[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date:	Sat, 02 Jul 2016 20:36:40
Message-Id:	`1467491789.bb4e86912193faac1e4ab1b4e252ef11763161f0.polynomial-c@gentoo`

1

commit:     bb4e86912193faac1e4ab1b4e252ef11763161f0

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Sat Jul  2 20:36:09 2016 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Sat Jul  2 20:36:29 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb4e8691

7

8

dev-libs/nss: Bump to version 3.25

9

10

Package-Manager: portage-2.3.0

11

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

12

13

 dev-libs/nss/Manifest        |   1 +

14

 dev-libs/nss/nss-3.25.ebuild | 340 +++++++++++++++++++++++++++++++++++++++++++

15

 2 files changed, 341 insertions(+)

16

17

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest

18

index aa7e190..0a0e751 100644

19

--- a/dev-libs/nss/Manifest

20

+++ b/dev-libs/nss/Manifest

21

@@ -3,5 +3,6 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d

22

 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142

23

 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243

24

 DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800

25

+DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934

26

 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac

27

 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

28

29

diff --git a/dev-libs/nss/nss-3.25.ebuild b/dev-libs/nss/nss-3.25.ebuild

30

new file mode 100644

31

index 0000000..8a72adc

32

--- /dev/null

33

+++ b/dev-libs/nss/nss-3.25.ebuild

34

@@ -0,0 +1,340 @@

35

+# Copyright 1999-2016 Gentoo Foundation

36

+# Distributed under the terms of the GNU General Public License v2

37

+# $Id$

38

+

39

+EAPI=6

40

+

41

+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal

42

+

43

+NSPR_VER="4.12"

44

+RTM_NAME="NSS_${PV//./_}_RTM"

45

+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git

46

+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"

47

+PEM_P="${PN}-pem-20140125"

48

+

49

+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

50

+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"

51

+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

52

+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )

53

+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"

54

+

55

+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

56

+SLOT="0"

57

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

58

+IUSE="+cacert +nss-pem utils"

59

+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

60

+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"

61

+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]

62

+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

63

+	${CDEPEND}"

64

+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

65

+	${CDEPEND}

66

+	abi_x86_32? (

67

+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12

68

+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

69

+	)"

70

+

71

+RESTRICT="test"

72

+

73

+S="${WORKDIR}/${P}/${PN}"

74

+

75

+MULTILIB_CHOST_TOOLS=(

76

+	/usr/bin/nss-config

77

+)

78

+

79

+PATCHES=(

80

+	# Custom changes for gentoo

81

+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"

82

+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

83

+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"

84

+)

85

+

86

+src_unpack() {

87

+	unpack ${A}

88

+	if use nss-pem ; then

89

+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die

90

+	fi

91

+}

92

+

93

+src_prepare() {

94

+	if use nss-pem ; then

95

+		PATCHES+=(

96

+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"

97

+			"${FILESDIR}/${PN}-3.21-pem-werror.patch"

98

+		)

99

+	fi

100

+

101

+	default

102

+

103

+	if use cacert ; then

104

+			eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"

105

+			eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462

106

+	fi

107

+

108

+	pushd coreconf >/dev/null || die

109

+	# hack nspr paths

110

+	echo 'INCLUDES += -I$(DIST)/include/dbm' \

111

+		>> headers.mk || die "failed to append include"

112

+

113

+	# modify install path

114

+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

115

+		-i source.mk || die

116

+

117

+	# Respect LDFLAGS

118

+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

119

+	popd >/dev/null || die

120

+

121

+	# Fix pkgconfig file for Prefix

122

+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

123

+		config/Makefile || die

124

+

125

+	# use host shlibsign if need be #436216

126

+	if tc-is-cross-compiler ; then

127

+		sed -i \

128

+			-e 's:"${2}"/shlibsign:shlibsign:' \

129

+			cmd/shlibsign/sign.sh || die

130

+	fi

131

+

132

+	# dirty hack

133

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

134

+		lib/ssl/config.mk || die

135

+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

136

+		cmd/platlibs.mk || die

137

+

138

+	multilib_copy_sources

139

+

140

+	strip-flags

141

+}

142

+

143

+multilib_src_configure() {

144

+	# Ensure we stay multilib aware

145

+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

146

+}

147

+

148

+nssarch() {

149

+	# Most of the arches are the same as $ARCH

150

+	local t=${1:-${CHOST}}

151

+	case ${t} in

152

+		aarch64*)echo "aarch64";;

153

+		hppa*)   echo "parisc";;

154

+		i?86*)   echo "i686";;

155

+		x86_64*) echo "x86_64";;

156

+		*)       tc-arch ${t};;

157

+	esac

158

+}

159

+

160

+nssbits() {

161

+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

162

+	if [[ ${1} == BUILD_ ]]; then

163

+		cc=$(tc-getBUILD_CC)

164

+	else

165

+		cc=$(tc-getCC)

166

+	fi

167

+	echo > "${T}"/test.c || die

168

+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

169

+	case $(file "${T}/${1}test.o") in

170

+		*32-bit*x86-64*) echo USE_X32=1;;

171

+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

172

+		*32-bit*|*ppc*|*i386*) ;;

173

+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

174

+	esac

175

+}

176

+

177

+multilib_src_compile() {

178

+	# use ABI to determine bit'ness, or fallback if unset

179

+	local buildbits mybits

180

+	case "${ABI}" in

181

+		n32) mybits="USE_N32=1";;

182

+		x32) mybits="USE_X32=1";;

183

+		s390x|*64) mybits="USE_64=1";;

184

+		${DEFAULT_ABI})

185

+			einfo "Running compilation test to determine bit'ness"

186

+			mybits=$(nssbits)

187

+			;;

188

+	esac

189

+	# bitness of host may differ from target

190

+	if tc-is-cross-compiler; then

191

+		buildbits=$(nssbits BUILD_)

192

+	fi

193

+

194

+	local makeargs=(

195

+		CC="$(tc-getCC)"

196

+		AR="$(tc-getAR) rc \$@"

197

+		RANLIB="$(tc-getRANLIB)"

198

+		OPTIMIZER=

199

+		${mybits}

200

+	)

201

+

202

+	# Take care of nspr settings #436216

203

+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

204

+	unset NSPR_INCLUDE_DIR

205

+

206

+	# Do not let `uname` be used.

207

+	if use kernel_linux ; then

208

+		makeargs+=(

209

+			OS_TARGET=Linux

210

+			OS_RELEASE=2.6

211

+			OS_TEST="$(nssarch)"

212

+		)

213

+	fi

214

+

215

+	export NSS_ENABLE_WERROR=0 #567158

216

+	export BUILD_OPT=1

217

+	export NSS_USE_SYSTEM_SQLITE=1

218

+	export NSDISTMODE=copy

219

+	export NSS_ENABLE_ECC=1

220

+	export FREEBL_NO_DEPEND=1

221

+	export ASFLAGS=""

222

+

223

+	local d

224

+

225

+	# Build the host tools first.

226

+	LDFLAGS="${BUILD_LDFLAGS}" \

227

+	XCFLAGS="${BUILD_CFLAGS}" \

228

+	NSPR_LIB_DIR="${T}/fakedir" \

229

+	emake -j1 -C coreconf \

230

+		CC="$(tc-getBUILD_CC)" \

231

+		${buildbits:-${mybits}}

232

+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

233

+

234

+	# Then build the target tools.

235

+	for d in . lib/dbm ; do

236

+		CPPFLAGS="${myCPPFLAGS}" \

237

+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

238

+		NSPR_LIB_DIR="${T}/fakedir" \

239

+		emake -j1 "${makeargs[@]}" -C ${d}

240

+	done

241

+}

242

+

243

+# Altering these 3 libraries breaks the CHK verification.

244

+# All of the following cause it to break:

245

+# - stripping

246

+# - prelink

247

+# - ELF signing

248

+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

249

+# Either we have to NOT strip them, or we have to forcibly resign after

250

+# stripping.

251

+#local_libdir="$(get_libdir)"

252

+#export STRIP_MASK="

253

+#	*/${local_libdir}/libfreebl3.so*

254

+#	*/${local_libdir}/libnssdbm3.so*

255

+#	*/${local_libdir}/libsoftokn3.so*"

256

+

257

+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

258

+

259

+generate_chk() {

260

+	local shlibsign="$1"

261

+	local libdir="$2"

262

+	einfo "Resigning core NSS libraries for FIPS validation"

263

+	shift 2

264

+	local i

265

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

266

+		local libname=lib${i}.so

267

+		local chkname=lib${i}.chk

268

+		"${shlibsign}" \

269

+			-i "${libdir}"/${libname} \

270

+			-o "${libdir}"/${chkname}.tmp \

271

+		&& mv -f \

272

+			"${libdir}"/${chkname}.tmp \

273

+			"${libdir}"/${chkname} \

274

+		|| die "Failed to sign ${libname}"

275

+	done

276

+}

277

+

278

+cleanup_chk() {

279

+	local libdir="$1"

280

+	shift 1

281

+	local i

282

+	for i in ${NSS_CHK_SIGN_LIBS} ; do

283

+		local libfname="${libdir}/lib${i}.so"

284

+		# If the major version has changed, then we have old chk files.

285

+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

286

+			&& rm -f "${libfname}.chk"

287

+	done

288

+}

289

+

290

+multilib_src_install() {

291

+	pushd dist >/dev/null || die

292

+

293

+	dodir /usr/$(get_libdir)

294

+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

295

+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

296

+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"

297

+

298

+	# Install nss-config and pkgconfig file

299

+	dodir /usr/bin

300

+	cp -L */bin/nss-config "${ED}"/usr/bin || die

301

+	dodir /usr/$(get_libdir)/pkgconfig

302

+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

303

+

304

+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

305

+	# bug 517266

306

+	sed 	-e 's#Libs:#Libs: -lfreebl#' \

307

+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

308

+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

309

+		|| die "could not create nss-softokn.pc"

310

+

311

+	# all the include files

312

+	insinto /usr/include/nss

313

+	doins public/nss/*.h

314

+	insinto /usr/include/nss/private

315

+	doins private/nss/{blapi,alghmac}.h

316

+

317

+	popd >/dev/null || die

318

+

319

+	local f nssutils

320

+	# Always enabled because we need it for chk generation.

321

+	nssutils="shlibsign"

322

+

323

+	if multilib_is_native_abi ; then

324

+		if use utils; then

325

+			# The tests we do not need to install.

326

+			#nssutils_test="bltest crmftest dbtest dertimetest

327

+			#fipstest remtest sdrtest"

328

+			# checkcert utils has been removed in nss-3.22:

329

+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545

330

+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870

331

+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil

332

+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit

333

+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode

334

+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt

335

+			symkeyutil tstclnt vfychain vfyserv"

336

+			# install man-pages for utils (bug #516810)

337

+			doman doc/nroff/*.1

338

+		fi

339

+		pushd dist/*/bin >/dev/null || die

340

+		for f in ${nssutils}; do

341

+			dobin ${f}

342

+		done

343

+		popd >/dev/null || die

344

+	fi

345

+

346

+	# Prelink breaks the CHK files. We don't have any reliable way to run

347

+	# shlibsign after prelink.

348

+	dodir /etc/prelink.conf.d

349

+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \

350

+		> "${ED}"/etc/prelink.conf.d/nss.conf

351

+}

352

+

353

+pkg_postinst() {

354

+	multilib_pkg_postinst() {

355

+		# We must re-sign the libraries AFTER they are stripped.

356

+		local shlibsign="${EROOT}/usr/bin/shlibsign"

357

+		# See if we can execute it (cross-compiling & such). #436216

358

+		"${shlibsign}" -h >&/dev/null

359

+		if [[ $? -gt 1 ]] ; then

360

+			shlibsign="shlibsign"

361

+		fi

362

+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

363

+	}

364

+

365

+	multilib_foreach_abi multilib_pkg_postinst

366

+}

367

+

368

+pkg_postrm() {

369

+	multilib_pkg_postrm() {

370

+		cleanup_chk "${EROOT}"/usr/$(get_libdir)

371

+	}

372

+

373

+	multilib_foreach_abi multilib_pkg_postrm

374

+}

1	commit: bb4e86912193faac1e4ab1b4e252ef11763161f0
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Sat Jul 2 20:36:09 2016 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Sat Jul 2 20:36:29 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb4e8691
7
8	dev-libs/nss: Bump to version 3.25
9
10	Package-Manager: portage-2.3.0
11	Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13	dev-libs/nss/Manifest \| 1 +
14	dev-libs/nss/nss-3.25.ebuild \| 340 +++++++++++++++++++++++++++++++++++++++++++
15	2 files changed, 341 insertions(+)
16
17	diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
18	index aa7e190..0a0e751 100644
19	--- a/dev-libs/nss/Manifest
20	+++ b/dev-libs/nss/Manifest
21	@@ -3,5 +3,6 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d
22	DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
23	DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
24	DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800
25	+DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
26	DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
27	DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
28
29	diff --git a/dev-libs/nss/nss-3.25.ebuild b/dev-libs/nss/nss-3.25.ebuild
30	new file mode 100644
31	index 0000000..8a72adc
32	--- /dev/null
33	+++ b/dev-libs/nss/nss-3.25.ebuild
34	@@ -0,0 +1,340 @@
35	+# Copyright 1999-2016 Gentoo Foundation
36	+# Distributed under the terms of the GNU General Public License v2
37	+# $Id$
38	+
39	+EAPI=6
40	+
41	+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
42	+
43	+NSPR_VER="4.12"
44	+RTM_NAME="NSS_${PV//./_}_RTM"
45	+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
46	+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
47	+PEM_P="${PN}-pem-20140125"
48	+
49	+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
50	+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
51	+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
52	+ cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
53	+ nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
54	+
55	+LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
56	+SLOT="0"
57	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
58	+IUSE="+cacert +nss-pem utils"
59	+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
60	+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
61	+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
62	+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
63	+ ${CDEPEND}"
64	+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
65	+ ${CDEPEND}
66	+ abi_x86_32? (
67	+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
68	+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
69	+ )"
70	+
71	+RESTRICT="test"
72	+
73	+S="${WORKDIR}/${P}/${PN}"
74	+
75	+MULTILIB_CHOST_TOOLS=(
76	+ /usr/bin/nss-config
77	+)
78	+
79	+PATCHES=(
80	+ # Custom changes for gentoo
81	+ "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
82	+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
83	+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
84	+)
85	+
86	+src_unpack() {
87	+ unpack ${A}
88	+ if use nss-pem ; then
89	+ mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ \|\| die
90	+ fi
91	+}
92	+
93	+src_prepare() {
94	+ if use nss-pem ; then
95	+ PATCHES+=(
96	+ "${FILESDIR}/${PN}-3.21-enable-pem.patch"
97	+ "${FILESDIR}/${PN}-3.21-pem-werror.patch"
98	+ )
99	+ fi
100	+
101	+ default
102	+
103	+ if use cacert ; then
104	+ eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
105	+ eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
106	+ fi
107	+
108	+ pushd coreconf >/dev/null \|\| die
109	+ # hack nspr paths
110	+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
111	+ >> headers.mk \|\| die "failed to append include"
112	+
113	+ # modify install path
114	+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
115	+ -i source.mk \|\| die
116	+
117	+ # Respect LDFLAGS
118	+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
119	+ popd >/dev/null \|\| die
120	+
121	+ # Fix pkgconfig file for Prefix
122	+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
123	+ config/Makefile \|\| die
124	+
125	+ # use host shlibsign if need be #436216
126	+ if tc-is-cross-compiler ; then
127	+ sed -i \
128	+ -e 's:"${2}"/shlibsign:shlibsign:' \
129	+ cmd/shlibsign/sign.sh \|\| die
130	+ fi
131	+
132	+ # dirty hack
133	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
134	+ lib/ssl/config.mk \|\| die
135	+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
136	+ cmd/platlibs.mk \|\| die
137	+
138	+ multilib_copy_sources
139	+
140	+ strip-flags
141	+}
142	+
143	+multilib_src_configure() {
144	+ # Ensure we stay multilib aware
145	+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
146	+}
147	+
148	+nssarch() {
149	+ # Most of the arches are the same as $ARCH
150	+ local t=${1:-${CHOST}}
151	+ case ${t} in
152	+ aarch64*)echo "aarch64";;
153	+ hppa*) echo "parisc";;
154	+ i?86*) echo "i686";;
155	+ x86_64*) echo "x86_64";;
156	+ *) tc-arch ${t};;
157	+ esac
158	+}
159	+
160	+nssbits() {
161	+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
162	+ if [[ ${1} == BUILD_ ]]; then
163	+ cc=$(tc-getBUILD_CC)
164	+ else
165	+ cc=$(tc-getCC)
166	+ fi
167	+ echo > "${T}"/test.c \|\| die
168	+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
169	+ case $(file "${T}/${1}test.o") in
170	+ 32-bitx86-64*) echo USE_X32=1;;
171	+ 64-bit\|ppc64\|x86_64) echo USE_64=1;;
172	+ 32-bit\|ppc\|i386) ;;
173	+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
174	+ esac
175	+}
176	+
177	+multilib_src_compile() {
178	+ # use ABI to determine bit'ness, or fallback if unset
179	+ local buildbits mybits
180	+ case "${ABI}" in
181	+ n32) mybits="USE_N32=1";;
182	+ x32) mybits="USE_X32=1";;
183	+ s390x\|*64) mybits="USE_64=1";;
184	+ ${DEFAULT_ABI})
185	+ einfo "Running compilation test to determine bit'ness"
186	+ mybits=$(nssbits)
187	+ ;;
188	+ esac
189	+ # bitness of host may differ from target
190	+ if tc-is-cross-compiler; then
191	+ buildbits=$(nssbits BUILD_)
192	+ fi
193	+
194	+ local makeargs=(
195	+ CC="$(tc-getCC)"
196	+ AR="$(tc-getAR) rc \$@"
197	+ RANLIB="$(tc-getRANLIB)"
198	+ OPTIMIZER=
199	+ ${mybits}
200	+ )
201	+
202	+ # Take care of nspr settings #436216
203	+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
204	+ unset NSPR_INCLUDE_DIR
205	+
206	+ # Do not let `uname` be used.
207	+ if use kernel_linux ; then
208	+ makeargs+=(
209	+ OS_TARGET=Linux
210	+ OS_RELEASE=2.6
211	+ OS_TEST="$(nssarch)"
212	+ )
213	+ fi
214	+
215	+ export NSS_ENABLE_WERROR=0 #567158
216	+ export BUILD_OPT=1
217	+ export NSS_USE_SYSTEM_SQLITE=1
218	+ export NSDISTMODE=copy
219	+ export NSS_ENABLE_ECC=1
220	+ export FREEBL_NO_DEPEND=1
221	+ export ASFLAGS=""
222	+
223	+ local d
224	+
225	+ # Build the host tools first.
226	+ LDFLAGS="${BUILD_LDFLAGS}" \
227	+ XCFLAGS="${BUILD_CFLAGS}" \
228	+ NSPR_LIB_DIR="${T}/fakedir" \
229	+ emake -j1 -C coreconf \
230	+ CC="$(tc-getBUILD_CC)" \
231	+ ${buildbits:-${mybits}}
232	+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
233	+
234	+ # Then build the target tools.
235	+ for d in . lib/dbm ; do
236	+ CPPFLAGS="${myCPPFLAGS}" \
237	+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
238	+ NSPR_LIB_DIR="${T}/fakedir" \
239	+ emake -j1 "${makeargs[@]}" -C ${d}
240	+ done
241	+}
242	+
243	+# Altering these 3 libraries breaks the CHK verification.
244	+# All of the following cause it to break:
245	+# - stripping
246	+# - prelink
247	+# - ELF signing
248	+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
249	+# Either we have to NOT strip them, or we have to forcibly resign after
250	+# stripping.
251	+#local_libdir="$(get_libdir)"
252	+#export STRIP_MASK="
253	+# /${local_libdir}/libfreebl3.so
254	+# /${local_libdir}/libnssdbm3.so
255	+# /${local_libdir}/libsoftokn3.so"
256	+
257	+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
258	+
259	+generate_chk() {
260	+ local shlibsign="$1"
261	+ local libdir="$2"
262	+ einfo "Resigning core NSS libraries for FIPS validation"
263	+ shift 2
264	+ local i
265	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
266	+ local libname=lib${i}.so
267	+ local chkname=lib${i}.chk
268	+ "${shlibsign}" \
269	+ -i "${libdir}"/${libname} \
270	+ -o "${libdir}"/${chkname}.tmp \
271	+ && mv -f \
272	+ "${libdir}"/${chkname}.tmp \
273	+ "${libdir}"/${chkname} \
274	+ \|\| die "Failed to sign ${libname}"
275	+ done
276	+}
277	+
278	+cleanup_chk() {
279	+ local libdir="$1"
280	+ shift 1
281	+ local i
282	+ for i in ${NSS_CHK_SIGN_LIBS} ; do
283	+ local libfname="${libdir}/lib${i}.so"
284	+ # If the major version has changed, then we have old chk files.
285	+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
286	+ && rm -f "${libfname}.chk"
287	+ done
288	+}
289	+
290	+multilib_src_install() {
291	+ pushd dist >/dev/null \|\| die
292	+
293	+ dodir /usr/$(get_libdir)
294	+ cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
295	+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
296	+ cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) \|\| die "copying libs failed"
297	+
298	+ # Install nss-config and pkgconfig file
299	+ dodir /usr/bin
300	+ cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
301	+ dodir /usr/$(get_libdir)/pkgconfig
302	+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
303	+
304	+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
305	+ # bug 517266
306	+ sed -e 's#Libs:#Libs: -lfreebl#' \
307	+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
308	+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
309	+ \|\| die "could not create nss-softokn.pc"
310	+
311	+ # all the include files
312	+ insinto /usr/include/nss
313	+ doins public/nss/*.h
314	+ insinto /usr/include/nss/private
315	+ doins private/nss/{blapi,alghmac}.h
316	+
317	+ popd >/dev/null \|\| die
318	+
319	+ local f nssutils
320	+ # Always enabled because we need it for chk generation.
321	+ nssutils="shlibsign"
322	+
323	+ if multilib_is_native_abi ; then
324	+ if use utils; then
325	+ # The tests we do not need to install.
326	+ #nssutils_test="bltest crmftest dbtest dertimetest
327	+ #fipstest remtest sdrtest"
328	+ # checkcert utils has been removed in nss-3.22:
329	+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
330	+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
331	+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil
332	+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
333	+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
334	+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
335	+ symkeyutil tstclnt vfychain vfyserv"
336	+ # install man-pages for utils (bug #516810)
337	+ doman doc/nroff/*.1
338	+ fi
339	+ pushd dist/*/bin >/dev/null \|\| die
340	+ for f in ${nssutils}; do
341	+ dobin ${f}
342	+ done
343	+ popd >/dev/null \|\| die
344	+ fi
345	+
346	+ # Prelink breaks the CHK files. We don't have any reliable way to run
347	+ # shlibsign after prelink.
348	+ dodir /etc/prelink.conf.d
349	+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
350	+ > "${ED}"/etc/prelink.conf.d/nss.conf
351	+}
352	+
353	+pkg_postinst() {
354	+ multilib_pkg_postinst() {
355	+ # We must re-sign the libraries AFTER they are stripped.
356	+ local shlibsign="${EROOT}/usr/bin/shlibsign"
357	+ # See if we can execute it (cross-compiling & such). #436216
358	+ "${shlibsign}" -h >&/dev/null
359	+ if [[ $? -gt 1 ]] ; then
360	+ shlibsign="shlibsign"
361	+ fi
362	+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
363	+ }
364	+
365	+ multilib_foreach_abi multilib_pkg_postinst
366	+}
367	+
368	+pkg_postrm() {
369	+ multilib_pkg_postrm() {
370	+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
371	+ }
372	+
373	+ multilib_foreach_abi multilib_pkg_postrm
374	+}

Gentoo Archives: gentoo-commits