Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ian Stakenvicius (axs)" <axs@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/nss: nss-3.19.1.ebuild ChangeLog nss-3.19-r1.ebuild
Date: Mon, 01 Jun 2015 21:12:05
Message-Id: 20150601211159.CBA9EA10@oystercatcher.gentoo.org
1 axs 15/06/01 21:11:59
2
3 Modified: ChangeLog
4 Added: nss-3.19.1.ebuild
5 Removed: nss-3.19-r1.ebuild
6 Log:
7 version bump, upstream release to fix Logjam vuln (bug 550288)
8
9 (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 2B6559ED)
10
11 Revision Changes Path
12 1.412 dev-libs/nss/ChangeLog
13
14 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.412&view=markup
15 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.412&content-type=text/plain
16 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.411&r2=1.412
17
18 Index: ChangeLog
19 ===================================================================
20 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
21 retrieving revision 1.411
22 retrieving revision 1.412
23 diff -u -r1.411 -r1.412
24 --- ChangeLog 27 May 2015 03:59:15 -0000 1.411
25 +++ ChangeLog 1 Jun 2015 21:11:59 -0000 1.412
26 @@ -1,6 +1,12 @@
27 # ChangeLog for dev-libs/nss
28 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
29 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.411 2015/05/27 03:59:15 axs Exp $
30 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.412 2015/06/01 21:11:59 axs Exp $
31 +
32 +*nss-3.19.1 (01 Jun 2015)
33 +
34 + 01 Jun 2015; Ian Stakenvicius (_AxS_) <axs@g.o> +nss-3.19.1.ebuild,
35 + -files/nss-3.19-raise_minimum_keysize_to_1024.patch, -nss-3.19-r1.ebuild:
36 + version bump, upstream release to fix Logjam vuln (bug 550288)
37
38 *nss-3.19-r1 (27 May 2015)
39
40
41
42
43 1.1 dev-libs/nss/nss-3.19.1.ebuild
44
45 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.19.1.ebuild?rev=1.1&view=markup
46 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.19.1.ebuild?rev=1.1&content-type=text/plain
47
48 Index: nss-3.19.1.ebuild
49 ===================================================================
50 # Copyright 1999-2015 Gentoo Foundation
51 # Distributed under the terms of the GNU General Public License v2
52 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.19.1.ebuild,v 1.1 2015/06/01 21:11:59 axs Exp $
53
54 EAPI=5
55 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
56
57 NSPR_VER="4.10.8"
58 RTM_NAME="NSS_${PV//./_}_RTM"
59 # Rev of https://git.fedorahosted.org/cgit/nss-pem.git
60 PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
61 PEM_P="${PN}-pem-${PEM_GIT_REV}"
62
63 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
64 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
65 SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
66 cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
67 nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
68
69 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
70 SLOT="0"
71 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
72 IUSE="+cacert +nss-pem utils"
73 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
74 >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
75 DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
76 >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
77 ${CDEPEND}"
78 RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
79 ${CDEPEND}
80 abi_x86_32? (
81 !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
82 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
83 )"
84
85 RESTRICT="test"
86
87 S="${WORKDIR}/${P}/${PN}"
88
89 MULTILIB_CHOST_TOOLS=(
90 /usr/bin/nss-config
91 )
92
93 src_unpack() {
94 unpack ${A}
95 if use nss-pem ; then
96 mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
97 fi
98 }
99
100 src_prepare() {
101 # Custom changes for gentoo
102 epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
103 epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
104 use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
105 use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
106 epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
107 epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
108
109 pushd coreconf >/dev/null || die
110 # hack nspr paths
111 echo 'INCLUDES += -I$(DIST)/include/dbm' \
112 >> headers.mk || die "failed to append include"
113
114 # modify install path
115 sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
116 -i source.mk || die
117
118 # Respect LDFLAGS
119 sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
120 popd >/dev/null || die
121
122 # Fix pkgconfig file for Prefix
123 sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
124 config/Makefile || die
125
126 # use host shlibsign if need be #436216
127 if tc-is-cross-compiler ; then
128 sed -i \
129 -e 's:"${2}"/shlibsign:shlibsign:' \
130 cmd/shlibsign/sign.sh || die
131 fi
132
133 # dirty hack
134 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
135 lib/ssl/config.mk || die
136 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
137 cmd/platlibs.mk || die
138
139 multilib_copy_sources
140
141 strip-flags
142 }
143
144 multilib_src_configure() {
145 # Ensure we stay multilib aware
146 sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
147 }
148
149 nssarch() {
150 # Most of the arches are the same as $ARCH
151 local t=${1:-${CHOST}}
152 case ${t} in
153 aarch64*)echo "aarch64";;
154 hppa*) echo "parisc";;
155 i?86*) echo "i686";;
156 x86_64*) echo "x86_64";;
157 *) tc-arch ${t};;
158 esac
159 }
160
161 nssbits() {
162 local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
163 if [[ ${1} == BUILD_ ]]; then
164 cc=$(tc-getBUILD_CC)
165 else
166 cc=$(tc-getCC)
167 fi
168 echo > "${T}"/test.c || die
169 ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
170 case $(file "${T}/${1}test.o") in
171 *32-bit*x86-64*) echo USE_X32=1;;
172 *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
173 *32-bit*|*ppc*|*i386*) ;;
174 *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
175 esac
176 }
177
178 multilib_src_compile() {
179 # use ABI to determine bit'ness, or fallback if unset
180 local buildbits mybits
181 case "${ABI}" in
182 n32) mybits="USE_N32=1";;
183 x32) mybits="USE_X32=1";;
184 s390x|*64) mybits="USE_64=1";;
185 ${DEFAULT_ABI})
186 einfo "Running compilation test to determine bit'ness"
187 mybits=$(nssbits)
188 ;;
189 esac
190 # bitness of host may differ from target
191 if tc-is-cross-compiler; then
192 buildbits=$(nssbits BUILD_)
193 fi
194
195 local makeargs=(
196 CC="$(tc-getCC)"
197 AR="$(tc-getAR) rc \$@"
198 RANLIB="$(tc-getRANLIB)"
199 OPTIMIZER=
200 ${mybits}
201 )
202
203 # Take care of nspr settings #436216
204 local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
205 unset NSPR_INCLUDE_DIR
206
207 # Do not let `uname` be used.
208 if use kernel_linux ; then
209 makeargs+=(
210 OS_TARGET=Linux
211 OS_RELEASE=2.6
212 OS_TEST="$(nssarch)"
213 )
214 fi
215
216 export BUILD_OPT=1
217 export NSS_USE_SYSTEM_SQLITE=1
218 export NSDISTMODE=copy
219 export NSS_ENABLE_ECC=1
220 export FREEBL_NO_DEPEND=1
221 export ASFLAGS=""
222
223 local d
224
225 # Build the host tools first.
226 LDFLAGS="${BUILD_LDFLAGS}" \
227 XCFLAGS="${BUILD_CFLAGS}" \
228 NSPR_LIB_DIR="${T}/fakedir" \
229 emake -j1 -C coreconf \
230 CC="$(tc-getBUILD_CC)" \
231 ${buildbits:-${mybits}}
232 makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
233
234 # Then build the target tools.
235 for d in . lib/dbm ; do
236 CPPFLAGS="${myCPPFLAGS}" \
237 XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
238 NSPR_LIB_DIR="${T}/fakedir" \
239 emake -j1 "${makeargs[@]}" -C ${d}
240 done
241 }
242
243 # Altering these 3 libraries breaks the CHK verification.
244 # All of the following cause it to break:
245 # - stripping
246 # - prelink
247 # - ELF signing
248 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
249 # Either we have to NOT strip them, or we have to forcibly resign after
250 # stripping.
251 #local_libdir="$(get_libdir)"
252 #export STRIP_MASK="
253 # */${local_libdir}/libfreebl3.so*
254 # */${local_libdir}/libnssdbm3.so*
255 # */${local_libdir}/libsoftokn3.so*"
256
257 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
258
259 generate_chk() {
260 local shlibsign="$1"
261 local libdir="$2"
262 einfo "Resigning core NSS libraries for FIPS validation"
263 shift 2
264 local i
265 for i in ${NSS_CHK_SIGN_LIBS} ; do
266 local libname=lib${i}.so
267 local chkname=lib${i}.chk
268 "${shlibsign}" \
269 -i "${libdir}"/${libname} \
270 -o "${libdir}"/${chkname}.tmp \
271 && mv -f \
272 "${libdir}"/${chkname}.tmp \
273 "${libdir}"/${chkname} \
274 || die "Failed to sign ${libname}"
275 done
276 }
277
278 cleanup_chk() {
279 local libdir="$1"
280 shift 1
281 local i
282 for i in ${NSS_CHK_SIGN_LIBS} ; do
283 local libfname="${libdir}/lib${i}.so"
284 # If the major version has changed, then we have old chk files.
285 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
286 && rm -f "${libfname}.chk"
287 done
288 }
289
290 multilib_src_install() {
291 pushd dist >/dev/null || die
292
293 dodir /usr/$(get_libdir)
294 cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
295 cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
296
297 # Install nss-config and pkgconfig file
298 dodir /usr/bin
299 cp -L */bin/nss-config "${ED}"/usr/bin || die
300 dodir /usr/$(get_libdir)/pkgconfig
301 cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
302
303 # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
304 # bug 517266
305 sed -e 's#Libs:#Libs: -lfreebl#' \
306 -e 's#Cflags:#Cflags: -I${includedir}/private#' \
307 */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
308 || die "could not create nss-softokn.pc"
309
310 # all the include files
311 insinto /usr/include/nss
312 doins public/nss/*.h
313 insinto /usr/include/nss/private
314 doins private/nss/{blapi,alghmac}.h
315
316 popd >/dev/null || die
317
318 local f nssutils
319 # Always enabled because we need it for chk generation.
320 nssutils="shlibsign"
321
322 if multilib_is_native_abi ; then
323 if use utils; then
324 # The tests we do not need to install.
325 #nssutils_test="bltest crmftest dbtest dertimetest
326 #fipstest remtest sdrtest"
327 nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
328 cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
329 nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
330 pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
331 symkeyutil tstclnt vfychain vfyserv"
332 # install man-pages for utils (bug #516810)
333 doman doc/nroff/*.1
334 fi
335 pushd dist/*/bin >/dev/null || die
336 for f in ${nssutils}; do
337 dobin ${f}
338 done
339 popd >/dev/null || die
340 fi
341
342 # Prelink breaks the CHK files. We don't have any reliable way to run
343 # shlibsign after prelink.
344 local l libs=() liblist
345 for l in ${NSS_CHK_SIGN_LIBS} ; do
346 libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
347 done
348 liblist=$(printf '%s:' "${libs[@]}")
349 echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
350 doenvd "${T}/90nss-${ABI}"
351 }
352
353 pkg_postinst() {
354 multilib_pkg_postinst() {
355 # We must re-sign the libraries AFTER they are stripped.
356 local shlibsign="${EROOT}/usr/bin/shlibsign"
357 # See if we can execute it (cross-compiling & such). #436216
358 "${shlibsign}" -h >&/dev/null
359 if [[ $? -gt 1 ]] ; then
360 shlibsign="shlibsign"
361 fi
362 generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
363 }
364
365 multilib_foreach_abi multilib_pkg_postinst
366 }
367
368 pkg_postrm() {
369 multilib_pkg_postrm() {
370 cleanup_chk "${EROOT}"/usr/$(get_libdir)
371 }
372
373 multilib_foreach_abi multilib_pkg_postrm
374 }
Report Message
Find on MARC Find on Google Groups