Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
Date: Tue, 31 Mar 2020 17:50:53
Message-Id: 1585677038.e0cb2ef179d11014b83d4f5547949fcc057b4951.whissi@gentoo
1 commit: e0cb2ef179d11014b83d4f5547949fcc057b4951
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Mar 31 17:48:42 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Mar 31 17:50:38 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0cb2ef1
7
8 dev-libs/nss: security cleanup (#627534)
9
10 Bug: https://bugs.gentoo.org/627534
11 Package-Manager: Portage-2.3.96, Repoman-2.3.22
12 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14 dev-libs/nss/Manifest | 5 -
15 dev-libs/nss/files/nss-3.47-enable-pem.patch | 11 -
16 dev-libs/nss/metadata.xml | 1 -
17 dev-libs/nss/nss-3.47.1-r1.ebuild | 375 ---------------------------
18 dev-libs/nss/nss-3.48-r1.ebuild | 375 ---------------------------
19 dev-libs/nss/nss-3.49.2.ebuild | 375 ---------------------------
20 dev-libs/nss/nss-3.50-r1.ebuild | 359 -------------------------
21 7 files changed, 1501 deletions(-)
22
23 diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
24 index 96974b35f57..663b875e316 100644
25 --- a/dev-libs/nss/Manifest
26 +++ b/dev-libs/nss/Manifest
27 @@ -1,7 +1,2 @@
28 -DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
29 -DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
30 -DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
31 -DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1
32 DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
33 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
34 -DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2
35
36 diff --git a/dev-libs/nss/files/nss-3.47-enable-pem.patch b/dev-libs/nss/files/nss-3.47-enable-pem.patch
37 deleted file mode 100644
38 index 47a01c322bb..00000000000
39 --- a/dev-libs/nss/files/nss-3.47-enable-pem.patch
40 +++ /dev/null
41 @@ -1,11 +0,0 @@
42 ---- a/lib/ckfw/manifest.mn
43 -+++ b/lib/ckfw/manifest.mn
44 -@@ -5,7 +5,7 @@
45 -
46 - CORE_DEPTH = ../..
47 -
48 --DIRS = builtins
49 -+DIRS = builtins pem
50 -
51 - PRIVATE_EXPORTS = \
52 - ck.h \
53
54 diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
55 index 009a09732ad..c76b165099c 100644
56 --- a/dev-libs/nss/metadata.xml
57 +++ b/dev-libs/nss/metadata.xml
58 @@ -9,7 +9,6 @@
59 <flag name="cacert">
60 Include root/class3 certs from CAcert (http://www.cacert.org/)
61 </flag>
62 - <flag name="nss-pem">Add support for libnsspem</flag>
63 <flag name="utils">Install utilities included with the library</flag>
64 </use>
65 <upstream>
66
67 diff --git a/dev-libs/nss/nss-3.47.1-r1.ebuild b/dev-libs/nss/nss-3.47.1-r1.ebuild
68 deleted file mode 100644
69 index 8c5fc05e76c..00000000000
70 --- a/dev-libs/nss/nss-3.47.1-r1.ebuild
71 +++ /dev/null
72 @@ -1,375 +0,0 @@
73 -# Copyright 1999-2020 Gentoo Authors
74 -# Distributed under the terms of the GNU General Public License v2
75 -
76 -EAPI=7
77 -
78 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
79 -
80 -NSPR_VER="4.22"
81 -RTM_NAME="NSS_${PV//./_}_RTM"
82 -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
83 -PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
84 -PEM_P="${PN}-pem-20160329"
85 -
86 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
87 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
88 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
89 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
90 - nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
91 -
92 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
93 -SLOT="0"
94 -KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
95 -IUSE="cacert +nss-pem utils"
96 -BDEPEND="
97 - >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
98 -"
99 -RDEPEND="
100 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
101 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
102 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
103 -"
104 -DEPEND="${RDEPEND}"
105 -
106 -RESTRICT="test"
107 -
108 -S="${WORKDIR}/${P}/${PN}"
109 -
110 -MULTILIB_CHOST_TOOLS=(
111 - /usr/bin/nss-config
112 -)
113 -
114 -PATCHES=(
115 - # Custom changes for gentoo
116 - "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
117 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
118 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
119 -)
120 -
121 -src_unpack() {
122 - unpack ${A}
123 - if use nss-pem ; then
124 - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
125 - fi
126 -}
127 -
128 -src_prepare() {
129 - if use nss-pem ; then
130 - PATCHES+=(
131 - "${FILESDIR}/${PN}-3.47-enable-pem.patch"
132 - )
133 - fi
134 - if use cacert ; then #521462
135 - PATCHES+=(
136 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
137 - )
138 - fi
139 -
140 - default
141 -
142 - pushd coreconf >/dev/null || die
143 - # hack nspr paths
144 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
145 - >> headers.mk || die "failed to append include"
146 -
147 - # modify install path
148 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
149 - -i source.mk || die
150 -
151 - # Respect LDFLAGS
152 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
153 - popd >/dev/null || die
154 -
155 - # Fix pkgconfig file for Prefix
156 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
157 - config/Makefile || die
158 -
159 - # use host shlibsign if need be #436216
160 - if tc-is-cross-compiler ; then
161 - sed -i \
162 - -e 's:"${2}"/shlibsign:shlibsign:' \
163 - cmd/shlibsign/sign.sh || die
164 - fi
165 -
166 - # dirty hack
167 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
168 - lib/ssl/config.mk || die
169 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
170 - cmd/platlibs.mk || die
171 -
172 - multilib_copy_sources
173 -
174 - strip-flags
175 -}
176 -
177 -multilib_src_configure() {
178 - # Ensure we stay multilib aware
179 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
180 -}
181 -
182 -nssarch() {
183 - # Most of the arches are the same as $ARCH
184 - local t=${1:-${CHOST}}
185 - case ${t} in
186 - aarch64*)echo "aarch64";;
187 - hppa*) echo "parisc";;
188 - i?86*) echo "i686";;
189 - x86_64*) echo "x86_64";;
190 - *) tc-arch ${t};;
191 - esac
192 -}
193 -
194 -nssbits() {
195 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
196 - if [[ ${1} == BUILD_ ]]; then
197 - cc=$(tc-getBUILD_CC)
198 - else
199 - cc=$(tc-getCC)
200 - fi
201 - echo > "${T}"/test.c || die
202 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
203 - case $(file "${T}/${1}test.o") in
204 - *32-bit*x86-64*) echo USE_X32=1;;
205 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
206 - *32-bit*|*ppc*|*i386*) ;;
207 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
208 - esac
209 -}
210 -
211 -multilib_src_compile() {
212 - # use ABI to determine bit'ness, or fallback if unset
213 - local buildbits mybits
214 - case "${ABI}" in
215 - n32) mybits="USE_N32=1";;
216 - x32) mybits="USE_X32=1";;
217 - s390x|*64) mybits="USE_64=1";;
218 - ${DEFAULT_ABI})
219 - einfo "Running compilation test to determine bit'ness"
220 - mybits=$(nssbits)
221 - ;;
222 - esac
223 - # bitness of host may differ from target
224 - if tc-is-cross-compiler; then
225 - buildbits=$(nssbits BUILD_)
226 - fi
227 -
228 - local makeargs=(
229 - CC="$(tc-getCC)"
230 - CCC="$(tc-getCXX)"
231 - AR="$(tc-getAR) rc \$@"
232 - RANLIB="$(tc-getRANLIB)"
233 - OPTIMIZER=
234 - ${mybits}
235 - )
236 -
237 - # Take care of nspr settings #436216
238 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
239 - unset NSPR_INCLUDE_DIR
240 -
241 - # Do not let `uname` be used.
242 - if use kernel_linux ; then
243 - makeargs+=(
244 - OS_TARGET=Linux
245 - OS_RELEASE=2.6
246 - OS_TEST="$(nssarch)"
247 - )
248 - fi
249 -
250 - export NSS_ALLOW_SSLKEYLOGFILE=1
251 - export NSS_ENABLE_WERROR=0 #567158
252 - export BUILD_OPT=1
253 - export NSS_USE_SYSTEM_SQLITE=1
254 - export NSDISTMODE=copy
255 - export NSS_ENABLE_ECC=1
256 - export FREEBL_NO_DEPEND=1
257 - export FREEBL_LOWHASH=1
258 - export NSS_SEED_ONLY_DEV_URANDOM=1
259 - export ASFLAGS=""
260 -
261 - local d
262 -
263 - # Build the host tools first.
264 - LDFLAGS="${BUILD_LDFLAGS}" \
265 - XCFLAGS="${BUILD_CFLAGS}" \
266 - NSPR_LIB_DIR="${T}/fakedir" \
267 - emake -j1 -C coreconf \
268 - CC="$(tc-getBUILD_CC)" \
269 - ${buildbits:-${mybits}}
270 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
271 -
272 - # Then build the target tools.
273 - for d in . lib/dbm ; do
274 - CPPFLAGS="${myCPPFLAGS}" \
275 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
276 - NSPR_LIB_DIR="${T}/fakedir" \
277 - emake -j1 "${makeargs[@]}" -C ${d}
278 - done
279 -}
280 -
281 -# Altering these 3 libraries breaks the CHK verification.
282 -# All of the following cause it to break:
283 -# - stripping
284 -# - prelink
285 -# - ELF signing
286 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
287 -# Either we have to NOT strip them, or we have to forcibly resign after
288 -# stripping.
289 -#local_libdir="$(get_libdir)"
290 -#export STRIP_MASK="
291 -# */${local_libdir}/libfreebl3.so*
292 -# */${local_libdir}/libnssdbm3.so*
293 -# */${local_libdir}/libsoftokn3.so*"
294 -
295 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
296 -
297 -generate_chk() {
298 - local shlibsign="$1"
299 - local libdir="$2"
300 - einfo "Resigning core NSS libraries for FIPS validation"
301 - shift 2
302 - local i
303 - for i in ${NSS_CHK_SIGN_LIBS} ; do
304 - local libname=lib${i}.so
305 - local chkname=lib${i}.chk
306 - "${shlibsign}" \
307 - -i "${libdir}"/${libname} \
308 - -o "${libdir}"/${chkname}.tmp \
309 - && mv -f \
310 - "${libdir}"/${chkname}.tmp \
311 - "${libdir}"/${chkname} \
312 - || die "Failed to sign ${libname}"
313 - done
314 -}
315 -
316 -cleanup_chk() {
317 - local libdir="$1"
318 - shift 1
319 - local i
320 - for i in ${NSS_CHK_SIGN_LIBS} ; do
321 - local libfname="${libdir}/lib${i}.so"
322 - # If the major version has changed, then we have old chk files.
323 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
324 - && rm -f "${libfname}.chk"
325 - done
326 -}
327 -
328 -multilib_src_install() {
329 - pushd dist >/dev/null || die
330 -
331 - dodir /usr/$(get_libdir)
332 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
333 - local i
334 - for i in crmf freebl nssb nssckfw ; do
335 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
336 - done
337 -
338 - # Install nss-config and pkgconfig file
339 - dodir /usr/bin
340 - cp -L */bin/nss-config "${ED}"/usr/bin || die
341 - dodir /usr/$(get_libdir)/pkgconfig
342 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
343 -
344 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
345 - # bug 517266
346 - sed -e 's#Libs:#Libs: -lfreebl#' \
347 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
348 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
349 - || die "could not create nss-softokn.pc"
350 -
351 - # all the include files
352 - insinto /usr/include/nss
353 - doins public/nss/*.{h,api}
354 - insinto /usr/include/nss/private
355 - doins private/nss/{blapi,alghmac}.h
356 -
357 - popd >/dev/null || die
358 -
359 - local f nssutils
360 - # Always enabled because we need it for chk generation.
361 - nssutils=( shlibsign )
362 -
363 - if multilib_is_native_abi ; then
364 - if use utils; then
365 - # The tests we do not need to install.
366 - #nssutils_test="bltest crmftest dbtest dertimetest
367 - #fipstest remtest sdrtest"
368 - # checkcert utils has been removed in nss-3.22:
369 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
370 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
371 - # certcgi has been removed in nss-3.36:
372 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
373 - nssutils+=(
374 - addbuiltin
375 - atob
376 - baddbdir
377 - btoa
378 - certutil
379 - cmsutil
380 - conflict
381 - crlutil
382 - derdump
383 - digest
384 - makepqg
385 - mangle
386 - modutil
387 - multinit
388 - nonspr10
389 - ocspclnt
390 - oidcalc
391 - p7content
392 - p7env
393 - p7sign
394 - p7verify
395 - pk11mode
396 - pk12util
397 - pp
398 - rsaperf
399 - selfserv
400 - signtool
401 - signver
402 - ssltap
403 - strsclnt
404 - symkeyutil
405 - tstclnt
406 - vfychain
407 - vfyserv
408 - )
409 - # install man-pages for utils (bug #516810)
410 - doman doc/nroff/*.1
411 - fi
412 - pushd dist/*/bin >/dev/null || die
413 - for f in ${nssutils[@]}; do
414 - dobin ${f}
415 - done
416 - popd >/dev/null || die
417 - fi
418 -
419 - # Prelink breaks the CHK files. We don't have any reliable way to run
420 - # shlibsign after prelink.
421 - dodir /etc/prelink.conf.d
422 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
423 - > "${ED}"/etc/prelink.conf.d/nss.conf
424 -}
425 -
426 -pkg_postinst() {
427 - multilib_pkg_postinst() {
428 - # We must re-sign the libraries AFTER they are stripped.
429 - local shlibsign="${EROOT}/usr/bin/shlibsign"
430 - # See if we can execute it (cross-compiling & such). #436216
431 - "${shlibsign}" -h >&/dev/null
432 - if [[ $? -gt 1 ]] ; then
433 - shlibsign="shlibsign"
434 - fi
435 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
436 - }
437 -
438 - multilib_foreach_abi multilib_pkg_postinst
439 -}
440 -
441 -pkg_postrm() {
442 - multilib_pkg_postrm() {
443 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
444 - }
445 -
446 - multilib_foreach_abi multilib_pkg_postrm
447 -}
448
449 diff --git a/dev-libs/nss/nss-3.48-r1.ebuild b/dev-libs/nss/nss-3.48-r1.ebuild
450 deleted file mode 100644
451 index 5767fbe73c3..00000000000
452 --- a/dev-libs/nss/nss-3.48-r1.ebuild
453 +++ /dev/null
454 @@ -1,375 +0,0 @@
455 -# Copyright 1999-2020 Gentoo Authors
456 -# Distributed under the terms of the GNU General Public License v2
457 -
458 -EAPI=7
459 -
460 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
461 -
462 -NSPR_VER="4.24"
463 -RTM_NAME="NSS_${PV//./_}_RTM"
464 -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
465 -PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
466 -PEM_P="${PN}-pem-20160329"
467 -
468 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
469 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
470 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
471 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
472 - nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
473 -
474 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
475 -SLOT="0"
476 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
477 -IUSE="cacert +nss-pem utils"
478 -BDEPEND="
479 - >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
480 -"
481 -RDEPEND="
482 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
483 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
484 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
485 -"
486 -DEPEND="${RDEPEND}"
487 -
488 -RESTRICT="test"
489 -
490 -S="${WORKDIR}/${P}/${PN}"
491 -
492 -MULTILIB_CHOST_TOOLS=(
493 - /usr/bin/nss-config
494 -)
495 -
496 -PATCHES=(
497 - # Custom changes for gentoo
498 - "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
499 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
500 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
501 -)
502 -
503 -src_unpack() {
504 - unpack ${A}
505 - if use nss-pem ; then
506 - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
507 - fi
508 -}
509 -
510 -src_prepare() {
511 - if use nss-pem ; then
512 - PATCHES+=(
513 - "${FILESDIR}/${PN}-3.47-enable-pem.patch"
514 - )
515 - fi
516 - if use cacert ; then #521462
517 - PATCHES+=(
518 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
519 - )
520 - fi
521 -
522 - default
523 -
524 - pushd coreconf >/dev/null || die
525 - # hack nspr paths
526 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
527 - >> headers.mk || die "failed to append include"
528 -
529 - # modify install path
530 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
531 - -i source.mk || die
532 -
533 - # Respect LDFLAGS
534 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
535 - popd >/dev/null || die
536 -
537 - # Fix pkgconfig file for Prefix
538 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
539 - config/Makefile || die
540 -
541 - # use host shlibsign if need be #436216
542 - if tc-is-cross-compiler ; then
543 - sed -i \
544 - -e 's:"${2}"/shlibsign:shlibsign:' \
545 - cmd/shlibsign/sign.sh || die
546 - fi
547 -
548 - # dirty hack
549 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
550 - lib/ssl/config.mk || die
551 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
552 - cmd/platlibs.mk || die
553 -
554 - multilib_copy_sources
555 -
556 - strip-flags
557 -}
558 -
559 -multilib_src_configure() {
560 - # Ensure we stay multilib aware
561 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
562 -}
563 -
564 -nssarch() {
565 - # Most of the arches are the same as $ARCH
566 - local t=${1:-${CHOST}}
567 - case ${t} in
568 - aarch64*)echo "aarch64";;
569 - hppa*) echo "parisc";;
570 - i?86*) echo "i686";;
571 - x86_64*) echo "x86_64";;
572 - *) tc-arch ${t};;
573 - esac
574 -}
575 -
576 -nssbits() {
577 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
578 - if [[ ${1} == BUILD_ ]]; then
579 - cc=$(tc-getBUILD_CC)
580 - else
581 - cc=$(tc-getCC)
582 - fi
583 - echo > "${T}"/test.c || die
584 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
585 - case $(file "${T}/${1}test.o") in
586 - *32-bit*x86-64*) echo USE_X32=1;;
587 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
588 - *32-bit*|*ppc*|*i386*) ;;
589 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
590 - esac
591 -}
592 -
593 -multilib_src_compile() {
594 - # use ABI to determine bit'ness, or fallback if unset
595 - local buildbits mybits
596 - case "${ABI}" in
597 - n32) mybits="USE_N32=1";;
598 - x32) mybits="USE_X32=1";;
599 - s390x|*64) mybits="USE_64=1";;
600 - ${DEFAULT_ABI})
601 - einfo "Running compilation test to determine bit'ness"
602 - mybits=$(nssbits)
603 - ;;
604 - esac
605 - # bitness of host may differ from target
606 - if tc-is-cross-compiler; then
607 - buildbits=$(nssbits BUILD_)
608 - fi
609 -
610 - local makeargs=(
611 - CC="$(tc-getCC)"
612 - CCC="$(tc-getCXX)"
613 - AR="$(tc-getAR) rc \$@"
614 - RANLIB="$(tc-getRANLIB)"
615 - OPTIMIZER=
616 - ${mybits}
617 - )
618 -
619 - # Take care of nspr settings #436216
620 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
621 - unset NSPR_INCLUDE_DIR
622 -
623 - # Do not let `uname` be used.
624 - if use kernel_linux ; then
625 - makeargs+=(
626 - OS_TARGET=Linux
627 - OS_RELEASE=2.6
628 - OS_TEST="$(nssarch)"
629 - )
630 - fi
631 -
632 - export NSS_ALLOW_SSLKEYLOGFILE=1
633 - export NSS_ENABLE_WERROR=0 #567158
634 - export BUILD_OPT=1
635 - export NSS_USE_SYSTEM_SQLITE=1
636 - export NSDISTMODE=copy
637 - export NSS_ENABLE_ECC=1
638 - export FREEBL_NO_DEPEND=1
639 - export FREEBL_LOWHASH=1
640 - export NSS_SEED_ONLY_DEV_URANDOM=1
641 - export ASFLAGS=""
642 -
643 - local d
644 -
645 - # Build the host tools first.
646 - LDFLAGS="${BUILD_LDFLAGS}" \
647 - XCFLAGS="${BUILD_CFLAGS}" \
648 - NSPR_LIB_DIR="${T}/fakedir" \
649 - emake -j1 -C coreconf \
650 - CC="$(tc-getBUILD_CC)" \
651 - ${buildbits:-${mybits}}
652 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
653 -
654 - # Then build the target tools.
655 - for d in . lib/dbm ; do
656 - CPPFLAGS="${myCPPFLAGS}" \
657 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
658 - NSPR_LIB_DIR="${T}/fakedir" \
659 - emake -j1 "${makeargs[@]}" -C ${d}
660 - done
661 -}
662 -
663 -# Altering these 3 libraries breaks the CHK verification.
664 -# All of the following cause it to break:
665 -# - stripping
666 -# - prelink
667 -# - ELF signing
668 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
669 -# Either we have to NOT strip them, or we have to forcibly resign after
670 -# stripping.
671 -#local_libdir="$(get_libdir)"
672 -#export STRIP_MASK="
673 -# */${local_libdir}/libfreebl3.so*
674 -# */${local_libdir}/libnssdbm3.so*
675 -# */${local_libdir}/libsoftokn3.so*"
676 -
677 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
678 -
679 -generate_chk() {
680 - local shlibsign="$1"
681 - local libdir="$2"
682 - einfo "Resigning core NSS libraries for FIPS validation"
683 - shift 2
684 - local i
685 - for i in ${NSS_CHK_SIGN_LIBS} ; do
686 - local libname=lib${i}.so
687 - local chkname=lib${i}.chk
688 - "${shlibsign}" \
689 - -i "${libdir}"/${libname} \
690 - -o "${libdir}"/${chkname}.tmp \
691 - && mv -f \
692 - "${libdir}"/${chkname}.tmp \
693 - "${libdir}"/${chkname} \
694 - || die "Failed to sign ${libname}"
695 - done
696 -}
697 -
698 -cleanup_chk() {
699 - local libdir="$1"
700 - shift 1
701 - local i
702 - for i in ${NSS_CHK_SIGN_LIBS} ; do
703 - local libfname="${libdir}/lib${i}.so"
704 - # If the major version has changed, then we have old chk files.
705 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
706 - && rm -f "${libfname}.chk"
707 - done
708 -}
709 -
710 -multilib_src_install() {
711 - pushd dist >/dev/null || die
712 -
713 - dodir /usr/$(get_libdir)
714 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
715 - local i
716 - for i in crmf freebl nssb nssckfw ; do
717 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
718 - done
719 -
720 - # Install nss-config and pkgconfig file
721 - dodir /usr/bin
722 - cp -L */bin/nss-config "${ED}"/usr/bin || die
723 - dodir /usr/$(get_libdir)/pkgconfig
724 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
725 -
726 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
727 - # bug 517266
728 - sed -e 's#Libs:#Libs: -lfreebl#' \
729 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
730 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
731 - || die "could not create nss-softokn.pc"
732 -
733 - # all the include files
734 - insinto /usr/include/nss
735 - doins public/nss/*.{h,api}
736 - insinto /usr/include/nss/private
737 - doins private/nss/{blapi,alghmac}.h
738 -
739 - popd >/dev/null || die
740 -
741 - local f nssutils
742 - # Always enabled because we need it for chk generation.
743 - nssutils=( shlibsign )
744 -
745 - if multilib_is_native_abi ; then
746 - if use utils; then
747 - # The tests we do not need to install.
748 - #nssutils_test="bltest crmftest dbtest dertimetest
749 - #fipstest remtest sdrtest"
750 - # checkcert utils has been removed in nss-3.22:
751 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
752 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
753 - # certcgi has been removed in nss-3.36:
754 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
755 - nssutils+=(
756 - addbuiltin
757 - atob
758 - baddbdir
759 - btoa
760 - certutil
761 - cmsutil
762 - conflict
763 - crlutil
764 - derdump
765 - digest
766 - makepqg
767 - mangle
768 - modutil
769 - multinit
770 - nonspr10
771 - ocspclnt
772 - oidcalc
773 - p7content
774 - p7env
775 - p7sign
776 - p7verify
777 - pk11mode
778 - pk12util
779 - pp
780 - rsaperf
781 - selfserv
782 - signtool
783 - signver
784 - ssltap
785 - strsclnt
786 - symkeyutil
787 - tstclnt
788 - vfychain
789 - vfyserv
790 - )
791 - # install man-pages for utils (bug #516810)
792 - doman doc/nroff/*.1
793 - fi
794 - pushd dist/*/bin >/dev/null || die
795 - for f in ${nssutils[@]}; do
796 - dobin ${f}
797 - done
798 - popd >/dev/null || die
799 - fi
800 -
801 - # Prelink breaks the CHK files. We don't have any reliable way to run
802 - # shlibsign after prelink.
803 - dodir /etc/prelink.conf.d
804 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
805 - > "${ED}"/etc/prelink.conf.d/nss.conf
806 -}
807 -
808 -pkg_postinst() {
809 - multilib_pkg_postinst() {
810 - # We must re-sign the libraries AFTER they are stripped.
811 - local shlibsign="${EROOT}/usr/bin/shlibsign"
812 - # See if we can execute it (cross-compiling & such). #436216
813 - "${shlibsign}" -h >&/dev/null
814 - if [[ $? -gt 1 ]] ; then
815 - shlibsign="shlibsign"
816 - fi
817 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
818 - }
819 -
820 - multilib_foreach_abi multilib_pkg_postinst
821 -}
822 -
823 -pkg_postrm() {
824 - multilib_pkg_postrm() {
825 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
826 - }
827 -
828 - multilib_foreach_abi multilib_pkg_postrm
829 -}
830
831 diff --git a/dev-libs/nss/nss-3.49.2.ebuild b/dev-libs/nss/nss-3.49.2.ebuild
832 deleted file mode 100644
833 index 5767fbe73c3..00000000000
834 --- a/dev-libs/nss/nss-3.49.2.ebuild
835 +++ /dev/null
836 @@ -1,375 +0,0 @@
837 -# Copyright 1999-2020 Gentoo Authors
838 -# Distributed under the terms of the GNU General Public License v2
839 -
840 -EAPI=7
841 -
842 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
843 -
844 -NSPR_VER="4.24"
845 -RTM_NAME="NSS_${PV//./_}_RTM"
846 -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
847 -PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
848 -PEM_P="${PN}-pem-20160329"
849 -
850 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
851 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
852 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
853 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
854 - nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
855 -
856 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
857 -SLOT="0"
858 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
859 -IUSE="cacert +nss-pem utils"
860 -BDEPEND="
861 - >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
862 -"
863 -RDEPEND="
864 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
865 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
866 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
867 -"
868 -DEPEND="${RDEPEND}"
869 -
870 -RESTRICT="test"
871 -
872 -S="${WORKDIR}/${P}/${PN}"
873 -
874 -MULTILIB_CHOST_TOOLS=(
875 - /usr/bin/nss-config
876 -)
877 -
878 -PATCHES=(
879 - # Custom changes for gentoo
880 - "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
881 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
882 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
883 -)
884 -
885 -src_unpack() {
886 - unpack ${A}
887 - if use nss-pem ; then
888 - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
889 - fi
890 -}
891 -
892 -src_prepare() {
893 - if use nss-pem ; then
894 - PATCHES+=(
895 - "${FILESDIR}/${PN}-3.47-enable-pem.patch"
896 - )
897 - fi
898 - if use cacert ; then #521462
899 - PATCHES+=(
900 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
901 - )
902 - fi
903 -
904 - default
905 -
906 - pushd coreconf >/dev/null || die
907 - # hack nspr paths
908 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
909 - >> headers.mk || die "failed to append include"
910 -
911 - # modify install path
912 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
913 - -i source.mk || die
914 -
915 - # Respect LDFLAGS
916 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
917 - popd >/dev/null || die
918 -
919 - # Fix pkgconfig file for Prefix
920 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
921 - config/Makefile || die
922 -
923 - # use host shlibsign if need be #436216
924 - if tc-is-cross-compiler ; then
925 - sed -i \
926 - -e 's:"${2}"/shlibsign:shlibsign:' \
927 - cmd/shlibsign/sign.sh || die
928 - fi
929 -
930 - # dirty hack
931 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
932 - lib/ssl/config.mk || die
933 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
934 - cmd/platlibs.mk || die
935 -
936 - multilib_copy_sources
937 -
938 - strip-flags
939 -}
940 -
941 -multilib_src_configure() {
942 - # Ensure we stay multilib aware
943 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
944 -}
945 -
946 -nssarch() {
947 - # Most of the arches are the same as $ARCH
948 - local t=${1:-${CHOST}}
949 - case ${t} in
950 - aarch64*)echo "aarch64";;
951 - hppa*) echo "parisc";;
952 - i?86*) echo "i686";;
953 - x86_64*) echo "x86_64";;
954 - *) tc-arch ${t};;
955 - esac
956 -}
957 -
958 -nssbits() {
959 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
960 - if [[ ${1} == BUILD_ ]]; then
961 - cc=$(tc-getBUILD_CC)
962 - else
963 - cc=$(tc-getCC)
964 - fi
965 - echo > "${T}"/test.c || die
966 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
967 - case $(file "${T}/${1}test.o") in
968 - *32-bit*x86-64*) echo USE_X32=1;;
969 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
970 - *32-bit*|*ppc*|*i386*) ;;
971 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
972 - esac
973 -}
974 -
975 -multilib_src_compile() {
976 - # use ABI to determine bit'ness, or fallback if unset
977 - local buildbits mybits
978 - case "${ABI}" in
979 - n32) mybits="USE_N32=1";;
980 - x32) mybits="USE_X32=1";;
981 - s390x|*64) mybits="USE_64=1";;
982 - ${DEFAULT_ABI})
983 - einfo "Running compilation test to determine bit'ness"
984 - mybits=$(nssbits)
985 - ;;
986 - esac
987 - # bitness of host may differ from target
988 - if tc-is-cross-compiler; then
989 - buildbits=$(nssbits BUILD_)
990 - fi
991 -
992 - local makeargs=(
993 - CC="$(tc-getCC)"
994 - CCC="$(tc-getCXX)"
995 - AR="$(tc-getAR) rc \$@"
996 - RANLIB="$(tc-getRANLIB)"
997 - OPTIMIZER=
998 - ${mybits}
999 - )
1000 -
1001 - # Take care of nspr settings #436216
1002 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
1003 - unset NSPR_INCLUDE_DIR
1004 -
1005 - # Do not let `uname` be used.
1006 - if use kernel_linux ; then
1007 - makeargs+=(
1008 - OS_TARGET=Linux
1009 - OS_RELEASE=2.6
1010 - OS_TEST="$(nssarch)"
1011 - )
1012 - fi
1013 -
1014 - export NSS_ALLOW_SSLKEYLOGFILE=1
1015 - export NSS_ENABLE_WERROR=0 #567158
1016 - export BUILD_OPT=1
1017 - export NSS_USE_SYSTEM_SQLITE=1
1018 - export NSDISTMODE=copy
1019 - export NSS_ENABLE_ECC=1
1020 - export FREEBL_NO_DEPEND=1
1021 - export FREEBL_LOWHASH=1
1022 - export NSS_SEED_ONLY_DEV_URANDOM=1
1023 - export ASFLAGS=""
1024 -
1025 - local d
1026 -
1027 - # Build the host tools first.
1028 - LDFLAGS="${BUILD_LDFLAGS}" \
1029 - XCFLAGS="${BUILD_CFLAGS}" \
1030 - NSPR_LIB_DIR="${T}/fakedir" \
1031 - emake -j1 -C coreconf \
1032 - CC="$(tc-getBUILD_CC)" \
1033 - ${buildbits:-${mybits}}
1034 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
1035 -
1036 - # Then build the target tools.
1037 - for d in . lib/dbm ; do
1038 - CPPFLAGS="${myCPPFLAGS}" \
1039 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
1040 - NSPR_LIB_DIR="${T}/fakedir" \
1041 - emake -j1 "${makeargs[@]}" -C ${d}
1042 - done
1043 -}
1044 -
1045 -# Altering these 3 libraries breaks the CHK verification.
1046 -# All of the following cause it to break:
1047 -# - stripping
1048 -# - prelink
1049 -# - ELF signing
1050 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
1051 -# Either we have to NOT strip them, or we have to forcibly resign after
1052 -# stripping.
1053 -#local_libdir="$(get_libdir)"
1054 -#export STRIP_MASK="
1055 -# */${local_libdir}/libfreebl3.so*
1056 -# */${local_libdir}/libnssdbm3.so*
1057 -# */${local_libdir}/libsoftokn3.so*"
1058 -
1059 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
1060 -
1061 -generate_chk() {
1062 - local shlibsign="$1"
1063 - local libdir="$2"
1064 - einfo "Resigning core NSS libraries for FIPS validation"
1065 - shift 2
1066 - local i
1067 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1068 - local libname=lib${i}.so
1069 - local chkname=lib${i}.chk
1070 - "${shlibsign}" \
1071 - -i "${libdir}"/${libname} \
1072 - -o "${libdir}"/${chkname}.tmp \
1073 - && mv -f \
1074 - "${libdir}"/${chkname}.tmp \
1075 - "${libdir}"/${chkname} \
1076 - || die "Failed to sign ${libname}"
1077 - done
1078 -}
1079 -
1080 -cleanup_chk() {
1081 - local libdir="$1"
1082 - shift 1
1083 - local i
1084 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1085 - local libfname="${libdir}/lib${i}.so"
1086 - # If the major version has changed, then we have old chk files.
1087 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
1088 - && rm -f "${libfname}.chk"
1089 - done
1090 -}
1091 -
1092 -multilib_src_install() {
1093 - pushd dist >/dev/null || die
1094 -
1095 - dodir /usr/$(get_libdir)
1096 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
1097 - local i
1098 - for i in crmf freebl nssb nssckfw ; do
1099 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
1100 - done
1101 -
1102 - # Install nss-config and pkgconfig file
1103 - dodir /usr/bin
1104 - cp -L */bin/nss-config "${ED}"/usr/bin || die
1105 - dodir /usr/$(get_libdir)/pkgconfig
1106 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
1107 -
1108 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
1109 - # bug 517266
1110 - sed -e 's#Libs:#Libs: -lfreebl#' \
1111 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
1112 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
1113 - || die "could not create nss-softokn.pc"
1114 -
1115 - # all the include files
1116 - insinto /usr/include/nss
1117 - doins public/nss/*.{h,api}
1118 - insinto /usr/include/nss/private
1119 - doins private/nss/{blapi,alghmac}.h
1120 -
1121 - popd >/dev/null || die
1122 -
1123 - local f nssutils
1124 - # Always enabled because we need it for chk generation.
1125 - nssutils=( shlibsign )
1126 -
1127 - if multilib_is_native_abi ; then
1128 - if use utils; then
1129 - # The tests we do not need to install.
1130 - #nssutils_test="bltest crmftest dbtest dertimetest
1131 - #fipstest remtest sdrtest"
1132 - # checkcert utils has been removed in nss-3.22:
1133 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
1134 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
1135 - # certcgi has been removed in nss-3.36:
1136 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
1137 - nssutils+=(
1138 - addbuiltin
1139 - atob
1140 - baddbdir
1141 - btoa
1142 - certutil
1143 - cmsutil
1144 - conflict
1145 - crlutil
1146 - derdump
1147 - digest
1148 - makepqg
1149 - mangle
1150 - modutil
1151 - multinit
1152 - nonspr10
1153 - ocspclnt
1154 - oidcalc
1155 - p7content
1156 - p7env
1157 - p7sign
1158 - p7verify
1159 - pk11mode
1160 - pk12util
1161 - pp
1162 - rsaperf
1163 - selfserv
1164 - signtool
1165 - signver
1166 - ssltap
1167 - strsclnt
1168 - symkeyutil
1169 - tstclnt
1170 - vfychain
1171 - vfyserv
1172 - )
1173 - # install man-pages for utils (bug #516810)
1174 - doman doc/nroff/*.1
1175 - fi
1176 - pushd dist/*/bin >/dev/null || die
1177 - for f in ${nssutils[@]}; do
1178 - dobin ${f}
1179 - done
1180 - popd >/dev/null || die
1181 - fi
1182 -
1183 - # Prelink breaks the CHK files. We don't have any reliable way to run
1184 - # shlibsign after prelink.
1185 - dodir /etc/prelink.conf.d
1186 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
1187 - > "${ED}"/etc/prelink.conf.d/nss.conf
1188 -}
1189 -
1190 -pkg_postinst() {
1191 - multilib_pkg_postinst() {
1192 - # We must re-sign the libraries AFTER they are stripped.
1193 - local shlibsign="${EROOT}/usr/bin/shlibsign"
1194 - # See if we can execute it (cross-compiling & such). #436216
1195 - "${shlibsign}" -h >&/dev/null
1196 - if [[ $? -gt 1 ]] ; then
1197 - shlibsign="shlibsign"
1198 - fi
1199 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1200 - }
1201 -
1202 - multilib_foreach_abi multilib_pkg_postinst
1203 -}
1204 -
1205 -pkg_postrm() {
1206 - multilib_pkg_postrm() {
1207 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1208 - }
1209 -
1210 - multilib_foreach_abi multilib_pkg_postrm
1211 -}
1212
1213 diff --git a/dev-libs/nss/nss-3.50-r1.ebuild b/dev-libs/nss/nss-3.50-r1.ebuild
1214 deleted file mode 100644
1215 index b1c3b3f782f..00000000000
1216 --- a/dev-libs/nss/nss-3.50-r1.ebuild
1217 +++ /dev/null
1218 @@ -1,359 +0,0 @@
1219 -# Copyright 1999-2020 Gentoo Authors
1220 -# Distributed under the terms of the GNU General Public License v2
1221 -
1222 -EAPI=7
1223 -
1224 -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
1225 -
1226 -NSPR_VER="4.25"
1227 -RTM_NAME="NSS_${PV//./_}_RTM"
1228 -
1229 -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
1230 -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
1231 -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
1232 - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
1233 -
1234 -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
1235 -SLOT="0"
1236 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
1237 -IUSE="cacert utils"
1238 -BDEPEND="
1239 - >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
1240 -"
1241 -RDEPEND="
1242 - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
1243 - >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
1244 - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
1245 -"
1246 -DEPEND="${RDEPEND}"
1247 -
1248 -RESTRICT="test"
1249 -
1250 -S="${WORKDIR}/${P}/${PN}"
1251 -
1252 -MULTILIB_CHOST_TOOLS=(
1253 - /usr/bin/nss-config
1254 -)
1255 -
1256 -PATCHES=(
1257 - # Custom changes for gentoo
1258 - "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
1259 - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
1260 - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
1261 -)
1262 -
1263 -src_prepare() {
1264 - if use cacert ; then #521462
1265 - PATCHES+=(
1266 - "${DISTDIR}/${PN}-cacert-class1-class3.patch"
1267 - )
1268 - fi
1269 -
1270 - default
1271 -
1272 - pushd coreconf >/dev/null || die
1273 - # hack nspr paths
1274 - echo 'INCLUDES += -I$(DIST)/include/dbm' \
1275 - >> headers.mk || die "failed to append include"
1276 -
1277 - # modify install path
1278 - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
1279 - -i source.mk || die
1280 -
1281 - # Respect LDFLAGS
1282 - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
1283 - popd >/dev/null || die
1284 -
1285 - # Fix pkgconfig file for Prefix
1286 - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
1287 - config/Makefile || die
1288 -
1289 - # use host shlibsign if need be #436216
1290 - if tc-is-cross-compiler ; then
1291 - sed -i \
1292 - -e 's:"${2}"/shlibsign:shlibsign:' \
1293 - cmd/shlibsign/sign.sh || die
1294 - fi
1295 -
1296 - # dirty hack
1297 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
1298 - lib/ssl/config.mk || die
1299 - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
1300 - cmd/platlibs.mk || die
1301 -
1302 - multilib_copy_sources
1303 -
1304 - strip-flags
1305 -}
1306 -
1307 -multilib_src_configure() {
1308 - # Ensure we stay multilib aware
1309 - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
1310 -}
1311 -
1312 -nssarch() {
1313 - # Most of the arches are the same as $ARCH
1314 - local t=${1:-${CHOST}}
1315 - case ${t} in
1316 - aarch64*)echo "aarch64";;
1317 - hppa*) echo "parisc";;
1318 - i?86*) echo "i686";;
1319 - x86_64*) echo "x86_64";;
1320 - *) tc-arch ${t};;
1321 - esac
1322 -}
1323 -
1324 -nssbits() {
1325 - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
1326 - if [[ ${1} == BUILD_ ]]; then
1327 - cc=$(tc-getBUILD_CC)
1328 - else
1329 - cc=$(tc-getCC)
1330 - fi
1331 - echo > "${T}"/test.c || die
1332 - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
1333 - case $(file "${T}/${1}test.o") in
1334 - *32-bit*x86-64*) echo USE_X32=1;;
1335 - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
1336 - *32-bit*|*ppc*|*i386*) ;;
1337 - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
1338 - esac
1339 -}
1340 -
1341 -multilib_src_compile() {
1342 - # use ABI to determine bit'ness, or fallback if unset
1343 - local buildbits mybits
1344 - case "${ABI}" in
1345 - n32) mybits="USE_N32=1";;
1346 - x32) mybits="USE_X32=1";;
1347 - s390x|*64) mybits="USE_64=1";;
1348 - ${DEFAULT_ABI})
1349 - einfo "Running compilation test to determine bit'ness"
1350 - mybits=$(nssbits)
1351 - ;;
1352 - esac
1353 - # bitness of host may differ from target
1354 - if tc-is-cross-compiler; then
1355 - buildbits=$(nssbits BUILD_)
1356 - fi
1357 -
1358 - local makeargs=(
1359 - CC="$(tc-getCC)"
1360 - CCC="$(tc-getCXX)"
1361 - AR="$(tc-getAR) rc \$@"
1362 - RANLIB="$(tc-getRANLIB)"
1363 - OPTIMIZER=
1364 - ${mybits}
1365 - )
1366 -
1367 - # Take care of nspr settings #436216
1368 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
1369 - unset NSPR_INCLUDE_DIR
1370 -
1371 - # Do not let `uname` be used.
1372 - if use kernel_linux ; then
1373 - makeargs+=(
1374 - OS_TARGET=Linux
1375 - OS_RELEASE=2.6
1376 - OS_TEST="$(nssarch)"
1377 - )
1378 - fi
1379 -
1380 - export NSS_ALLOW_SSLKEYLOGFILE=1
1381 - export NSS_ENABLE_WERROR=0 #567158
1382 - export BUILD_OPT=1
1383 - export NSS_USE_SYSTEM_SQLITE=1
1384 - export NSDISTMODE=copy
1385 - export NSS_ENABLE_ECC=1
1386 - export FREEBL_NO_DEPEND=1
1387 - export FREEBL_LOWHASH=1
1388 - export NSS_SEED_ONLY_DEV_URANDOM=1
1389 - export ASFLAGS=""
1390 -
1391 - local d
1392 -
1393 - # Build the host tools first.
1394 - LDFLAGS="${BUILD_LDFLAGS}" \
1395 - XCFLAGS="${BUILD_CFLAGS}" \
1396 - NSPR_LIB_DIR="${T}/fakedir" \
1397 - emake -j1 -C coreconf \
1398 - CC="$(tc-getBUILD_CC)" \
1399 - ${buildbits:-${mybits}}
1400 - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
1401 -
1402 - # Then build the target tools.
1403 - for d in . lib/dbm ; do
1404 - CPPFLAGS="${myCPPFLAGS}" \
1405 - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
1406 - NSPR_LIB_DIR="${T}/fakedir" \
1407 - emake -j1 "${makeargs[@]}" -C ${d}
1408 - done
1409 -}
1410 -
1411 -# Altering these 3 libraries breaks the CHK verification.
1412 -# All of the following cause it to break:
1413 -# - stripping
1414 -# - prelink
1415 -# - ELF signing
1416 -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
1417 -# Either we have to NOT strip them, or we have to forcibly resign after
1418 -# stripping.
1419 -#local_libdir="$(get_libdir)"
1420 -#export STRIP_MASK="
1421 -# */${local_libdir}/libfreebl3.so*
1422 -# */${local_libdir}/libnssdbm3.so*
1423 -# */${local_libdir}/libsoftokn3.so*"
1424 -
1425 -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
1426 -
1427 -generate_chk() {
1428 - local shlibsign="$1"
1429 - local libdir="$2"
1430 - einfo "Resigning core NSS libraries for FIPS validation"
1431 - shift 2
1432 - local i
1433 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1434 - local libname=lib${i}.so
1435 - local chkname=lib${i}.chk
1436 - "${shlibsign}" \
1437 - -i "${libdir}"/${libname} \
1438 - -o "${libdir}"/${chkname}.tmp \
1439 - && mv -f \
1440 - "${libdir}"/${chkname}.tmp \
1441 - "${libdir}"/${chkname} \
1442 - || die "Failed to sign ${libname}"
1443 - done
1444 -}
1445 -
1446 -cleanup_chk() {
1447 - local libdir="$1"
1448 - shift 1
1449 - local i
1450 - for i in ${NSS_CHK_SIGN_LIBS} ; do
1451 - local libfname="${libdir}/lib${i}.so"
1452 - # If the major version has changed, then we have old chk files.
1453 - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
1454 - && rm -f "${libfname}.chk"
1455 - done
1456 -}
1457 -
1458 -multilib_src_install() {
1459 - pushd dist >/dev/null || die
1460 -
1461 - dodir /usr/$(get_libdir)
1462 - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
1463 - local i
1464 - for i in crmf freebl nssb nssckfw ; do
1465 - cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
1466 - done
1467 -
1468 - # Install nss-config and pkgconfig file
1469 - dodir /usr/bin
1470 - cp -L */bin/nss-config "${ED}"/usr/bin || die
1471 - dodir /usr/$(get_libdir)/pkgconfig
1472 - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
1473 -
1474 - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
1475 - # bug 517266
1476 - sed -e 's#Libs:#Libs: -lfreebl#' \
1477 - -e 's#Cflags:#Cflags: -I${includedir}/private#' \
1478 - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
1479 - || die "could not create nss-softokn.pc"
1480 -
1481 - # all the include files
1482 - insinto /usr/include/nss
1483 - doins public/nss/*.{h,api}
1484 - insinto /usr/include/nss/private
1485 - doins private/nss/{blapi,alghmac,cmac}.h
1486 -
1487 - popd >/dev/null || die
1488 -
1489 - local f nssutils
1490 - # Always enabled because we need it for chk generation.
1491 - nssutils=( shlibsign )
1492 -
1493 - if multilib_is_native_abi ; then
1494 - if use utils; then
1495 - # The tests we do not need to install.
1496 - #nssutils_test="bltest crmftest dbtest dertimetest
1497 - #fipstest remtest sdrtest"
1498 - # checkcert utils has been removed in nss-3.22:
1499 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
1500 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870
1501 - # certcgi has been removed in nss-3.36:
1502 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
1503 - nssutils+=(
1504 - addbuiltin
1505 - atob
1506 - baddbdir
1507 - btoa
1508 - certutil
1509 - cmsutil
1510 - conflict
1511 - crlutil
1512 - derdump
1513 - digest
1514 - makepqg
1515 - mangle
1516 - modutil
1517 - multinit
1518 - nonspr10
1519 - ocspclnt
1520 - oidcalc
1521 - p7content
1522 - p7env
1523 - p7sign
1524 - p7verify
1525 - pk11mode
1526 - pk12util
1527 - pp
1528 - rsaperf
1529 - selfserv
1530 - signtool
1531 - signver
1532 - ssltap
1533 - strsclnt
1534 - symkeyutil
1535 - tstclnt
1536 - vfychain
1537 - vfyserv
1538 - )
1539 - # install man-pages for utils (bug #516810)
1540 - doman doc/nroff/*.1
1541 - fi
1542 - pushd dist/*/bin >/dev/null || die
1543 - for f in ${nssutils[@]}; do
1544 - dobin ${f}
1545 - done
1546 - popd >/dev/null || die
1547 - fi
1548 -
1549 - # Prelink breaks the CHK files. We don't have any reliable way to run
1550 - # shlibsign after prelink.
1551 - dodir /etc/prelink.conf.d
1552 - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
1553 - > "${ED}"/etc/prelink.conf.d/nss.conf
1554 -}
1555 -
1556 -pkg_postinst() {
1557 - multilib_pkg_postinst() {
1558 - # We must re-sign the libraries AFTER they are stripped.
1559 - local shlibsign="${EROOT}/usr/bin/shlibsign"
1560 - # See if we can execute it (cross-compiling & such). #436216
1561 - "${shlibsign}" -h >&/dev/null
1562 - if [[ $? -gt 1 ]] ; then
1563 - shlibsign="shlibsign"
1564 - fi
1565 - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
1566 - }
1567 -
1568 - multilib_foreach_abi multilib_pkg_postinst
1569 -}
1570 -
1571 -pkg_postrm() {
1572 - multilib_pkg_postrm() {
1573 - cleanup_chk "${EROOT}"/usr/$(get_libdir)
1574 - }
1575 -
1576 - multilib_foreach_abi multilib_pkg_postrm
1577 -}
Report Message
Find on MARC Find on Google Groups