Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Ian Stakenvicius (axs)" <axs@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/nss: nss-3.16.1.ebuild ChangeLog nss-3.16-r1.ebuild
Date: Thu, 03 Jul 2014 19:43:13
Message-Id: 20140703194309.DA1532004E@flycatcher.gentoo.org
1 axs 14/07/03 19:43:09
2
3 Modified: ChangeLog
4 Added: nss-3.16.1.ebuild
5 Removed: nss-3.16-r1.ebuild
6 Log:
7 version bump, compatibility improvements on gx86-multilib port, dropped old
8
9 (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 2B6559ED)
10
11 Revision Changes Path
12 1.366 dev-libs/nss/ChangeLog
13
14 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.366&view=markup
15 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.366&content-type=text/plain
16 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.365&r2=1.366
17
18 Index: ChangeLog
19 ===================================================================
20 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
21 retrieving revision 1.365
22 retrieving revision 1.366
23 diff -u -r1.365 -r1.366
24 --- ChangeLog 19 Jun 2014 03:17:50 -0000 1.365
25 +++ ChangeLog 3 Jul 2014 19:43:09 -0000 1.366
26 @@ -1,6 +1,12 @@
27 # ChangeLog for dev-libs/nss
28 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
29 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.365 2014/06/19 03:17:50 tetromino Exp $
30 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.366 2014/07/03 19:43:09 axs Exp $
31 +
32 +*nss-3.16.1 (03 Jul 2014)
33 +
34 + 03 Jul 2014; Ian Stakenvicius (_AxS_) <axs@g.o> +nss-3.16.1.ebuild,
35 + -nss-3.16-r1.ebuild:
36 + version bump, compatibility improvements on gx86-multilib port, dropped old
37
38 19 Jun 2014; Alexandre Rostovtsev <tetromino@g.o> nss-3.16-r1.ebuild:
39 Update emul-linux-x86-baselibs blocker revision.
40
41
42
43 1.1 dev-libs/nss/nss-3.16.1.ebuild
44
45 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.16.1.ebuild?rev=1.1&view=markup
46 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.16.1.ebuild?rev=1.1&content-type=text/plain
47
48 Index: nss-3.16.1.ebuild
49 ===================================================================
50 # Copyright 1999-2014 Gentoo Foundation
51 # Distributed under the terms of the GNU General Public License v2
52 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.16.1.ebuild,v 1.1 2014/07/03 19:43:09 axs Exp $
53
54 EAPI=5
55 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
56
57 NSPR_VER="4.10.6-r1"
58 RTM_NAME="NSS_${PV//./_}_RTM"
59 # Rev of https://git.fedorahosted.org/cgit/nss-pem.git
60 PEM_GIT_REV="3ade37c5c4ca5a6094e3f4b2e4591405db1867dd"
61 PEM_P="${PN}-pem-${PEM_GIT_REV}"
62
63 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
64 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
65 SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
66 cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
67 nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
68
69 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
70 SLOT="0"
71 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
72 IUSE="+cacert +nss-pem utils"
73
74 DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
75 >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]"
76 RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
77 >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
78 >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
79 abi_x86_32? (
80 !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
81 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
82 )"
83
84 RESTRICT="test"
85
86 S="${WORKDIR}/${P}/${PN}"
87
88 MULTILIB_CHOST_TOOLS=(
89 /usr/bin/nss-config
90 )
91
92 src_unpack() {
93 unpack ${A}
94 if use nss-pem ; then
95 mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
96 fi
97 }
98
99 src_prepare() {
100 # Custom changes for gentoo
101 epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
102 epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
103 use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
104 use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
105 epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
106
107 pushd coreconf >/dev/null || die
108 # hack nspr paths
109 echo 'INCLUDES += -I$(DIST)/include/dbm' \
110 >> headers.mk || die "failed to append include"
111
112 # modify install path
113 sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
114 -i source.mk || die
115
116 # Respect LDFLAGS
117 sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
118 popd >/dev/null || die
119
120 # Fix pkgconfig file for Prefix
121 sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
122 config/Makefile || die
123
124 # use host shlibsign if need be #436216
125 if tc-is-cross-compiler ; then
126 sed -i \
127 -e 's:"${2}"/shlibsign:shlibsign:' \
128 cmd/shlibsign/sign.sh || die
129 fi
130
131 # dirty hack
132 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
133 lib/ssl/config.mk || die
134 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
135 cmd/platlibs.mk || die
136
137 multilib_copy_sources
138
139 strip-flags
140 }
141
142 multilib_src_configure() {
143 # Ensure we stay multilib aware
144 sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
145 }
146
147 nssarch() {
148 # Most of the arches are the same as $ARCH
149 local t=${1:-${CHOST}}
150 case ${t} in
151 aarch64*)echo "aarch64";;
152 hppa*) echo "parisc";;
153 i?86*) echo "i686";;
154 x86_64*) echo "x86_64";;
155 *) tc-arch ${t};;
156 esac
157 }
158
159 nssbits() {
160 local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
161 echo > "${T}"/test.c || die
162 ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/${cc}-test.o || die
163 case $(file "${T}"/${cc}-test.o) in
164 *32-bit*x86-64*) echo USE_X32=1;;
165 *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
166 *32-bit*|*ppc*|*i386*) ;;
167 *) die "Failed to detect whether ${cc} is 64bits or 32bits, disable distcc if you're using it, please";;
168 esac
169 }
170
171 multilib_src_compile() {
172 tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG}
173
174 # use ABI to determine bit'ness, or fallback if unset
175 local buildbits mybits
176 case "${ABI}" in
177 n32) mybits="USE_N32=1";;
178 x32) mybits="USE_X32=1";;
179 s390x|*64) mybits="USE_64=1";;
180 default) mybits=$(nssbits);;
181 esac
182 # bitness of host may differ from target
183 if tc-is-cross-compiler; then
184 buildbits=$(nssbits BUILD_)
185 fi
186
187 local makeargs=(
188 CC="${CC}"
189 AR="${AR} rc \$@"
190 RANLIB="${RANLIB}"
191 OPTIMIZER=
192 ${mybits}
193 )
194
195 # Take care of nspr settings #436216
196 local myCPPFLAGS="${CPPFLAGS} $(${PKG_CONFIG} nspr --cflags)"
197 local myLDFLAGS="${LDFLAGS} $(${PKG_CONFIG} nspr --libs-only-L)"
198 unset NSPR_INCLUDE_DIR
199
200 # Do not let `uname` be used.
201 if use kernel_linux ; then
202 makeargs+=(
203 OS_TARGET=Linux
204 OS_RELEASE=2.6
205 OS_TEST="$(nssarch)"
206 )
207 fi
208
209 export BUILD_OPT=1
210 export NSS_USE_SYSTEM_SQLITE=1
211 export NSDISTMODE=copy
212 export NSS_ENABLE_ECC=1
213 export FREEBL_NO_DEPEND=1
214 export ASFLAGS=""
215
216 local d
217
218 # Build the host tools first.
219 LDFLAGS="${BUILD_LDFLAGS}" \
220 XCFLAGS="${BUILD_CFLAGS}" \
221 NSPR_LIB_DIR="${T}/fake-dir" \
222 emake -j1 -C coreconf \
223 CC="${BUILD_CC}" \
224 ${buildbits:-${mybits}}
225 makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
226
227 # Then build the target tools.
228 for d in . lib/dbm ; do
229 CPPFLAGS="${myCPPFLAGS}" \
230 LDFLAGS="${myLDFLAGS}" \
231 XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
232 NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \
233 emake -j1 "${makeargs[@]}" -C ${d}
234 done
235 }
236
237 # Altering these 3 libraries breaks the CHK verification.
238 # All of the following cause it to break:
239 # - stripping
240 # - prelink
241 # - ELF signing
242 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
243 # Either we have to NOT strip them, or we have to forcibly resign after
244 # stripping.
245 #local_libdir="$(get_libdir)"
246 #export STRIP_MASK="
247 # */${local_libdir}/libfreebl3.so*
248 # */${local_libdir}/libnssdbm3.so*
249 # */${local_libdir}/libsoftokn3.so*"
250
251 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
252
253 generate_chk() {
254 local shlibsign="$1"
255 local libdir="$2"
256 einfo "Resigning core NSS libraries for FIPS validation"
257 shift 2
258 local i
259 for i in ${NSS_CHK_SIGN_LIBS} ; do
260 local libname=lib${i}.so
261 local chkname=lib${i}.chk
262 "${shlibsign}" \
263 -i "${libdir}"/${libname} \
264 -o "${libdir}"/${chkname}.tmp \
265 && mv -f \
266 "${libdir}"/${chkname}.tmp \
267 "${libdir}"/${chkname} \
268 || die "Failed to sign ${libname}"
269 done
270 }
271
272 cleanup_chk() {
273 local libdir="$1"
274 shift 1
275 local i
276 for i in ${NSS_CHK_SIGN_LIBS} ; do
277 local libfname="${libdir}/lib${i}.so"
278 # If the major version has changed, then we have old chk files.
279 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
280 && rm -f "${libfname}.chk"
281 done
282 }
283
284 multilib_src_install() {
285 pushd dist >/dev/null || die
286
287 dodir /usr/$(get_libdir)
288 cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
289 # We generate these after stripping the libraries, else they don't match.
290 #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
291 cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
292
293 # Install nss-config and pkgconfig file
294 dodir /usr/bin
295 cp -L */bin/nss-config "${ED}"/usr/bin
296 dodir /usr/$(get_libdir)/pkgconfig
297 cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
298
299 # all the include files
300 insinto /usr/include/nss
301 doins public/nss/*.h
302
303 popd >/dev/null || die
304
305 local f nssutils
306 # Always enabled because we need it for chk generation.
307 nssutils="shlibsign"
308
309 if multilib_is_native_abi ; then
310 if use utils; then
311 # The tests we do not need to install.
312 #nssutils_test="bltest crmftest dbtest dertimetest
313 #fipstest remtest sdrtest"
314 nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
315 cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
316 nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
317 pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
318 symkeyutil tstclnt vfychain vfyserv"
319 fi
320 pushd dist/*/bin >/dev/null || die
321 for f in ${nssutils}; do
322 dobin ${f}
323 done
324 popd >/dev/null || die
325 fi
326
327 # Prelink breaks the CHK files. We don't have any reliable way to run
328 # shlibsign after prelink.
329 local l libs=() liblist
330 for l in ${NSS_CHK_SIGN_LIBS} ; do
331 libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
332 done
333 liblist=$(printf '%s:' "${libs[@]}")
334 echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
335 doenvd "${T}/90nss-${ABI}"
336 }
337
338 pkg_postinst() {
339 multilib_pkg_postinst() {
340 # We must re-sign the libraries AFTER they are stripped.
341 local shlibsign="${EROOT}/usr/bin/shlibsign"
342 # See if we can execute it (cross-compiling & such). #436216
343 "${shlibsign}" -h >&/dev/null
344 if [[ $? -gt 1 ]] ; then
345 shlibsign="shlibsign"
346 fi
347 generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
348 }
349
350 multilib_foreach_abi multilib_pkg_postinst
351 }
352
353 pkg_postrm() {
354 multilib_pkg_postrm() {
355 cleanup_chk "${EROOT}"/usr/$(get_libdir)
356 }
357
358 multilib_foreach_abi multilib_pkg_postrm
359 }
Report Message
Find on MARC Find on Google Groups