Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Joonas Niilola <juippis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date: Wed, 30 Mar 2022 04:57:24
Message-Id: 1648616201.6d157cf9c7ecb644ca59c667e9b6a6e20c5a2200.juippis@gentoo
1 commit: 6d157cf9c7ecb644ca59c667e9b6a6e20c5a2200
2 Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
3 AuthorDate: Wed Mar 30 04:56:41 2022 +0000
4 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 30 04:56:41 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d157cf9
7
8 dev-libs/nss: drop 3.75-r1, 3.76-r1 (security cleanup p1)
9
10 Bug: https://bugs.gentoo.org/836386
11 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
12
13 dev-libs/nss/Manifest | 2 -
14 dev-libs/nss/nss-3.75-r1.ebuild | 361 ----------------------------------------
15 dev-libs/nss/nss-3.76-r1.ebuild | 361 ----------------------------------------
16 3 files changed, 724 deletions(-)
17
18 diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
19 index c8bbe5f9d24b..dbb1c41e4afe 100644
20 --- a/dev-libs/nss/Manifest
21 +++ b/dev-libs/nss/Manifest
22 @@ -1,5 +1,3 @@
23 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
24 -DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
25 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
26 -DIST nss-3.76.tar.gz 84623743 BLAKE2B 4e7ce8cfbfccae4d92357a86a0170427a50594387a73bd101e7400c85945de6104247900b4a0d5c0571370f718dc01b40749eba460b87ff339e097c07769412d SHA512 ffbdd8a27f60b796e1204912cde2fa62ac99747ce550258ccdd6fe96d60a46c6ac3f82758a7aba3c7ee58da4e7bf09f1bf817fb9f0fa4e62faaea08a6301b8bd
27 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
28
29 diff --git a/dev-libs/nss/nss-3.75-r1.ebuild b/dev-libs/nss/nss-3.75-r1.ebuild
30 deleted file mode 100644
31 index 225e7a316b86..000000000000
32 --- a/dev-libs/nss/nss-3.75-r1.ebuild
33 +++ /dev/null
34 @@ -1,361 +0,0 @@
35 -# Copyright 1999-2022 Gentoo Authors
36 -# Distributed under the terms of the GNU General Public License v2
37 -
38 -EAPI=8
39 -
40 -inherit flag-o-matic multilib toolchain-funcs multilib-minimal
41 -
42 -NSPR_VER="4.32"
43 -RTM_NAME="NSS_${PV//./_}_RTM"
44 -
45 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
46 -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
47 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
48 - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
49 -
50 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
51 -SLOT="0"
52 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
53 -IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
54 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
55 -RDEPEND="
56 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
57 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
58 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
59 - virtual/pkgconfig
60 -"
61 -DEPEND="${RDEPEND}"
62 -BDEPEND="dev-lang/perl"
63 -
64 -RESTRICT="test"
65 -
66 -S="${WORKDIR}/${P}/${PN}"
67 -
68 -MULTILIB_CHOST_TOOLS=(
69 - /usr/bin/nss-config
70 -)
71 -
72 -PATCHES=(
73 - # Custom changes for gentoo
74 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
75 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
76 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
77 -)
78 -
79 -src_prepare() {
80 - default
81 -
82 - if use cacert ; then
83 - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
84 - fi
85 -
86 - pushd coreconf >/dev/null || die
87 - # hack nspr paths
88 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
89 - >> headers.mk || die "failed to append include"
90 -
91 - # modify install path
92 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
93 - -i source.mk || die
94 -
95 - # Respect LDFLAGS
96 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
97 - popd >/dev/null || die
98 -
99 - # Fix pkgconfig file for Prefix
100 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
101 - config/Makefile || die
102 -
103 - # use host shlibsign if need be #436216
104 - if tc-is-cross-compiler ; then
105 - sed -i \
106 - -e 's:"${2}"/shlibsign:shlibsign:' \
107 - cmd/shlibsign/sign.sh || die
108 - fi
109 -
110 - # dirty hack
111 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
112 - lib/ssl/config.mk || die
113 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
114 - cmd/platlibs.mk || die
115 -
116 - multilib_copy_sources
117 -
118 - strip-flags
119 -}
120 -
121 -multilib_src_configure() {
122 - # Ensure we stay multilib aware
123 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
124 -}
125 -
126 -nssarch() {
127 - # Most of the arches are the same as $ARCH
128 - local t=${1:-${CHOST}}
129 - case ${t} in
130 - *86*-pc-solaris2*) echo "i86pc" ;;
131 - aarch64*) echo "aarch64" ;;
132 - hppa*) echo "parisc" ;;
133 - i?86*) echo "i686" ;;
134 - x86_64*) echo "x86_64" ;;
135 - *) tc-arch ${t} ;;
136 - esac
137 -}
138 -
139 -nssbits() {
140 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
141 - if [[ ${1} == BUILD_ ]]; then
142 - cc=$(tc-getBUILD_CC)
143 - else
144 - cc=$(tc-getCC)
145 - fi
146 - echo > "${T}"/test.c || die
147 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
148 - case $(file "${T}/${1}test.o") in
149 - *32-bit*x86-64*) echo USE_X32=1;;
150 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
151 - *32-bit*|*ppc*|*i386*) ;;
152 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
153 - esac
154 -}
155 -
156 -multilib_src_compile() {
157 - # use ABI to determine bit'ness, or fallback if unset
158 - local buildbits mybits
159 - case "${ABI}" in
160 - n32) mybits="USE_N32=1";;
161 - x32) mybits="USE_X32=1";;
162 - s390x|*64) mybits="USE_64=1";;
163 - ${DEFAULT_ABI})
164 - einfo "Running compilation test to determine bit'ness"
165 - mybits=$(nssbits)
166 - ;;
167 - esac
168 - # bitness of host may differ from target
169 - if tc-is-cross-compiler; then
170 - buildbits=$(nssbits BUILD_)
171 - fi
172 -
173 - local makeargs=(
174 - CC="$(tc-getCC)"
175 - CCC="$(tc-getCXX)"
176 - AR="$(tc-getAR) rc \$@"
177 - RANLIB="$(tc-getRANLIB)"
178 - OPTIMIZER=
179 - ${mybits}
180 - )
181 -
182 - # Take care of nspr settings #436216
183 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
184 - unset NSPR_INCLUDE_DIR
185 -
186 - export NSS_ALLOW_SSLKEYLOGFILE=1
187 - export NSS_ENABLE_WERROR=0 #567158
188 - export BUILD_OPT=1
189 - export NSS_USE_SYSTEM_SQLITE=1
190 - export NSDISTMODE=copy
191 - export FREEBL_NO_DEPEND=1
192 - export FREEBL_LOWHASH=1
193 - export NSS_SEED_ONLY_DEV_URANDOM=1
194 - export USE_SYSTEM_ZLIB=1
195 - export ZLIB_LIBS=-lz
196 - export ASFLAGS=""
197 - # Fix build failure on arm64
198 - export NS_USE_GCC=1
199 - # Detect compiler type and set proper environment value
200 - if tc-is-gcc; then
201 - export CC_IS_GCC=1
202 - elif tc-is-clang; then
203 - export CC_IS_CLANG=1
204 - fi
205 -
206 - # explicitly disable altivec/vsx if not requested
207 - # https://bugs.gentoo.org/789114
208 - case ${ARCH} in
209 - ppc*)
210 - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
211 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
212 - ;;
213 - esac
214 -
215 - local d
216 -
217 - # Build the host tools first.
218 - LDFLAGS="${BUILD_LDFLAGS}" \
219 - XCFLAGS="${BUILD_CFLAGS}" \
220 - NSPR_LIB_DIR="${T}/fakedir" \
221 - emake -j1 -C coreconf \
222 - CC="$(tc-getBUILD_CC)" \
223 - ${buildbits-${mybits}}
224 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
225 -
226 - # Then build the target tools.
227 - for d in . lib/dbm ; do
228 - CPPFLAGS="${myCPPFLAGS}" \
229 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
230 - NSPR_LIB_DIR="${T}/fakedir" \
231 - emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
232 - done
233 -}
234 -
235 -# Altering these 3 libraries breaks the CHK verification.
236 -# All of the following cause it to break:
237 -# - stripping
238 -# - prelink
239 -# - ELF signing
240 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
241 -# Either we have to NOT strip them, or we have to forcibly resign after
242 -# stripping.
243 -#local_libdir="$(get_libdir)"
244 -#export STRIP_MASK="
245 -# */${local_libdir}/libfreebl3.so*
246 -# */${local_libdir}/libnssdbm3.so*
247 -# */${local_libdir}/libsoftokn3.so*"
248 -
249 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
250 -
251 -generate_chk() {
252 - local shlibsign="$1"
253 - local libdir="$2"
254 - einfo "Resigning core NSS libraries for FIPS validation"
255 - shift 2
256 - local i
257 - for i in ${NSS_CHK_SIGN_LIBS} ; do
258 - local libname=lib${i}.so
259 - local chkname=lib${i}.chk
260 - "${shlibsign}" \
261 - -i "${libdir}"/${libname} \
262 - -o "${libdir}"/${chkname}.tmp \
263 - && mv -f \
264 - "${libdir}"/${chkname}.tmp \
265 - "${libdir}"/${chkname} \
266 - || die "Failed to sign ${libname}"
267 - done
268 -}
269 -
270 -cleanup_chk() {
271 - local libdir="$1"
272 - shift 1
273 - local i
274 - for i in ${NSS_CHK_SIGN_LIBS} ; do
275 - local libfname="${libdir}/lib${i}.so"
276 - # If the major version has changed, then we have old chk files.
277 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
278 - && rm -f "${libfname}.chk"
279 - done
280 -}
281 -
282 -multilib_src_install() {
283 - pushd dist >/dev/null || die
284 -
285 - dodir /usr/$(get_libdir)
286 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
287 - local i
288 - for i in crmf freebl nssb nssckfw ; do
289 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
290 - done
291 -
292 - # Install nss-config and pkgconfig file
293 - dodir /usr/bin
294 - cp -L */bin/nss-config "${ED}"/usr/bin || die
295 - dodir /usr/$(get_libdir)/pkgconfig
296 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
297 -
298 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
299 - # bug 517266
300 - sed -e 's#Libs:#Libs: -lfreebl#' \
301 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
302 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
303 - || die "could not create nss-softokn.pc"
304 -
305 - # all the include files
306 - insinto /usr/include/nss
307 - doins public/nss/*.{h,api}
308 - insinto /usr/include/nss/private
309 - doins private/nss/{blapi,alghmac,cmac}.h
310 -
311 - popd >/dev/null || die
312 -
313 - local f nssutils
314 - # Always enabled because we need it for chk generation.
315 - nssutils=( shlibsign )
316 -
317 - if multilib_is_native_abi ; then
318 - if use utils; then
319 - # The tests we do not need to install.
320 - #nssutils_test="bltest crmftest dbtest dertimetest
321 - #fipstest remtest sdrtest"
322 - # checkcert utils has been removed in nss-3.22:
323 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
324 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
325 - # certcgi has been removed in nss-3.36:
326 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
327 - nssutils+=(
328 - addbuiltin
329 - atob
330 - baddbdir
331 - btoa
332 - certutil
333 - cmsutil
334 - conflict
335 - crlutil
336 - derdump
337 - digest
338 - makepqg
339 - mangle
340 - modutil
341 - multinit
342 - nonspr10
343 - ocspclnt
344 - oidcalc
345 - p7content
346 - p7env
347 - p7sign
348 - p7verify
349 - pk11mode
350 - pk12util
351 - pp
352 - rsaperf
353 - selfserv
354 - signtool
355 - signver
356 - ssltap
357 - strsclnt
358 - symkeyutil
359 - tstclnt
360 - vfychain
361 - vfyserv
362 - )
363 - # install man-pages for utils (bug #516810)
364 - doman doc/nroff/*.1
365 - fi
366 - pushd dist/*/bin >/dev/null || die
367 - for f in ${nssutils[@]}; do
368 - dobin ${f}
369 - done
370 - popd >/dev/null || die
371 - fi
372 -}
373 -
374 -pkg_postinst() {
375 - multilib_pkg_postinst() {
376 - # We must re-sign the libraries AFTER they are stripped.
377 - local shlibsign="${EROOT}/usr/bin/shlibsign"
378 - # See if we can execute it (cross-compiling & such). #436216
379 - "${shlibsign}" -h >&/dev/null
380 - if [[ $? -gt 1 ]] ; then
381 - shlibsign="shlibsign"
382 - fi
383 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
384 - }
385 -
386 - multilib_foreach_abi multilib_pkg_postinst
387 -}
388 -
389 -pkg_postrm() {
390 - multilib_pkg_postrm() {
391 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
392 - }
393 -
394 - multilib_foreach_abi multilib_pkg_postrm
395 -}
396
397 diff --git a/dev-libs/nss/nss-3.76-r1.ebuild b/dev-libs/nss/nss-3.76-r1.ebuild
398 deleted file mode 100644
399 index 225e7a316b86..000000000000
400 --- a/dev-libs/nss/nss-3.76-r1.ebuild
401 +++ /dev/null
402 @@ -1,361 +0,0 @@
403 -# Copyright 1999-2022 Gentoo Authors
404 -# Distributed under the terms of the GNU General Public License v2
405 -
406 -EAPI=8
407 -
408 -inherit flag-o-matic multilib toolchain-funcs multilib-minimal
409 -
410 -NSPR_VER="4.32"
411 -RTM_NAME="NSS_${PV//./_}_RTM"
412 -
413 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
414 -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
415 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
416 - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
417 -
418 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
419 -SLOT="0"
420 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
421 -IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
422 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
423 -RDEPEND="
424 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
425 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
426 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
427 - virtual/pkgconfig
428 -"
429 -DEPEND="${RDEPEND}"
430 -BDEPEND="dev-lang/perl"
431 -
432 -RESTRICT="test"
433 -
434 -S="${WORKDIR}/${P}/${PN}"
435 -
436 -MULTILIB_CHOST_TOOLS=(
437 - /usr/bin/nss-config
438 -)
439 -
440 -PATCHES=(
441 - # Custom changes for gentoo
442 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
443 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
444 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
445 -)
446 -
447 -src_prepare() {
448 - default
449 -
450 - if use cacert ; then
451 - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
452 - fi
453 -
454 - pushd coreconf >/dev/null || die
455 - # hack nspr paths
456 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
457 - >> headers.mk || die "failed to append include"
458 -
459 - # modify install path
460 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
461 - -i source.mk || die
462 -
463 - # Respect LDFLAGS
464 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
465 - popd >/dev/null || die
466 -
467 - # Fix pkgconfig file for Prefix
468 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
469 - config/Makefile || die
470 -
471 - # use host shlibsign if need be #436216
472 - if tc-is-cross-compiler ; then
473 - sed -i \
474 - -e 's:"${2}"/shlibsign:shlibsign:' \
475 - cmd/shlibsign/sign.sh || die
476 - fi
477 -
478 - # dirty hack
479 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
480 - lib/ssl/config.mk || die
481 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
482 - cmd/platlibs.mk || die
483 -
484 - multilib_copy_sources
485 -
486 - strip-flags
487 -}
488 -
489 -multilib_src_configure() {
490 - # Ensure we stay multilib aware
491 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
492 -}
493 -
494 -nssarch() {
495 - # Most of the arches are the same as $ARCH
496 - local t=${1:-${CHOST}}
497 - case ${t} in
498 - *86*-pc-solaris2*) echo "i86pc" ;;
499 - aarch64*) echo "aarch64" ;;
500 - hppa*) echo "parisc" ;;
501 - i?86*) echo "i686" ;;
502 - x86_64*) echo "x86_64" ;;
503 - *) tc-arch ${t} ;;
504 - esac
505 -}
506 -
507 -nssbits() {
508 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
509 - if [[ ${1} == BUILD_ ]]; then
510 - cc=$(tc-getBUILD_CC)
511 - else
512 - cc=$(tc-getCC)
513 - fi
514 - echo > "${T}"/test.c || die
515 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
516 - case $(file "${T}/${1}test.o") in
517 - *32-bit*x86-64*) echo USE_X32=1;;
518 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
519 - *32-bit*|*ppc*|*i386*) ;;
520 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
521 - esac
522 -}
523 -
524 -multilib_src_compile() {
525 - # use ABI to determine bit'ness, or fallback if unset
526 - local buildbits mybits
527 - case "${ABI}" in
528 - n32) mybits="USE_N32=1";;
529 - x32) mybits="USE_X32=1";;
530 - s390x|*64) mybits="USE_64=1";;
531 - ${DEFAULT_ABI})
532 - einfo "Running compilation test to determine bit'ness"
533 - mybits=$(nssbits)
534 - ;;
535 - esac
536 - # bitness of host may differ from target
537 - if tc-is-cross-compiler; then
538 - buildbits=$(nssbits BUILD_)
539 - fi
540 -
541 - local makeargs=(
542 - CC="$(tc-getCC)"
543 - CCC="$(tc-getCXX)"
544 - AR="$(tc-getAR) rc \$@"
545 - RANLIB="$(tc-getRANLIB)"
546 - OPTIMIZER=
547 - ${mybits}
548 - )
549 -
550 - # Take care of nspr settings #436216
551 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
552 - unset NSPR_INCLUDE_DIR
553 -
554 - export NSS_ALLOW_SSLKEYLOGFILE=1
555 - export NSS_ENABLE_WERROR=0 #567158
556 - export BUILD_OPT=1
557 - export NSS_USE_SYSTEM_SQLITE=1
558 - export NSDISTMODE=copy
559 - export FREEBL_NO_DEPEND=1
560 - export FREEBL_LOWHASH=1
561 - export NSS_SEED_ONLY_DEV_URANDOM=1
562 - export USE_SYSTEM_ZLIB=1
563 - export ZLIB_LIBS=-lz
564 - export ASFLAGS=""
565 - # Fix build failure on arm64
566 - export NS_USE_GCC=1
567 - # Detect compiler type and set proper environment value
568 - if tc-is-gcc; then
569 - export CC_IS_GCC=1
570 - elif tc-is-clang; then
571 - export CC_IS_CLANG=1
572 - fi
573 -
574 - # explicitly disable altivec/vsx if not requested
575 - # https://bugs.gentoo.org/789114
576 - case ${ARCH} in
577 - ppc*)
578 - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
579 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
580 - ;;
581 - esac
582 -
583 - local d
584 -
585 - # Build the host tools first.
586 - LDFLAGS="${BUILD_LDFLAGS}" \
587 - XCFLAGS="${BUILD_CFLAGS}" \
588 - NSPR_LIB_DIR="${T}/fakedir" \
589 - emake -j1 -C coreconf \
590 - CC="$(tc-getBUILD_CC)" \
591 - ${buildbits-${mybits}}
592 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
593 -
594 - # Then build the target tools.
595 - for d in . lib/dbm ; do
596 - CPPFLAGS="${myCPPFLAGS}" \
597 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
598 - NSPR_LIB_DIR="${T}/fakedir" \
599 - emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
600 - done
601 -}
602 -
603 -# Altering these 3 libraries breaks the CHK verification.
604 -# All of the following cause it to break:
605 -# - stripping
606 -# - prelink
607 -# - ELF signing
608 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
609 -# Either we have to NOT strip them, or we have to forcibly resign after
610 -# stripping.
611 -#local_libdir="$(get_libdir)"
612 -#export STRIP_MASK="
613 -# */${local_libdir}/libfreebl3.so*
614 -# */${local_libdir}/libnssdbm3.so*
615 -# */${local_libdir}/libsoftokn3.so*"
616 -
617 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
618 -
619 -generate_chk() {
620 - local shlibsign="$1"
621 - local libdir="$2"
622 - einfo "Resigning core NSS libraries for FIPS validation"
623 - shift 2
624 - local i
625 - for i in ${NSS_CHK_SIGN_LIBS} ; do
626 - local libname=lib${i}.so
627 - local chkname=lib${i}.chk
628 - "${shlibsign}" \
629 - -i "${libdir}"/${libname} \
630 - -o "${libdir}"/${chkname}.tmp \
631 - && mv -f \
632 - "${libdir}"/${chkname}.tmp \
633 - "${libdir}"/${chkname} \
634 - || die "Failed to sign ${libname}"
635 - done
636 -}
637 -
638 -cleanup_chk() {
639 - local libdir="$1"
640 - shift 1
641 - local i
642 - for i in ${NSS_CHK_SIGN_LIBS} ; do
643 - local libfname="${libdir}/lib${i}.so"
644 - # If the major version has changed, then we have old chk files.
645 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
646 - && rm -f "${libfname}.chk"
647 - done
648 -}
649 -
650 -multilib_src_install() {
651 - pushd dist >/dev/null || die
652 -
653 - dodir /usr/$(get_libdir)
654 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
655 - local i
656 - for i in crmf freebl nssb nssckfw ; do
657 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
658 - done
659 -
660 - # Install nss-config and pkgconfig file
661 - dodir /usr/bin
662 - cp -L */bin/nss-config "${ED}"/usr/bin || die
663 - dodir /usr/$(get_libdir)/pkgconfig
664 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
665 -
666 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
667 - # bug 517266
668 - sed -e 's#Libs:#Libs: -lfreebl#' \
669 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
670 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
671 - || die "could not create nss-softokn.pc"
672 -
673 - # all the include files
674 - insinto /usr/include/nss
675 - doins public/nss/*.{h,api}
676 - insinto /usr/include/nss/private
677 - doins private/nss/{blapi,alghmac,cmac}.h
678 -
679 - popd >/dev/null || die
680 -
681 - local f nssutils
682 - # Always enabled because we need it for chk generation.
683 - nssutils=( shlibsign )
684 -
685 - if multilib_is_native_abi ; then
686 - if use utils; then
687 - # The tests we do not need to install.
688 - #nssutils_test="bltest crmftest dbtest dertimetest
689 - #fipstest remtest sdrtest"
690 - # checkcert utils has been removed in nss-3.22:
691 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
692 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
693 - # certcgi has been removed in nss-3.36:
694 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
695 - nssutils+=(
696 - addbuiltin
697 - atob
698 - baddbdir
699 - btoa
700 - certutil
701 - cmsutil
702 - conflict
703 - crlutil
704 - derdump
705 - digest
706 - makepqg
707 - mangle
708 - modutil
709 - multinit
710 - nonspr10
711 - ocspclnt
712 - oidcalc
713 - p7content
714 - p7env
715 - p7sign
716 - p7verify
717 - pk11mode
718 - pk12util
719 - pp
720 - rsaperf
721 - selfserv
722 - signtool
723 - signver
724 - ssltap
725 - strsclnt
726 - symkeyutil
727 - tstclnt
728 - vfychain
729 - vfyserv
730 - )
731 - # install man-pages for utils (bug #516810)
732 - doman doc/nroff/*.1
733 - fi
734 - pushd dist/*/bin >/dev/null || die
735 - for f in ${nssutils[@]}; do
736 - dobin ${f}
737 - done
738 - popd >/dev/null || die
739 - fi
740 -}
741 -
742 -pkg_postinst() {
743 - multilib_pkg_postinst() {
744 - # We must re-sign the libraries AFTER they are stripped.
745 - local shlibsign="${EROOT}/usr/bin/shlibsign"
746 - # See if we can execute it (cross-compiling & such). #436216
747 - "${shlibsign}" -h >&/dev/null
748 - if [[ $? -gt 1 ]] ; then
749 - shlibsign="shlibsign"
750 - fi
751 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
752 - }
753 -
754 - multilib_foreach_abi multilib_pkg_postinst
755 -}
756 -
757 -pkg_postrm() {
758 - multilib_pkg_postrm() {
759 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
760 - }
761 -
762 - multilib_foreach_abi multilib_pkg_postrm
763 -}
Report Message
Find on MARC Find on Google Groups