1 |
commit: 1309f6637ab1d26fe55f9bba427d33695e28c181 |
2 |
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Mar 7 15:21:29 2020 +0000 |
4 |
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Mar 7 15:21:42 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1309f663 |
7 |
|
8 |
dev-libs/nss: Version bump 3.51 |
9 |
|
10 |
Package-Manager: Portage-2.3.92, Repoman-2.3.20 |
11 |
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org> |
12 |
|
13 |
dev-libs/nss/Manifest | 1 + |
14 |
dev-libs/nss/nss-3.51.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++ |
15 |
2 files changed, 360 insertions(+) |
16 |
|
17 |
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest |
18 |
index 44dc960dbf0..aab1611b521 100644 |
19 |
--- a/dev-libs/nss/Manifest |
20 |
+++ b/dev-libs/nss/Manifest |
21 |
@@ -4,5 +4,6 @@ DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bf |
22 |
DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881 |
23 |
DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072 |
24 |
DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1 |
25 |
+DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd |
26 |
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 |
27 |
DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 |
28 |
|
29 |
diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild |
30 |
new file mode 100644 |
31 |
index 00000000000..b6a9c7b9594 |
32 |
--- /dev/null |
33 |
+++ b/dev-libs/nss/nss-3.51.ebuild |
34 |
@@ -0,0 +1,359 @@ |
35 |
+# Copyright 1999-2020 Gentoo Authors |
36 |
+# Distributed under the terms of the GNU General Public License v2 |
37 |
+ |
38 |
+EAPI=7 |
39 |
+ |
40 |
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
41 |
+ |
42 |
+NSPR_VER="4.25" |
43 |
+RTM_NAME="NSS_${PV//./_}_RTM" |
44 |
+ |
45 |
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
46 |
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
47 |
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
48 |
+ cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )" |
49 |
+ |
50 |
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
51 |
+SLOT="0" |
52 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
53 |
+IUSE="cacert utils" |
54 |
+BDEPEND=" |
55 |
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
56 |
+" |
57 |
+RDEPEND=" |
58 |
+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
59 |
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
60 |
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
61 |
+" |
62 |
+DEPEND="${RDEPEND}" |
63 |
+ |
64 |
+RESTRICT="test" |
65 |
+ |
66 |
+S="${WORKDIR}/${P}/${PN}" |
67 |
+ |
68 |
+MULTILIB_CHOST_TOOLS=( |
69 |
+ /usr/bin/nss-config |
70 |
+) |
71 |
+ |
72 |
+PATCHES=( |
73 |
+ # Custom changes for gentoo |
74 |
+ "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
75 |
+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
76 |
+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
77 |
+) |
78 |
+ |
79 |
+src_prepare() { |
80 |
+ if use cacert ; then #521462 |
81 |
+ PATCHES+=( |
82 |
+ "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
83 |
+ ) |
84 |
+ fi |
85 |
+ |
86 |
+ default |
87 |
+ |
88 |
+ pushd coreconf >/dev/null || die |
89 |
+ # hack nspr paths |
90 |
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
91 |
+ >> headers.mk || die "failed to append include" |
92 |
+ |
93 |
+ # modify install path |
94 |
+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
95 |
+ -i source.mk || die |
96 |
+ |
97 |
+ # Respect LDFLAGS |
98 |
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
99 |
+ popd >/dev/null || die |
100 |
+ |
101 |
+ # Fix pkgconfig file for Prefix |
102 |
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
103 |
+ config/Makefile || die |
104 |
+ |
105 |
+ # use host shlibsign if need be #436216 |
106 |
+ if tc-is-cross-compiler ; then |
107 |
+ sed -i \ |
108 |
+ -e 's:"${2}"/shlibsign:shlibsign:' \ |
109 |
+ cmd/shlibsign/sign.sh || die |
110 |
+ fi |
111 |
+ |
112 |
+ # dirty hack |
113 |
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
114 |
+ lib/ssl/config.mk || die |
115 |
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
116 |
+ cmd/platlibs.mk || die |
117 |
+ |
118 |
+ multilib_copy_sources |
119 |
+ |
120 |
+ strip-flags |
121 |
+} |
122 |
+ |
123 |
+multilib_src_configure() { |
124 |
+ # Ensure we stay multilib aware |
125 |
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
126 |
+} |
127 |
+ |
128 |
+nssarch() { |
129 |
+ # Most of the arches are the same as $ARCH |
130 |
+ local t=${1:-${CHOST}} |
131 |
+ case ${t} in |
132 |
+ aarch64*)echo "aarch64";; |
133 |
+ hppa*) echo "parisc";; |
134 |
+ i?86*) echo "i686";; |
135 |
+ x86_64*) echo "x86_64";; |
136 |
+ *) tc-arch ${t};; |
137 |
+ esac |
138 |
+} |
139 |
+ |
140 |
+nssbits() { |
141 |
+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
142 |
+ if [[ ${1} == BUILD_ ]]; then |
143 |
+ cc=$(tc-getBUILD_CC) |
144 |
+ else |
145 |
+ cc=$(tc-getCC) |
146 |
+ fi |
147 |
+ echo > "${T}"/test.c || die |
148 |
+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
149 |
+ case $(file "${T}/${1}test.o") in |
150 |
+ *32-bit*x86-64*) echo USE_X32=1;; |
151 |
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
152 |
+ *32-bit*|*ppc*|*i386*) ;; |
153 |
+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
154 |
+ esac |
155 |
+} |
156 |
+ |
157 |
+multilib_src_compile() { |
158 |
+ # use ABI to determine bit'ness, or fallback if unset |
159 |
+ local buildbits mybits |
160 |
+ case "${ABI}" in |
161 |
+ n32) mybits="USE_N32=1";; |
162 |
+ x32) mybits="USE_X32=1";; |
163 |
+ s390x|*64) mybits="USE_64=1";; |
164 |
+ ${DEFAULT_ABI}) |
165 |
+ einfo "Running compilation test to determine bit'ness" |
166 |
+ mybits=$(nssbits) |
167 |
+ ;; |
168 |
+ esac |
169 |
+ # bitness of host may differ from target |
170 |
+ if tc-is-cross-compiler; then |
171 |
+ buildbits=$(nssbits BUILD_) |
172 |
+ fi |
173 |
+ |
174 |
+ local makeargs=( |
175 |
+ CC="$(tc-getCC)" |
176 |
+ CCC="$(tc-getCXX)" |
177 |
+ AR="$(tc-getAR) rc \$@" |
178 |
+ RANLIB="$(tc-getRANLIB)" |
179 |
+ OPTIMIZER= |
180 |
+ ${mybits} |
181 |
+ ) |
182 |
+ |
183 |
+ # Take care of nspr settings #436216 |
184 |
+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
185 |
+ unset NSPR_INCLUDE_DIR |
186 |
+ |
187 |
+ # Do not let `uname` be used. |
188 |
+ if use kernel_linux ; then |
189 |
+ makeargs+=( |
190 |
+ OS_TARGET=Linux |
191 |
+ OS_RELEASE=2.6 |
192 |
+ OS_TEST="$(nssarch)" |
193 |
+ ) |
194 |
+ fi |
195 |
+ |
196 |
+ export NSS_ALLOW_SSLKEYLOGFILE=1 |
197 |
+ export NSS_ENABLE_WERROR=0 #567158 |
198 |
+ export BUILD_OPT=1 |
199 |
+ export NSS_USE_SYSTEM_SQLITE=1 |
200 |
+ export NSDISTMODE=copy |
201 |
+ export NSS_ENABLE_ECC=1 |
202 |
+ export FREEBL_NO_DEPEND=1 |
203 |
+ export FREEBL_LOWHASH=1 |
204 |
+ export NSS_SEED_ONLY_DEV_URANDOM=1 |
205 |
+ export ASFLAGS="" |
206 |
+ |
207 |
+ local d |
208 |
+ |
209 |
+ # Build the host tools first. |
210 |
+ LDFLAGS="${BUILD_LDFLAGS}" \ |
211 |
+ XCFLAGS="${BUILD_CFLAGS}" \ |
212 |
+ NSPR_LIB_DIR="${T}/fakedir" \ |
213 |
+ emake -j1 -C coreconf \ |
214 |
+ CC="$(tc-getBUILD_CC)" \ |
215 |
+ ${buildbits:-${mybits}} |
216 |
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
217 |
+ |
218 |
+ # Then build the target tools. |
219 |
+ for d in . lib/dbm ; do |
220 |
+ CPPFLAGS="${myCPPFLAGS}" \ |
221 |
+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
222 |
+ NSPR_LIB_DIR="${T}/fakedir" \ |
223 |
+ emake -j1 "${makeargs[@]}" -C ${d} |
224 |
+ done |
225 |
+} |
226 |
+ |
227 |
+# Altering these 3 libraries breaks the CHK verification. |
228 |
+# All of the following cause it to break: |
229 |
+# - stripping |
230 |
+# - prelink |
231 |
+# - ELF signing |
232 |
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
233 |
+# Either we have to NOT strip them, or we have to forcibly resign after |
234 |
+# stripping. |
235 |
+#local_libdir="$(get_libdir)" |
236 |
+#export STRIP_MASK=" |
237 |
+# */${local_libdir}/libfreebl3.so* |
238 |
+# */${local_libdir}/libnssdbm3.so* |
239 |
+# */${local_libdir}/libsoftokn3.so*" |
240 |
+ |
241 |
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
242 |
+ |
243 |
+generate_chk() { |
244 |
+ local shlibsign="$1" |
245 |
+ local libdir="$2" |
246 |
+ einfo "Resigning core NSS libraries for FIPS validation" |
247 |
+ shift 2 |
248 |
+ local i |
249 |
+ for i in ${NSS_CHK_SIGN_LIBS} ; do |
250 |
+ local libname=lib${i}.so |
251 |
+ local chkname=lib${i}.chk |
252 |
+ "${shlibsign}" \ |
253 |
+ -i "${libdir}"/${libname} \ |
254 |
+ -o "${libdir}"/${chkname}.tmp \ |
255 |
+ && mv -f \ |
256 |
+ "${libdir}"/${chkname}.tmp \ |
257 |
+ "${libdir}"/${chkname} \ |
258 |
+ || die "Failed to sign ${libname}" |
259 |
+ done |
260 |
+} |
261 |
+ |
262 |
+cleanup_chk() { |
263 |
+ local libdir="$1" |
264 |
+ shift 1 |
265 |
+ local i |
266 |
+ for i in ${NSS_CHK_SIGN_LIBS} ; do |
267 |
+ local libfname="${libdir}/lib${i}.so" |
268 |
+ # If the major version has changed, then we have old chk files. |
269 |
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
270 |
+ && rm -f "${libfname}.chk" |
271 |
+ done |
272 |
+} |
273 |
+ |
274 |
+multilib_src_install() { |
275 |
+ pushd dist >/dev/null || die |
276 |
+ |
277 |
+ dodir /usr/$(get_libdir) |
278 |
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
279 |
+ local i |
280 |
+ for i in crmf freebl nssb nssckfw ; do |
281 |
+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
282 |
+ done |
283 |
+ |
284 |
+ # Install nss-config and pkgconfig file |
285 |
+ dodir /usr/bin |
286 |
+ cp -L */bin/nss-config "${ED}"/usr/bin || die |
287 |
+ dodir /usr/$(get_libdir)/pkgconfig |
288 |
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
289 |
+ |
290 |
+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
291 |
+ # bug 517266 |
292 |
+ sed -e 's#Libs:#Libs: -lfreebl#' \ |
293 |
+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
294 |
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
295 |
+ || die "could not create nss-softokn.pc" |
296 |
+ |
297 |
+ # all the include files |
298 |
+ insinto /usr/include/nss |
299 |
+ doins public/nss/*.{h,api} |
300 |
+ insinto /usr/include/nss/private |
301 |
+ doins private/nss/{blapi,alghmac,cmac}.h |
302 |
+ |
303 |
+ popd >/dev/null || die |
304 |
+ |
305 |
+ local f nssutils |
306 |
+ # Always enabled because we need it for chk generation. |
307 |
+ nssutils=( shlibsign ) |
308 |
+ |
309 |
+ if multilib_is_native_abi ; then |
310 |
+ if use utils; then |
311 |
+ # The tests we do not need to install. |
312 |
+ #nssutils_test="bltest crmftest dbtest dertimetest |
313 |
+ #fipstest remtest sdrtest" |
314 |
+ # checkcert utils has been removed in nss-3.22: |
315 |
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
316 |
+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
317 |
+ # certcgi has been removed in nss-3.36: |
318 |
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
319 |
+ nssutils+=( |
320 |
+ addbuiltin |
321 |
+ atob |
322 |
+ baddbdir |
323 |
+ btoa |
324 |
+ certutil |
325 |
+ cmsutil |
326 |
+ conflict |
327 |
+ crlutil |
328 |
+ derdump |
329 |
+ digest |
330 |
+ makepqg |
331 |
+ mangle |
332 |
+ modutil |
333 |
+ multinit |
334 |
+ nonspr10 |
335 |
+ ocspclnt |
336 |
+ oidcalc |
337 |
+ p7content |
338 |
+ p7env |
339 |
+ p7sign |
340 |
+ p7verify |
341 |
+ pk11mode |
342 |
+ pk12util |
343 |
+ pp |
344 |
+ rsaperf |
345 |
+ selfserv |
346 |
+ signtool |
347 |
+ signver |
348 |
+ ssltap |
349 |
+ strsclnt |
350 |
+ symkeyutil |
351 |
+ tstclnt |
352 |
+ vfychain |
353 |
+ vfyserv |
354 |
+ ) |
355 |
+ # install man-pages for utils (bug #516810) |
356 |
+ doman doc/nroff/*.1 |
357 |
+ fi |
358 |
+ pushd dist/*/bin >/dev/null || die |
359 |
+ for f in ${nssutils[@]}; do |
360 |
+ dobin ${f} |
361 |
+ done |
362 |
+ popd >/dev/null || die |
363 |
+ fi |
364 |
+ |
365 |
+ # Prelink breaks the CHK files. We don't have any reliable way to run |
366 |
+ # shlibsign after prelink. |
367 |
+ dodir /etc/prelink.conf.d |
368 |
+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
369 |
+ > "${ED}"/etc/prelink.conf.d/nss.conf |
370 |
+} |
371 |
+ |
372 |
+pkg_postinst() { |
373 |
+ multilib_pkg_postinst() { |
374 |
+ # We must re-sign the libraries AFTER they are stripped. |
375 |
+ local shlibsign="${EROOT}/usr/bin/shlibsign" |
376 |
+ # See if we can execute it (cross-compiling & such). #436216 |
377 |
+ "${shlibsign}" -h >&/dev/null |
378 |
+ if [[ $? -gt 1 ]] ; then |
379 |
+ shlibsign="shlibsign" |
380 |
+ fi |
381 |
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
382 |
+ } |
383 |
+ |
384 |
+ multilib_foreach_abi multilib_pkg_postinst |
385 |
+} |
386 |
+ |
387 |
+pkg_postrm() { |
388 |
+ multilib_pkg_postrm() { |
389 |
+ cleanup_chk "${EROOT}"/usr/$(get_libdir) |
390 |
+ } |
391 |
+ |
392 |
+ multilib_foreach_abi multilib_pkg_postrm |
393 |
+} |