Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Lars Wendler (polynomial-c)" <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/nss: ChangeLog nss-3.17.4.ebuild nss-3.16.6.ebuild nss-3.15.4.ebuild nss-3.17.2.ebuild nss-3.16.5.ebuild
Date: Sat, 31 Jan 2015 11:08:11
Message-Id: 20150131110808.67D7710C0B@oystercatcher.gentoo.org
1 polynomial-c 15/01/31 11:08:08
2
3 Modified: ChangeLog
4 Added: nss-3.17.4.ebuild
5 Removed: nss-3.16.6.ebuild nss-3.15.4.ebuild
6 nss-3.17.2.ebuild nss-3.16.5.ebuild
7 Log:
8 Version bump (bug #538288). Removed old
9
10 (Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
11
12 Revision Changes Path
13 1.404 dev-libs/nss/ChangeLog
14
15 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.404&view=markup
16 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.404&content-type=text/plain
17 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.403&r2=1.404
18
19 Index: ChangeLog
20 ===================================================================
21 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
22 retrieving revision 1.403
23 retrieving revision 1.404
24 diff -u -r1.403 -r1.404
25 --- ChangeLog 26 Dec 2014 09:18:30 -0000 1.403
26 +++ ChangeLog 31 Jan 2015 11:08:08 -0000 1.404
27 @@ -1,6 +1,14 @@
28 # ChangeLog for dev-libs/nss
29 -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
30 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.403 2014/12/26 09:18:30 ago Exp $
31 +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
32 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.404 2015/01/31 11:08:08 polynomial-c Exp $
33 +
34 +*nss-3.17.4 (31 Jan 2015)
35 +
36 + 31 Jan 2015; Lars Wendler <polynomial-c@g.o> -nss-3.15.4.ebuild,
37 + -nss-3.16.5.ebuild, -nss-3.16.6.ebuild, -nss-3.17.2.ebuild,
38 + +nss-3.17.4.ebuild, -files/nss-3.15-gentoo-fixups.patch,
39 + -files/nss-3.15-x32.patch:
40 + Version bump (bug #538288). Removed old.
41
42 26 Dec 2014; Agostino Sarubbo <ago@g.o> nss-3.17.3.ebuild:
43 Stable for sparc, wrt bug #531628
44
45
46
47 1.1 dev-libs/nss/nss-3.17.4.ebuild
48
49 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.17.4.ebuild?rev=1.1&view=markup
50 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.17.4.ebuild?rev=1.1&content-type=text/plain
51
52 Index: nss-3.17.4.ebuild
53 ===================================================================
54 # Copyright 1999-2015 Gentoo Foundation
55 # Distributed under the terms of the GNU General Public License v2
56 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.17.4.ebuild,v 1.1 2015/01/31 11:08:08 polynomial-c Exp $
57
58 EAPI=5
59 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
60
61 NSPR_VER="4.10.6-r1"
62 RTM_NAME="NSS_${PV//./_}_RTM"
63 # Rev of https://git.fedorahosted.org/cgit/nss-pem.git
64 PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
65 PEM_P="${PN}-pem-${PEM_GIT_REV}"
66
67 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
68 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
69 SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
70 cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
71 nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
72
73 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
74 SLOT="0"
75 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
76 IUSE="+cacert +nss-pem utils"
77
78 DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
79 >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]"
80 RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
81 >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
82 >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
83 abi_x86_32? (
84 !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
85 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
86 )"
87
88 RESTRICT="test"
89
90 S="${WORKDIR}/${P}/${PN}"
91
92 MULTILIB_CHOST_TOOLS=(
93 /usr/bin/nss-config
94 )
95
96 src_unpack() {
97 unpack ${A}
98 if use nss-pem ; then
99 mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
100 fi
101 }
102
103 src_prepare() {
104 # Custom changes for gentoo
105 epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
106 epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
107 use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
108 use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
109 epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
110
111 pushd coreconf >/dev/null || die
112 # hack nspr paths
113 echo 'INCLUDES += -I$(DIST)/include/dbm' \
114 >> headers.mk || die "failed to append include"
115
116 # modify install path
117 sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
118 -i source.mk || die
119
120 # Respect LDFLAGS
121 sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
122 popd >/dev/null || die
123
124 # Fix pkgconfig file for Prefix
125 sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
126 config/Makefile || die
127
128 # use host shlibsign if need be #436216
129 if tc-is-cross-compiler ; then
130 sed -i \
131 -e 's:"${2}"/shlibsign:shlibsign:' \
132 cmd/shlibsign/sign.sh || die
133 fi
134
135 # dirty hack
136 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
137 lib/ssl/config.mk || die
138 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
139 cmd/platlibs.mk || die
140
141 multilib_copy_sources
142
143 strip-flags
144 }
145
146 multilib_src_configure() {
147 # Ensure we stay multilib aware
148 sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
149 }
150
151 nssarch() {
152 # Most of the arches are the same as $ARCH
153 local t=${1:-${CHOST}}
154 case ${t} in
155 aarch64*)echo "aarch64";;
156 hppa*) echo "parisc";;
157 i?86*) echo "i686";;
158 x86_64*) echo "x86_64";;
159 *) tc-arch ${t};;
160 esac
161 }
162
163 nssbits() {
164 local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
165 if [[ ${1} == BUILD_ ]]; then
166 cc=$(tc-getBUILD_CC)
167 else
168 cc=$(tc-getCC)
169 fi
170 echo > "${T}"/test.c || die
171 ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
172 case $(file "${T}/${1}test.o") in
173 *32-bit*x86-64*) echo USE_X32=1;;
174 *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
175 *32-bit*|*ppc*|*i386*) ;;
176 *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
177 esac
178 }
179
180 multilib_src_compile() {
181 # use ABI to determine bit'ness, or fallback if unset
182 local buildbits mybits
183 case "${ABI}" in
184 n32) mybits="USE_N32=1";;
185 x32) mybits="USE_X32=1";;
186 s390x|*64) mybits="USE_64=1";;
187 ${DEFAULT_ABI})
188 einfo "Running compilation test to determine bit'ness"
189 mybits=$(nssbits)
190 ;;
191 esac
192 # bitness of host may differ from target
193 if tc-is-cross-compiler; then
194 buildbits=$(nssbits BUILD_)
195 fi
196
197 local makeargs=(
198 CC="$(tc-getCC)"
199 AR="$(tc-getAR) rc \$@"
200 RANLIB="$(tc-getRANLIB)"
201 OPTIMIZER=
202 ${mybits}
203 )
204
205 # Take care of nspr settings #436216
206 local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
207 unset NSPR_INCLUDE_DIR
208
209 # Do not let `uname` be used.
210 if use kernel_linux ; then
211 makeargs+=(
212 OS_TARGET=Linux
213 OS_RELEASE=2.6
214 OS_TEST="$(nssarch)"
215 )
216 fi
217
218 export BUILD_OPT=1
219 export NSS_USE_SYSTEM_SQLITE=1
220 export NSDISTMODE=copy
221 export NSS_ENABLE_ECC=1
222 export FREEBL_NO_DEPEND=1
223 export ASFLAGS=""
224
225 local d
226
227 # Build the host tools first.
228 LDFLAGS="${BUILD_LDFLAGS}" \
229 XCFLAGS="${BUILD_CFLAGS}" \
230 NSPR_LIB_DIR="${T}/fakedir" \
231 emake -j1 -C coreconf \
232 CC="$(tc-getBUILD_CC)" \
233 ${buildbits:-${mybits}}
234 makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
235
236 # Then build the target tools.
237 for d in . lib/dbm ; do
238 CPPFLAGS="${myCPPFLAGS}" \
239 XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
240 NSPR_LIB_DIR="${T}/fakedir" \
241 emake -j1 "${makeargs[@]}" -C ${d}
242 done
243 }
244
245 # Altering these 3 libraries breaks the CHK verification.
246 # All of the following cause it to break:
247 # - stripping
248 # - prelink
249 # - ELF signing
250 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
251 # Either we have to NOT strip them, or we have to forcibly resign after
252 # stripping.
253 #local_libdir="$(get_libdir)"
254 #export STRIP_MASK="
255 # */${local_libdir}/libfreebl3.so*
256 # */${local_libdir}/libnssdbm3.so*
257 # */${local_libdir}/libsoftokn3.so*"
258
259 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
260
261 generate_chk() {
262 local shlibsign="$1"
263 local libdir="$2"
264 einfo "Resigning core NSS libraries for FIPS validation"
265 shift 2
266 local i
267 for i in ${NSS_CHK_SIGN_LIBS} ; do
268 local libname=lib${i}.so
269 local chkname=lib${i}.chk
270 "${shlibsign}" \
271 -i "${libdir}"/${libname} \
272 -o "${libdir}"/${chkname}.tmp \
273 && mv -f \
274 "${libdir}"/${chkname}.tmp \
275 "${libdir}"/${chkname} \
276 || die "Failed to sign ${libname}"
277 done
278 }
279
280 cleanup_chk() {
281 local libdir="$1"
282 shift 1
283 local i
284 for i in ${NSS_CHK_SIGN_LIBS} ; do
285 local libfname="${libdir}/lib${i}.so"
286 # If the major version has changed, then we have old chk files.
287 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
288 && rm -f "${libfname}.chk"
289 done
290 }
291
292 multilib_src_install() {
293 pushd dist >/dev/null || die
294
295 dodir /usr/$(get_libdir)
296 cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
297 cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
298
299 # Install nss-config and pkgconfig file
300 dodir /usr/bin
301 cp -L */bin/nss-config "${ED}"/usr/bin || die
302 dodir /usr/$(get_libdir)/pkgconfig
303 cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
304
305 # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
306 # bug 517266
307 sed -e 's#Libs:#Libs: -lfreebl#' \
308 -e 's#Cflags:#Cflags: -I${includedir}/private#' \
309 */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
310 || die "could not create nss-softokn.pc"
311
312 # all the include files
313 insinto /usr/include/nss
314 doins public/nss/*.h
315 insinto /usr/include/nss/private
316 doins private/nss/{blapi,alghmac}.h
317
318 popd >/dev/null || die
319
320 local f nssutils
321 # Always enabled because we need it for chk generation.
322 nssutils="shlibsign"
323
324 if multilib_is_native_abi ; then
325 if use utils; then
326 # The tests we do not need to install.
327 #nssutils_test="bltest crmftest dbtest dertimetest
328 #fipstest remtest sdrtest"
329 nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
330 cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
331 nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
332 pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
333 symkeyutil tstclnt vfychain vfyserv"
334 fi
335 pushd dist/*/bin >/dev/null || die
336 for f in ${nssutils}; do
337 dobin ${f}
338 done
339 popd >/dev/null || die
340 fi
341
342 # Prelink breaks the CHK files. We don't have any reliable way to run
343 # shlibsign after prelink.
344 local l libs=() liblist
345 for l in ${NSS_CHK_SIGN_LIBS} ; do
346 libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
347 done
348 liblist=$(printf '%s:' "${libs[@]}")
349 echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
350 doenvd "${T}/90nss-${ABI}"
351 }
352
353 pkg_postinst() {
354 multilib_pkg_postinst() {
355 # We must re-sign the libraries AFTER they are stripped.
356 local shlibsign="${EROOT}/usr/bin/shlibsign"
357 # See if we can execute it (cross-compiling & such). #436216
358 "${shlibsign}" -h >&/dev/null
359 if [[ $? -gt 1 ]] ; then
360 shlibsign="shlibsign"
361 fi
362 generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
363 }
364
365 multilib_foreach_abi multilib_pkg_postinst
366 }
367
368 pkg_postrm() {
369 multilib_pkg_postrm() {
370 cleanup_chk "${EROOT}"/usr/$(get_libdir)
371 }
372
373 multilib_foreach_abi multilib_pkg_postrm
374 }
Report Message
Find on MARC Find on Google Groups