[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/ - gentoo-commits

From:	Jory Pratt <anarchy@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date:	Sat, 07 Mar 2020 15:21:48
Message-Id:	`1583594502.1309f6637ab1d26fe55f9bba427d33695e28c181.anarchy@gentoo`

1

commit:     1309f6637ab1d26fe55f9bba427d33695e28c181

2

Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>

3

AuthorDate: Sat Mar  7 15:21:29 2020 +0000

4

Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>

5

CommitDate: Sat Mar  7 15:21:42 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1309f663

7

8

dev-libs/nss: Version bump 3.51

9

10

Package-Manager: Portage-2.3.92, Repoman-2.3.20

11

Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

12

13

 dev-libs/nss/Manifest        |   1 +

14

 dev-libs/nss/nss-3.51.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++

15

 2 files changed, 360 insertions(+)

16

17

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest

18

index 44dc960dbf0..aab1611b521 100644

19

--- a/dev-libs/nss/Manifest

20

+++ b/dev-libs/nss/Manifest

21

@@ -4,5 +4,6 @@ DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bf

22

 DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881

23

 DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072

24

 DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1

25

+DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd

26

 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

27

 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

28

29

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild

30

new file mode 100644

31

index 00000000000..b6a9c7b9594

32

--- /dev/null

33

+++ b/dev-libs/nss/nss-3.51.ebuild

34

@@ -0,0 +1,359 @@

35

+# Copyright 1999-2020 Gentoo Authors

36

+# Distributed under the terms of the GNU General Public License v2

37

+

38

+EAPI=7

39

+

40

+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal

41

+

42

+NSPR_VER="4.25"

43

+RTM_NAME="NSS_${PV//./_}_RTM"

44

+

45

+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

46

+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"

47

+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

48

+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"

49

+

50

+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

51

+SLOT="0"

52

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

53

+IUSE="cacert utils"

54

+BDEPEND="

55

+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]

56

+"

57

+RDEPEND="

58

+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

59

+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

60

+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]

61

+"

62

+DEPEND="${RDEPEND}"

63

+

64

+RESTRICT="test"

65

+

66

+S="${WORKDIR}/${P}/${PN}"

67

+

68

+MULTILIB_CHOST_TOOLS=(

69

+	/usr/bin/nss-config

70

+)

71

+

72

+PATCHES=(

73

+	# Custom changes for gentoo

74

+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"

75

+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

76

+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"

77

+)

78

+

79

+src_prepare() {

80

+	if use cacert ; then #521462

81

+		PATCHES+=(

82

+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"

83

+		)

84

+	fi

85

+

86

+	default

87

+

88

+	pushd coreconf >/dev/null || die

89

+	# hack nspr paths

90

+	echo 'INCLUDES += -I$(DIST)/include/dbm' \

91

+		>> headers.mk || die "failed to append include"

92

+

93

+	# modify install path

94

+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

95

+		-i source.mk || die

96

+

97

+	# Respect LDFLAGS

98

+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

99

+	popd >/dev/null || die

100

+

101

+	# Fix pkgconfig file for Prefix

102

+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

103

+		config/Makefile || die

104

+

105

+	# use host shlibsign if need be #436216

106

+	if tc-is-cross-compiler ; then

107

+		sed -i \

108

+			-e 's:"${2}"/shlibsign:shlibsign:' \

109

+			cmd/shlibsign/sign.sh || die

110

+	fi

111

+

112

+	# dirty hack

113

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

114

+		lib/ssl/config.mk || die

115

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

116

+		cmd/platlibs.mk || die

117

+

118

+	multilib_copy_sources

119

+

120

+	strip-flags

121

+}

122

+

123

+multilib_src_configure() {

124

+	# Ensure we stay multilib aware

125

+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

126

+}

127

+

128

+nssarch() {

129

+	# Most of the arches are the same as $ARCH

130

+	local t=${1:-${CHOST}}

131

+	case ${t} in

132

+		aarch64*)echo "aarch64";;

133

+		hppa*)   echo "parisc";;

134

+		i?86*)   echo "i686";;

135

+		x86_64*) echo "x86_64";;

136

+		*)       tc-arch ${t};;

137

+	esac

138

+}

139

+

140

+nssbits() {

141

+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

142

+	if [[ ${1} == BUILD_ ]]; then

143

+		cc=$(tc-getBUILD_CC)

144

+	else

145

+		cc=$(tc-getCC)

146

+	fi

147

+	echo > "${T}"/test.c || die

148

+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

149

+	case $(file "${T}/${1}test.o") in

150

+		*32-bit*x86-64*) echo USE_X32=1;;

151

+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

152

+		*32-bit*|*ppc*|*i386*) ;;

153

+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

154

+	esac

155

+}

156

+

157

+multilib_src_compile() {

158

+	# use ABI to determine bit'ness, or fallback if unset

159

+	local buildbits mybits

160

+	case "${ABI}" in

161

+		n32) mybits="USE_N32=1";;

162

+		x32) mybits="USE_X32=1";;

163

+		s390x|*64) mybits="USE_64=1";;

164

+		${DEFAULT_ABI})

165

+			einfo "Running compilation test to determine bit'ness"

166

+			mybits=$(nssbits)

167

+			;;

168

+	esac

169

+	# bitness of host may differ from target

170

+	if tc-is-cross-compiler; then

171

+		buildbits=$(nssbits BUILD_)

172

+	fi

173

+

174

+	local makeargs=(

175

+		CC="$(tc-getCC)"

176

+		CCC="$(tc-getCXX)"

177

+		AR="$(tc-getAR) rc \$@"

178

+		RANLIB="$(tc-getRANLIB)"

179

+		OPTIMIZER=

180

+		${mybits}

181

+	)

182

+

183

+	# Take care of nspr settings #436216

184

+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

185

+	unset NSPR_INCLUDE_DIR

186

+

187

+	# Do not let `uname` be used.

188

+	if use kernel_linux ; then

189

+		makeargs+=(

190

+			OS_TARGET=Linux

191

+			OS_RELEASE=2.6

192

+			OS_TEST="$(nssarch)"

193

+		)

194

+	fi

195

+

196

+	export NSS_ALLOW_SSLKEYLOGFILE=1

197

+	export NSS_ENABLE_WERROR=0 #567158

198

+	export BUILD_OPT=1

199

+	export NSS_USE_SYSTEM_SQLITE=1

200

+	export NSDISTMODE=copy

201

+	export NSS_ENABLE_ECC=1

202

+	export FREEBL_NO_DEPEND=1

203

+	export FREEBL_LOWHASH=1

204

+	export NSS_SEED_ONLY_DEV_URANDOM=1

205

+	export ASFLAGS=""

206

+

207

+	local d

208

+

209

+	# Build the host tools first.

210

+	LDFLAGS="${BUILD_LDFLAGS}" \

211

+	XCFLAGS="${BUILD_CFLAGS}" \

212

+	NSPR_LIB_DIR="${T}/fakedir" \

213

+	emake -j1 -C coreconf \

214

+		CC="$(tc-getBUILD_CC)" \

215

+		${buildbits:-${mybits}}

216

+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

217

+

218

+	# Then build the target tools.

219

+	for d in . lib/dbm ; do

220

+		CPPFLAGS="${myCPPFLAGS}" \

221

+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

222

+		NSPR_LIB_DIR="${T}/fakedir" \

223

+		emake -j1 "${makeargs[@]}" -C ${d}

224

+	done

225

+}

226

+

227

+# Altering these 3 libraries breaks the CHK verification.

228

+# All of the following cause it to break:

229

+# - stripping

230

+# - prelink

231

+# - ELF signing

232

+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

233

+# Either we have to NOT strip them, or we have to forcibly resign after

234

+# stripping.

235

+#local_libdir="$(get_libdir)"

236

+#export STRIP_MASK="

237

+#	*/${local_libdir}/libfreebl3.so*

238

+#	*/${local_libdir}/libnssdbm3.so*

239

+#	*/${local_libdir}/libsoftokn3.so*"

240

+

241

+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

242

+

243

+generate_chk() {

244

+	local shlibsign="$1"

245

+	local libdir="$2"

246

+	einfo "Resigning core NSS libraries for FIPS validation"

247

+	shift 2

248

+	local i

249

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

250

+		local libname=lib${i}.so

251

+		local chkname=lib${i}.chk

252

+		"${shlibsign}" \

253

+			-i "${libdir}"/${libname} \

254

+			-o "${libdir}"/${chkname}.tmp \

255

+		&& mv -f \

256

+			"${libdir}"/${chkname}.tmp \

257

+			"${libdir}"/${chkname} \

258

+		|| die "Failed to sign ${libname}"

259

+	done

260

+}

261

+

262

+cleanup_chk() {

263

+	local libdir="$1"

264

+	shift 1

265

+	local i

266

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

267

+		local libfname="${libdir}/lib${i}.so"

268

+		# If the major version has changed, then we have old chk files.

269

+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

270

+			&& rm -f "${libfname}.chk"

271

+	done

272

+}

273

+

274

+multilib_src_install() {

275

+	pushd dist >/dev/null || die

276

+

277

+	dodir /usr/$(get_libdir)

278

+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

279

+	local i

280

+	for i in crmf freebl nssb nssckfw ; do

281

+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

282

+	done

283

+

284

+	# Install nss-config and pkgconfig file

285

+	dodir /usr/bin

286

+	cp -L */bin/nss-config "${ED}"/usr/bin || die

287

+	dodir /usr/$(get_libdir)/pkgconfig

288

+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

289

+

290

+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

291

+	# bug 517266

292

+	sed 	-e 's#Libs:#Libs: -lfreebl#' \

293

+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

294

+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

295

+		|| die "could not create nss-softokn.pc"

296

+

297

+	# all the include files

298

+	insinto /usr/include/nss

299

+	doins public/nss/*.{h,api}

300

+	insinto /usr/include/nss/private

301

+	doins private/nss/{blapi,alghmac,cmac}.h

302

+

303

+	popd >/dev/null || die

304

+

305

+	local f nssutils

306

+	# Always enabled because we need it for chk generation.

307

+	nssutils=( shlibsign )

308

+

309

+	if multilib_is_native_abi ; then

310

+		if use utils; then

311

+			# The tests we do not need to install.

312

+			#nssutils_test="bltest crmftest dbtest dertimetest

313

+			#fipstest remtest sdrtest"

314

+			# checkcert utils has been removed in nss-3.22:

315

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545

316

+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870

317

+			# certcgi has been removed in nss-3.36:

318

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602

319

+			nssutils+=(

320

+				addbuiltin

321

+				atob

322

+				baddbdir

323

+				btoa

324

+				certutil

325

+				cmsutil

326

+				conflict

327

+				crlutil

328

+				derdump

329

+				digest

330

+				makepqg

331

+				mangle

332

+				modutil

333

+				multinit

334

+				nonspr10

335

+				ocspclnt

336

+				oidcalc

337

+				p7content

338

+				p7env

339

+				p7sign

340

+				p7verify

341

+				pk11mode

342

+				pk12util

343

+				pp

344

+				rsaperf

345

+				selfserv

346

+				signtool

347

+				signver

348

+				ssltap

349

+				strsclnt

350

+				symkeyutil

351

+				tstclnt

352

+				vfychain

353

+				vfyserv

354

+			)

355

+			# install man-pages for utils (bug #516810)

356

+			doman doc/nroff/*.1

357

+		fi

358

+		pushd dist/*/bin >/dev/null || die

359

+		for f in ${nssutils[@]}; do

360

+			dobin ${f}

361

+		done

362

+		popd >/dev/null || die

363

+	fi

364

+

365

+	# Prelink breaks the CHK files. We don't have any reliable way to run

366

+	# shlibsign after prelink.

367

+	dodir /etc/prelink.conf.d

368

+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \

369

+		> "${ED}"/etc/prelink.conf.d/nss.conf

370

+}

371

+

372

+pkg_postinst() {

373

+	multilib_pkg_postinst() {

374

+		# We must re-sign the libraries AFTER they are stripped.

375

+		local shlibsign="${EROOT}/usr/bin/shlibsign"

376

+		# See if we can execute it (cross-compiling & such). #436216

377

+		"${shlibsign}" -h >&/dev/null

378

+		if [[ $? -gt 1 ]] ; then

379

+			shlibsign="shlibsign"

380

+		fi

381

+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

382

+	}

383

+

384

+	multilib_foreach_abi multilib_pkg_postinst

385

+}

386

+

387

+pkg_postrm() {

388

+	multilib_pkg_postrm() {

389

+		cleanup_chk "${EROOT}"/usr/$(get_libdir)

390

+	}

391

+

392

+	multilib_foreach_abi multilib_pkg_postrm

393

+}

1	commit: 1309f6637ab1d26fe55f9bba427d33695e28c181
2	Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
3	AuthorDate: Sat Mar 7 15:21:29 2020 +0000
4	Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
5	CommitDate: Sat Mar 7 15:21:42 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1309f663
7
8	dev-libs/nss: Version bump 3.51
9
10	Package-Manager: Portage-2.3.92, Repoman-2.3.20
11	Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
12
13	dev-libs/nss/Manifest \| 1 +
14	dev-libs/nss/nss-3.51.ebuild \| 359 +++++++++++++++++++++++++++++++++++++++++++
15	2 files changed, 360 insertions(+)
16
17	diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
18	index 44dc960dbf0..aab1611b521 100644
19	--- a/dev-libs/nss/Manifest
20	+++ b/dev-libs/nss/Manifest
21	@@ -4,5 +4,6 @@ DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bf
22	DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
23	DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
24	DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1
25	+DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
26	DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
27	DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2
28
29	diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
30	new file mode 100644
31	index 00000000000..b6a9c7b9594
32	--- /dev/null
33	+++ b/dev-libs/nss/nss-3.51.ebuild
34	@@ -0,0 +1,359 @@
35	+# Copyright 1999-2020 Gentoo Authors
36	+# Distributed under the terms of the GNU General Public License v2
37	+
38	+EAPI=7
39	+
40	+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
41	+
42	+NSPR_VER="4.25"
43	+RTM_NAME="NSS_${PV//./_}_RTM"
44	+
45	+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
46	+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
47	+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
48	+ cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
49	+
50	+LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
51	+SLOT="0"
52	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
53	+IUSE="cacert utils"
54	+BDEPEND="
55	+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
56	+"
57	+RDEPEND="
58	+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
59	+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
60	+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
61	+"
62	+DEPEND="${RDEPEND}"
63	+
64	+RESTRICT="test"
65	+
66	+S="${WORKDIR}/${P}/${PN}"
67	+
68	+MULTILIB_CHOST_TOOLS=(
69	+ /usr/bin/nss-config
70	+)
71	+
72	+PATCHES=(
73	+ # Custom changes for gentoo
74	+ "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
75	+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
76	+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
77	+)
78	+
79	+src_prepare() {
80	+ if use cacert ; then #521462
81	+ PATCHES+=(
82	+ "${DISTDIR}/${PN}-cacert-class1-class3.patch"
83	+ )
84	+ fi
85	+
86	+ default
87	+
88	+ pushd coreconf >/dev/null \|\| die
89	+ # hack nspr paths
90	+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
91	+ >> headers.mk \|\| die "failed to append include"
92	+
93	+ # modify install path
94	+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
95	+ -i source.mk \|\| die
96	+
97	+ # Respect LDFLAGS
98	+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
99	+ popd >/dev/null \|\| die
100	+
101	+ # Fix pkgconfig file for Prefix
102	+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
103	+ config/Makefile \|\| die
104	+
105	+ # use host shlibsign if need be #436216
106	+ if tc-is-cross-compiler ; then
107	+ sed -i \
108	+ -e 's:"${2}"/shlibsign:shlibsign:' \
109	+ cmd/shlibsign/sign.sh \|\| die
110	+ fi
111	+
112	+ # dirty hack
113	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
114	+ lib/ssl/config.mk \|\| die
115	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
116	+ cmd/platlibs.mk \|\| die
117	+
118	+ multilib_copy_sources
119	+
120	+ strip-flags
121	+}
122	+
123	+multilib_src_configure() {
124	+ # Ensure we stay multilib aware
125	+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
126	+}
127	+
128	+nssarch() {
129	+ # Most of the arches are the same as $ARCH
130	+ local t=${1:-${CHOST}}
131	+ case ${t} in
132	+ aarch64*)echo "aarch64";;
133	+ hppa*) echo "parisc";;
134	+ i?86*) echo "i686";;
135	+ x86_64*) echo "x86_64";;
136	+ *) tc-arch ${t};;
137	+ esac
138	+}
139	+
140	+nssbits() {
141	+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
142	+ if [[ ${1} == BUILD_ ]]; then
143	+ cc=$(tc-getBUILD_CC)
144	+ else
145	+ cc=$(tc-getCC)
146	+ fi
147	+ echo > "${T}"/test.c \|\| die
148	+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
149	+ case $(file "${T}/${1}test.o") in
150	+ 32-bitx86-64*) echo USE_X32=1;;
151	+ 64-bit\|ppc64\|x86_64) echo USE_64=1;;
152	+ 32-bit\|ppc\|i386) ;;
153	+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
154	+ esac
155	+}
156	+
157	+multilib_src_compile() {
158	+ # use ABI to determine bit'ness, or fallback if unset
159	+ local buildbits mybits
160	+ case "${ABI}" in
161	+ n32) mybits="USE_N32=1";;
162	+ x32) mybits="USE_X32=1";;
163	+ s390x\|*64) mybits="USE_64=1";;
164	+ ${DEFAULT_ABI})
165	+ einfo "Running compilation test to determine bit'ness"
166	+ mybits=$(nssbits)
167	+ ;;
168	+ esac
169	+ # bitness of host may differ from target
170	+ if tc-is-cross-compiler; then
171	+ buildbits=$(nssbits BUILD_)
172	+ fi
173	+
174	+ local makeargs=(
175	+ CC="$(tc-getCC)"
176	+ CCC="$(tc-getCXX)"
177	+ AR="$(tc-getAR) rc \$@"
178	+ RANLIB="$(tc-getRANLIB)"
179	+ OPTIMIZER=
180	+ ${mybits}
181	+ )
182	+
183	+ # Take care of nspr settings #436216
184	+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
185	+ unset NSPR_INCLUDE_DIR
186	+
187	+ # Do not let `uname` be used.
188	+ if use kernel_linux ; then
189	+ makeargs+=(
190	+ OS_TARGET=Linux
191	+ OS_RELEASE=2.6
192	+ OS_TEST="$(nssarch)"
193	+ )
194	+ fi
195	+
196	+ export NSS_ALLOW_SSLKEYLOGFILE=1
197	+ export NSS_ENABLE_WERROR=0 #567158
198	+ export BUILD_OPT=1
199	+ export NSS_USE_SYSTEM_SQLITE=1
200	+ export NSDISTMODE=copy
201	+ export NSS_ENABLE_ECC=1
202	+ export FREEBL_NO_DEPEND=1
203	+ export FREEBL_LOWHASH=1
204	+ export NSS_SEED_ONLY_DEV_URANDOM=1
205	+ export ASFLAGS=""
206	+
207	+ local d
208	+
209	+ # Build the host tools first.
210	+ LDFLAGS="${BUILD_LDFLAGS}" \
211	+ XCFLAGS="${BUILD_CFLAGS}" \
212	+ NSPR_LIB_DIR="${T}/fakedir" \
213	+ emake -j1 -C coreconf \
214	+ CC="$(tc-getBUILD_CC)" \
215	+ ${buildbits:-${mybits}}
216	+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
217	+
218	+ # Then build the target tools.
219	+ for d in . lib/dbm ; do
220	+ CPPFLAGS="${myCPPFLAGS}" \
221	+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
222	+ NSPR_LIB_DIR="${T}/fakedir" \
223	+ emake -j1 "${makeargs[@]}" -C ${d}
224	+ done
225	+}
226	+
227	+# Altering these 3 libraries breaks the CHK verification.
228	+# All of the following cause it to break:
229	+# - stripping
230	+# - prelink
231	+# - ELF signing
232	+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
233	+# Either we have to NOT strip them, or we have to forcibly resign after
234	+# stripping.
235	+#local_libdir="$(get_libdir)"
236	+#export STRIP_MASK="
237	+# /${local_libdir}/libfreebl3.so
238	+# /${local_libdir}/libnssdbm3.so
239	+# /${local_libdir}/libsoftokn3.so"
240	+
241	+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
242	+
243	+generate_chk() {
244	+ local shlibsign="$1"
245	+ local libdir="$2"
246	+ einfo "Resigning core NSS libraries for FIPS validation"
247	+ shift 2
248	+ local i
249	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
250	+ local libname=lib${i}.so
251	+ local chkname=lib${i}.chk
252	+ "${shlibsign}" \
253	+ -i "${libdir}"/${libname} \
254	+ -o "${libdir}"/${chkname}.tmp \
255	+ && mv -f \
256	+ "${libdir}"/${chkname}.tmp \
257	+ "${libdir}"/${chkname} \
258	+ \|\| die "Failed to sign ${libname}"
259	+ done
260	+}
261	+
262	+cleanup_chk() {
263	+ local libdir="$1"
264	+ shift 1
265	+ local i
266	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
267	+ local libfname="${libdir}/lib${i}.so"
268	+ # If the major version has changed, then we have old chk files.
269	+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
270	+ && rm -f "${libfname}.chk"
271	+ done
272	+}
273	+
274	+multilib_src_install() {
275	+ pushd dist >/dev/null \|\| die
276	+
277	+ dodir /usr/$(get_libdir)
278	+ cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
279	+ local i
280	+ for i in crmf freebl nssb nssckfw ; do
281	+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
282	+ done
283	+
284	+ # Install nss-config and pkgconfig file
285	+ dodir /usr/bin
286	+ cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
287	+ dodir /usr/$(get_libdir)/pkgconfig
288	+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
289	+
290	+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
291	+ # bug 517266
292	+ sed -e 's#Libs:#Libs: -lfreebl#' \
293	+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
294	+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
295	+ \|\| die "could not create nss-softokn.pc"
296	+
297	+ # all the include files
298	+ insinto /usr/include/nss
299	+ doins public/nss/*.{h,api}
300	+ insinto /usr/include/nss/private
301	+ doins private/nss/{blapi,alghmac,cmac}.h
302	+
303	+ popd >/dev/null \|\| die
304	+
305	+ local f nssutils
306	+ # Always enabled because we need it for chk generation.
307	+ nssutils=( shlibsign )
308	+
309	+ if multilib_is_native_abi ; then
310	+ if use utils; then
311	+ # The tests we do not need to install.
312	+ #nssutils_test="bltest crmftest dbtest dertimetest
313	+ #fipstest remtest sdrtest"
314	+ # checkcert utils has been removed in nss-3.22:
315	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
316	+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
317	+ # certcgi has been removed in nss-3.36:
318	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
319	+ nssutils+=(
320	+ addbuiltin
321	+ atob
322	+ baddbdir
323	+ btoa
324	+ certutil
325	+ cmsutil
326	+ conflict
327	+ crlutil
328	+ derdump
329	+ digest
330	+ makepqg
331	+ mangle
332	+ modutil
333	+ multinit
334	+ nonspr10
335	+ ocspclnt
336	+ oidcalc
337	+ p7content
338	+ p7env
339	+ p7sign
340	+ p7verify
341	+ pk11mode
342	+ pk12util
343	+ pp
344	+ rsaperf
345	+ selfserv
346	+ signtool
347	+ signver
348	+ ssltap
349	+ strsclnt
350	+ symkeyutil
351	+ tstclnt
352	+ vfychain
353	+ vfyserv
354	+ )
355	+ # install man-pages for utils (bug #516810)
356	+ doman doc/nroff/*.1
357	+ fi
358	+ pushd dist/*/bin >/dev/null \|\| die
359	+ for f in ${nssutils[@]}; do
360	+ dobin ${f}
361	+ done
362	+ popd >/dev/null \|\| die
363	+ fi
364	+
365	+ # Prelink breaks the CHK files. We don't have any reliable way to run
366	+ # shlibsign after prelink.
367	+ dodir /etc/prelink.conf.d
368	+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
369	+ > "${ED}"/etc/prelink.conf.d/nss.conf
370	+}
371	+
372	+pkg_postinst() {
373	+ multilib_pkg_postinst() {
374	+ # We must re-sign the libraries AFTER they are stripped.
375	+ local shlibsign="${EROOT}/usr/bin/shlibsign"
376	+ # See if we can execute it (cross-compiling & such). #436216
377	+ "${shlibsign}" -h >&/dev/null
378	+ if [[ $? -gt 1 ]] ; then
379	+ shlibsign="shlibsign"
380	+ fi
381	+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
382	+ }
383	+
384	+ multilib_foreach_abi multilib_pkg_postinst
385	+}
386	+
387	+pkg_postrm() {
388	+ multilib_pkg_postrm() {
389	+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
390	+ }
391	+
392	+ multilib_foreach_abi multilib_pkg_postrm
393	+}

Gentoo Archives: gentoo-commits