[gentoo-commits] gentoo-x86 commit in dev-libs/nss: nss-3.17.ebuild ChangeLog - gentoo-commits

From:	"Lars Wendler (polynomial-c)" <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-libs/nss: nss-3.17.ebuild ChangeLog
Date:	Wed, 03 Sep 2014 16:12:57
Message-Id:	`20140903161040.E0D3749C4@oystercatcher.gentoo.org`

1

polynomial-c    14/09/03 16:10:40

2

3

  Modified:             ChangeLog

4

  Added:                nss-3.17.ebuild

5

  Log:

6

  Version bump (bug #522044)

7

8

  (Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)

9

10

Revision  Changes    Path

11

1.380                dev-libs/nss/ChangeLog

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.380&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.380&content-type=text/plain

15

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.379&r2=1.380

16

17

Index: ChangeLog

18

===================================================================

19

RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v

20

retrieving revision 1.379

21

retrieving revision 1.380

22

diff -u -r1.379 -r1.380

23

--- ChangeLog	12 Aug 2014 21:13:10 -0000	1.379

24

+++ ChangeLog	3 Sep 2014 16:10:40 -0000	1.380

25

@@ -1,6 +1,11 @@

26

 # ChangeLog for dev-libs/nss

27

 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2

28

-# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.379 2014/08/12 21:13:10 polynomial-c Exp $

29

+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.380 2014/09/03 16:10:40 polynomial-c Exp $

30

+

31

+*nss-3.17 (03 Sep 2014)

32

+

33

+  03 Sep 2014; Lars Wendler <polynomial-c@g.o> +nss-3.17.ebuild:

34

+  Version bump (bug #522044).

35

36

 *nss-3.16.4 (12 Aug 2014)

1.1                  dev-libs/nss/nss-3.17.ebuild

42

43

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.17.ebuild?rev=1.1&view=markup

44

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.17.ebuild?rev=1.1&content-type=text/plain

45

46

Index: nss-3.17.ebuild

47

===================================================================

48

# Copyright 1999-2014 Gentoo Foundation

49

# Distributed under the terms of the GNU General Public License v2

50

# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.17.ebuild,v 1.1 2014/09/03 16:10:40 polynomial-c Exp $

51

52

EAPI=5

53

inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal

54

55

NSPR_VER="4.10.6-r1"

56

RTM_NAME="NSS_${PV//./_}_RTM"

57

# Rev of https://git.fedorahosted.org/cgit/nss-pem.git

58

PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"

59

PEM_P="${PN}-pem-${PEM_GIT_REV}"

60

61

DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"

62

HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"

63

SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz

64

	cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )

65

	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"

66

67

LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"

68

SLOT="0"

69

KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

70

IUSE="+cacert +nss-pem utils"

71

72

DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]

73

	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]"

74

RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]

75

	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]

76

	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]

77

	abi_x86_32? (

78

		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12

79

		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

80

)"

81

82

RESTRICT="test"

83

84

S="${WORKDIR}/${P}/${PN}"

85

86

MULTILIB_CHOST_TOOLS=(

87

	/usr/bin/nss-config

88

)

89

90

src_unpack() {

91

	unpack ${A}

92

	if use nss-pem ; then

93

		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die

94

fi

95

}

96

97

src_prepare() {

98

	# Custom changes for gentoo

99

	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"

100

	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"

101

	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"

102

	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"

103

	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"

104

105

	pushd coreconf >/dev/null || die

106

	# hack nspr paths

107

	echo 'INCLUDES += -I$(DIST)/include/dbm' \

108

		>> headers.mk || die "failed to append include"

109

110

	# modify install path

111

	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \

112

		-i source.mk || die

113

114

	# Respect LDFLAGS

115

	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk

116

	popd >/dev/null || die

117

118

	# Fix pkgconfig file for Prefix

119

	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \

120

		config/Makefile || die

121

122

	# use host shlibsign if need be #436216

123

	if tc-is-cross-compiler ; then

124

		sed -i \

125

			-e 's:"${2}"/shlibsign:shlibsign:' \

126

			cmd/shlibsign/sign.sh || die

127

fi

128

129

	# dirty hack

130

	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \

131

		lib/ssl/config.mk || die

132

	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \

133

		cmd/platlibs.mk || die

134

135

	multilib_copy_sources

136

137

	strip-flags

138

}

139

140

multilib_src_configure() {

141

	# Ensure we stay multilib aware

142

	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die

143

}

144

145

nssarch() {

146

	# Most of the arches are the same as $ARCH

147

	local t=${1:-${CHOST}}

148

	case ${t} in

149

		aarch64*)echo "aarch64";;

150

		hppa*)   echo "parisc";;

151

		i?86*)   echo "i686";;

152

		x86_64*) echo "x86_64";;

153

		*)       tc-arch ${t};;

154

	esac

155

}

156

157

nssbits() {

158

	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"

159

	if [[ ${1} == BUILD_ ]]; then

160

		cc=$(tc-getBUILD_CC)

161

	else

162

		cc=$(tc-getCC)

163

fi

164

	echo > "${T}"/test.c || die

165

	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die

166

	case $(file "${T}/${1}test.o") in

167

		*32-bit*x86-64*) echo USE_X32=1;;

168

		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;

169

		*32-bit*|*ppc*|*i386*) ;;

170

		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;

171

	esac

172

}

173

174

multilib_src_compile() {

175

	# use ABI to determine bit'ness, or fallback if unset

176

	local buildbits mybits

177

	case "${ABI}" in

178

		n32) mybits="USE_N32=1";;

179

		x32) mybits="USE_X32=1";;

180

		s390x|*64) mybits="USE_64=1";;

181

		default) mybits=$(nssbits);;

182

	esac

183

	# bitness of host may differ from target

184

	if tc-is-cross-compiler; then

185

		buildbits=$(nssbits BUILD_)

186

fi

187

188

	local makeargs=(

189

		CC="$(tc-getCC)"

190

		AR="$(tc-getAR) rc \$@"

191

		RANLIB="$(tc-getRANLIB)"

192

		OPTIMIZER=

193

		${mybits}

194

)

195

196

	# Take care of nspr settings #436216

197

	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"

198

	local myLDFLAGS="${LDFLAGS} $($(tc-getPKG_CONFIG) nspr --libs-only-L)"

199

	unset NSPR_INCLUDE_DIR

200

201

	# Do not let `uname` be used.

202

	if use kernel_linux ; then

203

		makeargs+=(

204

			OS_TARGET=Linux

205

			OS_RELEASE=2.6

206

			OS_TEST="$(nssarch)"

207

)

208

fi

209

210

	export BUILD_OPT=1

211

	export NSS_USE_SYSTEM_SQLITE=1

212

	export NSDISTMODE=copy

213

	export NSS_ENABLE_ECC=1

214

	export FREEBL_NO_DEPEND=1

215

	export ASFLAGS=""

216

217

	local d

218

219

	# Build the host tools first.

220

	LDFLAGS="${BUILD_LDFLAGS}" \

221

	XCFLAGS="${BUILD_CFLAGS}" \

222

	NSPR_LIB_DIR="${T}/fake-dir" \

223

	emake -j1 -C coreconf \

224

		CC="$(tc-getBUILD_CC)" \

225

		${buildbits:-${mybits}}

226

	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )

227

228

	# Then build the target tools.

229

	for d in . lib/dbm ; do

230

		CPPFLAGS="${myCPPFLAGS}" \

231

		LDFLAGS="${myLDFLAGS}" \

232

		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \

233

		NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \

234

		emake -j1 "${makeargs[@]}" -C ${d}

235

	done

236

}

237

238

# Altering these 3 libraries breaks the CHK verification.

239

# All of the following cause it to break:

240

# - stripping

241

# - prelink

242

# - ELF signing

243

# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

244

# Either we have to NOT strip them, or we have to forcibly resign after

245

# stripping.

246

#local_libdir="$(get_libdir)"

247

#export STRIP_MASK="

248

#	*/${local_libdir}/libfreebl3.so*

249

#	*/${local_libdir}/libnssdbm3.so*

250

#	*/${local_libdir}/libsoftokn3.so*"

251

252

export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"

253

254

generate_chk() {

255

	local shlibsign="$1"

256

	local libdir="$2"

257

	einfo "Resigning core NSS libraries for FIPS validation"

258

	shift 2

259

	local i

260

	for i in ${NSS_CHK_SIGN_LIBS} ; do

261

		local libname=lib${i}.so

262

		local chkname=lib${i}.chk

263

		"${shlibsign}" \

264

			-i "${libdir}"/${libname} \

265

			-o "${libdir}"/${chkname}.tmp \

266

		&& mv -f \

267

			"${libdir}"/${chkname}.tmp \

268

			"${libdir}"/${chkname} \

269

		|| die "Failed to sign ${libname}"

270

	done

271

}

272

273

cleanup_chk() {

274

	local libdir="$1"

275

	shift 1

276

	local i

277

	for i in ${NSS_CHK_SIGN_LIBS} ; do

278

		local libfname="${libdir}/lib${i}.so"

279

		# If the major version has changed, then we have old chk files.

280

		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \

281

			&& rm -f "${libfname}.chk"

282

	done

283

}

284

285

multilib_src_install() {

286

	pushd dist >/dev/null || die

287

288

	dodir /usr/$(get_libdir)

289

	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"

290

	cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"

291

292

	# Install nss-config and pkgconfig file

293

	dodir /usr/bin

294

	cp -L */bin/nss-config "${ED}"/usr/bin || die

295

	dodir /usr/$(get_libdir)/pkgconfig

296

	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die

297

298

	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers

299

	# bug 517266

300

	sed 	-e 's#Libs:#Libs: -lfreebl#' \

301

		-e 's#Cflags:#Cflags: -I${includedir}/private#' \

302

		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \

303

		|| die "could not create nss-softokn.pc"

304

305

	# all the include files

306

	insinto /usr/include/nss

307

	doins public/nss/*.h

308

	insinto /usr/include/nss/private

309

	doins private/nss/{blapi,alghmac}.h

310

311

	popd >/dev/null || die

312

313

	local f nssutils

314

	# Always enabled because we need it for chk generation.

315

	nssutils="shlibsign"

316

317

	if multilib_is_native_abi ; then

318

		if use utils; then

319

			# The tests we do not need to install.

320

			#nssutils_test="bltest crmftest dbtest dertimetest

321

			#fipstest remtest sdrtest"

322

			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert

323

			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit

324

			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode

325

			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt

326

			symkeyutil tstclnt vfychain vfyserv"

327

fi

328

		pushd dist/*/bin >/dev/null || die

329

		for f in ${nssutils}; do

330

			dobin ${f}

331

		done

332

		popd >/dev/null || die

333

fi

334

335

	# Prelink breaks the CHK files. We don't have any reliable way to run

336

	# shlibsign after prelink.

337

	local l libs=() liblist

338

	for l in ${NSS_CHK_SIGN_LIBS} ; do

339

		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")

340

	done

341

	liblist=$(printf '%s:' "${libs[@]}")

342

	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"

343

	doenvd "${T}/90nss-${ABI}"

344

}

345

346

pkg_postinst() {

347

	multilib_pkg_postinst() {

348

		# We must re-sign the libraries AFTER they are stripped.

349

		local shlibsign="${EROOT}/usr/bin/shlibsign"

350

		# See if we can execute it (cross-compiling & such). #436216

351

		"${shlibsign}" -h >&/dev/null

352

		if [[ $? -gt 1 ]] ; then

353

			shlibsign="shlibsign"

354

fi

355

		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)

356

}

357

358

	multilib_foreach_abi multilib_pkg_postinst

359

}

360

361

pkg_postrm() {

362

	multilib_pkg_postrm() {

363

		cleanup_chk "${EROOT}"/usr/$(get_libdir)

364

}

365

366

	multilib_foreach_abi multilib_pkg_postrm

367

}

1	polynomial-c 14/09/03 16:10:40
2
3	Modified: ChangeLog
4	Added: nss-3.17.ebuild
5	Log:
6	Version bump (bug #522044)
7
8	(Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
9
10	Revision Changes Path
11	1.380 dev-libs/nss/ChangeLog
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.380&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.380&content-type=text/plain
15	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.379&r2=1.380
16
17	Index: ChangeLog
18	===================================================================
19	RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
20	retrieving revision 1.379
21	retrieving revision 1.380
22	diff -u -r1.379 -r1.380
23	--- ChangeLog 12 Aug 2014 21:13:10 -0000 1.379
24	+++ ChangeLog 3 Sep 2014 16:10:40 -0000 1.380
25	@@ -1,6 +1,11 @@
26	# ChangeLog for dev-libs/nss
27	# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
28	-# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.379 2014/08/12 21:13:10 polynomial-c Exp $
29	+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.380 2014/09/03 16:10:40 polynomial-c Exp $
30	+
31	+*nss-3.17 (03 Sep 2014)
32	+
33	+ 03 Sep 2014; Lars Wendler <polynomial-c@g.o> +nss-3.17.ebuild:
34	+ Version bump (bug #522044).
35
36	*nss-3.16.4 (12 Aug 2014)
37
38
39
40
41	1.1 dev-libs/nss/nss-3.17.ebuild
42
43	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.17.ebuild?rev=1.1&view=markup
44	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.17.ebuild?rev=1.1&content-type=text/plain
45
46	Index: nss-3.17.ebuild
47	===================================================================
48	# Copyright 1999-2014 Gentoo Foundation
49	# Distributed under the terms of the GNU General Public License v2
50	# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.17.ebuild,v 1.1 2014/09/03 16:10:40 polynomial-c Exp $
51
52	EAPI=5
53	inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
54
55	NSPR_VER="4.10.6-r1"
56	RTM_NAME="NSS_${PV//./_}_RTM"
57	# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
58	PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
59	PEM_P="${PN}-pem-${PEM_GIT_REV}"
60
61	DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
62	HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
63	SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
64	cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
65	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
66
67	LICENSE="\|\| ( MPL-2.0 GPL-2 LGPL-2.1 )"
68	SLOT="0"
69	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
70	IUSE="+cacert +nss-pem utils"
71
72	DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
73	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]"
74	RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
75	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
76	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
77	abi_x86_32? (
78	!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
79	!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
80	)"
81
82	RESTRICT="test"
83
84	S="${WORKDIR}/${P}/${PN}"
85
86	MULTILIB_CHOST_TOOLS=(
87	/usr/bin/nss-config
88	)
89
90	src_unpack() {
91	unpack ${A}
92	if use nss-pem ; then
93	mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ \|\| die
94	fi
95	}
96
97	src_prepare() {
98	# Custom changes for gentoo
99	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
100	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
101	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
102	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
103	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
104
105	pushd coreconf >/dev/null \|\| die
106	# hack nspr paths
107	echo 'INCLUDES += -I$(DIST)/include/dbm' \
108	>> headers.mk \|\| die "failed to append include"
109
110	# modify install path
111	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
112	-i source.mk \|\| die
113
114	# Respect LDFLAGS
115	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
116	popd >/dev/null \|\| die
117
118	# Fix pkgconfig file for Prefix
119	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
120	config/Makefile \|\| die
121
122	# use host shlibsign if need be #436216
123	if tc-is-cross-compiler ; then
124	sed -i \
125	-e 's:"${2}"/shlibsign:shlibsign:' \
126	cmd/shlibsign/sign.sh \|\| die
127	fi
128
129	# dirty hack
130	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
131	lib/ssl/config.mk \|\| die
132	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
133	cmd/platlibs.mk \|\| die
134
135	multilib_copy_sources
136
137	strip-flags
138	}
139
140	multilib_src_configure() {
141	# Ensure we stay multilib aware
142	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile \|\| die
143	}
144
145	nssarch() {
146	# Most of the arches are the same as $ARCH
147	local t=${1:-${CHOST}}
148	case ${t} in
149	aarch64*)echo "aarch64";;
150	hppa*) echo "parisc";;
151	i?86*) echo "i686";;
152	x86_64*) echo "x86_64";;
153	*) tc-arch ${t};;
154	esac
155	}
156
157	nssbits() {
158	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
159	if [[ ${1} == BUILD_ ]]; then
160	cc=$(tc-getBUILD_CC)
161	else
162	cc=$(tc-getCC)
163	fi
164	echo > "${T}"/test.c \|\| die
165	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" \|\| die
166	case $(file "${T}/${1}test.o") in
167	32-bitx86-64*) echo USE_X32=1;;
168	64-bit\|ppc64\|x86_64) echo USE_64=1;;
169	32-bit\|ppc\|i386) ;;
170	*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
171	esac
172	}
173
174	multilib_src_compile() {
175	# use ABI to determine bit'ness, or fallback if unset
176	local buildbits mybits
177	case "${ABI}" in
178	n32) mybits="USE_N32=1";;
179	x32) mybits="USE_X32=1";;
180	s390x\|*64) mybits="USE_64=1";;
181	default) mybits=$(nssbits);;
182	esac
183	# bitness of host may differ from target
184	if tc-is-cross-compiler; then
185	buildbits=$(nssbits BUILD_)
186	fi
187
188	local makeargs=(
189	CC="$(tc-getCC)"
190	AR="$(tc-getAR) rc \$@"
191	RANLIB="$(tc-getRANLIB)"
192	OPTIMIZER=
193	${mybits}
194	)
195
196	# Take care of nspr settings #436216
197	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
198	local myLDFLAGS="${LDFLAGS} $($(tc-getPKG_CONFIG) nspr --libs-only-L)"
199	unset NSPR_INCLUDE_DIR
200
201	# Do not let `uname` be used.
202	if use kernel_linux ; then
203	makeargs+=(
204	OS_TARGET=Linux
205	OS_RELEASE=2.6
206	OS_TEST="$(nssarch)"
207	)
208	fi
209
210	export BUILD_OPT=1
211	export NSS_USE_SYSTEM_SQLITE=1
212	export NSDISTMODE=copy
213	export NSS_ENABLE_ECC=1
214	export FREEBL_NO_DEPEND=1
215	export ASFLAGS=""
216
217	local d
218
219	# Build the host tools first.
220	LDFLAGS="${BUILD_LDFLAGS}" \
221	XCFLAGS="${BUILD_CFLAGS}" \
222	NSPR_LIB_DIR="${T}/fake-dir" \
223	emake -j1 -C coreconf \
224	CC="$(tc-getBUILD_CC)" \
225	${buildbits:-${mybits}}
226	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
227
228	# Then build the target tools.
229	for d in . lib/dbm ; do
230	CPPFLAGS="${myCPPFLAGS}" \
231	LDFLAGS="${myLDFLAGS}" \
232	XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
233	NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \
234	emake -j1 "${makeargs[@]}" -C ${d}
235	done
236	}
237
238	# Altering these 3 libraries breaks the CHK verification.
239	# All of the following cause it to break:
240	# - stripping
241	# - prelink
242	# - ELF signing
243	# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
244	# Either we have to NOT strip them, or we have to forcibly resign after
245	# stripping.
246	#local_libdir="$(get_libdir)"
247	#export STRIP_MASK="
248	# /${local_libdir}/libfreebl3.so
249	# /${local_libdir}/libnssdbm3.so
250	# /${local_libdir}/libsoftokn3.so"
251
252	export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
253
254	generate_chk() {
255	local shlibsign="$1"
256	local libdir="$2"
257	einfo "Resigning core NSS libraries for FIPS validation"
258	shift 2
259	local i
260	for i in ${NSS_CHK_SIGN_LIBS} ; do
261	local libname=lib${i}.so
262	local chkname=lib${i}.chk
263	"${shlibsign}" \
264	-i "${libdir}"/${libname} \
265	-o "${libdir}"/${chkname}.tmp \
266	&& mv -f \
267	"${libdir}"/${chkname}.tmp \
268	"${libdir}"/${chkname} \
269	\|\| die "Failed to sign ${libname}"
270	done
271	}
272
273	cleanup_chk() {
274	local libdir="$1"
275	shift 1
276	local i
277	for i in ${NSS_CHK_SIGN_LIBS} ; do
278	local libfname="${libdir}/lib${i}.so"
279	# If the major version has changed, then we have old chk files.
280	[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
281	&& rm -f "${libfname}.chk"
282	done
283	}
284
285	multilib_src_install() {
286	pushd dist >/dev/null \|\| die
287
288	dodir /usr/$(get_libdir)
289	cp -L /lib/$(get_libname) "${ED}"/usr/$(get_libdir) \|\| die "copying shared libs failed"
290	cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a \|\| die "copying libs failed"
291
292	# Install nss-config and pkgconfig file
293	dodir /usr/bin
294	cp -L */bin/nss-config "${ED}"/usr/bin \|\| die
295	dodir /usr/$(get_libdir)/pkgconfig
296	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig \|\| die
297
298	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
299	# bug 517266
300	sed -e 's#Libs:#Libs: -lfreebl#' \
301	-e 's#Cflags:#Cflags: -I${includedir}/private#' \
302	*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
303	\|\| die "could not create nss-softokn.pc"
304
305	# all the include files
306	insinto /usr/include/nss
307	doins public/nss/*.h
308	insinto /usr/include/nss/private
309	doins private/nss/{blapi,alghmac}.h
310
311	popd >/dev/null \|\| die
312
313	local f nssutils
314	# Always enabled because we need it for chk generation.
315	nssutils="shlibsign"
316
317	if multilib_is_native_abi ; then
318	if use utils; then
319	# The tests we do not need to install.
320	#nssutils_test="bltest crmftest dbtest dertimetest
321	#fipstest remtest sdrtest"
322	nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
323	cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
324	nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
325	pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
326	symkeyutil tstclnt vfychain vfyserv"
327	fi
328	pushd dist/*/bin >/dev/null \|\| die
329	for f in ${nssutils}; do
330	dobin ${f}
331	done
332	popd >/dev/null \|\| die
333	fi
334
335	# Prelink breaks the CHK files. We don't have any reliable way to run
336	# shlibsign after prelink.
337	local l libs=() liblist
338	for l in ${NSS_CHK_SIGN_LIBS} ; do
339	libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
340	done
341	liblist=$(printf '%s:' "${libs[@]}")
342	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
343	doenvd "${T}/90nss-${ABI}"
344	}
345
346	pkg_postinst() {
347	multilib_pkg_postinst() {
348	# We must re-sign the libraries AFTER they are stripped.
349	local shlibsign="${EROOT}/usr/bin/shlibsign"
350	# See if we can execute it (cross-compiling & such). #436216
351	"${shlibsign}" -h >&/dev/null
352	if [[ $? -gt 1 ]] ; then
353	shlibsign="shlibsign"
354	fi
355	generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
356	}
357
358	multilib_foreach_abi multilib_pkg_postinst
359	}
360
361	pkg_postrm() {
362	multilib_pkg_postrm() {
363	cleanup_chk "${EROOT}"/usr/$(get_libdir)
364	}
365
366	multilib_foreach_abi multilib_pkg_postrm
367	}

Gentoo Archives: gentoo-commits