Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Jory Pratt (anarchy)" <anarchy@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/nss: ChangeLog nss-3.12.9-r1.ebuild
Date: Tue, 03 May 2011 00:57:33
Message-Id: 20110503005716.3D7D620054@flycatcher.gentoo.org
1 anarchy 11/05/03 00:57:16
2
3 Modified: ChangeLog
4 Added: nss-3.12.9-r1.ebuild
5 Log:
6 Bump for security bug #360315
7
8 (Portage version: 2.1.9.46/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.202 dev-libs/nss/ChangeLog
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.202&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.202&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.201&r2=1.202
16
17 Index: ChangeLog
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
20 retrieving revision 1.201
21 retrieving revision 1.202
22 diff -u -r1.201 -r1.202
23 --- ChangeLog 14 Jan 2011 13:37:37 -0000 1.201
24 +++ ChangeLog 3 May 2011 00:57:16 -0000 1.202
25 @@ -1,6 +1,11 @@
26 # ChangeLog for dev-libs/nss
27 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
28 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.201 2011/01/14 13:37:37 anarchy Exp $
29 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.202 2011/05/03 00:57:16 anarchy Exp $
30 +
31 +*nss-3.12.9-r1 (03 May 2011)
32 +
33 + 03 May 2011; Jory A. Pratt <anarchy@g.o> +nss-3.12.9-r1.ebuild:
34 + Bump for security bug #360315
35
36 *nss-3.12.9 (14 Jan 2011)
37
38
39
40
41 1.1 dev-libs/nss/nss-3.12.9-r1.ebuild
42
43 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.12.9-r1.ebuild?rev=1.1&view=markup
44 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.12.9-r1.ebuild?rev=1.1&content-type=text/plain
45
46 Index: nss-3.12.9-r1.ebuild
47 ===================================================================
48 # Copyright 1999-2011 Gentoo Foundation
49 # Distributed under the terms of the GNU General Public License v2
50 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.12.9-r1.ebuild,v 1.1 2011/05/03 00:57:16 anarchy Exp $
51
52 EAPI=3
53 inherit eutils flag-o-matic multilib toolchain-funcs
54
55 NSPR_VER="4.8.7"
56 RTM_NAME="NSS_${PV//./_}_WITH_CKBI_1_82_RTM"
57 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
58 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
59 SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.with.ckbi.1.82.tar.gz"
60
61 LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )"
62 SLOT="0"
63 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
64 IUSE="utils"
65
66 DEPEND="dev-util/pkgconfig"
67 RDEPEND=">=dev-libs/nspr-${NSPR_VER}
68 >=dev-db/sqlite-3.5"
69
70 src_prepare() {
71 # Custom changes for gentoo
72 epatch "${FILESDIR}/${PN}-3.12.5-gentoo-fixups.diff"
73 epatch "${FILESDIR}/${PN}-3.12.6-gentoo-fixup-warnings.patch"
74
75 cd "${S}"/mozilla/security/coreconf
76 # hack nspr paths
77 echo 'INCLUDES += -I'"${EPREFIX}"'/usr/include/nspr -I$(DIST)/include/dbm' \
78 >> headers.mk || die "failed to append include"
79
80 # modify install path
81 sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
82 -i source.mk
83
84 # Respect LDFLAGS
85 sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
86
87 # Ensure we stay multilib aware
88 sed -i -e "s:gentoo\/nss:$(get_libdir):" "${S}"/mozilla/security/nss/config/Makefile || die "Failed to fix for multilib"
89
90 # Fix pkgconfig file for Prefix
91 sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
92 "${S}"/mozilla/security/nss/config/Makefile
93
94 epatch "${FILESDIR}"/${PN}-3.12.4-solaris-gcc.patch # breaks non-gnu tools
95 # dirty hack
96 cd "${S}"/mozilla/security/nss
97 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
98 lib/ssl/config.mk || die
99 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
100 cmd/platlibs.mk || die
101 }
102
103 src_compile() {
104 strip-flags
105
106 echo > "${T}"/test.c
107 $(tc-getCC) ${CFLAGS} -c "${T}"/test.c -o "${T}"/test.o
108 case $(file "${T}"/test.o) in
109 *64-bit*|*ppc64*|*x86_64*) export USE_64=1;;
110 *32-bit*|*ppc*|*i386*) ;;
111 *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";;
112 esac
113
114 export NSPR_INCLUDE_DIR=`nspr-config --includedir`
115 export NSPR_LIB_DIR=`nspr-config --libdir`
116 export BUILD_OPT=1
117 export NSS_USE_SYSTEM_SQLITE=1
118 export NSDISTMODE=copy
119 export NSS_ENABLE_ECC=1
120 export XCFLAGS="${CFLAGS}"
121 export FREEBL_NO_DEPEND=1
122
123 cd "${S}"/mozilla/security/coreconf
124 emake -j1 CC="$(tc-getCC)" || die "coreconf make failed"
125 cd "${S}"/mozilla/security/dbm
126 emake -j1 CC="$(tc-getCC)" || die "dbm make failed"
127 cd "${S}"/mozilla/security/nss
128 emake -j1 CC="$(tc-getCC)" || die "nss make failed"
129 }
130
131 # Altering these 3 libraries breaks the CHK verification.
132 # All of the following cause it to break:
133 # - stripping
134 # - prelink
135 # - ELF signing
136 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
137 # Either we have to NOT strip them, or we have to forcibly resign after
138 # stripping.
139 #local_libdir="$(get_libdir)"
140 #export STRIP_MASK="
141 # */${local_libdir}/libfreebl3.so*
142 # */${local_libdir}/libnssdbm3.so*
143 # */${local_libdir}/libsoftokn3.so*"
144
145 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
146
147 generate_chk() {
148 local shlibsign="$1"
149 local libdir="$2"
150 einfo "Resigning core NSS libraries for FIPS validation"
151 shift 2
152 for i in ${NSS_CHK_SIGN_LIBS} ; do
153 local libname=lib${i}.so
154 local chkname=lib${i}.chk
155 "${shlibsign}" \
156 -i "${libdir}"/${libname} \
157 -o "${libdir}"/${chkname}.tmp \
158 && mv -f \
159 "${libdir}"/${chkname}.tmp \
160 "${libdir}"/${chkname} \
161 || die "Failed to sign ${libname}"
162 done
163 }
164
165 cleanup_chk() {
166 local libdir="$1"
167 shift 1
168 for i in ${NSS_CHK_SIGN_LIBS} ; do
169 local libfname="${libdir}/lib${i}.so"
170 # If the major version has changed, then we have old chk files.
171 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
172 && rm -f "${libfname}.chk"
173 done
174 }
175
176 src_install () {
177 MINOR_VERSION=12
178 cd "${S}"/mozilla/security/dist
179
180 dodir /usr/$(get_libdir)
181 cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
182 # We generate these after stripping the libraries, else they don't match.
183 #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
184 cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
185
186 # Install nss-config and pkgconfig file
187 dodir /usr/bin
188 cp -L */bin/nss-config "${ED}"/usr/bin
189 dodir /usr/$(get_libdir)/pkgconfig
190 cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
191
192 # all the include files
193 insinto /usr/include/nss
194 doins public/nss/*.h
195 cd "${ED}"/usr/$(get_libdir)
196 local n=
197 for file in *$(get_libname); do
198 n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION})
199 mv ${file} ${n}
200 ln -s ${n} ${file}
201 if [[ ${CHOST} == *-darwin* ]]; then
202 install_name_tool -id "${EPREFIX}/usr/$(get_libdir)/${n}" ${n} || die
203 fi
204 done
205
206 local nssutils
207 # Always enabled because we need it for chk generation.
208 nssutils="shlibsign"
209 if use utils; then
210 # The tests we do not need to install.
211 #nssutils_test="bltest crmftest dbtest dertimetest
212 #fipstest remtest sdrtest"
213 nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
214 cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
215 nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
216 pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
217 symkeyutil tstclnt vfychain vfyserv"
218 fi
219 cd "${S}"/mozilla/security/dist/*/bin/
220 for f in $nssutils; do
221 dobin ${f}
222 done
223
224 # Prelink breaks the CHK files. We don't have any reliable way to run
225 # shlibsign after prelink.
226 declare -a libs
227 for l in ${NSS_CHK_SIGN_LIBS} ; do
228 libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
229 done
230 OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}"
231 echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss"
232 unset libs liblist
233 doenvd "${T}/90nss"
234 }
235
236 pkg_postinst() {
237 elog "We have reverted back to using upstreams soname."
238 elog "Please run revdep-rebuild --library libnss3.so.12 , this"
239 elog "will correct most issues. If you find a binary that does"
240 elog "not run please re-emerge package to ensure it properly"
241 elog " links after upgrade."
242 elog
243 # We must re-sign the libraries AFTER they are stripped.
244 generate_chk "${EROOT}"/usr/bin/shlibsign "${EROOT}"/usr/$(get_libdir)
245 }
246
247 pkg_postrm() {
248 cleanup_chk "${EROOT}"/usr/$(get_libdir)
249 }
Report Message
Find on MARC Find on Google Groups