Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Mike Frysinger (vapier)" <vapier@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/nss: metadata.xml nss-3.15.4-r1.ebuild ChangeLog
Date: Sat, 01 Feb 2014 04:57:09
Message-Id: 20140201045706.2F3A62004C@flycatcher.gentoo.org
1 vapier 14/02/01 04:57:06
2
3 Modified: metadata.xml ChangeLog
4 Added: nss-3.15.4-r1.ebuild
5 Log:
6 Put cacert.org root certs behind USE=cacert, and rework the nss-pem support and put that behind USE=nss-pem.
7
8 (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
9
10 Revision Changes Path
11 1.7 dev-libs/nss/metadata.xml
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/metadata.xml?rev=1.7&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/metadata.xml?rev=1.7&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/metadata.xml?r1=1.6&r2=1.7
16
17 Index: metadata.xml
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/metadata.xml,v
20 retrieving revision 1.6
21 retrieving revision 1.7
22 diff -u -r1.6 -r1.7
23 --- metadata.xml 9 Jun 2013 22:57:43 -0000 1.6
24 +++ metadata.xml 1 Feb 2014 04:57:05 -0000 1.7
25 @@ -3,6 +3,8 @@
26 <pkgmetadata>
27 <herd>mozilla</herd>
28 <use>
29 + <flag name='cacert'>Include CAcert root certificates (http://http://www.cacert.org/)</flag>
30 + <flag name='nss-pem'>Add support for libnsspem</flag>
31 <flag name='utils'>Install utilities included with the library</flag>
32 </use>
33 <upstream>
34
35
36
37 1.350 dev-libs/nss/ChangeLog
38
39 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.350&view=markup
40 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.350&content-type=text/plain
41 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.349&r2=1.350
42
43 Index: ChangeLog
44 ===================================================================
45 RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v
46 retrieving revision 1.349
47 retrieving revision 1.350
48 diff -u -r1.349 -r1.350
49 --- ChangeLog 1 Feb 2014 03:41:20 -0000 1.349
50 +++ ChangeLog 1 Feb 2014 04:57:05 -0000 1.350
51 @@ -1,6 +1,13 @@
52 # ChangeLog for dev-libs/nss
53 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
54 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.349 2014/02/01 03:41:20 vapier Exp $
55 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.350 2014/02/01 04:57:05 vapier Exp $
56 +
57 +*nss-3.15.4-r1 (01 Feb 2014)
58 +
59 + 01 Feb 2014; Mike Frysinger <vapier@g.o>
60 + +files/nss-3.15.4-enable-pem.patch, +nss-3.15.4-r1.ebuild, metadata.xml:
61 + Put cacert.org root certs behind USE=cacert, and rework the nss-pem support
62 + and put that behind USE=nss-pem.
63
64 01 Feb 2014; Mike Frysinger <vapier@g.o> nss-3.15.4.ebuild:
65 Keep lists of patches together.
66
67
68
69 1.1 dev-libs/nss/nss-3.15.4-r1.ebuild
70
71 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.15.4-r1.ebuild?rev=1.1&view=markup
72 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.15.4-r1.ebuild?rev=1.1&content-type=text/plain
73
74 Index: nss-3.15.4-r1.ebuild
75 ===================================================================
76 # Copyright 1999-2014 Gentoo Foundation
77 # Distributed under the terms of the GNU General Public License v2
78 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.15.4-r1.ebuild,v 1.1 2014/02/01 04:57:05 vapier Exp $
79
80 EAPI=5
81 inherit eutils flag-o-matic multilib toolchain-funcs
82
83 NSPR_VER="4.10"
84 RTM_NAME="NSS_${PV//./_}_RTM"
85 # Rev of https://git.fedorahosted.org/cgit/nss-pem.git
86 PEM_GIT_REV="3ade37c5c4ca5a6094e3f4b2e4591405db1867dd"
87 PEM_P="${PN}-pem-${PEM_GIT_REV}"
88
89 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
90 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
91 SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
92 cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
93 nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
94
95 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
96 SLOT="0"
97 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
98 IUSE="+cacert +nss-pem utils"
99
100 DEPEND="virtual/pkgconfig
101 >=dev-libs/nspr-${NSPR_VER}"
102 RDEPEND=">=dev-libs/nspr-${NSPR_VER}
103 >=dev-db/sqlite-3.5
104 sys-libs/zlib"
105
106 RESTRICT="test"
107
108 S="${WORKDIR}/${P}/${PN}"
109
110 src_setup() {
111 export LC_ALL="C"
112 }
113
114 src_unpack() {
115 unpack ${A}
116 if use nss-pem ; then
117 mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
118 fi
119 }
120
121 src_prepare() {
122 # Custom changes for gentoo
123 epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
124 epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
125 use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
126 use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
127 epatch "${FILESDIR}/${PN}-3.15-x32.patch"
128 epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
129 cd coreconf
130 # hack nspr paths
131 echo 'INCLUDES += -I$(DIST)/include/dbm' \
132 >> headers.mk || die "failed to append include"
133
134 # modify install path
135 sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
136 -i source.mk
137
138 # Respect LDFLAGS
139 sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
140
141 # Ensure we stay multilib aware
142 sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile
143
144 # Fix pkgconfig file for Prefix
145 sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
146 "${S}"/config/Makefile
147
148 # use host shlibsign if need be #436216
149 if tc-is-cross-compiler ; then
150 sed -i \
151 -e 's:"${2}"/shlibsign:shlibsign:' \
152 "${S}"/cmd/shlibsign/sign.sh
153 fi
154
155 # dirty hack
156 cd "${S}"
157 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
158 lib/ssl/config.mk
159 sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
160 cmd/platlibs.mk
161 }
162
163 nssarch() {
164 # Most of the arches are the same as $ARCH
165 local t=${1:-${CHOST}}
166 case ${t} in
167 aarch64*)echo "aarch64";;
168 hppa*) echo "parisc";;
169 i?86*) echo "i686";;
170 x86_64*) echo "x86_64";;
171 *) tc-arch ${t};;
172 esac
173 }
174
175 nssbits() {
176 local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
177 echo > "${T}"/test.c || die
178 ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die
179 case $(file "${T}"/test.o) in
180 *32-bit*x86-64*) echo USE_x32=1;;
181 *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
182 *32-bit*|*ppc*|*i386*) ;;
183 *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";;
184 esac
185 }
186
187 src_compile() {
188 strip-flags
189
190 tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG}
191 local makeargs=(
192 CC="${CC}"
193 AR="${AR} rc \$@"
194 RANLIB="${RANLIB}"
195 OPTIMIZER=
196 $(nssbits)
197 )
198
199 # Take care of nspr settings #436216
200 append-cppflags $(${PKG_CONFIG} nspr --cflags)
201 append-ldflags $(${PKG_CONFIG} nspr --libs-only-L)
202 unset NSPR_INCLUDE_DIR
203 export NSPR_LIB_DIR=${T}/fake-dir
204
205 # Do not let `uname` be used.
206 if use kernel_linux ; then
207 makeargs+=(
208 OS_TARGET=Linux
209 OS_RELEASE=2.6
210 OS_TEST="$(nssarch)"
211 )
212 fi
213
214 export BUILD_OPT=1
215 export NSS_USE_SYSTEM_SQLITE=1
216 export NSDISTMODE=copy
217 export NSS_ENABLE_ECC=1
218 export XCFLAGS="${CFLAGS} ${CPPFLAGS}"
219 export FREEBL_NO_DEPEND=1
220 export ASFLAGS=""
221
222 local d
223
224 # Build the host tools first.
225 LDFLAGS="${BUILD_LDFLAGS}" \
226 XCFLAGS="${BUILD_CFLAGS}" \
227 emake -j1 -C coreconf \
228 CC="${BUILD_CC}" \
229 $(nssbits BUILD_) \
230 || die
231 makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
232
233 # Then build the target tools.
234 for d in . lib/dbm ; do
235 emake -j1 "${makeargs[@]}" -C ${d} || die "${d} make failed"
236 done
237 }
238
239 # Altering these 3 libraries breaks the CHK verification.
240 # All of the following cause it to break:
241 # - stripping
242 # - prelink
243 # - ELF signing
244 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
245 # Either we have to NOT strip them, or we have to forcibly resign after
246 # stripping.
247 #local_libdir="$(get_libdir)"
248 #export STRIP_MASK="
249 # */${local_libdir}/libfreebl3.so*
250 # */${local_libdir}/libnssdbm3.so*
251 # */${local_libdir}/libsoftokn3.so*"
252
253 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
254
255 generate_chk() {
256 local shlibsign="$1"
257 local libdir="$2"
258 einfo "Resigning core NSS libraries for FIPS validation"
259 shift 2
260 local i
261 for i in ${NSS_CHK_SIGN_LIBS} ; do
262 local libname=lib${i}.so
263 local chkname=lib${i}.chk
264 "${shlibsign}" \
265 -i "${libdir}"/${libname} \
266 -o "${libdir}"/${chkname}.tmp \
267 && mv -f \
268 "${libdir}"/${chkname}.tmp \
269 "${libdir}"/${chkname} \
270 || die "Failed to sign ${libname}"
271 done
272 }
273
274 cleanup_chk() {
275 local libdir="$1"
276 shift 1
277 local i
278 for i in ${NSS_CHK_SIGN_LIBS} ; do
279 local libfname="${libdir}/lib${i}.so"
280 # If the major version has changed, then we have old chk files.
281 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
282 && rm -f "${libfname}.chk"
283 done
284 }
285
286 src_install() {
287 cd "${S}"/dist
288
289 dodir /usr/$(get_libdir)
290 cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
291 # We generate these after stripping the libraries, else they don't match.
292 #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
293 cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
294
295 # Install nss-config and pkgconfig file
296 dodir /usr/bin
297 cp -L */bin/nss-config "${ED}"/usr/bin
298 dodir /usr/$(get_libdir)/pkgconfig
299 cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
300
301 # all the include files
302 insinto /usr/include/nss
303 doins public/nss/*.h
304
305 local f nssutils
306 # Always enabled because we need it for chk generation.
307 nssutils="shlibsign"
308 if use utils; then
309 # The tests we do not need to install.
310 #nssutils_test="bltest crmftest dbtest dertimetest
311 #fipstest remtest sdrtest"
312 nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
313 cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
314 nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
315 pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
316 symkeyutil tstclnt vfychain vfyserv"
317 fi
318 cd "${S}"/dist/*/bin/
319 for f in ${nssutils}; do
320 dobin ${f}
321 done
322
323 # Prelink breaks the CHK files. We don't have any reliable way to run
324 # shlibsign after prelink.
325 local l libs=() liblist
326 for l in ${NSS_CHK_SIGN_LIBS} ; do
327 libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
328 done
329 liblist=$(printf '%s:' "${libs[@]}")
330 echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss"
331 doenvd "${T}/90nss"
332 }
333
334 pkg_postinst() {
335 # We must re-sign the libraries AFTER they are stripped.
336 local shlibsign="${EROOT}/usr/bin/shlibsign"
337 # See if we can execute it (cross-compiling & such). #436216
338 "${shlibsign}" -h >&/dev/null
339 if [[ $? -gt 1 ]] ; then
340 shlibsign="shlibsign"
341 fi
342 generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
343 }
344
345 pkg_postrm() {
346 cleanup_chk "${EROOT}"/usr/$(get_libdir)
347 }
Report Message
Find on MARC Find on Google Groups