Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Jory Pratt (anarchy)" <anarchy@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/nss: ChangeLog nss-3.13.6.ebuild
Date: Sat, 01 Sep 2012 23:07:48
Message-Id: 20120901230737.4D5D920F2A@flycatcher.gentoo.org
1 anarchy 12/09/01 23:07:37
2
3 Modified: ChangeLog
4 Added: nss-3.13.6.ebuild
5 Log:
6 Security bump
7
8 (Portage version: 2.1.11.12/cvs/Linux x86_64)
9
10 Revision Changes Path
11 1.259 dev-libs/nss/ChangeLog
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.259&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.259&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.258&r2=1.259
16
17 Index: ChangeLog
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
20 retrieving revision 1.258
21 retrieving revision 1.259
22 diff -u -r1.258 -r1.259
23 --- ChangeLog 25 Aug 2012 07:07:21 -0000 1.258
24 +++ ChangeLog 1 Sep 2012 23:07:37 -0000 1.259
25 @@ -1,6 +1,11 @@
26 # ChangeLog for dev-libs/nss
27 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
28 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.258 2012/08/25 07:07:21 xmw Exp $
29 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.259 2012/09/01 23:07:37 anarchy Exp $
30 +
31 +*nss-3.13.6 (01 Sep 2012)
32 +
33 + 01 Sep 2012; <anarchy@g.o> +nss-3.13.6.ebuild:
34 + Security bump
35
36 25 Aug 2012; Michael Weber <xmw@g.o> nss-3.13.5.ebuild:
37 ppc stable (bug 427224)
38
39
40
41 1.1 dev-libs/nss/nss-3.13.6.ebuild
42
43 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.13.6.ebuild?rev=1.1&view=markup
44 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.13.6.ebuild?rev=1.1&content-type=text/plain
45
46 Index: nss-3.13.6.ebuild
47 ===================================================================
48 # Copyright 1999-2012 Gentoo Foundation
49 # Distributed under the terms of the GNU General Public License v2
50 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.13.6.ebuild,v 1.1 2012/09/01 23:07:37 anarchy Exp $
51
52 EAPI=3
53 inherit eutils flag-o-matic multilib toolchain-funcs
54
55 NSPR_VER="4.9.2"
56 RTM_NAME="NSS_${PV//./_}_RTM"
57
58 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
59 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
60 SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
61 http://dev.gentoo.org/~anarchy/patches/${PN}-3.13.6-add_spi+cacerts_ca_certs.patch
62 http://dev.gentoo.org/~anarchy/patches/${PN}-3.13.3_pem.support"
63
64 LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )"
65 SLOT="0"
66 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
67 IUSE="utils"
68
69 DEPEND="virtual/pkgconfig
70 >=dev-libs/nspr-${NSPR_VER}"
71
72 RDEPEND=">=dev-libs/nspr-${NSPR_VER}
73 >=dev-db/sqlite-3.5
74 sys-libs/zlib"
75
76 src_setup() {
77 export LC_ALL="C"
78 }
79
80 src_prepare() {
81 # Custom changes for gentoo
82 epatch "${FILESDIR}/${PN}-3.13-gentoo-fixup.patch"
83 epatch "${FILESDIR}/${PN}-3.12.6-gentoo-fixup-warnings.patch"
84 epatch "${DISTDIR}/${PN}-3.13.6-add_spi+cacerts_ca_certs.patch"
85 epatch "${DISTDIR}/${PN}-3.13.3_pem.support"
86 epatch "${FILESDIR}/${PN}-3.13.5-x32.patch"
87
88 cd "${S}"/mozilla/security/coreconf || die
89 # hack nspr paths
90 echo 'INCLUDES += -I'"${EPREFIX}"'/usr/include/nspr -I$(DIST)/include/dbm' \
91 >> headers.mk || die "failed to append include"
92
93 # modify install path
94 sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
95 -i source.mk || die
96
97 # Respect LDFLAGS
98 sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk || die
99
100 # Ensure we stay multilib aware
101 sed -i -e "s:gentoo\/nss:$(get_libdir):" "${S}"/mozilla/security/nss/config/Makefile || die "Failed to fix for multilib"
102
103 # Fix pkgconfig file for Prefix
104 sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
105 "${S}"/mozilla/security/nss/config/Makefile || die
106
107 epatch "${FILESDIR}/nss-3.13.1-solaris-gcc.patch"
108
109 # dirty hack
110 cd "${S}"/mozilla/security/nss || die
111 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
112 lib/ssl/config.mk || die
113 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
114 cmd/platlibs.mk || die
115 }
116
117 src_compile() {
118 strip-flags
119
120 echo > "${T}"/test.c || die
121 $(tc-getCC) ${CFLAGS} -c "${T}"/test.c -o "${T}"/test.o || die
122 case $(file "${T}"/test.o) in
123 *32-bit*x86-64*) export USE_x32=1;;
124 *64-bit*|*ppc64*|*x86_64*) export USE_64=1;;
125 *32-bit*|*ppc*|*i386*) ;;
126 *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";;
127 esac
128
129 export NSPR_INCLUDE_DIR=`nspr-config --includedir`
130 export NSPR_LIB_DIR=`nspr-config --libdir`
131 export BUILD_OPT=1
132 export NSS_USE_SYSTEM_SQLITE=1
133 export NSDISTMODE=copy
134 export NSS_ENABLE_ECC=1
135 export XCFLAGS="${CFLAGS}"
136 export FREEBL_NO_DEPEND=1
137 export ASFLAGS=""
138
139 cd "${S}"/mozilla/security/coreconf || die
140 emake -j1 CC="$(tc-getCC)" || die "coreconf make failed"
141 cd "${S}"/mozilla/security/dbm || die
142 emake -j1 CC="$(tc-getCC)" || die "dbm make failed"
143 cd "${S}"/mozilla/security/nss || die
144 emake -j1 CC="$(tc-getCC)" || die "nss make failed"
145 }
146
147 # Altering these 3 libraries breaks the CHK verification.
148 # All of the following cause it to break:
149 # - stripping
150 # - prelink
151 # - ELF signing
152 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
153 # Either we have to NOT strip them, or we have to forcibly resign after
154 # stripping.
155 #local_libdir="$(get_libdir)"
156 #export STRIP_MASK="
157 # */${local_libdir}/libfreebl3.so*
158 # */${local_libdir}/libnssdbm3.so*
159 # */${local_libdir}/libsoftokn3.so*"
160
161 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
162
163 generate_chk() {
164 local shlibsign="$1"
165 local libdir="$2"
166 einfo "Resigning core NSS libraries for FIPS validation"
167 shift 2
168 for i in ${NSS_CHK_SIGN_LIBS} ; do
169 local libname=lib${i}.so
170 local chkname=lib${i}.chk
171 "${shlibsign}" \
172 -i "${libdir}"/${libname} \
173 -o "${libdir}"/${chkname}.tmp \
174 && mv -f \
175 "${libdir}"/${chkname}.tmp \
176 "${libdir}"/${chkname} \
177 || die "Failed to sign ${libname}"
178 done
179 }
180
181 cleanup_chk() {
182 local libdir="$1"
183 shift 1
184 for i in ${NSS_CHK_SIGN_LIBS} ; do
185 local libfname="${libdir}/lib${i}.so"
186 # If the major version has changed, then we have old chk files.
187 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
188 && rm -f "${libfname}.chk"
189 done
190 }
191
192 src_install () {
193 MINOR_VERSION=12
194 cd "${S}"/mozilla/security/dist || die
195
196 dodir /usr/$(get_libdir) || die
197 cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
198 # We generate these after stripping the libraries, else they don't match.
199 #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
200 cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
201
202 # Install nss-config and pkgconfig file
203 dodir /usr/bin || die
204 cp -L */bin/nss-config "${ED}"/usr/bin || die
205 dodir /usr/$(get_libdir)/pkgconfig || die
206 cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
207
208 # all the include files
209 insinto /usr/include/nss
210 doins public/nss/*.h || die
211 cd "${ED}"/usr/$(get_libdir) || die
212 local n=
213 for file in *$(get_libname); do
214 n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION})
215 mv ${file} ${n} || die
216 ln -s ${n} ${file} || die
217 if [[ ${CHOST} == *-darwin* ]]; then
218 install_name_tool -id "${EPREFIX}/usr/$(get_libdir)/${n}" ${n} || die
219 fi
220 done
221
222 local nssutils
223 # Always enabled because we need it for chk generation.
224 nssutils="shlibsign"
225 if use utils; then
226 # The tests we do not need to install.
227 #nssutils_test="bltest crmftest dbtest dertimetest
228 #fipstest remtest sdrtest"
229 nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
230 cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
231 nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
232 pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
233 symkeyutil tstclnt vfychain vfyserv"
234 fi
235 cd "${S}"/mozilla/security/dist/*/bin/ || die
236 for f in $nssutils; do
237 dobin ${f} || die
238 done
239
240 # Prelink breaks the CHK files. We don't have any reliable way to run
241 # shlibsign after prelink.
242 declare -a libs
243 for l in ${NSS_CHK_SIGN_LIBS} ; do
244 libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
245 done
246 OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}"
247 echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss" || die
248 unset libs liblist
249 doenvd "${T}/90nss" || die
250 }
251
252 pkg_postinst() {
253 # We must re-sign the libraries AFTER they are stripped.
254 generate_chk "${EROOT}"/usr/bin/shlibsign "${EROOT}"/usr/$(get_libdir)
255 }
256
257 pkg_postrm() {
258 cleanup_chk "${EROOT}"/usr/$(get_libdir)
259 }
Report Message
Find on MARC Find on Google Groups