[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/ - gentoo-commits

From:	Mike Frysinger <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date:	Tue, 05 Jan 2016 00:38:49
Message-Id:	`1451954302.fc8de6d16fe203976a1fa5d79456ad2b3b4deb13.vapier@gentoo`

1

commit:     fc8de6d16fe203976a1fa5d79456ad2b3b4deb13

2

Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jan  5 00:30:34 2016 +0000

4

Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>

5

CommitDate: Tue Jan  5 00:38:22 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc8de6d1

7

8

dev-libs/nss: switch to prelink.conf.d files

9

10

Avoid polluting the global environment via env.d just for prelink masks

11

now that the current prelink versions support prelink.conf.d fragments.

12

13

 dev-libs/nss/nss-3.21-r2.ebuild | 328 ++++++++++++++++++++++++++++++++++++++++

14

 1 file changed, 328 insertions(+)

15

16

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild

17

new file mode 100644

18

index 0000000..5729f0b

19

--- /dev/null

20

+++ b/dev-libs/nss/nss-3.21-r2.ebuild

21

@@ -0,0 +1,328 @@

22

+# Copyright 1999-2016 Gentoo Foundation

23

+# Distributed under the terms of the GNU General Public License v2

24

+# $Id$

25

+

26

+EAPI="5"

27

+

28

+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal

29

+

30

+NSPR_VER="4.10.8"

31

+RTM_NAME="NSS_${PV//./_}_RTM"

32

+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git

33

+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"

34

+PEM_P="${PN}-pem-20140125"

35

+

36

+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

37

+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"

38

+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

39

+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )

40

+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"

41

+

42

+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

43

+SLOT="0"

44

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

45

+IUSE="+cacert +nss-pem utils"

46

+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

47

+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"

48

+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]

49

+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

50

+	${CDEPEND}"

51

+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

52

+	${CDEPEND}

53

+	abi_x86_32? (

54

+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12

55

+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

56

+	)"

57

+

58

+RESTRICT="test"

59

+

60

+S="${WORKDIR}/${P}/${PN}"

61

+

62

+MULTILIB_CHOST_TOOLS=(

63

+	/usr/bin/nss-config

64

+)

65

+

66

+src_unpack() {

67

+	unpack ${A}

68

+	if use nss-pem ; then

69

+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die

70

+	fi

71

+}

72

+

73

+src_prepare() {

74

+	# Custom changes for gentoo

75

+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"

76

+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

77

+	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"

78

+

79

+	if use cacert ; then

80

+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"

81

+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462

82

+	fi

83

+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \

84

+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"

85

+

86

+	pushd coreconf >/dev/null || die

87

+	# hack nspr paths

88

+	echo 'INCLUDES += -I$(DIST)/include/dbm' \

89

+		>> headers.mk || die "failed to append include"

90

+

91

+	# modify install path

92

+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

93

+		-i source.mk || die

94

+

95

+	# Respect LDFLAGS

96

+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

97

+	popd >/dev/null || die

98

+

99

+	# Fix pkgconfig file for Prefix

100

+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

101

+		config/Makefile || die

102

+

103

+	# use host shlibsign if need be #436216

104

+	if tc-is-cross-compiler ; then

105

+		sed -i \

106

+			-e 's:"${2}"/shlibsign:shlibsign:' \

107

+			cmd/shlibsign/sign.sh || die

108

+	fi

109

+

110

+	# dirty hack

111

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

112

+		lib/ssl/config.mk || die

113

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

114

+		cmd/platlibs.mk || die

115

+

116

+	multilib_copy_sources

117

+

118

+	strip-flags

119

+}

120

+

121

+multilib_src_configure() {

122

+	# Ensure we stay multilib aware

123

+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

124

+}

125

+

126

+nssarch() {

127

+	# Most of the arches are the same as $ARCH

128

+	local t=${1:-${CHOST}}

129

+	case ${t} in

130

+		aarch64*)echo "aarch64";;

131

+		hppa*)   echo "parisc";;

132

+		i?86*)   echo "i686";;

133

+		x86_64*) echo "x86_64";;

134

+		*)       tc-arch ${t};;

135

+	esac

136

+}

137

+

138

+nssbits() {

139

+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

140

+	if [[ ${1} == BUILD_ ]]; then

141

+		cc=$(tc-getBUILD_CC)

142

+	else

143

+		cc=$(tc-getCC)

144

+	fi

145

+	echo > "${T}"/test.c || die

146

+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

147

+	case $(file "${T}/${1}test.o") in

148

+		*32-bit*x86-64*) echo USE_X32=1;;

149

+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

150

+		*32-bit*|*ppc*|*i386*) ;;

151

+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

152

+	esac

153

+}

154

+

155

+multilib_src_compile() {

156

+	# use ABI to determine bit'ness, or fallback if unset

157

+	local buildbits mybits

158

+	case "${ABI}" in

159

+		n32) mybits="USE_N32=1";;

160

+		x32) mybits="USE_X32=1";;

161

+		s390x|*64) mybits="USE_64=1";;

162

+		${DEFAULT_ABI})

163

+			einfo "Running compilation test to determine bit'ness"

164

+			mybits=$(nssbits)

165

+			;;

166

+	esac

167

+	# bitness of host may differ from target

168

+	if tc-is-cross-compiler; then

169

+		buildbits=$(nssbits BUILD_)

170

+	fi

171

+

172

+	local makeargs=(

173

+		CC="$(tc-getCC)"

174

+		AR="$(tc-getAR) rc \$@"

175

+		RANLIB="$(tc-getRANLIB)"

176

+		OPTIMIZER=

177

+		${mybits}

178

+	)

179

+

180

+	# Take care of nspr settings #436216

181

+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

182

+	unset NSPR_INCLUDE_DIR

183

+

184

+	# Do not let `uname` be used.

185

+	if use kernel_linux ; then

186

+		makeargs+=(

187

+			OS_TARGET=Linux

188

+			OS_RELEASE=2.6

189

+			OS_TEST="$(nssarch)"

190

+		)

191

+	fi

192

+

193

+	export NSS_ENABLE_WERROR=0 #567158

194

+	export BUILD_OPT=1

195

+	export NSS_USE_SYSTEM_SQLITE=1

196

+	export NSDISTMODE=copy

197

+	export NSS_ENABLE_ECC=1

198

+	export FREEBL_NO_DEPEND=1

199

+	export ASFLAGS=""

200

+

201

+	local d

202

+

203

+	# Build the host tools first.

204

+	LDFLAGS="${BUILD_LDFLAGS}" \

205

+	XCFLAGS="${BUILD_CFLAGS}" \

206

+	NSPR_LIB_DIR="${T}/fakedir" \

207

+	emake -j1 -C coreconf \

208

+		CC="$(tc-getBUILD_CC)" \

209

+		${buildbits:-${mybits}}

210

+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

211

+

212

+	# Then build the target tools.

213

+	for d in . lib/dbm ; do

214

+		CPPFLAGS="${myCPPFLAGS}" \

215

+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

216

+		NSPR_LIB_DIR="${T}/fakedir" \

217

+		emake -j1 "${makeargs[@]}" -C ${d}

218

+	done

219

+}

220

+

221

+# Altering these 3 libraries breaks the CHK verification.

222

+# All of the following cause it to break:

223

+# - stripping

224

+# - prelink

225

+# - ELF signing

226

+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

227

+# Either we have to NOT strip them, or we have to forcibly resign after

228

+# stripping.

229

+#local_libdir="$(get_libdir)"

230

+#export STRIP_MASK="

231

+#	*/${local_libdir}/libfreebl3.so*

232

+#	*/${local_libdir}/libnssdbm3.so*

233

+#	*/${local_libdir}/libsoftokn3.so*"

234

+

235

+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

236

+

237

+generate_chk() {

238

+	local shlibsign="$1"

239

+	local libdir="$2"

240

+	einfo "Resigning core NSS libraries for FIPS validation"

241

+	shift 2

242

+	local i

243

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

244

+		local libname=lib${i}.so

245

+		local chkname=lib${i}.chk

246

+		"${shlibsign}" \

247

+			-i "${libdir}"/${libname} \

248

+			-o "${libdir}"/${chkname}.tmp \

249

+		&& mv -f \

250

+			"${libdir}"/${chkname}.tmp \

251

+			"${libdir}"/${chkname} \

252

+		|| die "Failed to sign ${libname}"

253

+	done

254

+}

255

+

256

+cleanup_chk() {

257

+	local libdir="$1"

258

+	shift 1

259

+	local i

260

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

261

+		local libfname="${libdir}/lib${i}.so"

262

+		# If the major version has changed, then we have old chk files.

263

+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

264

+			&& rm -f "${libfname}.chk"

265

+	done

266

+}

267

+

268

+multilib_src_install() {

269

+	pushd dist >/dev/null || die

270

+

271

+	dodir /usr/$(get_libdir)

272

+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

273

+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

274

+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

275

+

276

+	# Install nss-config and pkgconfig file

277

+	dodir /usr/bin

278

+	cp -L */bin/nss-config "${ED}"/usr/bin || die

279

+	dodir /usr/$(get_libdir)/pkgconfig

280

+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

281

+

282

+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

283

+	# bug 517266

284

+	sed 	-e 's#Libs:#Libs: -lfreebl#' \

285

+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

286

+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

287

+		|| die "could not create nss-softokn.pc"

288

+

289

+	# all the include files

290

+	insinto /usr/include/nss

291

+	doins public/nss/*.h

292

+	insinto /usr/include/nss/private

293

+	doins private/nss/{blapi,alghmac}.h

294

+

295

+	popd >/dev/null || die

296

+

297

+	local f nssutils

298

+	# Always enabled because we need it for chk generation.

299

+	nssutils="shlibsign"

300

+

301

+	if multilib_is_native_abi ; then

302

+		if use utils; then

303

+			# The tests we do not need to install.

304

+			#nssutils_test="bltest crmftest dbtest dertimetest

305

+			#fipstest remtest sdrtest"

306

+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert

307

+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit

308

+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode

309

+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt

310

+			symkeyutil tstclnt vfychain vfyserv"

311

+			# install man-pages for utils (bug #516810)

312

+			doman doc/nroff/*.1

313

+		fi

314

+		pushd dist/*/bin >/dev/null || die

315

+		for f in ${nssutils}; do

316

+			dobin ${f}

317

+		done

318

+		popd >/dev/null || die

319

+	fi

320

+

321

+	# Prelink breaks the CHK files. We don't have any reliable way to run

322

+	# shlibsign after prelink.

323

+	dodir /etc/prelink.conf.d

324

+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \

325

+		> "${ED}"/etc/prelink.conf.d/nss.conf

326

+}

327

+

328

+pkg_postinst() {

329

+	multilib_pkg_postinst() {

330

+		# We must re-sign the libraries AFTER they are stripped.

331

+		local shlibsign="${EROOT}/usr/bin/shlibsign"

332

+		# See if we can execute it (cross-compiling & such). #436216

333

+		"${shlibsign}" -h >&/dev/null

334

+		if [[ $? -gt 1 ]] ; then

335

+			shlibsign="shlibsign"

336

+		fi

337

+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

338

+	}

339

+

340

+	multilib_foreach_abi multilib_pkg_postinst

341

+}

342

+

343

+pkg_postrm() {

344

+	multilib_pkg_postrm() {

345

+		cleanup_chk "${EROOT}"/usr/$(get_libdir)

346

+	}

347

+

348

+	multilib_foreach_abi multilib_pkg_postrm

349

+}

1	commit: fc8de6d16fe203976a1fa5d79456ad2b3b4deb13
2	Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jan 5 00:30:34 2016 +0000
4	Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
5	CommitDate: Tue Jan 5 00:38:22 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc8de6d1
7
8	dev-libs/nss: switch to prelink.conf.d files
9
10	Avoid polluting the global environment via env.d just for prelink masks
11	now that the current prelink versions support prelink.conf.d fragments.
12
13	dev-libs/nss/nss-3.21-r2.ebuild \| 328 ++++++++++++++++++++++++++++++++++++++++
14	1 file changed, 328 insertions(+)
15
16	diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
17	new file mode 100644
18	index 0000000..5729f0b
19	--- /dev/null
20	+++ b/dev-libs/nss/nss-3.21-r2.ebuild
21	@@ -0,0 +1,328 @@
22	+# Copyright 1999-2016 Gentoo Foundation
23	+# Distributed under the terms of the GNU General Public License v2
24	+# $Id$
25	+
26	+EAPI="5"
27	+
28	+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
29	+
30	+NSPR_VER="4.10.8"
31	+RTM_NAME="NSS_${PV//./_}_RTM"
32	+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
33	+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
34	+PEM_P="${PN}-pem-20140125"
35	+
36	+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
37	+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
38	+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
39	+ cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
40	+ nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
41	+
42	+LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
43	+SLOT="0"
44	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
45	+IUSE="+cacert +nss-pem utils"
46	+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
47	+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
48	+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
49	+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
50	+ ${CDEPEND}"
51	+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
52	+ ${CDEPEND}
53	+ abi_x86_32? (
54	+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
55	+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
56	+ )"
57	+
58	+RESTRICT="test"
59	+
60	+S="${WORKDIR}/${P}/${PN}"
61	+
62	+MULTILIB_CHOST_TOOLS=(
63	+ /usr/bin/nss-config
64	+)
65	+
66	+src_unpack() {
67	+ unpack ${A}
68	+ if use nss-pem ; then
69	+ mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ \|\| die
70	+ fi
71	+}
72	+
73	+src_prepare() {
74	+ # Custom changes for gentoo
75	+ epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
76	+ epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
77	+ epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
78	+
79	+ if use cacert ; then
80	+ epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
81	+ epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
82	+ fi
83	+ use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
84	+ "${FILESDIR}/${PN}-3.21-pem-werror.patch"
85	+
86	+ pushd coreconf >/dev/null \|\| die
87	+ # hack nspr paths
88	+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
89	+ >> headers.mk \|\| die "failed to append include"
90	+
91	+ # modify install path
92	+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
93	+ -i source.mk \|\| die
94	+
95	+ # Respect LDFLAGS
96	+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
97	+ popd >/dev/null \|\| die
98	+
99	+ # Fix pkgconfig file for Prefix
100	+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
101	+ config/Makefile \|\| die
102	+
103	+ # use host shlibsign if need be #436216
104	+ if tc-is-cross-compiler ; then
105	+ sed -i \
106	+ -e 's:"${2}"/shlibsign:shlibsign:' \
107	+ cmd/shlibsign/sign.sh \|\| die
108	+ fi
109	+
110	+ # dirty hack
111	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
112	+ lib/ssl/config.mk \|\| die
113	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
114	+ cmd/platlibs.mk \|\| die
115	+
116	+ multilib_copy_sources
117	+
118	+ strip-flags
119	+}
120	+
121	+multilib_src_configure() {
122	+ # Ensure we stay multilib aware
123	+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
124	+}
125	+
126	+nssarch() {
127	+ # Most of the arches are the same as $ARCH
128	+ local t=${1:-${CHOST}}
129	+ case ${t} in
130	+ aarch64*)echo "aarch64";;
131	+ hppa*) echo "parisc";;
132	+ i?86*) echo "i686";;
133	+ x86_64*) echo "x86_64";;
134	+ *) tc-arch ${t};;
135	+ esac
136	+}
137	+
138	+nssbits() {
139	+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
140	+ if [[ ${1} == BUILD_ ]]; then
141	+ cc=$(tc-getBUILD_CC)
142	+ else
143	+ cc=$(tc-getCC)
144	+ fi
145	+ echo > "${T}"/test.c \|\| die
146	+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
147	+ case $(file "${T}/${1}test.o") in
148	+ 32-bitx86-64*) echo USE_X32=1;;
149	+ 64-bit\|ppc64\|x86_64) echo USE_64=1;;
150	+ 32-bit\|ppc\|i386) ;;
151	+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
152	+ esac
153	+}
154	+
155	+multilib_src_compile() {
156	+ # use ABI to determine bit'ness, or fallback if unset
157	+ local buildbits mybits
158	+ case "${ABI}" in
159	+ n32) mybits="USE_N32=1";;
160	+ x32) mybits="USE_X32=1";;
161	+ s390x\|*64) mybits="USE_64=1";;
162	+ ${DEFAULT_ABI})
163	+ einfo "Running compilation test to determine bit'ness"
164	+ mybits=$(nssbits)
165	+ ;;
166	+ esac
167	+ # bitness of host may differ from target
168	+ if tc-is-cross-compiler; then
169	+ buildbits=$(nssbits BUILD_)
170	+ fi
171	+
172	+ local makeargs=(
173	+ CC="$(tc-getCC)"
174	+ AR="$(tc-getAR) rc \$@"
175	+ RANLIB="$(tc-getRANLIB)"
176	+ OPTIMIZER=
177	+ ${mybits}
178	+ )
179	+
180	+ # Take care of nspr settings #436216
181	+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
182	+ unset NSPR_INCLUDE_DIR
183	+
184	+ # Do not let `uname` be used.
185	+ if use kernel_linux ; then
186	+ makeargs+=(
187	+ OS_TARGET=Linux
188	+ OS_RELEASE=2.6
189	+ OS_TEST="$(nssarch)"
190	+ )
191	+ fi
192	+
193	+ export NSS_ENABLE_WERROR=0 #567158
194	+ export BUILD_OPT=1
195	+ export NSS_USE_SYSTEM_SQLITE=1
196	+ export NSDISTMODE=copy
197	+ export NSS_ENABLE_ECC=1
198	+ export FREEBL_NO_DEPEND=1
199	+ export ASFLAGS=""
200	+
201	+ local d
202	+
203	+ # Build the host tools first.
204	+ LDFLAGS="${BUILD_LDFLAGS}" \
205	+ XCFLAGS="${BUILD_CFLAGS}" \
206	+ NSPR_LIB_DIR="${T}/fakedir" \
207	+ emake -j1 -C coreconf \
208	+ CC="$(tc-getBUILD_CC)" \
209	+ ${buildbits:-${mybits}}
210	+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
211	+
212	+ # Then build the target tools.
213	+ for d in . lib/dbm ; do
214	+ CPPFLAGS="${myCPPFLAGS}" \
215	+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
216	+ NSPR_LIB_DIR="${T}/fakedir" \
217	+ emake -j1 "${makeargs[@]}" -C ${d}
218	+ done
219	+}
220	+
221	+# Altering these 3 libraries breaks the CHK verification.
222	+# All of the following cause it to break:
223	+# - stripping
224	+# - prelink
225	+# - ELF signing
226	+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
227	+# Either we have to NOT strip them, or we have to forcibly resign after
228	+# stripping.
229	+#local_libdir="$(get_libdir)"
230	+#export STRIP_MASK="
231	+# /${local_libdir}/libfreebl3.so
232	+# /${local_libdir}/libnssdbm3.so
233	+# /${local_libdir}/libsoftokn3.so"
234	+
235	+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
236	+
237	+generate_chk() {
238	+ local shlibsign="$1"
239	+ local libdir="$2"
240	+ einfo "Resigning core NSS libraries for FIPS validation"
241	+ shift 2
242	+ local i
243	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
244	+ local libname=lib${i}.so
245	+ local chkname=lib${i}.chk
246	+ "${shlibsign}" \
247	+ -i "${libdir}"/${libname} \
248	+ -o "${libdir}"/${chkname}.tmp \
249	+ && mv -f \
250	+ "${libdir}"/${chkname}.tmp \
251	+ "${libdir}"/${chkname} \
252	+ \|\| die "Failed to sign ${libname}"
253	+ done
254	+}
255	+
256	+cleanup_chk() {
257	+ local libdir="$1"
258	+ shift 1
259	+ local i
260	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
261	+ local libfname="${libdir}/lib${i}.so"
262	+ # If the major version has changed, then we have old chk files.
263	+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
264	+ && rm -f "${libfname}.chk"
265	+ done
266	+}
267	+
268	+multilib_src_install() {
269	+ pushd dist >/dev/null \|\| die
270	+
271	+ dodir /usr/$(get_libdir)
272	+ cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
273	+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
274	+ cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
275	+
276	+ # Install nss-config and pkgconfig file
277	+ dodir /usr/bin
278	+ cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
279	+ dodir /usr/$(get_libdir)/pkgconfig
280	+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
281	+
282	+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
283	+ # bug 517266
284	+ sed -e 's#Libs:#Libs: -lfreebl#' \
285	+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
286	+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
287	+ \|\| die "could not create nss-softokn.pc"
288	+
289	+ # all the include files
290	+ insinto /usr/include/nss
291	+ doins public/nss/*.h
292	+ insinto /usr/include/nss/private
293	+ doins private/nss/{blapi,alghmac}.h
294	+
295	+ popd >/dev/null \|\| die
296	+
297	+ local f nssutils
298	+ # Always enabled because we need it for chk generation.
299	+ nssutils="shlibsign"
300	+
301	+ if multilib_is_native_abi ; then
302	+ if use utils; then
303	+ # The tests we do not need to install.
304	+ #nssutils_test="bltest crmftest dbtest dertimetest
305	+ #fipstest remtest sdrtest"
306	+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
307	+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
308	+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
309	+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
310	+ symkeyutil tstclnt vfychain vfyserv"
311	+ # install man-pages for utils (bug #516810)
312	+ doman doc/nroff/*.1
313	+ fi
314	+ pushd dist/*/bin >/dev/null \|\| die
315	+ for f in ${nssutils}; do
316	+ dobin ${f}
317	+ done
318	+ popd >/dev/null \|\| die
319	+ fi
320	+
321	+ # Prelink breaks the CHK files. We don't have any reliable way to run
322	+ # shlibsign after prelink.
323	+ dodir /etc/prelink.conf.d
324	+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
325	+ > "${ED}"/etc/prelink.conf.d/nss.conf
326	+}
327	+
328	+pkg_postinst() {
329	+ multilib_pkg_postinst() {
330	+ # We must re-sign the libraries AFTER they are stripped.
331	+ local shlibsign="${EROOT}/usr/bin/shlibsign"
332	+ # See if we can execute it (cross-compiling & such). #436216
333	+ "${shlibsign}" -h >&/dev/null
334	+ if [[ $? -gt 1 ]] ; then
335	+ shlibsign="shlibsign"
336	+ fi
337	+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
338	+ }
339	+
340	+ multilib_foreach_abi multilib_pkg_postinst
341	+}
342	+
343	+pkg_postrm() {
344	+ multilib_pkg_postrm() {
345	+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
346	+ }
347	+
348	+ multilib_foreach_abi multilib_pkg_postrm
349	+}

Gentoo Archives: gentoo-commits