[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/ - gentoo-commits

From:	Joonas Niilola <juippis@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
Date:	Tue, 29 Mar 2022 07:20:49
Message-Id:	`1648538439.d74294e90fea6298740a2833fcbfa285647b25b6.juippis@gentoo`

1

commit:     d74294e90fea6298740a2833fcbfa285647b25b6

2

Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>

3

AuthorDate: Tue Mar 29 06:55:20 2022 +0000

4

Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>

5

CommitDate: Tue Mar 29 07:20:39 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d74294e9

7

8

dev-libs/nss: add 3.76.1

9

10

 - respect LD.

11

12

Bug: https://bugs.gentoo.org/834846

13

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

14

15

 dev-libs/nss/Manifest                    |   1 +

16

 dev-libs/nss/files/nss-3.68-ld-fix.patch |  29 +++

17

 dev-libs/nss/nss-3.76.1.ebuild           | 363 +++++++++++++++++++++++++++++++

18

 3 files changed, 393 insertions(+)

19

20

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest

21

index 023b5b2f2dfc..c8bbe5f9d24b 100644

22

--- a/dev-libs/nss/Manifest

23

+++ b/dev-libs/nss/Manifest

24

@@ -1,4 +1,5 @@

25

 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de

26

 DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d

27

+DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54

28

 DIST nss-3.76.tar.gz 84623743 BLAKE2B 4e7ce8cfbfccae4d92357a86a0170427a50594387a73bd101e7400c85945de6104247900b4a0d5c0571370f718dc01b40749eba460b87ff339e097c07769412d SHA512 ffbdd8a27f60b796e1204912cde2fa62ac99747ce550258ccdd6fe96d60a46c6ac3f82758a7aba3c7ee58da4e7bf09f1bf817fb9f0fa4e62faaea08a6301b8bd

29

 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

30

31

diff --git a/dev-libs/nss/files/nss-3.68-ld-fix.patch b/dev-libs/nss/files/nss-3.68-ld-fix.patch

32

new file mode 100644

33

index 000000000000..ecdbdeebd4cf

34

--- /dev/null

35

+++ b/dev-libs/nss/files/nss-3.68-ld-fix.patch

36

@@ -0,0 +1,29 @@

37

+From 3cba2869869c8480605f7ffcc41d2e4bae1b31c8 Mon Sep 17 00:00:00 2001

38

+From: Zi Lin <lziest@××××××.com>

39

+Date: Wed, 9 Mar 2022 19:14:16 +0000

40

+Subject: [PATCH] Use $(LD) instead of 'ld' for cross-platform compilation

41

+

42

+---

43

+ coreconf/Linux.mk | 3 ++-

44

+ 1 file changed, 2 insertions(+), 1 deletion(-)

45

+

46

+diff -Naur a/coreconf/Linux.mk b/coreconf/Linux.mk

47

+--- a/coreconf/Linux.mk	2022-03-03 12:18:53.000000000 +0200

48

++++ b/coreconf/Linux.mk	2022-03-29 08:59:10.157349449 +0300

49

+@@ -6,6 +6,7 @@

50

+ CC     ?= gcc

51

+ CCC    ?= g++

52

+ RANLIB ?= ranlib

53

++LD     ?= ld

54

+

55

+ include $(CORE_DEPTH)/coreconf/UNIX.mk

56

+

57

+@@ -157,7 +158,7 @@

58

+ # Also, -z defs conflicts with Address Sanitizer, which emits relocations

59

+ # against the libsanitizer runtime built into the main executable.

60

+ ZDEFS_FLAG		= -Wl,-z,defs

61

+-DSO_LDOPTS		+= $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))

62

++DSO_LDOPTS		+= $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG))

63

+ LDFLAGS			+= $(ARCHFLAG) -z noexecstack

64

+

65

+ # On Maemo, we need to use the -rpath-link flag for even the standard system

66

67

diff --git a/dev-libs/nss/nss-3.76.1.ebuild b/dev-libs/nss/nss-3.76.1.ebuild

68

new file mode 100644

69

index 000000000000..f927277815f9

70

--- /dev/null

71

+++ b/dev-libs/nss/nss-3.76.1.ebuild

72

@@ -0,0 +1,363 @@

73

+# Copyright 1999-2022 Gentoo Authors

74

+# Distributed under the terms of the GNU General Public License v2

75

+

76

+EAPI=8

77

+

78

+inherit flag-o-matic multilib toolchain-funcs multilib-minimal

79

+

80

+NSPR_VER="4.32"

81

+RTM_NAME="NSS_${PV//./_}_RTM"

82

+

83

+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

84

+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"

85

+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

86

+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"

87

+

88

+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

89

+SLOT="0"

90

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"

91

+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"

92

+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND

93

+RDEPEND="

94

+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

95

+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

96

+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]

97

+	virtual/pkgconfig

98

+"

99

+DEPEND="${RDEPEND}"

100

+BDEPEND="dev-lang/perl"

101

+

102

+RESTRICT="test"

103

+

104

+S="${WORKDIR}/${P}/${PN}"

105

+

106

+MULTILIB_CHOST_TOOLS=(

107

+	/usr/bin/nss-config

108

+)

109

+

110

+PATCHES=(

111

+	# Custom changes for gentoo

112

+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"

113

+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

114

+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"

115

+	"${FILESDIR}/nss-3.68-ld-fix.patch"

116

+)

117

+

118

+src_prepare() {

119

+	default

120

+

121

+	if use cacert ; then

122

+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch

123

+	fi

124

+

125

+	pushd coreconf >/dev/null || die

126

+	# hack nspr paths

127

+	echo 'INCLUDES += -I$(DIST)/include/dbm' \

128

+		>> headers.mk || die "failed to append include"

129

+

130

+	# modify install path

131

+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

132

+		-i source.mk || die

133

+

134

+	# Respect LDFLAGS

135

+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

136

+	popd >/dev/null || die

137

+

138

+	# Fix pkgconfig file for Prefix

139

+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

140

+		config/Makefile || die

141

+

142

+	# use host shlibsign if need be #436216

143

+	if tc-is-cross-compiler ; then

144

+		sed -i \

145

+			-e 's:"${2}"/shlibsign:shlibsign:' \

146

+			cmd/shlibsign/sign.sh || die

147

+	fi

148

+

149

+	# dirty hack

150

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

151

+		lib/ssl/config.mk || die

152

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

153

+		cmd/platlibs.mk || die

154

+

155

+	multilib_copy_sources

156

+

157

+	strip-flags

158

+}

159

+

160

+multilib_src_configure() {

161

+	# Ensure we stay multilib aware

162

+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

163

+}

164

+

165

+nssarch() {

166

+	# Most of the arches are the same as $ARCH

167

+	local t=${1:-${CHOST}}

168

+	case ${t} in

169

+		*86*-pc-solaris2*) echo "i86pc"   ;;

170

+		aarch64*)          echo "aarch64" ;;

171

+		hppa*)             echo "parisc"  ;;

172

+		i?86*)             echo "i686"    ;;

173

+		x86_64*)           echo "x86_64"  ;;

174

+		*)                 tc-arch ${t}   ;;

175

+	esac

176

+}

177

+

178

+nssbits() {

179

+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

180

+	if [[ ${1} == BUILD_ ]]; then

181

+		cc=$(tc-getBUILD_CC)

182

+	else

183

+		cc=$(tc-getCC)

184

+	fi

185

+	echo > "${T}"/test.c || die

186

+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

187

+	case $(file "${T}/${1}test.o") in

188

+		*32-bit*x86-64*) echo USE_X32=1;;

189

+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

190

+		*32-bit*|*ppc*|*i386*) ;;

191

+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

192

+	esac

193

+}

194

+

195

+multilib_src_compile() {

196

+	# use ABI to determine bit'ness, or fallback if unset

197

+	local buildbits mybits

198

+	case "${ABI}" in

199

+		n32) mybits="USE_N32=1";;

200

+		x32) mybits="USE_X32=1";;

201

+		s390x|*64) mybits="USE_64=1";;

202

+		${DEFAULT_ABI})

203

+			einfo "Running compilation test to determine bit'ness"

204

+			mybits=$(nssbits)

205

+			;;

206

+	esac

207

+	# bitness of host may differ from target

208

+	if tc-is-cross-compiler; then

209

+		buildbits=$(nssbits BUILD_)

210

+	fi

211

+

212

+	local makeargs=(

213

+		CC="$(tc-getCC)"

214

+		CCC="$(tc-getCXX)"

215

+		AR="$(tc-getAR) rc \$@"

216

+		RANLIB="$(tc-getRANLIB)"

217

+		LD="$(tc-getLD)"

218

+		OPTIMIZER=

219

+		${mybits}

220

+	)

221

+

222

+	# Take care of nspr settings #436216

223

+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

224

+	unset NSPR_INCLUDE_DIR

225

+

226

+	export NSS_ALLOW_SSLKEYLOGFILE=1

227

+	export NSS_ENABLE_WERROR=0 #567158

228

+	export BUILD_OPT=1

229

+	export NSS_USE_SYSTEM_SQLITE=1

230

+	export NSDISTMODE=copy

231

+	export FREEBL_NO_DEPEND=1

232

+	export FREEBL_LOWHASH=1

233

+	export NSS_SEED_ONLY_DEV_URANDOM=1

234

+	export USE_SYSTEM_ZLIB=1

235

+	export ZLIB_LIBS=-lz

236

+	export ASFLAGS=""

237

+	# Fix build failure on arm64

238

+	export NS_USE_GCC=1

239

+	# Detect compiler type and set proper environment value

240

+	if tc-is-gcc; then

241

+		export CC_IS_GCC=1

242

+	elif tc-is-clang; then

243

+		export CC_IS_CLANG=1

244

+	fi

245

+

246

+	# explicitly disable altivec/vsx if not requested

247

+	# https://bugs.gentoo.org/789114

248

+	case ${ARCH} in

249

+		ppc*)

250

+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1

251

+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1

252

+			;;

253

+	esac

254

+

255

+	local d

256

+

257

+	# Build the host tools first.

258

+	LDFLAGS="${BUILD_LDFLAGS}" \

259

+	XCFLAGS="${BUILD_CFLAGS}" \

260

+	NSPR_LIB_DIR="${T}/fakedir" \

261

+	emake -j1 -C coreconf \

262

+		CC="$(tc-getBUILD_CC)" \

263

+		${buildbits-${mybits}}

264

+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

265

+

266

+	# Then build the target tools.

267

+	for d in . lib/dbm ; do

268

+		CPPFLAGS="${myCPPFLAGS}" \

269

+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

270

+		NSPR_LIB_DIR="${T}/fakedir" \

271

+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"

272

+	done

273

+}

274

+

275

+# Altering these 3 libraries breaks the CHK verification.

276

+# All of the following cause it to break:

277

+# - stripping

278

+# - prelink

279

+# - ELF signing

280

+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

281

+# Either we have to NOT strip them, or we have to forcibly resign after

282

+# stripping.

283

+#local_libdir="$(get_libdir)"

284

+#export STRIP_MASK="

285

+#	*/${local_libdir}/libfreebl3.so*

286

+#	*/${local_libdir}/libnssdbm3.so*

287

+#	*/${local_libdir}/libsoftokn3.so*"

288

+

289

+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

290

+

291

+generate_chk() {

292

+	local shlibsign="$1"

293

+	local libdir="$2"

294

+	einfo "Resigning core NSS libraries for FIPS validation"

295

+	shift 2

296

+	local i

297

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

298

+		local libname=lib${i}.so

299

+		local chkname=lib${i}.chk

300

+		"${shlibsign}" \

301

+			-i "${libdir}"/${libname} \

302

+			-o "${libdir}"/${chkname}.tmp \

303

+		&& mv -f \

304

+			"${libdir}"/${chkname}.tmp \

305

+			"${libdir}"/${chkname} \

306

+		|| die "Failed to sign ${libname}"

307

+	done

308

+}

309

+

310

+cleanup_chk() {

311

+	local libdir="$1"

312

+	shift 1

313

+	local i

314

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

315

+		local libfname="${libdir}/lib${i}.so"

316

+		# If the major version has changed, then we have old chk files.

317

+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

318

+			&& rm -f "${libfname}.chk"

319

+	done

320

+}

321

+

322

+multilib_src_install() {

323

+	pushd dist >/dev/null || die

324

+

325

+	dodir /usr/$(get_libdir)

326

+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

327

+	local i

328

+	for i in crmf freebl nssb nssckfw ; do

329

+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

330

+	done

331

+

332

+	# Install nss-config and pkgconfig file

333

+	dodir /usr/bin

334

+	cp -L */bin/nss-config "${ED}"/usr/bin || die

335

+	dodir /usr/$(get_libdir)/pkgconfig

336

+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

337

+

338

+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

339

+	# bug 517266

340

+	sed 	-e 's#Libs:#Libs: -lfreebl#' \

341

+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

342

+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

343

+		|| die "could not create nss-softokn.pc"

344

+

345

+	# all the include files

346

+	insinto /usr/include/nss

347

+	doins public/nss/*.{h,api}

348

+	insinto /usr/include/nss/private

349

+	doins private/nss/{blapi,alghmac,cmac}.h

350

+

351

+	popd >/dev/null || die

352

+

353

+	local f nssutils

354

+	# Always enabled because we need it for chk generation.

355

+	nssutils=( shlibsign )

356

+

357

+	if multilib_is_native_abi ; then

358

+		if use utils; then

359

+			# The tests we do not need to install.

360

+			#nssutils_test="bltest crmftest dbtest dertimetest

361

+			#fipstest remtest sdrtest"

362

+			# checkcert utils has been removed in nss-3.22:

363

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545

364

+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870

365

+			# certcgi has been removed in nss-3.36:

366

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602

367

+			nssutils+=(

368

+				addbuiltin

369

+				atob

370

+				baddbdir

371

+				btoa

372

+				certutil

373

+				cmsutil

374

+				conflict

375

+				crlutil

376

+				derdump

377

+				digest

378

+				makepqg

379

+				mangle

380

+				modutil

381

+				multinit

382

+				nonspr10

383

+				ocspclnt

384

+				oidcalc

385

+				p7content

386

+				p7env

387

+				p7sign

388

+				p7verify

389

+				pk11mode

390

+				pk12util

391

+				pp

392

+				rsaperf

393

+				selfserv

394

+				signtool

395

+				signver

396

+				ssltap

397

+				strsclnt

398

+				symkeyutil

399

+				tstclnt

400

+				vfychain

401

+				vfyserv

402

+			)

403

+			# install man-pages for utils (bug #516810)

404

+			doman doc/nroff/*.1

405

+		fi

406

+		pushd dist/*/bin >/dev/null || die

407

+		for f in ${nssutils[@]}; do

408

+			dobin ${f}

409

+		done

410

+		popd >/dev/null || die

411

+	fi

412

+}

413

+

414

+pkg_postinst() {

415

+	multilib_pkg_postinst() {

416

+		# We must re-sign the libraries AFTER they are stripped.

417

+		local shlibsign="${EROOT}/usr/bin/shlibsign"

418

+		# See if we can execute it (cross-compiling & such). #436216

419

+		"${shlibsign}" -h >&/dev/null

420

+		if [[ $? -gt 1 ]] ; then

421

+			shlibsign="shlibsign"

422

+		fi

423

+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

424

+	}

425

+

426

+	multilib_foreach_abi multilib_pkg_postinst

427

+}

428

+

429

+pkg_postrm() {

430

+	multilib_pkg_postrm() {

431

+		cleanup_chk "${EROOT}"/usr/$(get_libdir)

432

+	}

433

+

434

+	multilib_foreach_abi multilib_pkg_postrm

435

+}

1	commit: d74294e90fea6298740a2833fcbfa285647b25b6
2	Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
3	AuthorDate: Tue Mar 29 06:55:20 2022 +0000
4	Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
5	CommitDate: Tue Mar 29 07:20:39 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d74294e9
7
8	dev-libs/nss: add 3.76.1
9
10	- respect LD.
11
12	Bug: https://bugs.gentoo.org/834846
13	Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
14
15	dev-libs/nss/Manifest \| 1 +
16	dev-libs/nss/files/nss-3.68-ld-fix.patch \| 29 +++
17	dev-libs/nss/nss-3.76.1.ebuild \| 363 +++++++++++++++++++++++++++++++
18	3 files changed, 393 insertions(+)
19
20	diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
21	index 023b5b2f2dfc..c8bbe5f9d24b 100644
22	--- a/dev-libs/nss/Manifest
23	+++ b/dev-libs/nss/Manifest
24	@@ -1,4 +1,5 @@
25	DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
26	DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
27	+DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
28	DIST nss-3.76.tar.gz 84623743 BLAKE2B 4e7ce8cfbfccae4d92357a86a0170427a50594387a73bd101e7400c85945de6104247900b4a0d5c0571370f718dc01b40749eba460b87ff339e097c07769412d SHA512 ffbdd8a27f60b796e1204912cde2fa62ac99747ce550258ccdd6fe96d60a46c6ac3f82758a7aba3c7ee58da4e7bf09f1bf817fb9f0fa4e62faaea08a6301b8bd
29	DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
30
31	diff --git a/dev-libs/nss/files/nss-3.68-ld-fix.patch b/dev-libs/nss/files/nss-3.68-ld-fix.patch
32	new file mode 100644
33	index 000000000000..ecdbdeebd4cf
34	--- /dev/null
35	+++ b/dev-libs/nss/files/nss-3.68-ld-fix.patch
36	@@ -0,0 +1,29 @@
37	+From 3cba2869869c8480605f7ffcc41d2e4bae1b31c8 Mon Sep 17 00:00:00 2001
38	+From: Zi Lin <lziest@××××××.com>
39	+Date: Wed, 9 Mar 2022 19:14:16 +0000
40	+Subject: [PATCH] Use $(LD) instead of 'ld' for cross-platform compilation
41	+
42	+---
43	+ coreconf/Linux.mk \| 3 ++-
44	+ 1 file changed, 2 insertions(+), 1 deletion(-)
45	+
46	+diff -Naur a/coreconf/Linux.mk b/coreconf/Linux.mk
47	+--- a/coreconf/Linux.mk 2022-03-03 12:18:53.000000000 +0200
48	++++ b/coreconf/Linux.mk 2022-03-29 08:59:10.157349449 +0300
49	+@@ -6,6 +6,7 @@
50	+ CC ?= gcc
51	+ CCC ?= g++
52	+ RANLIB ?= ranlib
53	++LD ?= ld
54	+
55	+ include $(CORE_DEPTH)/coreconf/UNIX.mk
56	+
57	+@@ -157,7 +158,7 @@
58	+ # Also, -z defs conflicts with Address Sanitizer, which emits relocations
59	+ # against the libsanitizer runtime built into the main executable.
60	+ ZDEFS_FLAG = -Wl,-z,defs
61	+-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
62	++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG))
63	+ LDFLAGS += $(ARCHFLAG) -z noexecstack
64	+
65	+ # On Maemo, we need to use the -rpath-link flag for even the standard system
66
67	diff --git a/dev-libs/nss/nss-3.76.1.ebuild b/dev-libs/nss/nss-3.76.1.ebuild
68	new file mode 100644
69	index 000000000000..f927277815f9
70	--- /dev/null
71	+++ b/dev-libs/nss/nss-3.76.1.ebuild
72	@@ -0,0 +1,363 @@
73	+# Copyright 1999-2022 Gentoo Authors
74	+# Distributed under the terms of the GNU General Public License v2
75	+
76	+EAPI=8
77	+
78	+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
79	+
80	+NSPR_VER="4.32"
81	+RTM_NAME="NSS_${PV//./_}_RTM"
82	+
83	+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
84	+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
85	+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
86	+ cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
87	+
88	+LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
89	+SLOT="0"
90	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
91	+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
92	+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
93	+RDEPEND="
94	+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
95	+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
96	+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
97	+ virtual/pkgconfig
98	+"
99	+DEPEND="${RDEPEND}"
100	+BDEPEND="dev-lang/perl"
101	+
102	+RESTRICT="test"
103	+
104	+S="${WORKDIR}/${P}/${PN}"
105	+
106	+MULTILIB_CHOST_TOOLS=(
107	+ /usr/bin/nss-config
108	+)
109	+
110	+PATCHES=(
111	+ # Custom changes for gentoo
112	+ "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
113	+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
114	+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
115	+ "${FILESDIR}/nss-3.68-ld-fix.patch"
116	+)
117	+
118	+src_prepare() {
119	+ default
120	+
121	+ if use cacert ; then
122	+ eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
123	+ fi
124	+
125	+ pushd coreconf >/dev/null \|\| die
126	+ # hack nspr paths
127	+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
128	+ >> headers.mk \|\| die "failed to append include"
129	+
130	+ # modify install path
131	+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
132	+ -i source.mk \|\| die
133	+
134	+ # Respect LDFLAGS
135	+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
136	+ popd >/dev/null \|\| die
137	+
138	+ # Fix pkgconfig file for Prefix
139	+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
140	+ config/Makefile \|\| die
141	+
142	+ # use host shlibsign if need be #436216
143	+ if tc-is-cross-compiler ; then
144	+ sed -i \
145	+ -e 's:"${2}"/shlibsign:shlibsign:' \
146	+ cmd/shlibsign/sign.sh \|\| die
147	+ fi
148	+
149	+ # dirty hack
150	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
151	+ lib/ssl/config.mk \|\| die
152	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
153	+ cmd/platlibs.mk \|\| die
154	+
155	+ multilib_copy_sources
156	+
157	+ strip-flags
158	+}
159	+
160	+multilib_src_configure() {
161	+ # Ensure we stay multilib aware
162	+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
163	+}
164	+
165	+nssarch() {
166	+ # Most of the arches are the same as $ARCH
167	+ local t=${1:-${CHOST}}
168	+ case ${t} in
169	+ 86-pc-solaris2*) echo "i86pc" ;;
170	+ aarch64*) echo "aarch64" ;;
171	+ hppa*) echo "parisc" ;;
172	+ i?86*) echo "i686" ;;
173	+ x86_64*) echo "x86_64" ;;
174	+ *) tc-arch ${t} ;;
175	+ esac
176	+}
177	+
178	+nssbits() {
179	+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
180	+ if [[ ${1} == BUILD_ ]]; then
181	+ cc=$(tc-getBUILD_CC)
182	+ else
183	+ cc=$(tc-getCC)
184	+ fi
185	+ echo > "${T}"/test.c \|\| die
186	+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
187	+ case $(file "${T}/${1}test.o") in
188	+ 32-bitx86-64*) echo USE_X32=1;;
189	+ 64-bit\|ppc64\|x86_64) echo USE_64=1;;
190	+ 32-bit\|ppc\|i386) ;;
191	+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
192	+ esac
193	+}
194	+
195	+multilib_src_compile() {
196	+ # use ABI to determine bit'ness, or fallback if unset
197	+ local buildbits mybits
198	+ case "${ABI}" in
199	+ n32) mybits="USE_N32=1";;
200	+ x32) mybits="USE_X32=1";;
201	+ s390x\|*64) mybits="USE_64=1";;
202	+ ${DEFAULT_ABI})
203	+ einfo "Running compilation test to determine bit'ness"
204	+ mybits=$(nssbits)
205	+ ;;
206	+ esac
207	+ # bitness of host may differ from target
208	+ if tc-is-cross-compiler; then
209	+ buildbits=$(nssbits BUILD_)
210	+ fi
211	+
212	+ local makeargs=(
213	+ CC="$(tc-getCC)"
214	+ CCC="$(tc-getCXX)"
215	+ AR="$(tc-getAR) rc \$@"
216	+ RANLIB="$(tc-getRANLIB)"
217	+ LD="$(tc-getLD)"
218	+ OPTIMIZER=
219	+ ${mybits}
220	+ )
221	+
222	+ # Take care of nspr settings #436216
223	+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
224	+ unset NSPR_INCLUDE_DIR
225	+
226	+ export NSS_ALLOW_SSLKEYLOGFILE=1
227	+ export NSS_ENABLE_WERROR=0 #567158
228	+ export BUILD_OPT=1
229	+ export NSS_USE_SYSTEM_SQLITE=1
230	+ export NSDISTMODE=copy
231	+ export FREEBL_NO_DEPEND=1
232	+ export FREEBL_LOWHASH=1
233	+ export NSS_SEED_ONLY_DEV_URANDOM=1
234	+ export USE_SYSTEM_ZLIB=1
235	+ export ZLIB_LIBS=-lz
236	+ export ASFLAGS=""
237	+ # Fix build failure on arm64
238	+ export NS_USE_GCC=1
239	+ # Detect compiler type and set proper environment value
240	+ if tc-is-gcc; then
241	+ export CC_IS_GCC=1
242	+ elif tc-is-clang; then
243	+ export CC_IS_CLANG=1
244	+ fi
245	+
246	+ # explicitly disable altivec/vsx if not requested
247	+ # https://bugs.gentoo.org/789114
248	+ case ${ARCH} in
249	+ ppc*)
250	+ use cpu_flags_ppc_altivec \|\| export NSS_DISABLE_ALTIVEC=1
251	+ use cpu_flags_ppc_vsx \|\| export NSS_DISABLE_CRYPTO_VSX=1
252	+ ;;
253	+ esac
254	+
255	+ local d
256	+
257	+ # Build the host tools first.
258	+ LDFLAGS="${BUILD_LDFLAGS}" \
259	+ XCFLAGS="${BUILD_CFLAGS}" \
260	+ NSPR_LIB_DIR="${T}/fakedir" \
261	+ emake -j1 -C coreconf \
262	+ CC="$(tc-getBUILD_CC)" \
263	+ ${buildbits-${mybits}}
264	+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
265	+
266	+ # Then build the target tools.
267	+ for d in . lib/dbm ; do
268	+ CPPFLAGS="${myCPPFLAGS}" \
269	+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
270	+ NSPR_LIB_DIR="${T}/fakedir" \
271	+ emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
272	+ done
273	+}
274	+
275	+# Altering these 3 libraries breaks the CHK verification.
276	+# All of the following cause it to break:
277	+# - stripping
278	+# - prelink
279	+# - ELF signing
280	+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
281	+# Either we have to NOT strip them, or we have to forcibly resign after
282	+# stripping.
283	+#local_libdir="$(get_libdir)"
284	+#export STRIP_MASK="
285	+# /${local_libdir}/libfreebl3.so
286	+# /${local_libdir}/libnssdbm3.so
287	+# /${local_libdir}/libsoftokn3.so"
288	+
289	+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
290	+
291	+generate_chk() {
292	+ local shlibsign="$1"
293	+ local libdir="$2"
294	+ einfo "Resigning core NSS libraries for FIPS validation"
295	+ shift 2
296	+ local i
297	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
298	+ local libname=lib${i}.so
299	+ local chkname=lib${i}.chk
300	+ "${shlibsign}" \
301	+ -i "${libdir}"/${libname} \
302	+ -o "${libdir}"/${chkname}.tmp \
303	+ && mv -f \
304	+ "${libdir}"/${chkname}.tmp \
305	+ "${libdir}"/${chkname} \
306	+ \|\| die "Failed to sign ${libname}"
307	+ done
308	+}
309	+
310	+cleanup_chk() {
311	+ local libdir="$1"
312	+ shift 1
313	+ local i
314	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
315	+ local libfname="${libdir}/lib${i}.so"
316	+ # If the major version has changed, then we have old chk files.
317	+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
318	+ && rm -f "${libfname}.chk"
319	+ done
320	+}
321	+
322	+multilib_src_install() {
323	+ pushd dist >/dev/null \|\| die
324	+
325	+ dodir /usr/$(get_libdir)
326	+ cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
327	+ local i
328	+ for i in crmf freebl nssb nssckfw ; do
329	+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
330	+ done
331	+
332	+ # Install nss-config and pkgconfig file
333	+ dodir /usr/bin
334	+ cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
335	+ dodir /usr/$(get_libdir)/pkgconfig
336	+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
337	+
338	+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
339	+ # bug 517266
340	+ sed -e 's#Libs:#Libs: -lfreebl#' \
341	+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
342	+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
343	+ \|\| die "could not create nss-softokn.pc"
344	+
345	+ # all the include files
346	+ insinto /usr/include/nss
347	+ doins public/nss/*.{h,api}
348	+ insinto /usr/include/nss/private
349	+ doins private/nss/{blapi,alghmac,cmac}.h
350	+
351	+ popd >/dev/null \|\| die
352	+
353	+ local f nssutils
354	+ # Always enabled because we need it for chk generation.
355	+ nssutils=( shlibsign )
356	+
357	+ if multilib_is_native_abi ; then
358	+ if use utils; then
359	+ # The tests we do not need to install.
360	+ #nssutils_test="bltest crmftest dbtest dertimetest
361	+ #fipstest remtest sdrtest"
362	+ # checkcert utils has been removed in nss-3.22:
363	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
364	+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
365	+ # certcgi has been removed in nss-3.36:
366	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
367	+ nssutils+=(
368	+ addbuiltin
369	+ atob
370	+ baddbdir
371	+ btoa
372	+ certutil
373	+ cmsutil
374	+ conflict
375	+ crlutil
376	+ derdump
377	+ digest
378	+ makepqg
379	+ mangle
380	+ modutil
381	+ multinit
382	+ nonspr10
383	+ ocspclnt
384	+ oidcalc
385	+ p7content
386	+ p7env
387	+ p7sign
388	+ p7verify
389	+ pk11mode
390	+ pk12util
391	+ pp
392	+ rsaperf
393	+ selfserv
394	+ signtool
395	+ signver
396	+ ssltap
397	+ strsclnt
398	+ symkeyutil
399	+ tstclnt
400	+ vfychain
401	+ vfyserv
402	+ )
403	+ # install man-pages for utils (bug #516810)
404	+ doman doc/nroff/*.1
405	+ fi
406	+ pushd dist/*/bin >/dev/null \|\| die
407	+ for f in ${nssutils[@]}; do
408	+ dobin ${f}
409	+ done
410	+ popd >/dev/null \|\| die
411	+ fi
412	+}
413	+
414	+pkg_postinst() {
415	+ multilib_pkg_postinst() {
416	+ # We must re-sign the libraries AFTER they are stripped.
417	+ local shlibsign="${EROOT}/usr/bin/shlibsign"
418	+ # See if we can execute it (cross-compiling & such). #436216
419	+ "${shlibsign}" -h >&/dev/null
420	+ if [[ $? -gt 1 ]] ; then
421	+ shlibsign="shlibsign"
422	+ fi
423	+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
424	+ }
425	+
426	+ multilib_foreach_abi multilib_pkg_postinst
427	+}
428	+
429	+pkg_postrm() {
430	+ multilib_pkg_postrm() {
431	+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
432	+ }
433	+
434	+ multilib_foreach_abi multilib_pkg_postrm
435	+}

Gentoo Archives: gentoo-commits