1 |
commit: e0cb2ef179d11014b83d4f5547949fcc057b4951 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Mar 31 17:48:42 2020 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Mar 31 17:50:38 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0cb2ef1 |
7 |
|
8 |
dev-libs/nss: security cleanup (#627534) |
9 |
|
10 |
Bug: https://bugs.gentoo.org/627534 |
11 |
Package-Manager: Portage-2.3.96, Repoman-2.3.22 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
dev-libs/nss/Manifest | 5 - |
15 |
dev-libs/nss/files/nss-3.47-enable-pem.patch | 11 - |
16 |
dev-libs/nss/metadata.xml | 1 - |
17 |
dev-libs/nss/nss-3.47.1-r1.ebuild | 375 --------------------------- |
18 |
dev-libs/nss/nss-3.48-r1.ebuild | 375 --------------------------- |
19 |
dev-libs/nss/nss-3.49.2.ebuild | 375 --------------------------- |
20 |
dev-libs/nss/nss-3.50-r1.ebuild | 359 ------------------------- |
21 |
7 files changed, 1501 deletions(-) |
22 |
|
23 |
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest |
24 |
index 96974b35f57..663b875e316 100644 |
25 |
--- a/dev-libs/nss/Manifest |
26 |
+++ b/dev-libs/nss/Manifest |
27 |
@@ -1,7 +1,2 @@ |
28 |
-DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9 |
29 |
-DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a |
30 |
-DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881 |
31 |
-DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1 |
32 |
DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd |
33 |
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 |
34 |
-DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 |
35 |
|
36 |
diff --git a/dev-libs/nss/files/nss-3.47-enable-pem.patch b/dev-libs/nss/files/nss-3.47-enable-pem.patch |
37 |
deleted file mode 100644 |
38 |
index 47a01c322bb..00000000000 |
39 |
--- a/dev-libs/nss/files/nss-3.47-enable-pem.patch |
40 |
+++ /dev/null |
41 |
@@ -1,11 +0,0 @@ |
42 |
---- a/lib/ckfw/manifest.mn |
43 |
-+++ b/lib/ckfw/manifest.mn |
44 |
-@@ -5,7 +5,7 @@ |
45 |
- |
46 |
- CORE_DEPTH = ../.. |
47 |
- |
48 |
--DIRS = builtins |
49 |
-+DIRS = builtins pem |
50 |
- |
51 |
- PRIVATE_EXPORTS = \ |
52 |
- ck.h \ |
53 |
|
54 |
diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml |
55 |
index 009a09732ad..c76b165099c 100644 |
56 |
--- a/dev-libs/nss/metadata.xml |
57 |
+++ b/dev-libs/nss/metadata.xml |
58 |
@@ -9,7 +9,6 @@ |
59 |
<flag name="cacert"> |
60 |
Include root/class3 certs from CAcert (http://www.cacert.org/) |
61 |
</flag> |
62 |
- <flag name="nss-pem">Add support for libnsspem</flag> |
63 |
<flag name="utils">Install utilities included with the library</flag> |
64 |
</use> |
65 |
<upstream> |
66 |
|
67 |
diff --git a/dev-libs/nss/nss-3.47.1-r1.ebuild b/dev-libs/nss/nss-3.47.1-r1.ebuild |
68 |
deleted file mode 100644 |
69 |
index 8c5fc05e76c..00000000000 |
70 |
--- a/dev-libs/nss/nss-3.47.1-r1.ebuild |
71 |
+++ /dev/null |
72 |
@@ -1,375 +0,0 @@ |
73 |
-# Copyright 1999-2020 Gentoo Authors |
74 |
-# Distributed under the terms of the GNU General Public License v2 |
75 |
- |
76 |
-EAPI=7 |
77 |
- |
78 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
79 |
- |
80 |
-NSPR_VER="4.22" |
81 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
82 |
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git |
83 |
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116" |
84 |
-PEM_P="${PN}-pem-20160329" |
85 |
- |
86 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
87 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
88 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
89 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch ) |
90 |
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )" |
91 |
- |
92 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
93 |
-SLOT="0" |
94 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
95 |
-IUSE="cacert +nss-pem utils" |
96 |
-BDEPEND=" |
97 |
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
98 |
-" |
99 |
-RDEPEND=" |
100 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
101 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
102 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
103 |
-" |
104 |
-DEPEND="${RDEPEND}" |
105 |
- |
106 |
-RESTRICT="test" |
107 |
- |
108 |
-S="${WORKDIR}/${P}/${PN}" |
109 |
- |
110 |
-MULTILIB_CHOST_TOOLS=( |
111 |
- /usr/bin/nss-config |
112 |
-) |
113 |
- |
114 |
-PATCHES=( |
115 |
- # Custom changes for gentoo |
116 |
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
117 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
118 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
119 |
-) |
120 |
- |
121 |
-src_unpack() { |
122 |
- unpack ${A} |
123 |
- if use nss-pem ; then |
124 |
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die |
125 |
- fi |
126 |
-} |
127 |
- |
128 |
-src_prepare() { |
129 |
- if use nss-pem ; then |
130 |
- PATCHES+=( |
131 |
- "${FILESDIR}/${PN}-3.47-enable-pem.patch" |
132 |
- ) |
133 |
- fi |
134 |
- if use cacert ; then #521462 |
135 |
- PATCHES+=( |
136 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
137 |
- ) |
138 |
- fi |
139 |
- |
140 |
- default |
141 |
- |
142 |
- pushd coreconf >/dev/null || die |
143 |
- # hack nspr paths |
144 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
145 |
- >> headers.mk || die "failed to append include" |
146 |
- |
147 |
- # modify install path |
148 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
149 |
- -i source.mk || die |
150 |
- |
151 |
- # Respect LDFLAGS |
152 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
153 |
- popd >/dev/null || die |
154 |
- |
155 |
- # Fix pkgconfig file for Prefix |
156 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
157 |
- config/Makefile || die |
158 |
- |
159 |
- # use host shlibsign if need be #436216 |
160 |
- if tc-is-cross-compiler ; then |
161 |
- sed -i \ |
162 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
163 |
- cmd/shlibsign/sign.sh || die |
164 |
- fi |
165 |
- |
166 |
- # dirty hack |
167 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
168 |
- lib/ssl/config.mk || die |
169 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
170 |
- cmd/platlibs.mk || die |
171 |
- |
172 |
- multilib_copy_sources |
173 |
- |
174 |
- strip-flags |
175 |
-} |
176 |
- |
177 |
-multilib_src_configure() { |
178 |
- # Ensure we stay multilib aware |
179 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
180 |
-} |
181 |
- |
182 |
-nssarch() { |
183 |
- # Most of the arches are the same as $ARCH |
184 |
- local t=${1:-${CHOST}} |
185 |
- case ${t} in |
186 |
- aarch64*)echo "aarch64";; |
187 |
- hppa*) echo "parisc";; |
188 |
- i?86*) echo "i686";; |
189 |
- x86_64*) echo "x86_64";; |
190 |
- *) tc-arch ${t};; |
191 |
- esac |
192 |
-} |
193 |
- |
194 |
-nssbits() { |
195 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
196 |
- if [[ ${1} == BUILD_ ]]; then |
197 |
- cc=$(tc-getBUILD_CC) |
198 |
- else |
199 |
- cc=$(tc-getCC) |
200 |
- fi |
201 |
- echo > "${T}"/test.c || die |
202 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
203 |
- case $(file "${T}/${1}test.o") in |
204 |
- *32-bit*x86-64*) echo USE_X32=1;; |
205 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
206 |
- *32-bit*|*ppc*|*i386*) ;; |
207 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
208 |
- esac |
209 |
-} |
210 |
- |
211 |
-multilib_src_compile() { |
212 |
- # use ABI to determine bit'ness, or fallback if unset |
213 |
- local buildbits mybits |
214 |
- case "${ABI}" in |
215 |
- n32) mybits="USE_N32=1";; |
216 |
- x32) mybits="USE_X32=1";; |
217 |
- s390x|*64) mybits="USE_64=1";; |
218 |
- ${DEFAULT_ABI}) |
219 |
- einfo "Running compilation test to determine bit'ness" |
220 |
- mybits=$(nssbits) |
221 |
- ;; |
222 |
- esac |
223 |
- # bitness of host may differ from target |
224 |
- if tc-is-cross-compiler; then |
225 |
- buildbits=$(nssbits BUILD_) |
226 |
- fi |
227 |
- |
228 |
- local makeargs=( |
229 |
- CC="$(tc-getCC)" |
230 |
- CCC="$(tc-getCXX)" |
231 |
- AR="$(tc-getAR) rc \$@" |
232 |
- RANLIB="$(tc-getRANLIB)" |
233 |
- OPTIMIZER= |
234 |
- ${mybits} |
235 |
- ) |
236 |
- |
237 |
- # Take care of nspr settings #436216 |
238 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
239 |
- unset NSPR_INCLUDE_DIR |
240 |
- |
241 |
- # Do not let `uname` be used. |
242 |
- if use kernel_linux ; then |
243 |
- makeargs+=( |
244 |
- OS_TARGET=Linux |
245 |
- OS_RELEASE=2.6 |
246 |
- OS_TEST="$(nssarch)" |
247 |
- ) |
248 |
- fi |
249 |
- |
250 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
251 |
- export NSS_ENABLE_WERROR=0 #567158 |
252 |
- export BUILD_OPT=1 |
253 |
- export NSS_USE_SYSTEM_SQLITE=1 |
254 |
- export NSDISTMODE=copy |
255 |
- export NSS_ENABLE_ECC=1 |
256 |
- export FREEBL_NO_DEPEND=1 |
257 |
- export FREEBL_LOWHASH=1 |
258 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
259 |
- export ASFLAGS="" |
260 |
- |
261 |
- local d |
262 |
- |
263 |
- # Build the host tools first. |
264 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
265 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
266 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
267 |
- emake -j1 -C coreconf \ |
268 |
- CC="$(tc-getBUILD_CC)" \ |
269 |
- ${buildbits:-${mybits}} |
270 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
271 |
- |
272 |
- # Then build the target tools. |
273 |
- for d in . lib/dbm ; do |
274 |
- CPPFLAGS="${myCPPFLAGS}" \ |
275 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
276 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
277 |
- emake -j1 "${makeargs[@]}" -C ${d} |
278 |
- done |
279 |
-} |
280 |
- |
281 |
-# Altering these 3 libraries breaks the CHK verification. |
282 |
-# All of the following cause it to break: |
283 |
-# - stripping |
284 |
-# - prelink |
285 |
-# - ELF signing |
286 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
287 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
288 |
-# stripping. |
289 |
-#local_libdir="$(get_libdir)" |
290 |
-#export STRIP_MASK=" |
291 |
-# */${local_libdir}/libfreebl3.so* |
292 |
-# */${local_libdir}/libnssdbm3.so* |
293 |
-# */${local_libdir}/libsoftokn3.so*" |
294 |
- |
295 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
296 |
- |
297 |
-generate_chk() { |
298 |
- local shlibsign="$1" |
299 |
- local libdir="$2" |
300 |
- einfo "Resigning core NSS libraries for FIPS validation" |
301 |
- shift 2 |
302 |
- local i |
303 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
304 |
- local libname=lib${i}.so |
305 |
- local chkname=lib${i}.chk |
306 |
- "${shlibsign}" \ |
307 |
- -i "${libdir}"/${libname} \ |
308 |
- -o "${libdir}"/${chkname}.tmp \ |
309 |
- && mv -f \ |
310 |
- "${libdir}"/${chkname}.tmp \ |
311 |
- "${libdir}"/${chkname} \ |
312 |
- || die "Failed to sign ${libname}" |
313 |
- done |
314 |
-} |
315 |
- |
316 |
-cleanup_chk() { |
317 |
- local libdir="$1" |
318 |
- shift 1 |
319 |
- local i |
320 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
321 |
- local libfname="${libdir}/lib${i}.so" |
322 |
- # If the major version has changed, then we have old chk files. |
323 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
324 |
- && rm -f "${libfname}.chk" |
325 |
- done |
326 |
-} |
327 |
- |
328 |
-multilib_src_install() { |
329 |
- pushd dist >/dev/null || die |
330 |
- |
331 |
- dodir /usr/$(get_libdir) |
332 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
333 |
- local i |
334 |
- for i in crmf freebl nssb nssckfw ; do |
335 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
336 |
- done |
337 |
- |
338 |
- # Install nss-config and pkgconfig file |
339 |
- dodir /usr/bin |
340 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
341 |
- dodir /usr/$(get_libdir)/pkgconfig |
342 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
343 |
- |
344 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
345 |
- # bug 517266 |
346 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
347 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
348 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
349 |
- || die "could not create nss-softokn.pc" |
350 |
- |
351 |
- # all the include files |
352 |
- insinto /usr/include/nss |
353 |
- doins public/nss/*.{h,api} |
354 |
- insinto /usr/include/nss/private |
355 |
- doins private/nss/{blapi,alghmac}.h |
356 |
- |
357 |
- popd >/dev/null || die |
358 |
- |
359 |
- local f nssutils |
360 |
- # Always enabled because we need it for chk generation. |
361 |
- nssutils=( shlibsign ) |
362 |
- |
363 |
- if multilib_is_native_abi ; then |
364 |
- if use utils; then |
365 |
- # The tests we do not need to install. |
366 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
367 |
- #fipstest remtest sdrtest" |
368 |
- # checkcert utils has been removed in nss-3.22: |
369 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
370 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
371 |
- # certcgi has been removed in nss-3.36: |
372 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
373 |
- nssutils+=( |
374 |
- addbuiltin |
375 |
- atob |
376 |
- baddbdir |
377 |
- btoa |
378 |
- certutil |
379 |
- cmsutil |
380 |
- conflict |
381 |
- crlutil |
382 |
- derdump |
383 |
- digest |
384 |
- makepqg |
385 |
- mangle |
386 |
- modutil |
387 |
- multinit |
388 |
- nonspr10 |
389 |
- ocspclnt |
390 |
- oidcalc |
391 |
- p7content |
392 |
- p7env |
393 |
- p7sign |
394 |
- p7verify |
395 |
- pk11mode |
396 |
- pk12util |
397 |
- pp |
398 |
- rsaperf |
399 |
- selfserv |
400 |
- signtool |
401 |
- signver |
402 |
- ssltap |
403 |
- strsclnt |
404 |
- symkeyutil |
405 |
- tstclnt |
406 |
- vfychain |
407 |
- vfyserv |
408 |
- ) |
409 |
- # install man-pages for utils (bug #516810) |
410 |
- doman doc/nroff/*.1 |
411 |
- fi |
412 |
- pushd dist/*/bin >/dev/null || die |
413 |
- for f in ${nssutils[@]}; do |
414 |
- dobin ${f} |
415 |
- done |
416 |
- popd >/dev/null || die |
417 |
- fi |
418 |
- |
419 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
420 |
- # shlibsign after prelink. |
421 |
- dodir /etc/prelink.conf.d |
422 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
423 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
424 |
-} |
425 |
- |
426 |
-pkg_postinst() { |
427 |
- multilib_pkg_postinst() { |
428 |
- # We must re-sign the libraries AFTER they are stripped. |
429 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
430 |
- # See if we can execute it (cross-compiling & such). #436216 |
431 |
- "${shlibsign}" -h >&/dev/null |
432 |
- if [[ $? -gt 1 ]] ; then |
433 |
- shlibsign="shlibsign" |
434 |
- fi |
435 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
436 |
- } |
437 |
- |
438 |
- multilib_foreach_abi multilib_pkg_postinst |
439 |
-} |
440 |
- |
441 |
-pkg_postrm() { |
442 |
- multilib_pkg_postrm() { |
443 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
444 |
- } |
445 |
- |
446 |
- multilib_foreach_abi multilib_pkg_postrm |
447 |
-} |
448 |
|
449 |
diff --git a/dev-libs/nss/nss-3.48-r1.ebuild b/dev-libs/nss/nss-3.48-r1.ebuild |
450 |
deleted file mode 100644 |
451 |
index 5767fbe73c3..00000000000 |
452 |
--- a/dev-libs/nss/nss-3.48-r1.ebuild |
453 |
+++ /dev/null |
454 |
@@ -1,375 +0,0 @@ |
455 |
-# Copyright 1999-2020 Gentoo Authors |
456 |
-# Distributed under the terms of the GNU General Public License v2 |
457 |
- |
458 |
-EAPI=7 |
459 |
- |
460 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
461 |
- |
462 |
-NSPR_VER="4.24" |
463 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
464 |
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git |
465 |
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116" |
466 |
-PEM_P="${PN}-pem-20160329" |
467 |
- |
468 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
469 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
470 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
471 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch ) |
472 |
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )" |
473 |
- |
474 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
475 |
-SLOT="0" |
476 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
477 |
-IUSE="cacert +nss-pem utils" |
478 |
-BDEPEND=" |
479 |
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
480 |
-" |
481 |
-RDEPEND=" |
482 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
483 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
484 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
485 |
-" |
486 |
-DEPEND="${RDEPEND}" |
487 |
- |
488 |
-RESTRICT="test" |
489 |
- |
490 |
-S="${WORKDIR}/${P}/${PN}" |
491 |
- |
492 |
-MULTILIB_CHOST_TOOLS=( |
493 |
- /usr/bin/nss-config |
494 |
-) |
495 |
- |
496 |
-PATCHES=( |
497 |
- # Custom changes for gentoo |
498 |
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
499 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
500 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
501 |
-) |
502 |
- |
503 |
-src_unpack() { |
504 |
- unpack ${A} |
505 |
- if use nss-pem ; then |
506 |
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die |
507 |
- fi |
508 |
-} |
509 |
- |
510 |
-src_prepare() { |
511 |
- if use nss-pem ; then |
512 |
- PATCHES+=( |
513 |
- "${FILESDIR}/${PN}-3.47-enable-pem.patch" |
514 |
- ) |
515 |
- fi |
516 |
- if use cacert ; then #521462 |
517 |
- PATCHES+=( |
518 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
519 |
- ) |
520 |
- fi |
521 |
- |
522 |
- default |
523 |
- |
524 |
- pushd coreconf >/dev/null || die |
525 |
- # hack nspr paths |
526 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
527 |
- >> headers.mk || die "failed to append include" |
528 |
- |
529 |
- # modify install path |
530 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
531 |
- -i source.mk || die |
532 |
- |
533 |
- # Respect LDFLAGS |
534 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
535 |
- popd >/dev/null || die |
536 |
- |
537 |
- # Fix pkgconfig file for Prefix |
538 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
539 |
- config/Makefile || die |
540 |
- |
541 |
- # use host shlibsign if need be #436216 |
542 |
- if tc-is-cross-compiler ; then |
543 |
- sed -i \ |
544 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
545 |
- cmd/shlibsign/sign.sh || die |
546 |
- fi |
547 |
- |
548 |
- # dirty hack |
549 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
550 |
- lib/ssl/config.mk || die |
551 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
552 |
- cmd/platlibs.mk || die |
553 |
- |
554 |
- multilib_copy_sources |
555 |
- |
556 |
- strip-flags |
557 |
-} |
558 |
- |
559 |
-multilib_src_configure() { |
560 |
- # Ensure we stay multilib aware |
561 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
562 |
-} |
563 |
- |
564 |
-nssarch() { |
565 |
- # Most of the arches are the same as $ARCH |
566 |
- local t=${1:-${CHOST}} |
567 |
- case ${t} in |
568 |
- aarch64*)echo "aarch64";; |
569 |
- hppa*) echo "parisc";; |
570 |
- i?86*) echo "i686";; |
571 |
- x86_64*) echo "x86_64";; |
572 |
- *) tc-arch ${t};; |
573 |
- esac |
574 |
-} |
575 |
- |
576 |
-nssbits() { |
577 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
578 |
- if [[ ${1} == BUILD_ ]]; then |
579 |
- cc=$(tc-getBUILD_CC) |
580 |
- else |
581 |
- cc=$(tc-getCC) |
582 |
- fi |
583 |
- echo > "${T}"/test.c || die |
584 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
585 |
- case $(file "${T}/${1}test.o") in |
586 |
- *32-bit*x86-64*) echo USE_X32=1;; |
587 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
588 |
- *32-bit*|*ppc*|*i386*) ;; |
589 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
590 |
- esac |
591 |
-} |
592 |
- |
593 |
-multilib_src_compile() { |
594 |
- # use ABI to determine bit'ness, or fallback if unset |
595 |
- local buildbits mybits |
596 |
- case "${ABI}" in |
597 |
- n32) mybits="USE_N32=1";; |
598 |
- x32) mybits="USE_X32=1";; |
599 |
- s390x|*64) mybits="USE_64=1";; |
600 |
- ${DEFAULT_ABI}) |
601 |
- einfo "Running compilation test to determine bit'ness" |
602 |
- mybits=$(nssbits) |
603 |
- ;; |
604 |
- esac |
605 |
- # bitness of host may differ from target |
606 |
- if tc-is-cross-compiler; then |
607 |
- buildbits=$(nssbits BUILD_) |
608 |
- fi |
609 |
- |
610 |
- local makeargs=( |
611 |
- CC="$(tc-getCC)" |
612 |
- CCC="$(tc-getCXX)" |
613 |
- AR="$(tc-getAR) rc \$@" |
614 |
- RANLIB="$(tc-getRANLIB)" |
615 |
- OPTIMIZER= |
616 |
- ${mybits} |
617 |
- ) |
618 |
- |
619 |
- # Take care of nspr settings #436216 |
620 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
621 |
- unset NSPR_INCLUDE_DIR |
622 |
- |
623 |
- # Do not let `uname` be used. |
624 |
- if use kernel_linux ; then |
625 |
- makeargs+=( |
626 |
- OS_TARGET=Linux |
627 |
- OS_RELEASE=2.6 |
628 |
- OS_TEST="$(nssarch)" |
629 |
- ) |
630 |
- fi |
631 |
- |
632 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
633 |
- export NSS_ENABLE_WERROR=0 #567158 |
634 |
- export BUILD_OPT=1 |
635 |
- export NSS_USE_SYSTEM_SQLITE=1 |
636 |
- export NSDISTMODE=copy |
637 |
- export NSS_ENABLE_ECC=1 |
638 |
- export FREEBL_NO_DEPEND=1 |
639 |
- export FREEBL_LOWHASH=1 |
640 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
641 |
- export ASFLAGS="" |
642 |
- |
643 |
- local d |
644 |
- |
645 |
- # Build the host tools first. |
646 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
647 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
648 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
649 |
- emake -j1 -C coreconf \ |
650 |
- CC="$(tc-getBUILD_CC)" \ |
651 |
- ${buildbits:-${mybits}} |
652 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
653 |
- |
654 |
- # Then build the target tools. |
655 |
- for d in . lib/dbm ; do |
656 |
- CPPFLAGS="${myCPPFLAGS}" \ |
657 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
658 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
659 |
- emake -j1 "${makeargs[@]}" -C ${d} |
660 |
- done |
661 |
-} |
662 |
- |
663 |
-# Altering these 3 libraries breaks the CHK verification. |
664 |
-# All of the following cause it to break: |
665 |
-# - stripping |
666 |
-# - prelink |
667 |
-# - ELF signing |
668 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
669 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
670 |
-# stripping. |
671 |
-#local_libdir="$(get_libdir)" |
672 |
-#export STRIP_MASK=" |
673 |
-# */${local_libdir}/libfreebl3.so* |
674 |
-# */${local_libdir}/libnssdbm3.so* |
675 |
-# */${local_libdir}/libsoftokn3.so*" |
676 |
- |
677 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
678 |
- |
679 |
-generate_chk() { |
680 |
- local shlibsign="$1" |
681 |
- local libdir="$2" |
682 |
- einfo "Resigning core NSS libraries for FIPS validation" |
683 |
- shift 2 |
684 |
- local i |
685 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
686 |
- local libname=lib${i}.so |
687 |
- local chkname=lib${i}.chk |
688 |
- "${shlibsign}" \ |
689 |
- -i "${libdir}"/${libname} \ |
690 |
- -o "${libdir}"/${chkname}.tmp \ |
691 |
- && mv -f \ |
692 |
- "${libdir}"/${chkname}.tmp \ |
693 |
- "${libdir}"/${chkname} \ |
694 |
- || die "Failed to sign ${libname}" |
695 |
- done |
696 |
-} |
697 |
- |
698 |
-cleanup_chk() { |
699 |
- local libdir="$1" |
700 |
- shift 1 |
701 |
- local i |
702 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
703 |
- local libfname="${libdir}/lib${i}.so" |
704 |
- # If the major version has changed, then we have old chk files. |
705 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
706 |
- && rm -f "${libfname}.chk" |
707 |
- done |
708 |
-} |
709 |
- |
710 |
-multilib_src_install() { |
711 |
- pushd dist >/dev/null || die |
712 |
- |
713 |
- dodir /usr/$(get_libdir) |
714 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
715 |
- local i |
716 |
- for i in crmf freebl nssb nssckfw ; do |
717 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
718 |
- done |
719 |
- |
720 |
- # Install nss-config and pkgconfig file |
721 |
- dodir /usr/bin |
722 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
723 |
- dodir /usr/$(get_libdir)/pkgconfig |
724 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
725 |
- |
726 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
727 |
- # bug 517266 |
728 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
729 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
730 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
731 |
- || die "could not create nss-softokn.pc" |
732 |
- |
733 |
- # all the include files |
734 |
- insinto /usr/include/nss |
735 |
- doins public/nss/*.{h,api} |
736 |
- insinto /usr/include/nss/private |
737 |
- doins private/nss/{blapi,alghmac}.h |
738 |
- |
739 |
- popd >/dev/null || die |
740 |
- |
741 |
- local f nssutils |
742 |
- # Always enabled because we need it for chk generation. |
743 |
- nssutils=( shlibsign ) |
744 |
- |
745 |
- if multilib_is_native_abi ; then |
746 |
- if use utils; then |
747 |
- # The tests we do not need to install. |
748 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
749 |
- #fipstest remtest sdrtest" |
750 |
- # checkcert utils has been removed in nss-3.22: |
751 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
752 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
753 |
- # certcgi has been removed in nss-3.36: |
754 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
755 |
- nssutils+=( |
756 |
- addbuiltin |
757 |
- atob |
758 |
- baddbdir |
759 |
- btoa |
760 |
- certutil |
761 |
- cmsutil |
762 |
- conflict |
763 |
- crlutil |
764 |
- derdump |
765 |
- digest |
766 |
- makepqg |
767 |
- mangle |
768 |
- modutil |
769 |
- multinit |
770 |
- nonspr10 |
771 |
- ocspclnt |
772 |
- oidcalc |
773 |
- p7content |
774 |
- p7env |
775 |
- p7sign |
776 |
- p7verify |
777 |
- pk11mode |
778 |
- pk12util |
779 |
- pp |
780 |
- rsaperf |
781 |
- selfserv |
782 |
- signtool |
783 |
- signver |
784 |
- ssltap |
785 |
- strsclnt |
786 |
- symkeyutil |
787 |
- tstclnt |
788 |
- vfychain |
789 |
- vfyserv |
790 |
- ) |
791 |
- # install man-pages for utils (bug #516810) |
792 |
- doman doc/nroff/*.1 |
793 |
- fi |
794 |
- pushd dist/*/bin >/dev/null || die |
795 |
- for f in ${nssutils[@]}; do |
796 |
- dobin ${f} |
797 |
- done |
798 |
- popd >/dev/null || die |
799 |
- fi |
800 |
- |
801 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
802 |
- # shlibsign after prelink. |
803 |
- dodir /etc/prelink.conf.d |
804 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
805 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
806 |
-} |
807 |
- |
808 |
-pkg_postinst() { |
809 |
- multilib_pkg_postinst() { |
810 |
- # We must re-sign the libraries AFTER they are stripped. |
811 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
812 |
- # See if we can execute it (cross-compiling & such). #436216 |
813 |
- "${shlibsign}" -h >&/dev/null |
814 |
- if [[ $? -gt 1 ]] ; then |
815 |
- shlibsign="shlibsign" |
816 |
- fi |
817 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
818 |
- } |
819 |
- |
820 |
- multilib_foreach_abi multilib_pkg_postinst |
821 |
-} |
822 |
- |
823 |
-pkg_postrm() { |
824 |
- multilib_pkg_postrm() { |
825 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
826 |
- } |
827 |
- |
828 |
- multilib_foreach_abi multilib_pkg_postrm |
829 |
-} |
830 |
|
831 |
diff --git a/dev-libs/nss/nss-3.49.2.ebuild b/dev-libs/nss/nss-3.49.2.ebuild |
832 |
deleted file mode 100644 |
833 |
index 5767fbe73c3..00000000000 |
834 |
--- a/dev-libs/nss/nss-3.49.2.ebuild |
835 |
+++ /dev/null |
836 |
@@ -1,375 +0,0 @@ |
837 |
-# Copyright 1999-2020 Gentoo Authors |
838 |
-# Distributed under the terms of the GNU General Public License v2 |
839 |
- |
840 |
-EAPI=7 |
841 |
- |
842 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
843 |
- |
844 |
-NSPR_VER="4.24" |
845 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
846 |
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git |
847 |
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116" |
848 |
-PEM_P="${PN}-pem-20160329" |
849 |
- |
850 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
851 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
852 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
853 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch ) |
854 |
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )" |
855 |
- |
856 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
857 |
-SLOT="0" |
858 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
859 |
-IUSE="cacert +nss-pem utils" |
860 |
-BDEPEND=" |
861 |
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
862 |
-" |
863 |
-RDEPEND=" |
864 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
865 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
866 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
867 |
-" |
868 |
-DEPEND="${RDEPEND}" |
869 |
- |
870 |
-RESTRICT="test" |
871 |
- |
872 |
-S="${WORKDIR}/${P}/${PN}" |
873 |
- |
874 |
-MULTILIB_CHOST_TOOLS=( |
875 |
- /usr/bin/nss-config |
876 |
-) |
877 |
- |
878 |
-PATCHES=( |
879 |
- # Custom changes for gentoo |
880 |
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
881 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
882 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
883 |
-) |
884 |
- |
885 |
-src_unpack() { |
886 |
- unpack ${A} |
887 |
- if use nss-pem ; then |
888 |
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die |
889 |
- fi |
890 |
-} |
891 |
- |
892 |
-src_prepare() { |
893 |
- if use nss-pem ; then |
894 |
- PATCHES+=( |
895 |
- "${FILESDIR}/${PN}-3.47-enable-pem.patch" |
896 |
- ) |
897 |
- fi |
898 |
- if use cacert ; then #521462 |
899 |
- PATCHES+=( |
900 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
901 |
- ) |
902 |
- fi |
903 |
- |
904 |
- default |
905 |
- |
906 |
- pushd coreconf >/dev/null || die |
907 |
- # hack nspr paths |
908 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
909 |
- >> headers.mk || die "failed to append include" |
910 |
- |
911 |
- # modify install path |
912 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
913 |
- -i source.mk || die |
914 |
- |
915 |
- # Respect LDFLAGS |
916 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
917 |
- popd >/dev/null || die |
918 |
- |
919 |
- # Fix pkgconfig file for Prefix |
920 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
921 |
- config/Makefile || die |
922 |
- |
923 |
- # use host shlibsign if need be #436216 |
924 |
- if tc-is-cross-compiler ; then |
925 |
- sed -i \ |
926 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
927 |
- cmd/shlibsign/sign.sh || die |
928 |
- fi |
929 |
- |
930 |
- # dirty hack |
931 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
932 |
- lib/ssl/config.mk || die |
933 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
934 |
- cmd/platlibs.mk || die |
935 |
- |
936 |
- multilib_copy_sources |
937 |
- |
938 |
- strip-flags |
939 |
-} |
940 |
- |
941 |
-multilib_src_configure() { |
942 |
- # Ensure we stay multilib aware |
943 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
944 |
-} |
945 |
- |
946 |
-nssarch() { |
947 |
- # Most of the arches are the same as $ARCH |
948 |
- local t=${1:-${CHOST}} |
949 |
- case ${t} in |
950 |
- aarch64*)echo "aarch64";; |
951 |
- hppa*) echo "parisc";; |
952 |
- i?86*) echo "i686";; |
953 |
- x86_64*) echo "x86_64";; |
954 |
- *) tc-arch ${t};; |
955 |
- esac |
956 |
-} |
957 |
- |
958 |
-nssbits() { |
959 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
960 |
- if [[ ${1} == BUILD_ ]]; then |
961 |
- cc=$(tc-getBUILD_CC) |
962 |
- else |
963 |
- cc=$(tc-getCC) |
964 |
- fi |
965 |
- echo > "${T}"/test.c || die |
966 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
967 |
- case $(file "${T}/${1}test.o") in |
968 |
- *32-bit*x86-64*) echo USE_X32=1;; |
969 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
970 |
- *32-bit*|*ppc*|*i386*) ;; |
971 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
972 |
- esac |
973 |
-} |
974 |
- |
975 |
-multilib_src_compile() { |
976 |
- # use ABI to determine bit'ness, or fallback if unset |
977 |
- local buildbits mybits |
978 |
- case "${ABI}" in |
979 |
- n32) mybits="USE_N32=1";; |
980 |
- x32) mybits="USE_X32=1";; |
981 |
- s390x|*64) mybits="USE_64=1";; |
982 |
- ${DEFAULT_ABI}) |
983 |
- einfo "Running compilation test to determine bit'ness" |
984 |
- mybits=$(nssbits) |
985 |
- ;; |
986 |
- esac |
987 |
- # bitness of host may differ from target |
988 |
- if tc-is-cross-compiler; then |
989 |
- buildbits=$(nssbits BUILD_) |
990 |
- fi |
991 |
- |
992 |
- local makeargs=( |
993 |
- CC="$(tc-getCC)" |
994 |
- CCC="$(tc-getCXX)" |
995 |
- AR="$(tc-getAR) rc \$@" |
996 |
- RANLIB="$(tc-getRANLIB)" |
997 |
- OPTIMIZER= |
998 |
- ${mybits} |
999 |
- ) |
1000 |
- |
1001 |
- # Take care of nspr settings #436216 |
1002 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
1003 |
- unset NSPR_INCLUDE_DIR |
1004 |
- |
1005 |
- # Do not let `uname` be used. |
1006 |
- if use kernel_linux ; then |
1007 |
- makeargs+=( |
1008 |
- OS_TARGET=Linux |
1009 |
- OS_RELEASE=2.6 |
1010 |
- OS_TEST="$(nssarch)" |
1011 |
- ) |
1012 |
- fi |
1013 |
- |
1014 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
1015 |
- export NSS_ENABLE_WERROR=0 #567158 |
1016 |
- export BUILD_OPT=1 |
1017 |
- export NSS_USE_SYSTEM_SQLITE=1 |
1018 |
- export NSDISTMODE=copy |
1019 |
- export NSS_ENABLE_ECC=1 |
1020 |
- export FREEBL_NO_DEPEND=1 |
1021 |
- export FREEBL_LOWHASH=1 |
1022 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
1023 |
- export ASFLAGS="" |
1024 |
- |
1025 |
- local d |
1026 |
- |
1027 |
- # Build the host tools first. |
1028 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
1029 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
1030 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1031 |
- emake -j1 -C coreconf \ |
1032 |
- CC="$(tc-getBUILD_CC)" \ |
1033 |
- ${buildbits:-${mybits}} |
1034 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
1035 |
- |
1036 |
- # Then build the target tools. |
1037 |
- for d in . lib/dbm ; do |
1038 |
- CPPFLAGS="${myCPPFLAGS}" \ |
1039 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
1040 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1041 |
- emake -j1 "${makeargs[@]}" -C ${d} |
1042 |
- done |
1043 |
-} |
1044 |
- |
1045 |
-# Altering these 3 libraries breaks the CHK verification. |
1046 |
-# All of the following cause it to break: |
1047 |
-# - stripping |
1048 |
-# - prelink |
1049 |
-# - ELF signing |
1050 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
1051 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
1052 |
-# stripping. |
1053 |
-#local_libdir="$(get_libdir)" |
1054 |
-#export STRIP_MASK=" |
1055 |
-# */${local_libdir}/libfreebl3.so* |
1056 |
-# */${local_libdir}/libnssdbm3.so* |
1057 |
-# */${local_libdir}/libsoftokn3.so*" |
1058 |
- |
1059 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
1060 |
- |
1061 |
-generate_chk() { |
1062 |
- local shlibsign="$1" |
1063 |
- local libdir="$2" |
1064 |
- einfo "Resigning core NSS libraries for FIPS validation" |
1065 |
- shift 2 |
1066 |
- local i |
1067 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1068 |
- local libname=lib${i}.so |
1069 |
- local chkname=lib${i}.chk |
1070 |
- "${shlibsign}" \ |
1071 |
- -i "${libdir}"/${libname} \ |
1072 |
- -o "${libdir}"/${chkname}.tmp \ |
1073 |
- && mv -f \ |
1074 |
- "${libdir}"/${chkname}.tmp \ |
1075 |
- "${libdir}"/${chkname} \ |
1076 |
- || die "Failed to sign ${libname}" |
1077 |
- done |
1078 |
-} |
1079 |
- |
1080 |
-cleanup_chk() { |
1081 |
- local libdir="$1" |
1082 |
- shift 1 |
1083 |
- local i |
1084 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1085 |
- local libfname="${libdir}/lib${i}.so" |
1086 |
- # If the major version has changed, then we have old chk files. |
1087 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
1088 |
- && rm -f "${libfname}.chk" |
1089 |
- done |
1090 |
-} |
1091 |
- |
1092 |
-multilib_src_install() { |
1093 |
- pushd dist >/dev/null || die |
1094 |
- |
1095 |
- dodir /usr/$(get_libdir) |
1096 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
1097 |
- local i |
1098 |
- for i in crmf freebl nssb nssckfw ; do |
1099 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
1100 |
- done |
1101 |
- |
1102 |
- # Install nss-config and pkgconfig file |
1103 |
- dodir /usr/bin |
1104 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
1105 |
- dodir /usr/$(get_libdir)/pkgconfig |
1106 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
1107 |
- |
1108 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
1109 |
- # bug 517266 |
1110 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
1111 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
1112 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
1113 |
- || die "could not create nss-softokn.pc" |
1114 |
- |
1115 |
- # all the include files |
1116 |
- insinto /usr/include/nss |
1117 |
- doins public/nss/*.{h,api} |
1118 |
- insinto /usr/include/nss/private |
1119 |
- doins private/nss/{blapi,alghmac}.h |
1120 |
- |
1121 |
- popd >/dev/null || die |
1122 |
- |
1123 |
- local f nssutils |
1124 |
- # Always enabled because we need it for chk generation. |
1125 |
- nssutils=( shlibsign ) |
1126 |
- |
1127 |
- if multilib_is_native_abi ; then |
1128 |
- if use utils; then |
1129 |
- # The tests we do not need to install. |
1130 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
1131 |
- #fipstest remtest sdrtest" |
1132 |
- # checkcert utils has been removed in nss-3.22: |
1133 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
1134 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
1135 |
- # certcgi has been removed in nss-3.36: |
1136 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
1137 |
- nssutils+=( |
1138 |
- addbuiltin |
1139 |
- atob |
1140 |
- baddbdir |
1141 |
- btoa |
1142 |
- certutil |
1143 |
- cmsutil |
1144 |
- conflict |
1145 |
- crlutil |
1146 |
- derdump |
1147 |
- digest |
1148 |
- makepqg |
1149 |
- mangle |
1150 |
- modutil |
1151 |
- multinit |
1152 |
- nonspr10 |
1153 |
- ocspclnt |
1154 |
- oidcalc |
1155 |
- p7content |
1156 |
- p7env |
1157 |
- p7sign |
1158 |
- p7verify |
1159 |
- pk11mode |
1160 |
- pk12util |
1161 |
- pp |
1162 |
- rsaperf |
1163 |
- selfserv |
1164 |
- signtool |
1165 |
- signver |
1166 |
- ssltap |
1167 |
- strsclnt |
1168 |
- symkeyutil |
1169 |
- tstclnt |
1170 |
- vfychain |
1171 |
- vfyserv |
1172 |
- ) |
1173 |
- # install man-pages for utils (bug #516810) |
1174 |
- doman doc/nroff/*.1 |
1175 |
- fi |
1176 |
- pushd dist/*/bin >/dev/null || die |
1177 |
- for f in ${nssutils[@]}; do |
1178 |
- dobin ${f} |
1179 |
- done |
1180 |
- popd >/dev/null || die |
1181 |
- fi |
1182 |
- |
1183 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
1184 |
- # shlibsign after prelink. |
1185 |
- dodir /etc/prelink.conf.d |
1186 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
1187 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
1188 |
-} |
1189 |
- |
1190 |
-pkg_postinst() { |
1191 |
- multilib_pkg_postinst() { |
1192 |
- # We must re-sign the libraries AFTER they are stripped. |
1193 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
1194 |
- # See if we can execute it (cross-compiling & such). #436216 |
1195 |
- "${shlibsign}" -h >&/dev/null |
1196 |
- if [[ $? -gt 1 ]] ; then |
1197 |
- shlibsign="shlibsign" |
1198 |
- fi |
1199 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
1200 |
- } |
1201 |
- |
1202 |
- multilib_foreach_abi multilib_pkg_postinst |
1203 |
-} |
1204 |
- |
1205 |
-pkg_postrm() { |
1206 |
- multilib_pkg_postrm() { |
1207 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
1208 |
- } |
1209 |
- |
1210 |
- multilib_foreach_abi multilib_pkg_postrm |
1211 |
-} |
1212 |
|
1213 |
diff --git a/dev-libs/nss/nss-3.50-r1.ebuild b/dev-libs/nss/nss-3.50-r1.ebuild |
1214 |
deleted file mode 100644 |
1215 |
index b1c3b3f782f..00000000000 |
1216 |
--- a/dev-libs/nss/nss-3.50-r1.ebuild |
1217 |
+++ /dev/null |
1218 |
@@ -1,359 +0,0 @@ |
1219 |
-# Copyright 1999-2020 Gentoo Authors |
1220 |
-# Distributed under the terms of the GNU General Public License v2 |
1221 |
- |
1222 |
-EAPI=7 |
1223 |
- |
1224 |
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal |
1225 |
- |
1226 |
-NSPR_VER="4.25" |
1227 |
-RTM_NAME="NSS_${PV//./_}_RTM" |
1228 |
- |
1229 |
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" |
1230 |
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" |
1231 |
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz |
1232 |
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )" |
1233 |
- |
1234 |
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" |
1235 |
-SLOT="0" |
1236 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
1237 |
-IUSE="cacert utils" |
1238 |
-BDEPEND=" |
1239 |
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
1240 |
-" |
1241 |
-RDEPEND=" |
1242 |
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] |
1243 |
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] |
1244 |
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] |
1245 |
-" |
1246 |
-DEPEND="${RDEPEND}" |
1247 |
- |
1248 |
-RESTRICT="test" |
1249 |
- |
1250 |
-S="${WORKDIR}/${P}/${PN}" |
1251 |
- |
1252 |
-MULTILIB_CHOST_TOOLS=( |
1253 |
- /usr/bin/nss-config |
1254 |
-) |
1255 |
- |
1256 |
-PATCHES=( |
1257 |
- # Custom changes for gentoo |
1258 |
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch" |
1259 |
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
1260 |
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
1261 |
-) |
1262 |
- |
1263 |
-src_prepare() { |
1264 |
- if use cacert ; then #521462 |
1265 |
- PATCHES+=( |
1266 |
- "${DISTDIR}/${PN}-cacert-class1-class3.patch" |
1267 |
- ) |
1268 |
- fi |
1269 |
- |
1270 |
- default |
1271 |
- |
1272 |
- pushd coreconf >/dev/null || die |
1273 |
- # hack nspr paths |
1274 |
- echo 'INCLUDES += -I$(DIST)/include/dbm' \ |
1275 |
- >> headers.mk || die "failed to append include" |
1276 |
- |
1277 |
- # modify install path |
1278 |
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ |
1279 |
- -i source.mk || die |
1280 |
- |
1281 |
- # Respect LDFLAGS |
1282 |
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk |
1283 |
- popd >/dev/null || die |
1284 |
- |
1285 |
- # Fix pkgconfig file for Prefix |
1286 |
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ |
1287 |
- config/Makefile || die |
1288 |
- |
1289 |
- # use host shlibsign if need be #436216 |
1290 |
- if tc-is-cross-compiler ; then |
1291 |
- sed -i \ |
1292 |
- -e 's:"${2}"/shlibsign:shlibsign:' \ |
1293 |
- cmd/shlibsign/sign.sh || die |
1294 |
- fi |
1295 |
- |
1296 |
- # dirty hack |
1297 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ |
1298 |
- lib/ssl/config.mk || die |
1299 |
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ |
1300 |
- cmd/platlibs.mk || die |
1301 |
- |
1302 |
- multilib_copy_sources |
1303 |
- |
1304 |
- strip-flags |
1305 |
-} |
1306 |
- |
1307 |
-multilib_src_configure() { |
1308 |
- # Ensure we stay multilib aware |
1309 |
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die |
1310 |
-} |
1311 |
- |
1312 |
-nssarch() { |
1313 |
- # Most of the arches are the same as $ARCH |
1314 |
- local t=${1:-${CHOST}} |
1315 |
- case ${t} in |
1316 |
- aarch64*)echo "aarch64";; |
1317 |
- hppa*) echo "parisc";; |
1318 |
- i?86*) echo "i686";; |
1319 |
- x86_64*) echo "x86_64";; |
1320 |
- *) tc-arch ${t};; |
1321 |
- esac |
1322 |
-} |
1323 |
- |
1324 |
-nssbits() { |
1325 |
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" |
1326 |
- if [[ ${1} == BUILD_ ]]; then |
1327 |
- cc=$(tc-getBUILD_CC) |
1328 |
- else |
1329 |
- cc=$(tc-getCC) |
1330 |
- fi |
1331 |
- echo > "${T}"/test.c || die |
1332 |
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die |
1333 |
- case $(file "${T}/${1}test.o") in |
1334 |
- *32-bit*x86-64*) echo USE_X32=1;; |
1335 |
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; |
1336 |
- *32-bit*|*ppc*|*i386*) ;; |
1337 |
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; |
1338 |
- esac |
1339 |
-} |
1340 |
- |
1341 |
-multilib_src_compile() { |
1342 |
- # use ABI to determine bit'ness, or fallback if unset |
1343 |
- local buildbits mybits |
1344 |
- case "${ABI}" in |
1345 |
- n32) mybits="USE_N32=1";; |
1346 |
- x32) mybits="USE_X32=1";; |
1347 |
- s390x|*64) mybits="USE_64=1";; |
1348 |
- ${DEFAULT_ABI}) |
1349 |
- einfo "Running compilation test to determine bit'ness" |
1350 |
- mybits=$(nssbits) |
1351 |
- ;; |
1352 |
- esac |
1353 |
- # bitness of host may differ from target |
1354 |
- if tc-is-cross-compiler; then |
1355 |
- buildbits=$(nssbits BUILD_) |
1356 |
- fi |
1357 |
- |
1358 |
- local makeargs=( |
1359 |
- CC="$(tc-getCC)" |
1360 |
- CCC="$(tc-getCXX)" |
1361 |
- AR="$(tc-getAR) rc \$@" |
1362 |
- RANLIB="$(tc-getRANLIB)" |
1363 |
- OPTIMIZER= |
1364 |
- ${mybits} |
1365 |
- ) |
1366 |
- |
1367 |
- # Take care of nspr settings #436216 |
1368 |
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" |
1369 |
- unset NSPR_INCLUDE_DIR |
1370 |
- |
1371 |
- # Do not let `uname` be used. |
1372 |
- if use kernel_linux ; then |
1373 |
- makeargs+=( |
1374 |
- OS_TARGET=Linux |
1375 |
- OS_RELEASE=2.6 |
1376 |
- OS_TEST="$(nssarch)" |
1377 |
- ) |
1378 |
- fi |
1379 |
- |
1380 |
- export NSS_ALLOW_SSLKEYLOGFILE=1 |
1381 |
- export NSS_ENABLE_WERROR=0 #567158 |
1382 |
- export BUILD_OPT=1 |
1383 |
- export NSS_USE_SYSTEM_SQLITE=1 |
1384 |
- export NSDISTMODE=copy |
1385 |
- export NSS_ENABLE_ECC=1 |
1386 |
- export FREEBL_NO_DEPEND=1 |
1387 |
- export FREEBL_LOWHASH=1 |
1388 |
- export NSS_SEED_ONLY_DEV_URANDOM=1 |
1389 |
- export ASFLAGS="" |
1390 |
- |
1391 |
- local d |
1392 |
- |
1393 |
- # Build the host tools first. |
1394 |
- LDFLAGS="${BUILD_LDFLAGS}" \ |
1395 |
- XCFLAGS="${BUILD_CFLAGS}" \ |
1396 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1397 |
- emake -j1 -C coreconf \ |
1398 |
- CC="$(tc-getBUILD_CC)" \ |
1399 |
- ${buildbits:-${mybits}} |
1400 |
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) |
1401 |
- |
1402 |
- # Then build the target tools. |
1403 |
- for d in . lib/dbm ; do |
1404 |
- CPPFLAGS="${myCPPFLAGS}" \ |
1405 |
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ |
1406 |
- NSPR_LIB_DIR="${T}/fakedir" \ |
1407 |
- emake -j1 "${makeargs[@]}" -C ${d} |
1408 |
- done |
1409 |
-} |
1410 |
- |
1411 |
-# Altering these 3 libraries breaks the CHK verification. |
1412 |
-# All of the following cause it to break: |
1413 |
-# - stripping |
1414 |
-# - prelink |
1415 |
-# - ELF signing |
1416 |
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html |
1417 |
-# Either we have to NOT strip them, or we have to forcibly resign after |
1418 |
-# stripping. |
1419 |
-#local_libdir="$(get_libdir)" |
1420 |
-#export STRIP_MASK=" |
1421 |
-# */${local_libdir}/libfreebl3.so* |
1422 |
-# */${local_libdir}/libnssdbm3.so* |
1423 |
-# */${local_libdir}/libsoftokn3.so*" |
1424 |
- |
1425 |
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" |
1426 |
- |
1427 |
-generate_chk() { |
1428 |
- local shlibsign="$1" |
1429 |
- local libdir="$2" |
1430 |
- einfo "Resigning core NSS libraries for FIPS validation" |
1431 |
- shift 2 |
1432 |
- local i |
1433 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1434 |
- local libname=lib${i}.so |
1435 |
- local chkname=lib${i}.chk |
1436 |
- "${shlibsign}" \ |
1437 |
- -i "${libdir}"/${libname} \ |
1438 |
- -o "${libdir}"/${chkname}.tmp \ |
1439 |
- && mv -f \ |
1440 |
- "${libdir}"/${chkname}.tmp \ |
1441 |
- "${libdir}"/${chkname} \ |
1442 |
- || die "Failed to sign ${libname}" |
1443 |
- done |
1444 |
-} |
1445 |
- |
1446 |
-cleanup_chk() { |
1447 |
- local libdir="$1" |
1448 |
- shift 1 |
1449 |
- local i |
1450 |
- for i in ${NSS_CHK_SIGN_LIBS} ; do |
1451 |
- local libfname="${libdir}/lib${i}.so" |
1452 |
- # If the major version has changed, then we have old chk files. |
1453 |
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ |
1454 |
- && rm -f "${libfname}.chk" |
1455 |
- done |
1456 |
-} |
1457 |
- |
1458 |
-multilib_src_install() { |
1459 |
- pushd dist >/dev/null || die |
1460 |
- |
1461 |
- dodir /usr/$(get_libdir) |
1462 |
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" |
1463 |
- local i |
1464 |
- for i in crmf freebl nssb nssckfw ; do |
1465 |
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" |
1466 |
- done |
1467 |
- |
1468 |
- # Install nss-config and pkgconfig file |
1469 |
- dodir /usr/bin |
1470 |
- cp -L */bin/nss-config "${ED}"/usr/bin || die |
1471 |
- dodir /usr/$(get_libdir)/pkgconfig |
1472 |
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die |
1473 |
- |
1474 |
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers |
1475 |
- # bug 517266 |
1476 |
- sed -e 's#Libs:#Libs: -lfreebl#' \ |
1477 |
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \ |
1478 |
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ |
1479 |
- || die "could not create nss-softokn.pc" |
1480 |
- |
1481 |
- # all the include files |
1482 |
- insinto /usr/include/nss |
1483 |
- doins public/nss/*.{h,api} |
1484 |
- insinto /usr/include/nss/private |
1485 |
- doins private/nss/{blapi,alghmac,cmac}.h |
1486 |
- |
1487 |
- popd >/dev/null || die |
1488 |
- |
1489 |
- local f nssutils |
1490 |
- # Always enabled because we need it for chk generation. |
1491 |
- nssutils=( shlibsign ) |
1492 |
- |
1493 |
- if multilib_is_native_abi ; then |
1494 |
- if use utils; then |
1495 |
- # The tests we do not need to install. |
1496 |
- #nssutils_test="bltest crmftest dbtest dertimetest |
1497 |
- #fipstest remtest sdrtest" |
1498 |
- # checkcert utils has been removed in nss-3.22: |
1499 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 |
1500 |
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870 |
1501 |
- # certcgi has been removed in nss-3.36: |
1502 |
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602 |
1503 |
- nssutils+=( |
1504 |
- addbuiltin |
1505 |
- atob |
1506 |
- baddbdir |
1507 |
- btoa |
1508 |
- certutil |
1509 |
- cmsutil |
1510 |
- conflict |
1511 |
- crlutil |
1512 |
- derdump |
1513 |
- digest |
1514 |
- makepqg |
1515 |
- mangle |
1516 |
- modutil |
1517 |
- multinit |
1518 |
- nonspr10 |
1519 |
- ocspclnt |
1520 |
- oidcalc |
1521 |
- p7content |
1522 |
- p7env |
1523 |
- p7sign |
1524 |
- p7verify |
1525 |
- pk11mode |
1526 |
- pk12util |
1527 |
- pp |
1528 |
- rsaperf |
1529 |
- selfserv |
1530 |
- signtool |
1531 |
- signver |
1532 |
- ssltap |
1533 |
- strsclnt |
1534 |
- symkeyutil |
1535 |
- tstclnt |
1536 |
- vfychain |
1537 |
- vfyserv |
1538 |
- ) |
1539 |
- # install man-pages for utils (bug #516810) |
1540 |
- doman doc/nroff/*.1 |
1541 |
- fi |
1542 |
- pushd dist/*/bin >/dev/null || die |
1543 |
- for f in ${nssutils[@]}; do |
1544 |
- dobin ${f} |
1545 |
- done |
1546 |
- popd >/dev/null || die |
1547 |
- fi |
1548 |
- |
1549 |
- # Prelink breaks the CHK files. We don't have any reliable way to run |
1550 |
- # shlibsign after prelink. |
1551 |
- dodir /etc/prelink.conf.d |
1552 |
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ |
1553 |
- > "${ED}"/etc/prelink.conf.d/nss.conf |
1554 |
-} |
1555 |
- |
1556 |
-pkg_postinst() { |
1557 |
- multilib_pkg_postinst() { |
1558 |
- # We must re-sign the libraries AFTER they are stripped. |
1559 |
- local shlibsign="${EROOT}/usr/bin/shlibsign" |
1560 |
- # See if we can execute it (cross-compiling & such). #436216 |
1561 |
- "${shlibsign}" -h >&/dev/null |
1562 |
- if [[ $? -gt 1 ]] ; then |
1563 |
- shlibsign="shlibsign" |
1564 |
- fi |
1565 |
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) |
1566 |
- } |
1567 |
- |
1568 |
- multilib_foreach_abi multilib_pkg_postinst |
1569 |
-} |
1570 |
- |
1571 |
-pkg_postrm() { |
1572 |
- multilib_pkg_postrm() { |
1573 |
- cleanup_chk "${EROOT}"/usr/$(get_libdir) |
1574 |
- } |
1575 |
- |
1576 |
- multilib_foreach_abi multilib_pkg_postrm |
1577 |
-} |