Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
Date: Sat, 08 Jan 2022 17:13:34
Message-Id: 1641661994.e5e6a5f2f76cf91ce97cd7993a52452e62c4ed2c.polynomial-c@gentoo
1 commit: e5e6a5f2f76cf91ce97cd7993a52452e62c4ed2c
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jan 8 17:02:10 2022 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Sat Jan 8 17:13:14 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5e6a5f2
7
8 dev-libs/nss: Removed old
9
10 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
11
12 dev-libs/nss/Manifest | 4 -
13 dev-libs/nss/nss-3.63.1-r1.ebuild | 366 -------------------------------------
14 dev-libs/nss/nss-3.72.1.ebuild | 367 --------------------------------------
15 dev-libs/nss/nss-3.72.ebuild | 367 --------------------------------------
16 dev-libs/nss/nss-3.73.ebuild | 367 --------------------------------------
17 5 files changed, 1471 deletions(-)
18
19 diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
20 index 8fc42c03a5a1..cfcc2327039a 100644
21 --- a/dev-libs/nss/Manifest
22 +++ b/dev-libs/nss/Manifest
23 @@ -1,8 +1,4 @@
24 -DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
25 DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
26 -DIST nss-3.72.1.tar.gz 83929867 BLAKE2B 8be49eef0c1845a65da61829798d119b6b88b5aad6e07059d42e7c4b41d6a03975d82bb598ba0614f596107eb73408269f6a78c9a173f82566948638aeafde96 SHA512 57abc2752484049b59b3a7606814341c194bfa0db781dd5fc805fbe79787073ab4dbc1944719a8def71e5d4f371f2948aaa558290134c4f247c61dd5e96daf8a
27 -DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
28 DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071
29 -DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
30 DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
31 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
32
33 diff --git a/dev-libs/nss/nss-3.63.1-r1.ebuild b/dev-libs/nss/nss-3.63.1-r1.ebuild
34 deleted file mode 100644
35 index 35a01a196be9..000000000000
36 --- a/dev-libs/nss/nss-3.63.1-r1.ebuild
37 +++ /dev/null
38 @@ -1,366 +0,0 @@
39 -# Copyright 1999-2021 Gentoo Authors
40 -# Distributed under the terms of the GNU General Public License v2
41 -
42 -EAPI=7
43 -
44 -inherit flag-o-matic multilib toolchain-funcs multilib-minimal
45 -
46 -NSPR_VER="4.29"
47 -RTM_NAME="NSS_${PV//./_}_RTM"
48 -
49 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
50 -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
51 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
52 - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
53 -
54 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
55 -SLOT="0"
56 -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
57 -IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
58 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
59 -RDEPEND="
60 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
61 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
62 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
63 - virtual/pkgconfig
64 -"
65 -DEPEND="${RDEPEND}"
66 -
67 -RESTRICT="test"
68 -
69 -S="${WORKDIR}/${P}/${PN}"
70 -
71 -MULTILIB_CHOST_TOOLS=(
72 - /usr/bin/nss-config
73 -)
74 -
75 -PATCHES=(
76 - # Custom changes for gentoo
77 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
78 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
79 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
80 -)
81 -
82 -src_prepare() {
83 - default
84 -
85 - if use cacert ; then
86 - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
87 - fi
88 -
89 - pushd coreconf >/dev/null || die
90 - # hack nspr paths
91 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
92 - >> headers.mk || die "failed to append include"
93 -
94 - # modify install path
95 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
96 - -i source.mk || die
97 -
98 - # Respect LDFLAGS
99 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
100 - popd >/dev/null || die
101 -
102 - # Fix pkgconfig file for Prefix
103 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
104 - config/Makefile || die
105 -
106 - # use host shlibsign if need be #436216
107 - if tc-is-cross-compiler ; then
108 - sed -i \
109 - -e 's:"${2}"/shlibsign:shlibsign:' \
110 - cmd/shlibsign/sign.sh || die
111 - fi
112 -
113 - # dirty hack
114 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
115 - lib/ssl/config.mk || die
116 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
117 - cmd/platlibs.mk || die
118 -
119 - multilib_copy_sources
120 -
121 - strip-flags
122 -}
123 -
124 -multilib_src_configure() {
125 - # Ensure we stay multilib aware
126 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
127 -}
128 -
129 -nssarch() {
130 - # Most of the arches are the same as $ARCH
131 - local t=${1:-${CHOST}}
132 - case ${t} in
133 - *86*-pc-solaris2*) echo "i86pc" ;;
134 - aarch64*) echo "aarch64" ;;
135 - hppa*) echo "parisc" ;;
136 - i?86*) echo "i686" ;;
137 - x86_64*) echo "x86_64" ;;
138 - *) tc-arch ${t} ;;
139 - esac
140 -}
141 -
142 -nssbits() {
143 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
144 - if [[ ${1} == BUILD_ ]]; then
145 - cc=$(tc-getBUILD_CC)
146 - else
147 - cc=$(tc-getCC)
148 - fi
149 - echo > "${T}"/test.c || die
150 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
151 - case $(file "${T}/${1}test.o") in
152 - *32-bit*x86-64*) echo USE_X32=1;;
153 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
154 - *32-bit*|*ppc*|*i386*) ;;
155 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
156 - esac
157 -}
158 -
159 -multilib_src_compile() {
160 - # use ABI to determine bit'ness, or fallback if unset
161 - local buildbits mybits
162 - case "${ABI}" in
163 - n32) mybits="USE_N32=1";;
164 - x32) mybits="USE_X32=1";;
165 - s390x|*64) mybits="USE_64=1";;
166 - ${DEFAULT_ABI})
167 - einfo "Running compilation test to determine bit'ness"
168 - mybits=$(nssbits)
169 - ;;
170 - esac
171 - # bitness of host may differ from target
172 - if tc-is-cross-compiler; then
173 - buildbits=$(nssbits BUILD_)
174 - fi
175 -
176 - local makeargs=(
177 - CC="$(tc-getCC)"
178 - CCC="$(tc-getCXX)"
179 - AR="$(tc-getAR) rc \$@"
180 - RANLIB="$(tc-getRANLIB)"
181 - OPTIMIZER=
182 - ${mybits}
183 - )
184 -
185 - # Take care of nspr settings #436216
186 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
187 - unset NSPR_INCLUDE_DIR
188 -
189 - export NSS_ALLOW_SSLKEYLOGFILE=1
190 - export NSS_ENABLE_WERROR=0 #567158
191 - export BUILD_OPT=1
192 - export NSS_USE_SYSTEM_SQLITE=1
193 - export NSDISTMODE=copy
194 - export FREEBL_NO_DEPEND=1
195 - export FREEBL_LOWHASH=1
196 - export NSS_SEED_ONLY_DEV_URANDOM=1
197 - export USE_SYSTEM_ZLIB=1
198 - export ZLIB_LIBS=-lz
199 - export ASFLAGS=""
200 - # Fix build failure on arm64
201 - export NS_USE_GCC=1
202 - # Detect compiler type and set proper environment value
203 - if tc-is-gcc; then
204 - export CC_IS_GCC=1
205 - elif tc-is-clang; then
206 - export CC_IS_CLANG=1
207 - fi
208 -
209 - # explicitly disable altivec/vsx if not requested
210 - # https://bugs.gentoo.org/789114
211 - case ${ARCH} in
212 - ppc*)
213 - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
214 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
215 - ;;
216 - esac
217 -
218 - local d
219 -
220 - # Build the host tools first.
221 - LDFLAGS="${BUILD_LDFLAGS}" \
222 - XCFLAGS="${BUILD_CFLAGS}" \
223 - NSPR_LIB_DIR="${T}/fakedir" \
224 - emake -j1 -C coreconf \
225 - CC="$(tc-getBUILD_CC)" \
226 - ${buildbits-${mybits}}
227 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
228 -
229 - # Then build the target tools.
230 - for d in . lib/dbm ; do
231 - CPPFLAGS="${myCPPFLAGS}" \
232 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
233 - NSPR_LIB_DIR="${T}/fakedir" \
234 - emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
235 - done
236 -}
237 -
238 -# Altering these 3 libraries breaks the CHK verification.
239 -# All of the following cause it to break:
240 -# - stripping
241 -# - prelink
242 -# - ELF signing
243 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
244 -# Either we have to NOT strip them, or we have to forcibly resign after
245 -# stripping.
246 -#local_libdir="$(get_libdir)"
247 -#export STRIP_MASK="
248 -# */${local_libdir}/libfreebl3.so*
249 -# */${local_libdir}/libnssdbm3.so*
250 -# */${local_libdir}/libsoftokn3.so*"
251 -
252 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
253 -
254 -generate_chk() {
255 - local shlibsign="$1"
256 - local libdir="$2"
257 - einfo "Resigning core NSS libraries for FIPS validation"
258 - shift 2
259 - local i
260 - for i in ${NSS_CHK_SIGN_LIBS} ; do
261 - local libname=lib${i}.so
262 - local chkname=lib${i}.chk
263 - "${shlibsign}" \
264 - -i "${libdir}"/${libname} \
265 - -o "${libdir}"/${chkname}.tmp \
266 - && mv -f \
267 - "${libdir}"/${chkname}.tmp \
268 - "${libdir}"/${chkname} \
269 - || die "Failed to sign ${libname}"
270 - done
271 -}
272 -
273 -cleanup_chk() {
274 - local libdir="$1"
275 - shift 1
276 - local i
277 - for i in ${NSS_CHK_SIGN_LIBS} ; do
278 - local libfname="${libdir}/lib${i}.so"
279 - # If the major version has changed, then we have old chk files.
280 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
281 - && rm -f "${libfname}.chk"
282 - done
283 -}
284 -
285 -multilib_src_install() {
286 - pushd dist >/dev/null || die
287 -
288 - dodir /usr/$(get_libdir)
289 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
290 - local i
291 - for i in crmf freebl nssb nssckfw ; do
292 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
293 - done
294 -
295 - # Install nss-config and pkgconfig file
296 - dodir /usr/bin
297 - cp -L */bin/nss-config "${ED}"/usr/bin || die
298 - dodir /usr/$(get_libdir)/pkgconfig
299 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
300 -
301 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
302 - # bug 517266
303 - sed -e 's#Libs:#Libs: -lfreebl#' \
304 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
305 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
306 - || die "could not create nss-softokn.pc"
307 -
308 - # all the include files
309 - insinto /usr/include/nss
310 - doins public/nss/*.{h,api}
311 - insinto /usr/include/nss/private
312 - doins private/nss/{blapi,alghmac,cmac}.h
313 -
314 - popd >/dev/null || die
315 -
316 - local f nssutils
317 - # Always enabled because we need it for chk generation.
318 - nssutils=( shlibsign )
319 -
320 - if multilib_is_native_abi ; then
321 - if use utils; then
322 - # The tests we do not need to install.
323 - #nssutils_test="bltest crmftest dbtest dertimetest
324 - #fipstest remtest sdrtest"
325 - # checkcert utils has been removed in nss-3.22:
326 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
327 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
328 - # certcgi has been removed in nss-3.36:
329 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
330 - nssutils+=(
331 - addbuiltin
332 - atob
333 - baddbdir
334 - btoa
335 - certutil
336 - cmsutil
337 - conflict
338 - crlutil
339 - derdump
340 - digest
341 - makepqg
342 - mangle
343 - modutil
344 - multinit
345 - nonspr10
346 - ocspclnt
347 - oidcalc
348 - p7content
349 - p7env
350 - p7sign
351 - p7verify
352 - pk11mode
353 - pk12util
354 - pp
355 - rsaperf
356 - selfserv
357 - signtool
358 - signver
359 - ssltap
360 - strsclnt
361 - symkeyutil
362 - tstclnt
363 - vfychain
364 - vfyserv
365 - )
366 - # install man-pages for utils (bug #516810)
367 - doman doc/nroff/*.1
368 - fi
369 - pushd dist/*/bin >/dev/null || die
370 - for f in ${nssutils[@]}; do
371 - dobin ${f}
372 - done
373 - popd >/dev/null || die
374 - fi
375 -
376 - # Prelink breaks the CHK files. We don't have any reliable way to run
377 - # shlibsign after prelink.
378 - dodir /etc/prelink.conf.d
379 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
380 - > "${ED}"/etc/prelink.conf.d/nss.conf
381 -}
382 -
383 -pkg_postinst() {
384 - multilib_pkg_postinst() {
385 - # We must re-sign the libraries AFTER they are stripped.
386 - local shlibsign="${EROOT}/usr/bin/shlibsign"
387 - # See if we can execute it (cross-compiling & such). #436216
388 - "${shlibsign}" -h >&/dev/null
389 - if [[ $? -gt 1 ]] ; then
390 - shlibsign="shlibsign"
391 - fi
392 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
393 - }
394 -
395 - multilib_foreach_abi multilib_pkg_postinst
396 -}
397 -
398 -pkg_postrm() {
399 - multilib_pkg_postrm() {
400 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
401 - }
402 -
403 - multilib_foreach_abi multilib_pkg_postrm
404 -}
405
406 diff --git a/dev-libs/nss/nss-3.72.1.ebuild b/dev-libs/nss/nss-3.72.1.ebuild
407 deleted file mode 100644
408 index 97adb106159f..000000000000
409 --- a/dev-libs/nss/nss-3.72.1.ebuild
410 +++ /dev/null
411 @@ -1,367 +0,0 @@
412 -# Copyright 1999-2021 Gentoo Authors
413 -# Distributed under the terms of the GNU General Public License v2
414 -
415 -EAPI=8
416 -
417 -inherit flag-o-matic multilib toolchain-funcs multilib-minimal
418 -
419 -NSPR_VER="4.32"
420 -RTM_NAME="NSS_${PV//./_}_RTM"
421 -
422 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
423 -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
424 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
425 - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
426 -
427 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
428 -SLOT="0"
429 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
430 -IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
431 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
432 -RDEPEND="
433 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
434 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
435 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
436 - virtual/pkgconfig
437 -"
438 -DEPEND="${RDEPEND}"
439 -BDEPEND="dev-lang/perl"
440 -
441 -RESTRICT="test"
442 -
443 -S="${WORKDIR}/${P}/${PN}"
444 -
445 -MULTILIB_CHOST_TOOLS=(
446 - /usr/bin/nss-config
447 -)
448 -
449 -PATCHES=(
450 - # Custom changes for gentoo
451 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
452 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
453 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
454 -)
455 -
456 -src_prepare() {
457 - default
458 -
459 - if use cacert ; then
460 - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
461 - fi
462 -
463 - pushd coreconf >/dev/null || die
464 - # hack nspr paths
465 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
466 - >> headers.mk || die "failed to append include"
467 -
468 - # modify install path
469 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
470 - -i source.mk || die
471 -
472 - # Respect LDFLAGS
473 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
474 - popd >/dev/null || die
475 -
476 - # Fix pkgconfig file for Prefix
477 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
478 - config/Makefile || die
479 -
480 - # use host shlibsign if need be #436216
481 - if tc-is-cross-compiler ; then
482 - sed -i \
483 - -e 's:"${2}"/shlibsign:shlibsign:' \
484 - cmd/shlibsign/sign.sh || die
485 - fi
486 -
487 - # dirty hack
488 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
489 - lib/ssl/config.mk || die
490 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
491 - cmd/platlibs.mk || die
492 -
493 - multilib_copy_sources
494 -
495 - strip-flags
496 -}
497 -
498 -multilib_src_configure() {
499 - # Ensure we stay multilib aware
500 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
501 -}
502 -
503 -nssarch() {
504 - # Most of the arches are the same as $ARCH
505 - local t=${1:-${CHOST}}
506 - case ${t} in
507 - *86*-pc-solaris2*) echo "i86pc" ;;
508 - aarch64*) echo "aarch64" ;;
509 - hppa*) echo "parisc" ;;
510 - i?86*) echo "i686" ;;
511 - x86_64*) echo "x86_64" ;;
512 - *) tc-arch ${t} ;;
513 - esac
514 -}
515 -
516 -nssbits() {
517 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
518 - if [[ ${1} == BUILD_ ]]; then
519 - cc=$(tc-getBUILD_CC)
520 - else
521 - cc=$(tc-getCC)
522 - fi
523 - echo > "${T}"/test.c || die
524 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
525 - case $(file "${T}/${1}test.o") in
526 - *32-bit*x86-64*) echo USE_X32=1;;
527 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
528 - *32-bit*|*ppc*|*i386*) ;;
529 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
530 - esac
531 -}
532 -
533 -multilib_src_compile() {
534 - # use ABI to determine bit'ness, or fallback if unset
535 - local buildbits mybits
536 - case "${ABI}" in
537 - n32) mybits="USE_N32=1";;
538 - x32) mybits="USE_X32=1";;
539 - s390x|*64) mybits="USE_64=1";;
540 - ${DEFAULT_ABI})
541 - einfo "Running compilation test to determine bit'ness"
542 - mybits=$(nssbits)
543 - ;;
544 - esac
545 - # bitness of host may differ from target
546 - if tc-is-cross-compiler; then
547 - buildbits=$(nssbits BUILD_)
548 - fi
549 -
550 - local makeargs=(
551 - CC="$(tc-getCC)"
552 - CCC="$(tc-getCXX)"
553 - AR="$(tc-getAR) rc \$@"
554 - RANLIB="$(tc-getRANLIB)"
555 - OPTIMIZER=
556 - ${mybits}
557 - )
558 -
559 - # Take care of nspr settings #436216
560 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
561 - unset NSPR_INCLUDE_DIR
562 -
563 - export NSS_ALLOW_SSLKEYLOGFILE=1
564 - export NSS_ENABLE_WERROR=0 #567158
565 - export BUILD_OPT=1
566 - export NSS_USE_SYSTEM_SQLITE=1
567 - export NSDISTMODE=copy
568 - export FREEBL_NO_DEPEND=1
569 - export FREEBL_LOWHASH=1
570 - export NSS_SEED_ONLY_DEV_URANDOM=1
571 - export USE_SYSTEM_ZLIB=1
572 - export ZLIB_LIBS=-lz
573 - export ASFLAGS=""
574 - # Fix build failure on arm64
575 - export NS_USE_GCC=1
576 - # Detect compiler type and set proper environment value
577 - if tc-is-gcc; then
578 - export CC_IS_GCC=1
579 - elif tc-is-clang; then
580 - export CC_IS_CLANG=1
581 - fi
582 -
583 - # explicitly disable altivec/vsx if not requested
584 - # https://bugs.gentoo.org/789114
585 - case ${ARCH} in
586 - ppc*)
587 - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
588 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
589 - ;;
590 - esac
591 -
592 - local d
593 -
594 - # Build the host tools first.
595 - LDFLAGS="${BUILD_LDFLAGS}" \
596 - XCFLAGS="${BUILD_CFLAGS}" \
597 - NSPR_LIB_DIR="${T}/fakedir" \
598 - emake -j1 -C coreconf \
599 - CC="$(tc-getBUILD_CC)" \
600 - ${buildbits-${mybits}}
601 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
602 -
603 - # Then build the target tools.
604 - for d in . lib/dbm ; do
605 - CPPFLAGS="${myCPPFLAGS}" \
606 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
607 - NSPR_LIB_DIR="${T}/fakedir" \
608 - emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
609 - done
610 -}
611 -
612 -# Altering these 3 libraries breaks the CHK verification.
613 -# All of the following cause it to break:
614 -# - stripping
615 -# - prelink
616 -# - ELF signing
617 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
618 -# Either we have to NOT strip them, or we have to forcibly resign after
619 -# stripping.
620 -#local_libdir="$(get_libdir)"
621 -#export STRIP_MASK="
622 -# */${local_libdir}/libfreebl3.so*
623 -# */${local_libdir}/libnssdbm3.so*
624 -# */${local_libdir}/libsoftokn3.so*"
625 -
626 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
627 -
628 -generate_chk() {
629 - local shlibsign="$1"
630 - local libdir="$2"
631 - einfo "Resigning core NSS libraries for FIPS validation"
632 - shift 2
633 - local i
634 - for i in ${NSS_CHK_SIGN_LIBS} ; do
635 - local libname=lib${i}.so
636 - local chkname=lib${i}.chk
637 - "${shlibsign}" \
638 - -i "${libdir}"/${libname} \
639 - -o "${libdir}"/${chkname}.tmp \
640 - && mv -f \
641 - "${libdir}"/${chkname}.tmp \
642 - "${libdir}"/${chkname} \
643 - || die "Failed to sign ${libname}"
644 - done
645 -}
646 -
647 -cleanup_chk() {
648 - local libdir="$1"
649 - shift 1
650 - local i
651 - for i in ${NSS_CHK_SIGN_LIBS} ; do
652 - local libfname="${libdir}/lib${i}.so"
653 - # If the major version has changed, then we have old chk files.
654 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
655 - && rm -f "${libfname}.chk"
656 - done
657 -}
658 -
659 -multilib_src_install() {
660 - pushd dist >/dev/null || die
661 -
662 - dodir /usr/$(get_libdir)
663 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
664 - local i
665 - for i in crmf freebl nssb nssckfw ; do
666 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
667 - done
668 -
669 - # Install nss-config and pkgconfig file
670 - dodir /usr/bin
671 - cp -L */bin/nss-config "${ED}"/usr/bin || die
672 - dodir /usr/$(get_libdir)/pkgconfig
673 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
674 -
675 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
676 - # bug 517266
677 - sed -e 's#Libs:#Libs: -lfreebl#' \
678 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
679 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
680 - || die "could not create nss-softokn.pc"
681 -
682 - # all the include files
683 - insinto /usr/include/nss
684 - doins public/nss/*.{h,api}
685 - insinto /usr/include/nss/private
686 - doins private/nss/{blapi,alghmac,cmac}.h
687 -
688 - popd >/dev/null || die
689 -
690 - local f nssutils
691 - # Always enabled because we need it for chk generation.
692 - nssutils=( shlibsign )
693 -
694 - if multilib_is_native_abi ; then
695 - if use utils; then
696 - # The tests we do not need to install.
697 - #nssutils_test="bltest crmftest dbtest dertimetest
698 - #fipstest remtest sdrtest"
699 - # checkcert utils has been removed in nss-3.22:
700 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
701 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
702 - # certcgi has been removed in nss-3.36:
703 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
704 - nssutils+=(
705 - addbuiltin
706 - atob
707 - baddbdir
708 - btoa
709 - certutil
710 - cmsutil
711 - conflict
712 - crlutil
713 - derdump
714 - digest
715 - makepqg
716 - mangle
717 - modutil
718 - multinit
719 - nonspr10
720 - ocspclnt
721 - oidcalc
722 - p7content
723 - p7env
724 - p7sign
725 - p7verify
726 - pk11mode
727 - pk12util
728 - pp
729 - rsaperf
730 - selfserv
731 - signtool
732 - signver
733 - ssltap
734 - strsclnt
735 - symkeyutil
736 - tstclnt
737 - vfychain
738 - vfyserv
739 - )
740 - # install man-pages for utils (bug #516810)
741 - doman doc/nroff/*.1
742 - fi
743 - pushd dist/*/bin >/dev/null || die
744 - for f in ${nssutils[@]}; do
745 - dobin ${f}
746 - done
747 - popd >/dev/null || die
748 - fi
749 -
750 - # Prelink breaks the CHK files. We don't have any reliable way to run
751 - # shlibsign after prelink.
752 - dodir /etc/prelink.conf.d
753 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
754 - > "${ED}"/etc/prelink.conf.d/nss.conf
755 -}
756 -
757 -pkg_postinst() {
758 - multilib_pkg_postinst() {
759 - # We must re-sign the libraries AFTER they are stripped.
760 - local shlibsign="${EROOT}/usr/bin/shlibsign"
761 - # See if we can execute it (cross-compiling & such). #436216
762 - "${shlibsign}" -h >&/dev/null
763 - if [[ $? -gt 1 ]] ; then
764 - shlibsign="shlibsign"
765 - fi
766 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
767 - }
768 -
769 - multilib_foreach_abi multilib_pkg_postinst
770 -}
771 -
772 -pkg_postrm() {
773 - multilib_pkg_postrm() {
774 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
775 - }
776 -
777 - multilib_foreach_abi multilib_pkg_postrm
778 -}
779
780 diff --git a/dev-libs/nss/nss-3.72.ebuild b/dev-libs/nss/nss-3.72.ebuild
781 deleted file mode 100644
782 index 97adb106159f..000000000000
783 --- a/dev-libs/nss/nss-3.72.ebuild
784 +++ /dev/null
785 @@ -1,367 +0,0 @@
786 -# Copyright 1999-2021 Gentoo Authors
787 -# Distributed under the terms of the GNU General Public License v2
788 -
789 -EAPI=8
790 -
791 -inherit flag-o-matic multilib toolchain-funcs multilib-minimal
792 -
793 -NSPR_VER="4.32"
794 -RTM_NAME="NSS_${PV//./_}_RTM"
795 -
796 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
797 -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
798 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
799 - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
800 -
801 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
802 -SLOT="0"
803 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
804 -IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
805 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
806 -RDEPEND="
807 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
808 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
809 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
810 - virtual/pkgconfig
811 -"
812 -DEPEND="${RDEPEND}"
813 -BDEPEND="dev-lang/perl"
814 -
815 -RESTRICT="test"
816 -
817 -S="${WORKDIR}/${P}/${PN}"
818 -
819 -MULTILIB_CHOST_TOOLS=(
820 - /usr/bin/nss-config
821 -)
822 -
823 -PATCHES=(
824 - # Custom changes for gentoo
825 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
826 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
827 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
828 -)
829 -
830 -src_prepare() {
831 - default
832 -
833 - if use cacert ; then
834 - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
835 - fi
836 -
837 - pushd coreconf >/dev/null || die
838 - # hack nspr paths
839 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
840 - >> headers.mk || die "failed to append include"
841 -
842 - # modify install path
843 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
844 - -i source.mk || die
845 -
846 - # Respect LDFLAGS
847 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
848 - popd >/dev/null || die
849 -
850 - # Fix pkgconfig file for Prefix
851 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
852 - config/Makefile || die
853 -
854 - # use host shlibsign if need be #436216
855 - if tc-is-cross-compiler ; then
856 - sed -i \
857 - -e 's:"${2}"/shlibsign:shlibsign:' \
858 - cmd/shlibsign/sign.sh || die
859 - fi
860 -
861 - # dirty hack
862 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
863 - lib/ssl/config.mk || die
864 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
865 - cmd/platlibs.mk || die
866 -
867 - multilib_copy_sources
868 -
869 - strip-flags
870 -}
871 -
872 -multilib_src_configure() {
873 - # Ensure we stay multilib aware
874 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
875 -}
876 -
877 -nssarch() {
878 - # Most of the arches are the same as $ARCH
879 - local t=${1:-${CHOST}}
880 - case ${t} in
881 - *86*-pc-solaris2*) echo "i86pc" ;;
882 - aarch64*) echo "aarch64" ;;
883 - hppa*) echo "parisc" ;;
884 - i?86*) echo "i686" ;;
885 - x86_64*) echo "x86_64" ;;
886 - *) tc-arch ${t} ;;
887 - esac
888 -}
889 -
890 -nssbits() {
891 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
892 - if [[ ${1} == BUILD_ ]]; then
893 - cc=$(tc-getBUILD_CC)
894 - else
895 - cc=$(tc-getCC)
896 - fi
897 - echo > "${T}"/test.c || die
898 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
899 - case $(file "${T}/${1}test.o") in
900 - *32-bit*x86-64*) echo USE_X32=1;;
901 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
902 - *32-bit*|*ppc*|*i386*) ;;
903 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
904 - esac
905 -}
906 -
907 -multilib_src_compile() {
908 - # use ABI to determine bit'ness, or fallback if unset
909 - local buildbits mybits
910 - case "${ABI}" in
911 - n32) mybits="USE_N32=1";;
912 - x32) mybits="USE_X32=1";;
913 - s390x|*64) mybits="USE_64=1";;
914 - ${DEFAULT_ABI})
915 - einfo "Running compilation test to determine bit'ness"
916 - mybits=$(nssbits)
917 - ;;
918 - esac
919 - # bitness of host may differ from target
920 - if tc-is-cross-compiler; then
921 - buildbits=$(nssbits BUILD_)
922 - fi
923 -
924 - local makeargs=(
925 - CC="$(tc-getCC)"
926 - CCC="$(tc-getCXX)"
927 - AR="$(tc-getAR) rc \$@"
928 - RANLIB="$(tc-getRANLIB)"
929 - OPTIMIZER=
930 - ${mybits}
931 - )
932 -
933 - # Take care of nspr settings #436216
934 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
935 - unset NSPR_INCLUDE_DIR
936 -
937 - export NSS_ALLOW_SSLKEYLOGFILE=1
938 - export NSS_ENABLE_WERROR=0 #567158
939 - export BUILD_OPT=1
940 - export NSS_USE_SYSTEM_SQLITE=1
941 - export NSDISTMODE=copy
942 - export FREEBL_NO_DEPEND=1
943 - export FREEBL_LOWHASH=1
944 - export NSS_SEED_ONLY_DEV_URANDOM=1
945 - export USE_SYSTEM_ZLIB=1
946 - export ZLIB_LIBS=-lz
947 - export ASFLAGS=""
948 - # Fix build failure on arm64
949 - export NS_USE_GCC=1
950 - # Detect compiler type and set proper environment value
951 - if tc-is-gcc; then
952 - export CC_IS_GCC=1
953 - elif tc-is-clang; then
954 - export CC_IS_CLANG=1
955 - fi
956 -
957 - # explicitly disable altivec/vsx if not requested
958 - # https://bugs.gentoo.org/789114
959 - case ${ARCH} in
960 - ppc*)
961 - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
962 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
963 - ;;
964 - esac
965 -
966 - local d
967 -
968 - # Build the host tools first.
969 - LDFLAGS="${BUILD_LDFLAGS}" \
970 - XCFLAGS="${BUILD_CFLAGS}" \
971 - NSPR_LIB_DIR="${T}/fakedir" \
972 - emake -j1 -C coreconf \
973 - CC="$(tc-getBUILD_CC)" \
974 - ${buildbits-${mybits}}
975 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
976 -
977 - # Then build the target tools.
978 - for d in . lib/dbm ; do
979 - CPPFLAGS="${myCPPFLAGS}" \
980 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
981 - NSPR_LIB_DIR="${T}/fakedir" \
982 - emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
983 - done
984 -}
985 -
986 -# Altering these 3 libraries breaks the CHK verification.
987 -# All of the following cause it to break:
988 -# - stripping
989 -# - prelink
990 -# - ELF signing
991 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
992 -# Either we have to NOT strip them, or we have to forcibly resign after
993 -# stripping.
994 -#local_libdir="$(get_libdir)"
995 -#export STRIP_MASK="
996 -# */${local_libdir}/libfreebl3.so*
997 -# */${local_libdir}/libnssdbm3.so*
998 -# */${local_libdir}/libsoftokn3.so*"
999 -
1000 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
1001 -
1002 -generate_chk() {
1003 - local shlibsign="$1"
1004 - local libdir="$2"
1005 - einfo "Resigning core NSS libraries for FIPS validation"
1006 - shift 2
1007 - local i
1008 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1009 - local libname=lib${i}.so
1010 - local chkname=lib${i}.chk
1011 - "${shlibsign}" \
1012 - -i "${libdir}"/${libname} \
1013 - -o "${libdir}"/${chkname}.tmp \
1014 - && mv -f \
1015 - "${libdir}"/${chkname}.tmp \
1016 - "${libdir}"/${chkname} \
1017 - || die "Failed to sign ${libname}"
1018 - done
1019 -}
1020 -
1021 -cleanup_chk() {
1022 - local libdir="$1"
1023 - shift 1
1024 - local i
1025 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1026 - local libfname="${libdir}/lib${i}.so"
1027 - # If the major version has changed, then we have old chk files.
1028 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
1029 - && rm -f "${libfname}.chk"
1030 - done
1031 -}
1032 -
1033 -multilib_src_install() {
1034 - pushd dist >/dev/null || die
1035 -
1036 - dodir /usr/$(get_libdir)
1037 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
1038 - local i
1039 - for i in crmf freebl nssb nssckfw ; do
1040 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
1041 - done
1042 -
1043 - # Install nss-config and pkgconfig file
1044 - dodir /usr/bin
1045 - cp -L */bin/nss-config "${ED}"/usr/bin || die
1046 - dodir /usr/$(get_libdir)/pkgconfig
1047 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
1048 -
1049 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
1050 - # bug 517266
1051 - sed -e 's#Libs:#Libs: -lfreebl#' \
1052 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
1053 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
1054 - || die "could not create nss-softokn.pc"
1055 -
1056 - # all the include files
1057 - insinto /usr/include/nss
1058 - doins public/nss/*.{h,api}
1059 - insinto /usr/include/nss/private
1060 - doins private/nss/{blapi,alghmac,cmac}.h
1061 -
1062 - popd >/dev/null || die
1063 -
1064 - local f nssutils
1065 - # Always enabled because we need it for chk generation.
1066 - nssutils=( shlibsign )
1067 -
1068 - if multilib_is_native_abi ; then
1069 - if use utils; then
1070 - # The tests we do not need to install.
1071 - #nssutils_test="bltest crmftest dbtest dertimetest
1072 - #fipstest remtest sdrtest"
1073 - # checkcert utils has been removed in nss-3.22:
1074 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
1075 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
1076 - # certcgi has been removed in nss-3.36:
1077 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
1078 - nssutils+=(
1079 - addbuiltin
1080 - atob
1081 - baddbdir
1082 - btoa
1083 - certutil
1084 - cmsutil
1085 - conflict
1086 - crlutil
1087 - derdump
1088 - digest
1089 - makepqg
1090 - mangle
1091 - modutil
1092 - multinit
1093 - nonspr10
1094 - ocspclnt
1095 - oidcalc
1096 - p7content
1097 - p7env
1098 - p7sign
1099 - p7verify
1100 - pk11mode
1101 - pk12util
1102 - pp
1103 - rsaperf
1104 - selfserv
1105 - signtool
1106 - signver
1107 - ssltap
1108 - strsclnt
1109 - symkeyutil
1110 - tstclnt
1111 - vfychain
1112 - vfyserv
1113 - )
1114 - # install man-pages for utils (bug #516810)
1115 - doman doc/nroff/*.1
1116 - fi
1117 - pushd dist/*/bin >/dev/null || die
1118 - for f in ${nssutils[@]}; do
1119 - dobin ${f}
1120 - done
1121 - popd >/dev/null || die
1122 - fi
1123 -
1124 - # Prelink breaks the CHK files. We don't have any reliable way to run
1125 - # shlibsign after prelink.
1126 - dodir /etc/prelink.conf.d
1127 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
1128 - > "${ED}"/etc/prelink.conf.d/nss.conf
1129 -}
1130 -
1131 -pkg_postinst() {
1132 - multilib_pkg_postinst() {
1133 - # We must re-sign the libraries AFTER they are stripped.
1134 - local shlibsign="${EROOT}/usr/bin/shlibsign"
1135 - # See if we can execute it (cross-compiling & such). #436216
1136 - "${shlibsign}" -h >&/dev/null
1137 - if [[ $? -gt 1 ]] ; then
1138 - shlibsign="shlibsign"
1139 - fi
1140 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1141 - }
1142 -
1143 - multilib_foreach_abi multilib_pkg_postinst
1144 -}
1145 -
1146 -pkg_postrm() {
1147 - multilib_pkg_postrm() {
1148 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1149 - }
1150 -
1151 - multilib_foreach_abi multilib_pkg_postrm
1152 -}
1153
1154 diff --git a/dev-libs/nss/nss-3.73.ebuild b/dev-libs/nss/nss-3.73.ebuild
1155 deleted file mode 100644
1156 index 97adb106159f..000000000000
1157 --- a/dev-libs/nss/nss-3.73.ebuild
1158 +++ /dev/null
1159 @@ -1,367 +0,0 @@
1160 -# Copyright 1999-2021 Gentoo Authors
1161 -# Distributed under the terms of the GNU General Public License v2
1162 -
1163 -EAPI=8
1164 -
1165 -inherit flag-o-matic multilib toolchain-funcs multilib-minimal
1166 -
1167 -NSPR_VER="4.32"
1168 -RTM_NAME="NSS_${PV//./_}_RTM"
1169 -
1170 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
1171 -HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
1172 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
1173 - cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
1174 -
1175 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
1176 -SLOT="0"
1177 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
1178 -IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
1179 -# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
1180 -RDEPEND="
1181 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
1182 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
1183 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
1184 - virtual/pkgconfig
1185 -"
1186 -DEPEND="${RDEPEND}"
1187 -BDEPEND="dev-lang/perl"
1188 -
1189 -RESTRICT="test"
1190 -
1191 -S="${WORKDIR}/${P}/${PN}"
1192 -
1193 -MULTILIB_CHOST_TOOLS=(
1194 - /usr/bin/nss-config
1195 -)
1196 -
1197 -PATCHES=(
1198 - # Custom changes for gentoo
1199 - "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
1200 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
1201 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
1202 -)
1203 -
1204 -src_prepare() {
1205 - default
1206 -
1207 - if use cacert ; then
1208 - eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
1209 - fi
1210 -
1211 - pushd coreconf >/dev/null || die
1212 - # hack nspr paths
1213 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
1214 - >> headers.mk || die "failed to append include"
1215 -
1216 - # modify install path
1217 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
1218 - -i source.mk || die
1219 -
1220 - # Respect LDFLAGS
1221 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
1222 - popd >/dev/null || die
1223 -
1224 - # Fix pkgconfig file for Prefix
1225 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
1226 - config/Makefile || die
1227 -
1228 - # use host shlibsign if need be #436216
1229 - if tc-is-cross-compiler ; then
1230 - sed -i \
1231 - -e 's:"${2}"/shlibsign:shlibsign:' \
1232 - cmd/shlibsign/sign.sh || die
1233 - fi
1234 -
1235 - # dirty hack
1236 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
1237 - lib/ssl/config.mk || die
1238 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
1239 - cmd/platlibs.mk || die
1240 -
1241 - multilib_copy_sources
1242 -
1243 - strip-flags
1244 -}
1245 -
1246 -multilib_src_configure() {
1247 - # Ensure we stay multilib aware
1248 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
1249 -}
1250 -
1251 -nssarch() {
1252 - # Most of the arches are the same as $ARCH
1253 - local t=${1:-${CHOST}}
1254 - case ${t} in
1255 - *86*-pc-solaris2*) echo "i86pc" ;;
1256 - aarch64*) echo "aarch64" ;;
1257 - hppa*) echo "parisc" ;;
1258 - i?86*) echo "i686" ;;
1259 - x86_64*) echo "x86_64" ;;
1260 - *) tc-arch ${t} ;;
1261 - esac
1262 -}
1263 -
1264 -nssbits() {
1265 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
1266 - if [[ ${1} == BUILD_ ]]; then
1267 - cc=$(tc-getBUILD_CC)
1268 - else
1269 - cc=$(tc-getCC)
1270 - fi
1271 - echo > "${T}"/test.c || die
1272 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
1273 - case $(file "${T}/${1}test.o") in
1274 - *32-bit*x86-64*) echo USE_X32=1;;
1275 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
1276 - *32-bit*|*ppc*|*i386*) ;;
1277 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
1278 - esac
1279 -}
1280 -
1281 -multilib_src_compile() {
1282 - # use ABI to determine bit'ness, or fallback if unset
1283 - local buildbits mybits
1284 - case "${ABI}" in
1285 - n32) mybits="USE_N32=1";;
1286 - x32) mybits="USE_X32=1";;
1287 - s390x|*64) mybits="USE_64=1";;
1288 - ${DEFAULT_ABI})
1289 - einfo "Running compilation test to determine bit'ness"
1290 - mybits=$(nssbits)
1291 - ;;
1292 - esac
1293 - # bitness of host may differ from target
1294 - if tc-is-cross-compiler; then
1295 - buildbits=$(nssbits BUILD_)
1296 - fi
1297 -
1298 - local makeargs=(
1299 - CC="$(tc-getCC)"
1300 - CCC="$(tc-getCXX)"
1301 - AR="$(tc-getAR) rc \$@"
1302 - RANLIB="$(tc-getRANLIB)"
1303 - OPTIMIZER=
1304 - ${mybits}
1305 - )
1306 -
1307 - # Take care of nspr settings #436216
1308 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
1309 - unset NSPR_INCLUDE_DIR
1310 -
1311 - export NSS_ALLOW_SSLKEYLOGFILE=1
1312 - export NSS_ENABLE_WERROR=0 #567158
1313 - export BUILD_OPT=1
1314 - export NSS_USE_SYSTEM_SQLITE=1
1315 - export NSDISTMODE=copy
1316 - export FREEBL_NO_DEPEND=1
1317 - export FREEBL_LOWHASH=1
1318 - export NSS_SEED_ONLY_DEV_URANDOM=1
1319 - export USE_SYSTEM_ZLIB=1
1320 - export ZLIB_LIBS=-lz
1321 - export ASFLAGS=""
1322 - # Fix build failure on arm64
1323 - export NS_USE_GCC=1
1324 - # Detect compiler type and set proper environment value
1325 - if tc-is-gcc; then
1326 - export CC_IS_GCC=1
1327 - elif tc-is-clang; then
1328 - export CC_IS_CLANG=1
1329 - fi
1330 -
1331 - # explicitly disable altivec/vsx if not requested
1332 - # https://bugs.gentoo.org/789114
1333 - case ${ARCH} in
1334 - ppc*)
1335 - use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
1336 - use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
1337 - ;;
1338 - esac
1339 -
1340 - local d
1341 -
1342 - # Build the host tools first.
1343 - LDFLAGS="${BUILD_LDFLAGS}" \
1344 - XCFLAGS="${BUILD_CFLAGS}" \
1345 - NSPR_LIB_DIR="${T}/fakedir" \
1346 - emake -j1 -C coreconf \
1347 - CC="$(tc-getBUILD_CC)" \
1348 - ${buildbits-${mybits}}
1349 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
1350 -
1351 - # Then build the target tools.
1352 - for d in . lib/dbm ; do
1353 - CPPFLAGS="${myCPPFLAGS}" \
1354 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
1355 - NSPR_LIB_DIR="${T}/fakedir" \
1356 - emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
1357 - done
1358 -}
1359 -
1360 -# Altering these 3 libraries breaks the CHK verification.
1361 -# All of the following cause it to break:
1362 -# - stripping
1363 -# - prelink
1364 -# - ELF signing
1365 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
1366 -# Either we have to NOT strip them, or we have to forcibly resign after
1367 -# stripping.
1368 -#local_libdir="$(get_libdir)"
1369 -#export STRIP_MASK="
1370 -# */${local_libdir}/libfreebl3.so*
1371 -# */${local_libdir}/libnssdbm3.so*
1372 -# */${local_libdir}/libsoftokn3.so*"
1373 -
1374 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
1375 -
1376 -generate_chk() {
1377 - local shlibsign="$1"
1378 - local libdir="$2"
1379 - einfo "Resigning core NSS libraries for FIPS validation"
1380 - shift 2
1381 - local i
1382 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1383 - local libname=lib${i}.so
1384 - local chkname=lib${i}.chk
1385 - "${shlibsign}" \
1386 - -i "${libdir}"/${libname} \
1387 - -o "${libdir}"/${chkname}.tmp \
1388 - && mv -f \
1389 - "${libdir}"/${chkname}.tmp \
1390 - "${libdir}"/${chkname} \
1391 - || die "Failed to sign ${libname}"
1392 - done
1393 -}
1394 -
1395 -cleanup_chk() {
1396 - local libdir="$1"
1397 - shift 1
1398 - local i
1399 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1400 - local libfname="${libdir}/lib${i}.so"
1401 - # If the major version has changed, then we have old chk files.
1402 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
1403 - && rm -f "${libfname}.chk"
1404 - done
1405 -}
1406 -
1407 -multilib_src_install() {
1408 - pushd dist >/dev/null || die
1409 -
1410 - dodir /usr/$(get_libdir)
1411 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
1412 - local i
1413 - for i in crmf freebl nssb nssckfw ; do
1414 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
1415 - done
1416 -
1417 - # Install nss-config and pkgconfig file
1418 - dodir /usr/bin
1419 - cp -L */bin/nss-config "${ED}"/usr/bin || die
1420 - dodir /usr/$(get_libdir)/pkgconfig
1421 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
1422 -
1423 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
1424 - # bug 517266
1425 - sed -e 's#Libs:#Libs: -lfreebl#' \
1426 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
1427 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
1428 - || die "could not create nss-softokn.pc"
1429 -
1430 - # all the include files
1431 - insinto /usr/include/nss
1432 - doins public/nss/*.{h,api}
1433 - insinto /usr/include/nss/private
1434 - doins private/nss/{blapi,alghmac,cmac}.h
1435 -
1436 - popd >/dev/null || die
1437 -
1438 - local f nssutils
1439 - # Always enabled because we need it for chk generation.
1440 - nssutils=( shlibsign )
1441 -
1442 - if multilib_is_native_abi ; then
1443 - if use utils; then
1444 - # The tests we do not need to install.
1445 - #nssutils_test="bltest crmftest dbtest dertimetest
1446 - #fipstest remtest sdrtest"
1447 - # checkcert utils has been removed in nss-3.22:
1448 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
1449 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
1450 - # certcgi has been removed in nss-3.36:
1451 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
1452 - nssutils+=(
1453 - addbuiltin
1454 - atob
1455 - baddbdir
1456 - btoa
1457 - certutil
1458 - cmsutil
1459 - conflict
1460 - crlutil
1461 - derdump
1462 - digest
1463 - makepqg
1464 - mangle
1465 - modutil
1466 - multinit
1467 - nonspr10
1468 - ocspclnt
1469 - oidcalc
1470 - p7content
1471 - p7env
1472 - p7sign
1473 - p7verify
1474 - pk11mode
1475 - pk12util
1476 - pp
1477 - rsaperf
1478 - selfserv
1479 - signtool
1480 - signver
1481 - ssltap
1482 - strsclnt
1483 - symkeyutil
1484 - tstclnt
1485 - vfychain
1486 - vfyserv
1487 - )
1488 - # install man-pages for utils (bug #516810)
1489 - doman doc/nroff/*.1
1490 - fi
1491 - pushd dist/*/bin >/dev/null || die
1492 - for f in ${nssutils[@]}; do
1493 - dobin ${f}
1494 - done
1495 - popd >/dev/null || die
1496 - fi
1497 -
1498 - # Prelink breaks the CHK files. We don't have any reliable way to run
1499 - # shlibsign after prelink.
1500 - dodir /etc/prelink.conf.d
1501 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
1502 - > "${ED}"/etc/prelink.conf.d/nss.conf
1503 -}
1504 -
1505 -pkg_postinst() {
1506 - multilib_pkg_postinst() {
1507 - # We must re-sign the libraries AFTER they are stripped.
1508 - local shlibsign="${EROOT}/usr/bin/shlibsign"
1509 - # See if we can execute it (cross-compiling & such). #436216
1510 - "${shlibsign}" -h >&/dev/null
1511 - if [[ $? -gt 1 ]] ; then
1512 - shlibsign="shlibsign"
1513 - fi
1514 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1515 - }
1516 -
1517 - multilib_foreach_abi multilib_pkg_postinst
1518 -}
1519 -
1520 -pkg_postrm() {
1521 - multilib_pkg_postrm() {
1522 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1523 - }
1524 -
1525 - multilib_foreach_abi multilib_pkg_postrm
1526 -}
Report Message
Find on MARC Find on Google Groups