_${PV//./_}_RTM"
48	+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
49	+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
50	+PEM_P="${PN}-pem-20140125"
51	+
52	+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
53	+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
54	+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
55	+ cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
56	+ nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
57	+
58	+LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
59	+SLOT="0"
60	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
61	+IUSE="+cacert +nss-pem utils"
62	+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
63	+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
64	+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
65	+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
66	+ ${CDEPEND}"
67	+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
68	+ ${CDEPEND}
69	+ abi_x86_32? (
70	+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
71	+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
72	+ )"
73	+
74	+RESTRICT="test"
75	+
76	+S="${WORKDIR}/${P}/${PN}"
77	+
78	+MULTILIB_CHOST_TOOLS=(
79	+ /usr/bin/nss-config
80	+)
81	+
82	+src_unpack() {
83	+ unpack ${A}
84	+ if use nss-pem ; then
85	+ mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ \|\| die
86	+ fi
87	+}
88	+
89	+src_prepare() {
90	+ # Custom changes for gentoo
91	+ epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
92	+ epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
93	+ epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
94	+
95	+ if use cacert ; then
96	+ epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
97	+ epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
98	+ fi
99	+ use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
100	+ "${FILESDIR}/${PN}-3.21-pem-werror.patch"
101	+
102	+ pushd coreconf >/dev/null \|\| die
103	+ # hack nspr paths
104	+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
105	+ >> headers.mk \|\| die "failed to append include"
106	+
107	+ # modify install path
108	+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
109	+ -i source.mk \|\| die
110	+
111	+ # Respect LDFLAGS
112	+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
113	+ popd >/dev/null \|\| die
114	+
115	+ # Fix pkgconfig file for Prefix
116	+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
117	+ config/Makefile \|\| die
118	+
119	+ # use host shlibsign if need be #436216
120	+ if tc-is-cross-compiler ; then
121	+ sed -i \
122	+ -e 's:"${2}"/shlibsign:shlibsign:' \
123	+ cmd/shlibsign/sign.sh \|\| die
124	+ fi
125	+
126	+ # dirty hack
127	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
128	+ lib/ssl/config.mk \|\| die
129	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
130	+ cmd/platlibs.mk \|\| die
131	+
132	+ multilib_copy_sources
133	+
134	+ strip-flags
135	+}
136	+
137	+multilib_src_configure() {
138	+ # Ensure we stay multilib aware
139	+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
140	+}
141	+
142	+nssarch() {
143	+ # Most of the arches are the same as $ARCH
144	+ local t=${1:-${CHOST}}
145	+ case ${t} in
146	+ aarch64*)echo "aarch64";;
147	+ hppa*) echo "parisc";;
148	+ i?86*) echo "i686";;
149	+ x86_64*) echo "x86_64";;
150	+ *) tc-arch ${t};;
151	+ esac
152	+}
153	+
154	+nssbits() {
155	+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
156	+ if [[ ${1} == BUILD_ ]]; then
157	+ cc=$(tc-getBUILD_CC)
158	+ else
159	+ cc=$(tc-getCC)
160	+ fi
161	+ echo > "${T}"/test.c \|\| die
162	+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
163	+ case $(file "${T}/${1}test.o") in
164	+ 32-bitx86-64*) echo USE_X32=1;;
165	+ 64-bit\|ppc64\|x86_64) echo USE_64=1;;
166	+ 32-bit\|ppc\|i386) ;;
167	+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
168	+ esac
169	+}
170	+
171	+multilib_src_compile() {
172	+ # use ABI to determine bit'ness, or fallback if unset
173	+ local buildbits mybits
174	+ case "${ABI}" in
175	+ n32) mybits="USE_N32=1";;
176	+ x32) mybits="USE_X32=1";;
177	+ s390x\|*64) mybits="USE_64=1";;
178	+ ${DEFAULT_ABI})
179	+ einfo "Running compilation test to determine bit'ness"
180	+ mybits=$(nssbits)
181	+ ;;
182	+ esac
183	+ # bitness of host may differ from target
184	+ if tc-is-cross-compiler; then
185	+ buildbits=$(nssbits BUILD_)
186	+ fi
187	+
188	+ local makeargs=(
189	+ CC="$(tc-getCC)"
190	+ AR="$(tc-getAR) rc \$@"
191	+ RANLIB="$(tc-getRANLIB)"
192	+ OPTIMIZER=
193	+ ${mybits}
194	+ )
195	+
196	+ # Take care of nspr settings #436216
197	+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
198	+ unset NSPR_INCLUDE_DIR
199	+
200	+ # Do not let `uname` be used.
201	+ if use kernel_linux ; then
202	+ makeargs+=(
203	+ OS_TARGET=Linux
204	+ OS_RELEASE=2.6
205	+ OS_TEST="$(nssarch)"
206	+ )
207	+ fi
208	+
209	+ export NSS_ENABLE_WERROR=0 #567158
210	+ export BUILD_OPT=1
211	+ export NSS_USE_SYSTEM_SQLITE=1
212	+ export NSDISTMODE=copy
213	+ export NSS_ENABLE_ECC=1
214	+ export FREEBL_NO_DEPEND=1
215	+ export ASFLAGS=""
216	+
217	+ local d
218	+
219	+ # Build the host tools first.
220	+ LDFLAGS="${BUILD_LDFLAGS}" \
221	+ XCFLAGS="${BUILD_CFLAGS}" \
222	+ NSPR_LIB_DIR="${T}/fakedir" \
223	+ emake -j1 -C coreconf \
224	+ CC="$(tc-getBUILD_CC)" \
225	+ ${buildbits:-${mybits}}
226	+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
227	+
228	+ # Then build the target tools.
229	+ for d in . lib/dbm ; do
230	+ CPPFLAGS="${myCPPFLAGS}" \
231	+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
232	+ NSPR_LIB_DIR="${T}/fakedir" \
233	+ emake -j1 "${makeargs[@]}" -C ${d}
234	+ done
235	+}
236	+
237	+# Altering these 3 libraries breaks the CHK verification.
238	+# All of the following cause it to break:
239	+# - stripping
240	+# - prelink
241	+# - ELF signing
242	+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
243	+# Either we have to NOT strip them, or we have to forcibly resign after
244	+# stripping.
245	+#local_libdir="$(get_libdir)"
246	+#export STRIP_MASK="
247	+# /${local_libdir}/libfreebl3.so
248	+# /${local_libdir}/libnssdbm3.so
249	+# /${local_libdir}/libsoftokn3.so"
250	+
251	+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
252	+
253	+generate_chk() {
254	+ local shlibsign="$1"
255	+ local libdir="$2"
256	+ einfo "Resigning core NSS libraries for FIPS validation"
257	+ shift 2
258	+ local i
259	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
260	+ local libname=lib${i}.so
261	+ local chkname=lib${i}.chk
262	+ "${shlibsign}" \
263	+ -i "${libdir}"/${libname} \
264	+ -o "${libdir}"/${chkname}.tmp \
265	+ && mv -f \
266	+ "${libdir}"/${chkname}.tmp \
267	+ "${libdir}"/${chkname} \
268	+ \|\| die "Failed to sign ${libname}"
269	+ done
270	+}
271	+
272	+cleanup_chk() {
273	+ local libdir="$1"
274	+ shift 1
275	+ local i
276	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
277	+ local libfname="${libdir}/lib${i}.so"
278	+ # If the major version has changed, then we have old chk files.
279	+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
280	+ && rm -f "${libfname}.chk"
281	+ done
282	+}
283	+
284	+multilib_src_install() {
285	+ pushd dist >/dev/null \|\| die
286	+
287	+ dodir /usr/$(get_libdir)
288	+ cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
289	+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
290	+ cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
291	+
292	+ # Install nss-config and pkgconfig file
293	+ dodir /usr/bin
294	+ cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
295	+ dodir /usr/$(get_libdir)/pkgconfig
296	+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
297	+
298	+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
299	+ # bug 517266
300	+ sed -e 's#Libs:#Libs: -lfreebl#' \
301	+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
302	+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
303	+ \|\| die "could not create nss-softokn.pc"
304	+
305	+ # all the include files
306	+ insinto /usr/include/nss
307	+ doins public/nss/*.h
308	+ insinto /usr/include/nss/private
309	+ doins private/nss/{blapi,alghmac}.h
310	+
311	+ popd >/dev/null \|\| die
312	+
313	+ local f nssutils
314	+ # Always enabled because we need it for chk generation.
315	+ nssutils="shlibsign"
316	+
317	+ if multilib_is_native_abi ; then
318	+ if use utils; then
319	+ # The tests we do not need to install.
320	+ #nssutils_test="bltest crmftest dbtest dertimetest
321	+ #fipstest remtest sdrtest"
322	+ # checkcert utils has been removed in nss-3.22:
323	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
324	+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
325	+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil
326	+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
327	+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
328	+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
329	+ symkeyutil tstclnt vfychain vfyserv"
330	+ # install man-pages for utils (bug #516810)
331	+ doman doc/nroff/*.1
332	+ fi
333	+ pushd dist/*/bin >/dev/null \|\| die
334	+ for f in ${nssutils}; do
335	+ dobin ${f}
336	+ done
337	+ popd >/dev/null \|\| die
338	+ fi
339	+
340	+ # Prelink breaks the CHK files. We don't have any reliable way to run
341	+ # shlibsign after prelink.
342	+ dodir /etc/prelink.conf.d
343	+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
344	+ > "${ED}"/etc/prelink.conf.d/nss.conf
345	+}
346	+
347	+pkg_postinst() {
348	+ multilib_pkg_postinst() {
349	+ # We must re-sign the libraries AFTER they are stripped.
350	+ local shlibsign="${EROOT}/usr/bin/shlibsign"
351	+ # See if we can execute it (cross-compiling & such). #436216
352	+ "${shlibsign}" -h >&/dev/null
353	+ if [[ $? -gt 1 ]] ; then
354	+ shlibsign="shlibsign"
355	+ fi
356	+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
357	+ }
358	+
359	+ multilib_foreach_abi multilib_pkg_postinst
360	+}
361	+
362	+pkg_postrm() {
363	+ multilib_pkg_postrm() {
364	+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
365	+ }
366	+
367	+ multilib_foreach_abi multilib_pkg_postrm
368	+}

Gentoo Archives: gentoo-commits