Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jory Pratt <anarchy@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/, dev-libs/nss/files/
Date: Sun, 30 Jul 2017 14:32:11
Message-Id: 1501425122.655ceca26319d33003ad981b3202c31233777dd8.anarchy@gentoo
1 commit: 655ceca26319d33003ad981b3202c31233777dd8
2 Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 30 14:31:24 2017 +0000
4 Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 30 14:32:02 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=655ceca2
7
8 dev-libs/nss: Upstream version bump, rebase gentoo pkgconfig patch
9
10 Package-Manager: Portage-2.3.6, Repoman-2.3.3
11
12 dev-libs/nss/Manifest | 1 +
13 dev-libs/nss/files/nss-3.32-gentoo-fixups.patch | 274 +++++++++++++++++++
14 dev-libs/nss/nss-3.32.ebuild | 340 ++++++++++++++++++++++++
15 3 files changed, 615 insertions(+)
16
17 diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
18 index ec8d2813098..dca6632a35b 100644
19 --- a/dev-libs/nss/Manifest
20 +++ b/dev-libs/nss/Manifest
21 @@ -1,4 +1,5 @@
22 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
23 DIST nss-3.31.tar.gz 9537011 SHA256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d SHA512 2b56405b32d37cc4386cbbe54462cc57092e47b3418a743adbae14e1825ca69d07256fbfe16c0cfd7540c46cea67259151b42a0d95419c80964015eacdcafea1 WHIRLPOOL b63b481436feaf48ef3acc03e7af3831b743e91fda802f1fb5d4e782cbefab979dda5b643766f3a600b16ff815a90dacabd0b06b79baa76386237b56e74676fb
24 +DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
25 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
26 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836
27
28 diff --git a/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch
29 new file mode 100644
30 index 00000000000..1773da98819
31 --- /dev/null
32 +++ b/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch
33 @@ -0,0 +1,274 @@
34 +From 8e49e1c92dadc2e7a41cad44637f4a224e4f5b39 Mon Sep 17 00:00:00 2001
35 +From: "Jory A. Pratt" <anarchy@g.o>
36 +Date: Fri, 28 Jul 2017 14:00:41 -0500
37 +Subject: [PATCH] add pkg-config file
38 +
39 +Signed-off-by: Jory A. Pratt <anarchy@g.o>
40 +---
41 + Makefile | 11 +---
42 + config/Makefile | 40 ++++++++++++++
43 + config/nss-config.in | 145 +++++++++++++++++++++++++++++++++++++++++++++++++++
44 + config/nss.pc.in | 12 +++++
45 + manifest.mn | 2 +-
46 + 5 files changed, 199 insertions(+), 11 deletions(-)
47 + create mode 100644 config/Makefile
48 + create mode 100644 config/nss-config.in
49 + create mode 100644 config/nss.pc.in
50 +
51 +diff --git a/Makefile b/Makefile
52 +index 48bae37..9850883 100644
53 +--- a/Makefile
54 ++++ b/Makefile
55 +@@ -47,7 +47,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
56 + # (7) Execute "local" rules. (OPTIONAL). #
57 + #######################################################################
58 +
59 +-nss_build_all: build_nspr all latest
60 ++nss_build_all: all latest
61 +
62 + nss_clean_all: clobber_nspr clobber
63 +
64 +@@ -135,15 +135,6 @@ $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
65 + --prefix='$(NSS_GYP_PREFIX)'
66 + endif
67 +
68 +-build_nspr: $(NSPR_CONFIG_STATUS)
69 +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
70 +-
71 +-install_nspr: build_nspr
72 +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
73 +-
74 +-clobber_nspr: $(NSPR_CONFIG_STATUS)
75 +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
76 +-
77 + build_docs:
78 + $(MAKE) -C $(CORE_DEPTH)/doc
79 +
80 +diff --git a/config/Makefile b/config/Makefile
81 +new file mode 100644
82 +index 0000000..600fe48
83 +--- /dev/null
84 ++++ b/config/Makefile
85 +@@ -0,0 +1,40 @@
86 ++CORE_DEPTH = ..
87 ++DEPTH = ..
88 ++
89 ++include $(CORE_DEPTH)/coreconf/config.mk
90 ++
91 ++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
92 ++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
93 ++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
94 ++PREFIX = /usr
95 ++
96 ++all: export libs
97 ++
98 ++export:
99 ++ # Create the nss.pc file
100 ++ mkdir -p $(DIST)/lib/pkgconfig
101 ++ sed -e "s,@prefix@,$(PREFIX)," \
102 ++ -e "s,@exec_prefix@,\$${prefix}," \
103 ++ -e "s,@libdir@,\$${prefix}/lib64," \
104 ++ -e "s,@includedir@,\$${prefix}/include/nss," \
105 ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
106 ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
107 ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
108 ++ nss.pc.in > nss.pc
109 ++ chmod 0644 nss.pc
110 ++ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
111 ++
112 ++ # Create the nss-config script
113 ++ mkdir -p $(DIST)/bin
114 ++ sed -e "s,@prefix@,$(PREFIX)," \
115 ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
116 ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
117 ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
118 ++ nss-config.in > nss-config
119 ++ chmod 0755 nss-config
120 ++ ln -sf ../../../config/nss-config $(DIST)/bin
121 ++
122 ++libs:
123 ++
124 ++dummy: all export libs
125 ++
126 +diff --git a/config/nss-config.in b/config/nss-config.in
127 +new file mode 100644
128 +index 0000000..1d7c444
129 +--- /dev/null
130 ++++ b/config/nss-config.in
131 +@@ -0,0 +1,145 @@
132 ++#!/bin/sh
133 ++
134 ++prefix=@prefix@
135 ++
136 ++major_version=@NSS_MAJOR_VERSION@
137 ++minor_version=@NSS_MINOR_VERSION@
138 ++patch_version=@NSS_PATCH_VERSION@
139 ++
140 ++usage()
141 ++{
142 ++ cat <<EOF
143 ++Usage: nss-config [OPTIONS] [LIBRARIES]
144 ++Options:
145 ++ [--prefix[=DIR]]
146 ++ [--exec-prefix[=DIR]]
147 ++ [--includedir[=DIR]]
148 ++ [--libdir[=DIR]]
149 ++ [--version]
150 ++ [--libs]
151 ++ [--cflags]
152 ++Dynamic Libraries:
153 ++ nss
154 ++ ssl
155 ++ smime
156 ++ nssutil
157 ++EOF
158 ++ exit $1
159 ++}
160 ++
161 ++if test $# -eq 0; then
162 ++ usage 1 1>&2
163 ++fi
164 ++
165 ++lib_ssl=yes
166 ++lib_smime=yes
167 ++lib_nss=yes
168 ++lib_nssutil=yes
169 ++
170 ++while test $# -gt 0; do
171 ++ case "$1" in
172 ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
173 ++ *) optarg= ;;
174 ++ esac
175 ++
176 ++ case $1 in
177 ++ --prefix=*)
178 ++ prefix=$optarg
179 ++ ;;
180 ++ --prefix)
181 ++ echo_prefix=yes
182 ++ ;;
183 ++ --exec-prefix=*)
184 ++ exec_prefix=$optarg
185 ++ ;;
186 ++ --exec-prefix)
187 ++ echo_exec_prefix=yes
188 ++ ;;
189 ++ --includedir=*)
190 ++ includedir=$optarg
191 ++ ;;
192 ++ --includedir)
193 ++ echo_includedir=yes
194 ++ ;;
195 ++ --libdir=*)
196 ++ libdir=$optarg
197 ++ ;;
198 ++ --libdir)
199 ++ echo_libdir=yes
200 ++ ;;
201 ++ --version)
202 ++ echo ${major_version}.${minor_version}.${patch_version}
203 ++ ;;
204 ++ --cflags)
205 ++ echo_cflags=yes
206 ++ ;;
207 ++ --libs)
208 ++ echo_libs=yes
209 ++ ;;
210 ++ ssl)
211 ++ lib_ssl=yes
212 ++ ;;
213 ++ smime)
214 ++ lib_smime=yes
215 ++ ;;
216 ++ nss)
217 ++ lib_nss=yes
218 ++ ;;
219 ++ nssutil)
220 ++ lib_nssutil=yes
221 ++ ;;
222 ++ *)
223 ++ usage 1 1>&2
224 ++ ;;
225 ++ esac
226 ++ shift
227 ++done
228 ++
229 ++# Set variables that may be dependent upon other variables
230 ++if test -z "$exec_prefix"; then
231 ++ exec_prefix=`pkg-config --variable=exec_prefix nss`
232 ++fi
233 ++if test -z "$includedir"; then
234 ++ includedir=`pkg-config --variable=includedir nss`
235 ++fi
236 ++if test -z "$libdir"; then
237 ++ libdir=`pkg-config --variable=libdir nss`
238 ++fi
239 ++
240 ++if test "$echo_prefix" = "yes"; then
241 ++ echo $prefix
242 ++fi
243 ++
244 ++if test "$echo_exec_prefix" = "yes"; then
245 ++ echo $exec_prefix
246 ++fi
247 ++
248 ++if test "$echo_includedir" = "yes"; then
249 ++ echo $includedir
250 ++fi
251 ++
252 ++if test "$echo_libdir" = "yes"; then
253 ++ echo $libdir
254 ++fi
255 ++
256 ++if test "$echo_cflags" = "yes"; then
257 ++ echo -I$includedir
258 ++fi
259 ++
260 ++if test "$echo_libs" = "yes"; then
261 ++ libdirs=""
262 ++ if test -n "$lib_ssl"; then
263 ++ libdirs="$libdirs -lssl${major_version}"
264 ++ fi
265 ++ if test -n "$lib_smime"; then
266 ++ libdirs="$libdirs -lsmime${major_version}"
267 ++ fi
268 ++ if test -n "$lib_nss"; then
269 ++ libdirs="$libdirs -lnss${major_version}"
270 ++ fi
271 ++ if test -n "$lib_nssutil"; then
272 ++ libdirs="$libdirs -lnssutil${major_version}"
273 ++ fi
274 ++ echo $libdirs
275 ++fi
276 ++
277 +diff --git a/config/nss.pc.in b/config/nss.pc.in
278 +new file mode 100644
279 +index 0000000..df9e2cf
280 +--- /dev/null
281 ++++ b/config/nss.pc.in
282 +@@ -0,0 +1,12 @@
283 ++prefix=@prefix@
284 ++exec_prefix=@exec_prefix@
285 ++libdir=@libdir@
286 ++includedir=@includedir@
287 ++
288 ++Name: NSS
289 ++Description: Network Security Services
290 ++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
291 ++Requires: nspr >= 4.8
292 ++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
293 ++Cflags: -I${includedir}
294 ++
295 +diff --git a/manifest.mn b/manifest.mn
296 +index 500a5ad..87c905e 100644
297 +--- a/manifest.mn
298 ++++ b/manifest.mn
299 +@@ -10,4 +10,4 @@ IMPORTS = nspr20/v4.8 \
300 +
301 + RELEASE = nss
302 +
303 +-DIRS = coreconf lib cmd cpputil gtests
304 ++DIRS = coreconf lib cmd cpputil config
305 +--
306 +2.13.3
307 +
308
309 diff --git a/dev-libs/nss/nss-3.32.ebuild b/dev-libs/nss/nss-3.32.ebuild
310 new file mode 100644
311 index 00000000000..2932e76b9fb
312 --- /dev/null
313 +++ b/dev-libs/nss/nss-3.32.ebuild
314 @@ -0,0 +1,340 @@
315 +# Copyright 1999-2017 Gentoo Foundation
316 +# Distributed under the terms of the GNU General Public License v2
317 +
318 +EAPI=6
319 +
320 +inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
321 +
322 +NSPR_VER="4.16"
323 +RTM_NAME="NSS_${PV//./_}_RTM"
324 +# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
325 +PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
326 +PEM_P="${PN}-pem-20160329"
327 +
328 +DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
329 +HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
330 +SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
331 + cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
332 + nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
333 +
334 +LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
335 +SLOT="0"
336 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
337 +IUSE="cacert +nss-pem utils"
338 +CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
339 + >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
340 +DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
341 + >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
342 + ${CDEPEND}"
343 +RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
344 + ${CDEPEND}
345 + abi_x86_32? (
346 + !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
347 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
348 + )"
349 +
350 +RESTRICT="test"
351 +
352 +S="${WORKDIR}/${P}/${PN}"
353 +
354 +MULTILIB_CHOST_TOOLS=(
355 + /usr/bin/nss-config
356 +)
357 +
358 +PATCHES=(
359 + # Custom changes for gentoo
360 + "${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
361 + "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
362 + "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
363 +)
364 +
365 +src_unpack() {
366 + unpack ${A}
367 + if use nss-pem ; then
368 + mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
369 + fi
370 +}
371 +
372 +src_prepare() {
373 + if use nss-pem ; then
374 + PATCHES+=(
375 + "${FILESDIR}/${PN}-3.21-enable-pem.patch"
376 + )
377 + fi
378 + if use cacert ; then #521462
379 + PATCHES+=(
380 + "${DISTDIR}/${PN}-cacert-class1-class3.patch"
381 + )
382 + fi
383 +
384 + default
385 +
386 + pushd coreconf >/dev/null || die
387 + # hack nspr paths
388 + echo 'INCLUDES += -I$(DIST)/include/dbm' \
389 + >> headers.mk || die "failed to append include"
390 +
391 + # modify install path
392 + sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
393 + -i source.mk || die
394 +
395 + # Respect LDFLAGS
396 + sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
397 + popd >/dev/null || die
398 +
399 + # Fix pkgconfig file for Prefix
400 + sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
401 + config/Makefile || die
402 +
403 + # use host shlibsign if need be #436216
404 + if tc-is-cross-compiler ; then
405 + sed -i \
406 + -e 's:"${2}"/shlibsign:shlibsign:' \
407 + cmd/shlibsign/sign.sh || die
408 + fi
409 +
410 + # dirty hack
411 + sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
412 + lib/ssl/config.mk || die
413 + sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
414 + cmd/platlibs.mk || die
415 +
416 + multilib_copy_sources
417 +
418 + strip-flags
419 +}
420 +
421 +multilib_src_configure() {
422 + # Ensure we stay multilib aware
423 + sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
424 +}
425 +
426 +nssarch() {
427 + # Most of the arches are the same as $ARCH
428 + local t=${1:-${CHOST}}
429 + case ${t} in
430 + aarch64*)echo "aarch64";;
431 + hppa*) echo "parisc";;
432 + i?86*) echo "i686";;
433 + x86_64*) echo "x86_64";;
434 + *) tc-arch ${t};;
435 + esac
436 +}
437 +
438 +nssbits() {
439 + local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
440 + if [[ ${1} == BUILD_ ]]; then
441 + cc=$(tc-getBUILD_CC)
442 + else
443 + cc=$(tc-getCC)
444 + fi
445 + echo > "${T}"/test.c || die
446 + ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
447 + case $(file "${T}/${1}test.o") in
448 + *32-bit*x86-64*) echo USE_X32=1;;
449 + *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
450 + *32-bit*|*ppc*|*i386*) ;;
451 + *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
452 + esac
453 +}
454 +
455 +multilib_src_compile() {
456 + # use ABI to determine bit'ness, or fallback if unset
457 + local buildbits mybits
458 + case "${ABI}" in
459 + n32) mybits="USE_N32=1";;
460 + x32) mybits="USE_X32=1";;
461 + s390x|*64) mybits="USE_64=1";;
462 + ${DEFAULT_ABI})
463 + einfo "Running compilation test to determine bit'ness"
464 + mybits=$(nssbits)
465 + ;;
466 + esac
467 + # bitness of host may differ from target
468 + if tc-is-cross-compiler; then
469 + buildbits=$(nssbits BUILD_)
470 + fi
471 +
472 + local makeargs=(
473 + CC="$(tc-getCC)"
474 + AR="$(tc-getAR) rc \$@"
475 + RANLIB="$(tc-getRANLIB)"
476 + OPTIMIZER=
477 + ${mybits}
478 + )
479 +
480 + # Take care of nspr settings #436216
481 + local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
482 + unset NSPR_INCLUDE_DIR
483 +
484 + # Do not let `uname` be used.
485 + if use kernel_linux ; then
486 + makeargs+=(
487 + OS_TARGET=Linux
488 + OS_RELEASE=2.6
489 + OS_TEST="$(nssarch)"
490 + )
491 + fi
492 +
493 + export NSS_ENABLE_WERROR=0 #567158
494 + export BUILD_OPT=1
495 + export NSS_USE_SYSTEM_SQLITE=1
496 + export NSDISTMODE=copy
497 + export NSS_ENABLE_ECC=1
498 + export FREEBL_NO_DEPEND=1
499 + export ASFLAGS=""
500 +
501 + local d
502 +
503 + # Build the host tools first.
504 + LDFLAGS="${BUILD_LDFLAGS}" \
505 + XCFLAGS="${BUILD_CFLAGS}" \
506 + NSPR_LIB_DIR="${T}/fakedir" \
507 + emake -j1 -C coreconf \
508 + CC="$(tc-getBUILD_CC)" \
509 + ${buildbits:-${mybits}}
510 + makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
511 +
512 + # Then build the target tools.
513 + for d in . lib/dbm ; do
514 + CPPFLAGS="${myCPPFLAGS}" \
515 + XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
516 + NSPR_LIB_DIR="${T}/fakedir" \
517 + emake -j1 "${makeargs[@]}" -C ${d}
518 + done
519 +}
520 +
521 +# Altering these 3 libraries breaks the CHK verification.
522 +# All of the following cause it to break:
523 +# - stripping
524 +# - prelink
525 +# - ELF signing
526 +# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
527 +# Either we have to NOT strip them, or we have to forcibly resign after
528 +# stripping.
529 +#local_libdir="$(get_libdir)"
530 +#export STRIP_MASK="
531 +# */${local_libdir}/libfreebl3.so*
532 +# */${local_libdir}/libnssdbm3.so*
533 +# */${local_libdir}/libsoftokn3.so*"
534 +
535 +export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
536 +
537 +generate_chk() {
538 + local shlibsign="$1"
539 + local libdir="$2"
540 + einfo "Resigning core NSS libraries for FIPS validation"
541 + shift 2
542 + local i
543 + for i in ${NSS_CHK_SIGN_LIBS} ; do
544 + local libname=lib${i}.so
545 + local chkname=lib${i}.chk
546 + "${shlibsign}" \
547 + -i "${libdir}"/${libname} \
548 + -o "${libdir}"/${chkname}.tmp \
549 + && mv -f \
550 + "${libdir}"/${chkname}.tmp \
551 + "${libdir}"/${chkname} \
552 + || die "Failed to sign ${libname}"
553 + done
554 +}
555 +
556 +cleanup_chk() {
557 + local libdir="$1"
558 + shift 1
559 + local i
560 + for i in ${NSS_CHK_SIGN_LIBS} ; do
561 + local libfname="${libdir}/lib${i}.so"
562 + # If the major version has changed, then we have old chk files.
563 + [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
564 + && rm -f "${libfname}.chk"
565 + done
566 +}
567 +
568 +multilib_src_install() {
569 + pushd dist >/dev/null || die
570 +
571 + dodir /usr/$(get_libdir)
572 + cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
573 + local i
574 + for i in crmf freebl nssb nssckfw ; do
575 + cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
576 + done
577 +
578 + # Install nss-config and pkgconfig file
579 + dodir /usr/bin
580 + cp -L */bin/nss-config "${ED}"/usr/bin || die
581 + dodir /usr/$(get_libdir)/pkgconfig
582 + cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
583 +
584 + # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
585 + # bug 517266
586 + sed -e 's#Libs:#Libs: -lfreebl#' \
587 + -e 's#Cflags:#Cflags: -I${includedir}/private#' \
588 + */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
589 + || die "could not create nss-softokn.pc"
590 +
591 + # all the include files
592 + insinto /usr/include/nss
593 + doins public/nss/*.{h,api}
594 + insinto /usr/include/nss/private
595 + doins private/nss/{blapi,alghmac}.h
596 +
597 + popd >/dev/null || die
598 +
599 + local f nssutils
600 + # Always enabled because we need it for chk generation.
601 + nssutils="shlibsign"
602 +
603 + if multilib_is_native_abi ; then
604 + if use utils; then
605 + # The tests we do not need to install.
606 + #nssutils_test="bltest crmftest dbtest dertimetest
607 + #fipstest remtest sdrtest"
608 + # checkcert utils has been removed in nss-3.22:
609 + # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
610 + # https://hg.mozilla.org/projects/nss/rev/df1729d37870
611 + nssutils="addbuiltin atob baddbdir btoa certcgi certutil
612 + cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
613 + nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
614 + pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
615 + symkeyutil tstclnt vfychain vfyserv"
616 + # install man-pages for utils (bug #516810)
617 + doman doc/nroff/*.1
618 + fi
619 + pushd dist/*/bin >/dev/null || die
620 + for f in ${nssutils}; do
621 + dobin ${f}
622 + done
623 + popd >/dev/null || die
624 + fi
625 +
626 + # Prelink breaks the CHK files. We don't have any reliable way to run
627 + # shlibsign after prelink.
628 + dodir /etc/prelink.conf.d
629 + printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
630 + > "${ED}"/etc/prelink.conf.d/nss.conf
631 +}
632 +
633 +pkg_postinst() {
634 + multilib_pkg_postinst() {
635 + # We must re-sign the libraries AFTER they are stripped.
636 + local shlibsign="${EROOT}/usr/bin/shlibsign"
637 + # See if we can execute it (cross-compiling & such). #436216
638 + "${shlibsign}" -h >&/dev/null
639 + if [[ $? -gt 1 ]] ; then
640 + shlibsign="shlibsign"
641 + fi
642 + generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
643 + }
644 +
645 + multilib_foreach_abi multilib_pkg_postinst
646 +}
647 +
648 +pkg_postrm() {
649 + multilib_pkg_postrm() {
650 + cleanup_chk "${EROOT}"/usr/$(get_libdir)
651 + }
652 +
653 + multilib_foreach_abi multilib_pkg_postrm
654 +}
Report Message
Find on MARC Find on Google Groups