public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-08-28 20:35 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2015-08-28 20:35 UTC (permalink / raw
  To: gentoo-commits

commit:     86c83c48a84f3f17dac61129421718a4f93738a0
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 24 19:28:28 2015 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Fri Aug 28 20:34:48 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86c83c48

dev-libs/nss: update SRC_URI per upstream location change

Package-Manager: portage-2.2.20.1

 dev-libs/nss/nss-3.19.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.19.2.ebuild b/dev-libs/nss/nss-3.19.2.ebuild
index ca8ab4f..8186420 100644
--- a/dev-libs/nss/nss-3.19.2.ebuild
+++ b/dev-libs/nss/nss-3.19.2.ebuild
@@ -13,7 +13,7 @@ PEM_P="${PN}-pem-${PEM_GIT_REV}"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
 	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
 	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-08-28 20:35 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2015-08-28 20:35 UTC (permalink / raw
  To: gentoo-commits

commit:     5299c3c8b7cb81a8137862b85d2f8061bc98565c
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 28 16:43:21 2015 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Fri Aug 28 20:34:52 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5299c3c8

dev-libs/nss: version bump

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.20.ebuild | 325 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 326 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a295322..1774e52 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.19.2.tar.gz 6953657 SHA256 1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae SHA512 d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d WHIRLPOOL d69ab02e12f6b22f47df7be7925343c58e68a69b33833b85d6f2ca70f652d9d159accea45f2c141fa89245ab64dffff0f1289129427564203fe2faf3af1c11e3
+DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac

diff --git a/dev-libs/nss/nss-3.20.ebuild b/dev-libs/nss/nss-3.20.ebuild
new file mode 100644
index 0000000..8186420
--- /dev/null
+++ b/dev-libs/nss/nss-3.20.ebuild
@@ -0,0 +1,325 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.8"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-${PEM_GIT_REV}"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
+	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+	epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	local l libs=() liblist
+	for l in ${NSS_CHK_SIGN_LIBS} ; do
+		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+	done
+	liblist=$(printf '%s:' "${libs[@]}")
+	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
+	doenvd "${T}/90nss-${ABI}"
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-10-02 18:08 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2015-10-02 18:08 UTC (permalink / raw
  To: gentoo-commits

commit:     3a00966b4204b6008e06bdc274170e015269e7ee
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Fri Oct  2 18:06:33 2015 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Fri Oct  2 18:06:33 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a00966b

dev-libs/nss: drop 'cp -t' as it is unsupported in fbsd

Bug: 539456

Package-Manager: portage-2.2.20.1

 dev-libs/nss/nss-3.19.2.ebuild | 3 ++-
 dev-libs/nss/nss-3.20.ebuild   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.19.2.ebuild b/dev-libs/nss/nss-3.19.2.ebuild
index 8186420..7153cea 100644
--- a/dev-libs/nss/nss-3.19.2.ebuild
+++ b/dev-libs/nss/nss-3.19.2.ebuild
@@ -243,7 +243,8 @@ multilib_src_install() {
 
 	dodir /usr/$(get_libdir)
 	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
 
 	# Install nss-config and pkgconfig file
 	dodir /usr/bin

diff --git a/dev-libs/nss/nss-3.20.ebuild b/dev-libs/nss/nss-3.20.ebuild
index 8186420..7153cea 100644
--- a/dev-libs/nss/nss-3.20.ebuild
+++ b/dev-libs/nss/nss-3.20.ebuild
@@ -243,7 +243,8 @@ multilib_src_install() {
 
 	dodir /usr/$(get_libdir)
 	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
 
 	# Install nss-config and pkgconfig file
 	dodir /usr/bin


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-04 19:39 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2015-11-04 19:39 UTC (permalink / raw
  To: gentoo-commits

commit:     bb99e8e759b4306db431f2ca11642638ac1b7906
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  4 18:47:58 2015 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Wed Nov  4 19:39:23 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb99e8e7

dev-libs/nss: version bump, security bug 564834

Package-Manager: portage-2.2.20.1

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.20.1.ebuild | 326 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 327 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 1774e52..5ce5b51 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.19.2.tar.gz 6953657 SHA256 1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae SHA512 d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d WHIRLPOOL d69ab02e12f6b22f47df7be7925343c58e68a69b33833b85d6f2ca70f652d9d159accea45f2c141fa89245ab64dffff0f1289129427564203fe2faf3af1c11e3
+DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
new file mode 100644
index 0000000..8ac4f9f
--- /dev/null
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -0,0 +1,326 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.8"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-${PEM_GIT_REV}"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
+	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+	epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	local l libs=() liblist
+	for l in ${NSS_CHK_SIGN_LIBS} ; do
+		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+	done
+	liblist=$(printf '%s:' "${libs[@]}")
+	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
+	doenvd "${T}/90nss-${ABI}"
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-05 10:06 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2015-11-05 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     467a4a066c98bbe25bc45cf760e11bf7059ed3ee
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  5 10:06:27 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Nov  5 10:06:27 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=467a4a06

dev-libs/nss: amd64 stable wrt bug #564834

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="amd64"

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index 8ac4f9f..e4b1ff1 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-05 10:07 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2015-11-05 10:07 UTC (permalink / raw
  To: gentoo-commits

commit:     65ea037532db4121a4bce433ff9b64c38697ffd1
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  5 10:07:28 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Nov  5 10:07:28 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65ea0375

dev-libs/nss: x86 stable wrt bug #564834

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="x86"

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index e4b1ff1..7202511 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-06  4:21 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2015-11-06  4:21 UTC (permalink / raw
  To: gentoo-commits

commit:     988d262822682c1f24f53a9733391f2bbdfea669
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Nov  6 04:21:03 2015 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Nov  6 04:21:03 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=988d2628

dev-libs/nss: Stable for HPPA PPC64 (bug #564834).

Package-Manager: portage-2.2.24
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index 7202511..b35b49d 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-09  8:53 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2015-11-09  8:53 UTC (permalink / raw
  To: gentoo-commits

commit:     3e5b51832f68ef29998a3853b4b7b3a6a9f35b7b
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  9 08:53:29 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Nov  9 08:53:29 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e5b5183

dev-libs/nss: ppc stable wrt bug #564834

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="ppc"

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index b35b49d..19ed9df 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-14 16:52 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2015-11-14 16:52 UTC (permalink / raw
  To: gentoo-commits

commit:     bb3baeecb22ed24769bbf7f8b631b20b96f546da
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 14 16:51:59 2015 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 16:51:59 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb3baeec

dev-libs/nss: arm stable, bug #564834

Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index 19ed9df..d7f2051 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-15 18:26 Matt Turner
  0 siblings, 0 replies; 466+ messages in thread
From: Matt Turner @ 2015-11-15 18:26 UTC (permalink / raw
  To: gentoo-commits

commit:     d5f797d124d2906cb9d0bf02a347b188032144ef
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 15 18:16:23 2015 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sun Nov 15 18:27:52 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5f797d1

dev-libs/nss: alpha stable, bug 564834.

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index d7f2051..268f111 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-11-18  9:32 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2015-11-18  9:32 UTC (permalink / raw
  To: gentoo-commits

commit:     6ee613ace2834914fb00b251d327ea0c0634cb5b
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 18 09:31:18 2015 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Nov 18 09:31:18 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ee613ac

dev-libs/nss: ia64 stable wrt bug #564834

Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="ia64"

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index 268f111..746cc56 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-12-16 18:35 Mike Frysinger
  0 siblings, 0 replies; 466+ messages in thread
From: Mike Frysinger @ 2015-12-16 18:35 UTC (permalink / raw
  To: gentoo-commits

commit:     e144331d75159ef4d4ce099dbe8f22bb54f0a208
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 16 17:33:18 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Dec 16 18:35:34 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e144331d

dev-libs/nss: put cacert patches behind USE=cacert

 dev-libs/nss/metadata.xml       |   2 +-
 dev-libs/nss/nss-3.21-r1.ebuild | 328 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 329 insertions(+), 1 deletion(-)

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index 36dc831..0e2139c 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -4,7 +4,7 @@
 <herd>mozilla</herd>
 <use>
   <flag name='cacert'>
-    Include root certs from CAcert (http://http://www.cacert.org/) and
+    Include root/class3 certs from CAcert (http://http://www.cacert.org/) and
     Software in the Public Interest (http://www.spi-inc.org/)
   </flag>
   <flag name='nss-pem'>Add support for libnsspem</flag>

diff --git a/dev-libs/nss/nss-3.21-r1.ebuild b/dev-libs/nss/nss-3.21-r1.ebuild
new file mode 100644
index 0000000..06f3df4
--- /dev/null
+++ b/dev-libs/nss/nss-3.21-r1.ebuild
@@ -0,0 +1,328 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.8"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	if use cacert ; then
+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	local l libs=() liblist
+	for l in ${NSS_CHK_SIGN_LIBS} ; do
+		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+	done
+	liblist=$(printf '%s:' "${libs[@]}")
+	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
+	doenvd "${T}/90nss-${ABI}"
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2015-12-27 10:04 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2015-12-27 10:04 UTC (permalink / raw
  To: gentoo-commits

commit:     9fd7d95f029bbb8d44929a2d665ca7b51d446ce4
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 27 10:01:28 2015 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Dec 27 10:01:28 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fd7d95f

dev-libs/nss: sparc stable wrt bug #564834

Package-Manager: portage-2.2.24

 dev-libs/nss/nss-3.20.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
index 746cc56..45ae6e1 100644
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ b/dev-libs/nss/nss-3.20.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-05  0:38 Mike Frysinger
  0 siblings, 0 replies; 466+ messages in thread
From: Mike Frysinger @ 2016-01-05  0:38 UTC (permalink / raw
  To: gentoo-commits

commit:     9e67ae12a57068bd6ce8a455e6602b67b51206c7
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  5 00:37:22 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  5 00:38:22 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e67ae12

dev-libs/nss: disable building w/-Werror #567158

 dev-libs/nss/nss-3.21-r1.ebuild | 1 +
 dev-libs/nss/nss-3.21.ebuild    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/dev-libs/nss/nss-3.21-r1.ebuild b/dev-libs/nss/nss-3.21-r1.ebuild
index fe74af8..fff45f4 100644
--- a/dev-libs/nss/nss-3.21-r1.ebuild
+++ b/dev-libs/nss/nss-3.21-r1.ebuild
@@ -168,6 +168,7 @@ multilib_src_compile() {
 		)
 	fi
 
+	export NSS_ENABLE_WERROR=0 #567158
 	export BUILD_OPT=1
 	export NSS_USE_SYSTEM_SQLITE=1
 	export NSDISTMODE=copy

diff --git a/dev-libs/nss/nss-3.21.ebuild b/dev-libs/nss/nss-3.21.ebuild
index c3b279a..6f0a779 100644
--- a/dev-libs/nss/nss-3.21.ebuild
+++ b/dev-libs/nss/nss-3.21.ebuild
@@ -164,6 +164,7 @@ multilib_src_compile() {
 		)
 	fi
 
+	export NSS_ENABLE_WERROR=0 #567158
 	export BUILD_OPT=1
 	export NSS_USE_SYSTEM_SQLITE=1
 	export NSDISTMODE=copy


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-05  0:38 Mike Frysinger
  0 siblings, 0 replies; 466+ messages in thread
From: Mike Frysinger @ 2016-01-05  0:38 UTC (permalink / raw
  To: gentoo-commits

commit:     fc8de6d16fe203976a1fa5d79456ad2b3b4deb13
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  5 00:30:34 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  5 00:38:22 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc8de6d1

dev-libs/nss: switch to prelink.conf.d files

Avoid polluting the global environment via env.d just for prelink masks
now that the current prelink versions support prelink.conf.d fragments.

 dev-libs/nss/nss-3.21-r2.ebuild | 328 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 328 insertions(+)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
new file mode 100644
index 0000000..5729f0b
--- /dev/null
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -0,0 +1,328 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.8"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
+
+	if use cacert ; then
+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-30  7:51 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2016-01-30  7:51 UTC (permalink / raw
  To: gentoo-commits

commit:     7c9c2dd063c690b704807ef33e2a1ce921ad2aaa
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 30 07:48:17 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 07:48:17 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c9c2dd0

dev-libs/nss: Stable for HPPA (bug #571086).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.21-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
index 5729f0b..8eb5e64 100644
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-30 16:42 Tobias Klausmann
  0 siblings, 0 replies; 466+ messages in thread
From: Tobias Klausmann @ 2016-01-30 16:42 UTC (permalink / raw
  To: gentoo-commits

commit:     c189b3cc705ac10d5d131d987f5f4131de3b64c0
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 30 16:41:45 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 16:41:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c189b3cc

dev-libs/nss: add alpha keyword

Gentoo-Bug: 571086

Package-Manager: portage-2.2.27

 dev-libs/nss/nss-3.21-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
index 8eb5e64..216ca07 100644
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-31  9:57 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2016-01-31  9:57 UTC (permalink / raw
  To: gentoo-commits

commit:     55aaba39ae6337802e8dc4366505767a5fd02e5e
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 31 09:57:27 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sun Jan 31 09:57:27 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55aaba39

dev-libs/nss: Stable for PPC64 (bug #571086).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.21-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
index 216ca07..a15d6ba 100644
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-31 11:09 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-01-31 11:09 UTC (permalink / raw
  To: gentoo-commits

commit:     ae78348d2f6dc0d561855c1e3a1239223d3622ae
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 31 11:09:41 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Jan 31 11:09:41 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae78348d

dev-libs/nss: amd64 stable wrt bug #571086

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.21-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
index a15d6ba..e4b5073 100644
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-01-31 11:11 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-01-31 11:11 UTC (permalink / raw
  To: gentoo-commits

commit:     fc7a44b1c1eed5c6cc421090807eb249e2cec98e
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 31 11:10:51 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Jan 31 11:10:51 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc7a44b1

dev-libs/nss: x86 stable wrt bug #571086

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.21-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
index e4b5073..078a017 100644
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-03 20:44 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2016-02-03 20:44 UTC (permalink / raw
  To: gentoo-commits

commit:     cc67626c07503e4cb6d0691c1366aee25c2f449c
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  3 20:44:32 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Wed Feb  3 20:44:32 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc67626c

dev-libs/nss: arm stable, bug #571086

Package-Manager: portage-2.2.27
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.21-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
index 078a017..5545d30 100644
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ b/dev-libs/nss/nss-3.21-r2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-15 22:27 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-02-15 22:27 UTC (permalink / raw
  To: gentoo-commits

commit:     d64c62758ebdec1fadb38938eb3a5d0af0796e11
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 15 22:26:58 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Feb 15 22:27:17 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d64c6275

dev-libs/nss: Removed old.

Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 -
 dev-libs/nss/nss-3.19.2.ebuild  | 326 ---------------------------------------
 dev-libs/nss/nss-3.21-r1.ebuild | 331 ----------------------------------------
 dev-libs/nss/nss-3.21.ebuild    | 327 ---------------------------------------
 4 files changed, 985 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 5469e19..f66349d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.19.2.tar.gz 6953657 SHA256 1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae SHA512 d3c45010f8dace58f9da9efe0f9792f8b8a69384e100663f33c949685cdd1ce70e5131f279bc82336622841c41dbc0a4d70a7cc6839a1782dbe8b3c3fd8bc59d WHIRLPOOL d69ab02e12f6b22f47df7be7925343c58e68a69b33833b85d6f2ca70f652d9d159accea45f2c141fa89245ab64dffff0f1289129427564203fe2faf3af1c11e3
 DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4

diff --git a/dev-libs/nss/nss-3.19.2.ebuild b/dev-libs/nss/nss-3.19.2.ebuild
deleted file mode 100644
index 7153cea..0000000
--- a/dev-libs/nss/nss-3.19.2.ebuild
+++ /dev/null
@@ -1,326 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-${PEM_GIT_REV}"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
-	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
-	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
-	epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	local l libs=() liblist
-	for l in ${NSS_CHK_SIGN_LIBS} ; do
-		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
-	done
-	liblist=$(printf '%s:' "${libs[@]}")
-	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
-	doenvd "${T}/90nss-${ABI}"
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.21-r1.ebuild b/dev-libs/nss/nss-3.21-r1.ebuild
deleted file mode 100644
index fff45f4..0000000
--- a/dev-libs/nss/nss-3.21-r1.ebuild
+++ /dev/null
@@ -1,331 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
-
-	if use cacert ; then
-		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
-	fi
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
-		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	local l libs=() liblist
-	for l in ${NSS_CHK_SIGN_LIBS} ; do
-		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
-	done
-	liblist=$(printf '%s:' "${libs[@]}")
-	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
-	doenvd "${T}/90nss-${ABI}"
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.21.ebuild b/dev-libs/nss/nss-3.21.ebuild
deleted file mode 100644
index 6f0a779..0000000
--- a/dev-libs/nss/nss-3.21.ebuild
+++ /dev/null
@@ -1,327 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
-		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
-	epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" # 521462
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	local l libs=() liblist
-	for l in ${NSS_CHK_SIGN_LIBS} ; do
-		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
-	done
-	liblist=$(printf '%s:' "${libs[@]}")
-	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
-	doenvd "${T}/90nss-${ABI}"
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-15 22:27 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-02-15 22:27 UTC (permalink / raw
  To: gentoo-commits

commit:     55fbe5965e1823020575f3942af963d1065c5784
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 15 22:25:37 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Feb 15 22:27:14 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55fbe596

dev-libs/nss: Bump to version 3.22

Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.22.ebuild | 328 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 329 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 670c75d..5469e19 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.19.2.tar.gz 6953657 SHA256 1306663e8f61d8449ad8cbcffab743a604dcd9f6f3
 DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
+DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.22.ebuild b/dev-libs/nss/nss-3.22.ebuild
new file mode 100644
index 0000000..5729f0b
--- /dev/null
+++ b/dev-libs/nss/nss-3.22.ebuild
@@ -0,0 +1,328 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.8"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
+
+	if use cacert ; then
+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-16  7:21 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-02-16  7:21 UTC (permalink / raw
  To: gentoo-commits

commit:     55d02c69a515751942f3ff76c32593355e286749
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 16 07:19:33 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 16 07:19:33 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55d02c69

dev-libs/nss: checkcert has been removed in 3.22 (bug #574848).

Thanks to Alexander Y. Fomichev for providing the background information
and a fix via email.

Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/nss-3.22.ebuild | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.ebuild b/dev-libs/nss/nss-3.22.ebuild
index 5729f0b..31ef4af 100644
--- a/dev-libs/nss/nss-3.22.ebuild
+++ b/dev-libs/nss/nss-3.22.ebuild
@@ -282,7 +282,10 @@ multilib_src_install() {
 			# The tests we do not need to install.
 			#nssutils_test="bltest crmftest dbtest dertimetest
 			#fipstest remtest sdrtest"
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
 			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
 			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
 			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-29 20:05 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-02-29 20:05 UTC (permalink / raw
  To: gentoo-commits

commit:     8dacf4232b798af79879ca0f8e13a45d13479d0f
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 29 20:05:03 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Mon Feb 29 20:05:45 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8dacf423

dev-libs/nss: version bump to 3.22.2

This version uses the new PR_GetEnvSecure function in nspr-4.12, and contains
the latest root CA updates.

Package-Manager: portage-2.2.26

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.22.2.ebuild | 331 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 332 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f66349d..a32331d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,6 +2,7 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
+DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
new file mode 100644
index 0000000..1c5d1d3
--- /dev/null
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -0,0 +1,331 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
+
+	if use cacert ; then
+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-29 20:13 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-02-29 20:13 UTC (permalink / raw
  To: gentoo-commits

commit:     741d6f73d622f8992f745733d7da82d070962ef0
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 29 20:12:10 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Mon Feb 29 20:12:10 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=741d6f73

Revert "dev-libs/nss: version bump to 3.22.2"

This reverts commit 8dacf4232b798af79879ca0f8e13a45d13479d0f, since nspr-4.12 doesn't compile

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.22.2.ebuild | 331 -----------------------------------------
 2 files changed, 332 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a32331d..f66349d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,7 +2,6 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
-DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
deleted file mode 100644
index 1c5d1d3..0000000
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ /dev/null
@@ -1,331 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
-
-	if use cacert ; then
-		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
-	fi
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
-		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-02-29 22:09 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-02-29 22:09 UTC (permalink / raw
  To: gentoo-commits

commit:     59ad04d3596068ff02498cbe28a3ef196d3075f2
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 29 22:08:33 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Mon Feb 29 22:09:10 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59ad04d3

dev-libs/nss: recommit version bump to 3.22.2

This version uses the new PR_GetEnvSecure function in nspr-4.12, and contains
root CA updates

Package-Manager: portage-2.2.26

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.22.2.ebuild | 331 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 332 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f66349d..a32331d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,6 +2,7 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
+DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
new file mode 100644
index 0000000..1c5d1d3
--- /dev/null
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -0,0 +1,331 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
+
+	if use cacert ; then
+		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
+		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-14 14:29 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-03-14 14:29 UTC (permalink / raw
  To: gentoo-commits

commit:     87ec9c7d52a5be96c83549f8f88c54f07f92b37d
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 14 14:29:00 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Mar 14 14:29:00 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87ec9c7d

dev-libs/nss: amd64 stable wrt bug #576862

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 1c5d1d3..17103a3 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-14 14:30 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-03-14 14:30 UTC (permalink / raw
  To: gentoo-commits

commit:     ce3a731a8f58b53e0abfe68c9d7e9a1e476dfa6d
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 14 14:29:51 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Mar 14 14:29:51 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce3a731a

dev-libs/nss: x86 stable wrt bug #576862

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 17103a3..8ae663a 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-15  9:27 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-03-15  9:27 UTC (permalink / raw
  To: gentoo-commits

commit:     92335fe728365244644e389843d3691ac9a64d1c
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 09:27:14 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 09:27:53 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92335fe7

dev-libs/nss: Removed old.

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.22.ebuild | 331 -------------------------------------------
 2 files changed, 332 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f308b8d..0deec36 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,7 +3,6 @@ DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
-DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.22.ebuild b/dev-libs/nss/nss-3.22.ebuild
deleted file mode 100644
index 31ef4af..0000000
--- a/dev-libs/nss/nss-3.22.ebuild
+++ /dev/null
@@ -1,331 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
-
-	if use cacert ; then
-		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
-	fi
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
-		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-15 20:50 Tobias Klausmann
  0 siblings, 0 replies; 466+ messages in thread
From: Tobias Klausmann @ 2016-03-15 20:50 UTC (permalink / raw
  To: gentoo-commits

commit:     2a61574fef220abb622048dd346eb6414661738b
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 20:50:14 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 20:50:14 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a61574f

dev-libs/nss-3.22.2-r0: add alpha keyword

Gentoo-Bug: 576862

Package-Manager: portage-2.2.28

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 8ae663a..611e0d9 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-16 14:09 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-03-16 14:09 UTC (permalink / raw
  To: gentoo-commits

commit:     cc3a7b2bf76e8c4f97f810f9db8fea86fe980355
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 16 14:08:36 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 14:08:36 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc3a7b2b

dev-libs/nss: ppc stable wrt bug #576862

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 611e0d9..8b34c16 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-17 11:34 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-03-17 11:34 UTC (permalink / raw
  To: gentoo-commits

commit:     6d872a3f1b295f2b979ad7e1fcbc4d5e0b1c8cbc
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 17 11:34:34 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Mar 17 11:34:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d872a3f

dev-libs/nss: ppc64 stable wrt bug #576862

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 8b34c16..3192d20 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-18  6:10 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2016-03-18  6:10 UTC (permalink / raw
  To: gentoo-commits

commit:     3114cc454de16acbdcd3788310ac7acea43e73f7
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 18 06:10:06 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Fri Mar 18 06:10:06 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3114cc45

dev-libs/nss: arm stable, bug #576862

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 3192d20..c008ed1 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-19  7:23 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2016-03-19  7:23 UTC (permalink / raw
  To: gentoo-commits

commit:     ddf94d71e6ca2ea98dac1b24b1fb7d9c8a77d02f
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 19 07:22:10 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Mar 19 07:23:37 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddf94d71

dev-libs/nss: Stable for HPPA (bug #576862).

Package-Manager: portage-2.2.28
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index c008ed1..1c7d0e3 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-19 12:28 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-03-19 12:28 UTC (permalink / raw
  To: gentoo-commits

commit:     414be51bc2ad80e5b8609993764cc41236a90e32
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 19 12:28:44 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Mar 19 12:28:44 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=414be51b

dev-libs/nss: sparc stable wrt bug #576862

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 1c7d0e3..4dc7dc2 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-03-20 12:24 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-03-20 12:24 UTC (permalink / raw
  To: gentoo-commits

commit:     b67a1d86e223559b6b242654085fc73083e4ac68
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 20 12:24:33 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Mar 20 12:24:33 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b67a1d86

dev-libs/nss: ia64 stable wrt bug #576862

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.22.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild
index 4dc7dc2..3cc54a5 100644
--- a/dev-libs/nss/nss-3.22.2.ebuild
+++ b/dev-libs/nss/nss-3.22.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-06-07 20:57 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-06-07 20:57 UTC (permalink / raw
  To: gentoo-commits

commit:     33f02199dd1366b3d55c4013dd9c84ae627e10e3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  7 20:56:36 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jun  7 20:56:58 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33f02199

dev-libs/nss: Removed old.

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest           |   2 -
 dev-libs/nss/nss-3.20.1.ebuild  | 326 ---------------------------------------
 dev-libs/nss/nss-3.21-r2.ebuild | 328 ----------------------------------------
 3 files changed, 656 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8dc1398..aa7e190 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.20.1.tar.gz 6958956 SHA256 ad3c8f11dfd9570c2d04a6140d5ef7c2bdd0fe30d6c9e5548721a4251a5e8c97 SHA512 c8db693a81b8ddb4d2a742c2fce3f23dd40736e54c55c0de072f84572fcdad8fb7646e4b8ea696e4c97ea6c9cb0fa144f573f8776c2839eb25c4075b50d01d74 WHIRLPOOL 3d4667b243ba6ac596ea7e9936bf9cba7aa1b9767fd19b53352c3a9a9eef0f1a0a9e7da719634dbc9dfcc087d187d5e774ae351c1e57545e8b8c1f40e41e42e6
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
-DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800

diff --git a/dev-libs/nss/nss-3.20.1.ebuild b/dev-libs/nss/nss-3.20.1.ebuild
deleted file mode 100644
index 45ae6e1..0000000
--- a/dev-libs/nss/nss-3.20.1.ebuild
+++ /dev/null
@@ -1,326 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-${PEM_GIT_REV}"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
-	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
-	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
-	epatch "${FILESDIR}/${PN}-cacert-class3.patch" # 521462
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	local l libs=() liblist
-	for l in ${NSS_CHK_SIGN_LIBS} ; do
-		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
-	done
-	liblist=$(printf '%s:' "${libs[@]}")
-	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
-	doenvd "${T}/90nss-${ABI}"
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.21-r2.ebuild b/dev-libs/nss/nss-3.21-r2.ebuild
deleted file mode 100644
index 2b9842e..0000000
--- a/dev-libs/nss/nss-3.21-r2.ebuild
+++ /dev/null
@@ -1,328 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.10.8"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="http://archive.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	# Custom changes for gentoo
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
-
-	if use cacert ; then
-		epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-		epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
-	fi
-	use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \
-		"${FILESDIR}/${PN}-3.21-pem-werror.patch"
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-06-07 20:57 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-06-07 20:57 UTC (permalink / raw
  To: gentoo-commits

commit:     d91f6e62fceae8b6604a41480ca7a7f7a61cbedc
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  7 20:54:26 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jun  7 20:56:56 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d91f6e62

dev-libs/nss: Bump to version 3.24

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.24.ebuild | 340 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0deec36..8dc1398 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
+DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.24.ebuild b/dev-libs/nss/nss-3.24.ebuild
new file mode 100644
index 0000000..8a72adc
--- /dev/null
+++ b/dev-libs/nss/nss-3.24.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+			"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+		)
+	fi
+
+	default
+
+	if use cacert ; then
+			eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+			eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-06-10 15:32 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2016-06-10 15:32 UTC (permalink / raw
  To: gentoo-commits

commit:     117377c5b4a89a86e1c13583f81d3a14afec5e80
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 10 15:30:30 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jun 10 15:30:30 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=117377c5

dev-libs/nss: amd64 stable wrt bug #585372

Package-Manager: portage-2.2.28
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.23.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
index 8a72adc..a1d3dc5 100644
--- a/dev-libs/nss/nss-3.23.ebuild
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-06-12 20:02 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2016-06-12 20:02 UTC (permalink / raw
  To: gentoo-commits

commit:     969cd77f36b2214ae738ab716203a7d3af03c1b1
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 12 20:02:13 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sun Jun 12 20:02:13 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=969cd77f

dev-libs/nss: arm stable, bug #585372

Package-Manager: portage-2.3.0_rc1
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.23.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
index a1d3dc5..7e43aff 100644
--- a/dev-libs/nss/nss-3.23.ebuild
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-06-13 14:54 Tobias Klausmann
  0 siblings, 0 replies; 466+ messages in thread
From: Tobias Klausmann @ 2016-06-13 14:54 UTC (permalink / raw
  To: gentoo-commits

commit:     f0c717503378a0dab50143afffef21614e9245cc
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 13 14:54:14 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Mon Jun 13 14:54:23 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0c71750

dev-libs/nss-3.23-r0: add alpha keyword

Gentoo-Bug: 585372

Package-Manager: portage-2.3.0_rc1

 dev-libs/nss/nss-3.23.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
index 7e43aff..2a63269 100644
--- a/dev-libs/nss/nss-3.23.ebuild
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-07-02 20:36 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-07-02 20:36 UTC (permalink / raw
  To: gentoo-commits

commit:     bb4e86912193faac1e4ab1b4e252ef11763161f0
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  2 20:36:09 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jul  2 20:36:29 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb4e8691

dev-libs/nss: Bump to version 3.25

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.25.ebuild | 340 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index aa7e190..0a0e751 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800
+DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.25.ebuild b/dev-libs/nss/nss-3.25.ebuild
new file mode 100644
index 0000000..8a72adc
--- /dev/null
+++ b/dev-libs/nss/nss-3.25.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+			"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+		)
+	fi
+
+	default
+
+	if use cacert ; then
+			eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+			eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-07-09  2:54 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-07-09  2:54 UTC (permalink / raw
  To: gentoo-commits

commit:     0f07ec40931c5b549ddf9919a4f25b9101304487
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  9 02:54:17 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Sat Jul  9 02:54:17 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f07ec40

dev-libs/nss: dropped SPI certificates and changed cacert default to off

Bug: http://bugs.gentoo.org/580722

Package-Manager: portage-2.2.28

 dev-libs/nss/{nss-3.25.ebuild => nss-3.25-r1.ebuild} | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/dev-libs/nss/nss-3.25.ebuild b/dev-libs/nss/nss-3.25-r1.ebuild
similarity index 96%
rename from dev-libs/nss/nss-3.25.ebuild
rename to dev-libs/nss/nss-3.25-r1.ebuild
index 8a72adc..ede1f3a 100644
--- a/dev-libs/nss/nss-3.25.ebuild
+++ b/dev-libs/nss/nss-3.25-r1.ebuild
@@ -15,13 +15,12 @@ PEM_P="${PN}-pem-20140125"
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
 	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
+IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
 DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
@@ -63,14 +62,14 @@ src_prepare() {
 			"${FILESDIR}/${PN}-3.21-pem-werror.patch"
 		)
 	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-cacert-class3.patch"
+		)
+	fi
 
 	default
 
-	if use cacert ; then
-			eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-			eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
-	fi
-
 	pushd coreconf >/dev/null || die
 	# hack nspr paths
 	echo 'INCLUDES += -I$(DIST)/include/dbm' \


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-07-09  2:58 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-07-09  2:58 UTC (permalink / raw
  To: gentoo-commits

commit:     ae0ad4c78add8301963174458ce8dc6f5972c02d
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  9 02:57:50 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Sat Jul  9 02:57:50 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae0ad4c7

dev-libs/nss: dropped SPI description on cacert flag in metadata.xml

Package-Manager: portage-2.2.28

 dev-libs/nss/metadata.xml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index 8aa2a5e..f8aeb45 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -7,8 +7,7 @@
 </maintainer>
 <use>
   <flag name="cacert">
-    Include root/class3 certs from CAcert (http://http://www.cacert.org/) and
-    Software in the Public Interest (http://www.spi-inc.org/)
+    Include root/class3 certs from CAcert (http://http://www.cacert.org/)
   </flag>
   <flag name="nss-pem">Add support for libnsspem</flag>
   <flag name="utils">Install utilities included with the library</flag>


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-07-25  6:24 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2016-07-25  6:24 UTC (permalink / raw
  To: gentoo-commits

commit:     601a9dc6cc4f76c11e1803590d0f23da31d12915
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 25 06:23:52 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Mon Jul 25 06:24:06 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=601a9dc6

dev-libs/nss: Stable for HPPA (bug #585372).

Package-Manager: portage-2.3.0
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.23.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
index 9a4ed11..33189ff 100644
--- a/dev-libs/nss/nss-3.23.ebuild
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-08-02 11:26 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2016-08-02 11:26 UTC (permalink / raw
  To: gentoo-commits

commit:     33079aa86a4aadc1f10cb0823a383fece585b912
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  2 11:24:20 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Tue Aug  2 11:24:20 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33079aa8

dev-libs/nss: Stable for PPC64 (bug #585372).

Package-Manager: portage-2.3.0
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.23.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
index 33189ff..e279594 100644
--- a/dev-libs/nss/nss-3.23.ebuild
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-08-04 19:29 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-08-04 19:29 UTC (permalink / raw
  To: gentoo-commits

commit:     35d1016456aa9c9904402740b57c6e2d605e2afd
Author:     Chris Mayo <aklhfex <AT> gmail <DOT> com>
AuthorDate: Thu Aug  4 18:59:49 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Thu Aug  4 19:28:17 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35d10164

dev-libs/nss: fix CAcert URL in metadata.xml

Closes: https://github.com/gentoo/gentoo/pull/2017

 dev-libs/nss/metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index f8aeb45..009a097 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -7,7 +7,7 @@
 </maintainer>
 <use>
   <flag name="cacert">
-    Include root/class3 certs from CAcert (http://http://www.cacert.org/)
+    Include root/class3 certs from CAcert (http://www.cacert.org/)
   </flag>
   <flag name="nss-pem">Add support for libnsspem</flag>
   <flag name="utils">Install utilities included with the library</flag>


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-08-08 17:57 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-08-08 17:57 UTC (permalink / raw
  To: gentoo-commits

commit:     a55956db5f056222e9f0969c9632413b274d269c
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Aug  8 17:55:44 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Aug  8 17:57:27 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a55956db

dev-libs/nss: Bump to version 3.26

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   2 +
 dev-libs/nss/nss-3.26.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 340 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0a0e751..74d41d9 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,5 +4,7 @@ DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
+DIST nss-3.26.tar.gz 7386943 SHA256 91783a570ab953693eb977ce47c501f04c104cec287fa011c91bcc8970d1c564 SHA512 39f733fcec11da8a8a03e4a91020e7d1cafc32400a6dd8183b396094235d482bada1e669d089fbf5b3a8f6eb5d71f363115034b7ed20aa092569919f69685439 WHIRLPOOL 646799bb78e30cba5c0a8f9c301a94c4585c452ddc01121aaadfea13c8a849880c6bf07571886b16784cd40d72b8c15ee2673f9c1c0f5002c276fdff547f8d10
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
+DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.26.ebuild b/dev-libs/nss/nss-3.26.ebuild
new file mode 100644
index 0000000..3e9034e
--- /dev/null
+++ b/dev-libs/nss/nss-3.26.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-cacert-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-08-08 17:57 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-08-08 17:57 UTC (permalink / raw
  To: gentoo-commits

commit:     eb8a972f8a19b5b1e356d0366fad4c7b6c3c99f7
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Aug  8 17:57:01 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Aug  8 17:57:30 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb8a972f

dev-libs/nss: Removed old.

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.24.ebuild | 340 -------------------------------------------
 2 files changed, 341 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 74d41d9..1fdb88d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,7 +2,6 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
-DIST nss-3.24.tar.gz 7307782 SHA256 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed SHA512 9cf6d5dcbe8292bce53e043cf2713e55f01f979827c6f5f39a22ea8d1f40a2579728454a12c30540e8fb06e8119640a539cc5c6913aa12d97008d68386abfe6e WHIRLPOOL 49baf7a1847ffab1d549752854e999a56fd6cf52cf920310199aa95078af5c7894eb61a226cf3170cf93bffa525a674fac512a586f67ccafae91a952052e9800
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
 DIST nss-3.26.tar.gz 7386943 SHA256 91783a570ab953693eb977ce47c501f04c104cec287fa011c91bcc8970d1c564 SHA512 39f733fcec11da8a8a03e4a91020e7d1cafc32400a6dd8183b396094235d482bada1e669d089fbf5b3a8f6eb5d71f363115034b7ed20aa092569919f69685439 WHIRLPOOL 646799bb78e30cba5c0a8f9c301a94c4585c452ddc01121aaadfea13c8a849880c6bf07571886b16784cd40d72b8c15ee2673f9c1c0f5002c276fdff547f8d10
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac

diff --git a/dev-libs/nss/nss-3.24.ebuild b/dev-libs/nss/nss-3.24.ebuild
deleted file mode 100644
index 8a72adc..0000000
--- a/dev-libs/nss/nss-3.24.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
-PEM_P="${PN}-pem-20140125"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
-	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-			"${FILESDIR}/${PN}-3.21-pem-werror.patch"
-		)
-	fi
-
-	default
-
-	if use cacert ; then
-			eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
-			eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-09-28 10:09 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-09-28 10:09 UTC (permalink / raw
  To: gentoo-commits

commit:     d8b125ae99ffd54df8d8e452e13d702d8c0d4c31
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 28 09:44:48 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Sep 28 10:09:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8b125ae

dev-libs/nss: Bump to versions 3.26.1 and 3.27

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   2 +
 dev-libs/nss/nss-3.26.1.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++
 dev-libs/nss/nss-3.27.ebuild   | 338 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 678 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 1fdb88d..ca7b4dd 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,7 +3,9 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
+DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f
 DIST nss-3.26.tar.gz 7386943 SHA256 91783a570ab953693eb977ce47c501f04c104cec287fa011c91bcc8970d1c564 SHA512 39f733fcec11da8a8a03e4a91020e7d1cafc32400a6dd8183b396094235d482bada1e669d089fbf5b3a8f6eb5d71f363115034b7ed20aa092569919f69685439 WHIRLPOOL 646799bb78e30cba5c0a8f9c301a94c4585c452ddc01121aaadfea13c8a849880c6bf07571886b16784cd40d72b8c15ee2673f9c1c0f5002c276fdff547f8d10
+DIST nss-3.27.tar.gz 7397210 SHA256 021aa936b06f5815474dd5c137f2325b3fe06caa38d9798ca53ec30b537301fa SHA512 a79c31d3ade72897928cdb1cfbf9236ea781fb1951904f2f5d9688afc4e55722ba75ea5a46622d1fa45d55bb2666d05a0df3a2c2ac16ce53335722618523c272 WHIRLPOOL 16277ba6cb3c71afeab7a5ce92ba0b3c0ec8622edc87bb1fe48dad86a910fa71a09db4c83ec8a973a048c5b925dbad2bc9d6361a66b94744479c47364e7ad5c5
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.26.1.ebuild b/dev-libs/nss/nss-3.26.1.ebuild
new file mode 100644
index 00000000..3e9034e
--- /dev/null
+++ b/dev-libs/nss/nss-3.26.1.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-cacert-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}

diff --git a/dev-libs/nss/nss-3.27.ebuild b/dev-libs/nss/nss-3.27.ebuild
new file mode 100644
index 00000000..3e9034e
--- /dev/null
+++ b/dev-libs/nss/nss-3.27.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-cacert-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-10-05  6:59 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-10-05  6:59 UTC (permalink / raw
  To: gentoo-commits

commit:     97f617c91210290d8db6b58e02087ecd1f3b4a17
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 06:58:56 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 06:59:16 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97f617c9

dev-libs/nss: Removed old.

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.26.ebuild | 338 -------------------------------------------
 2 files changed, 339 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 53dac1c..73164e5 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,7 +4,6 @@ DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
 DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f
-DIST nss-3.26.tar.gz 7386943 SHA256 91783a570ab953693eb977ce47c501f04c104cec287fa011c91bcc8970d1c564 SHA512 39f733fcec11da8a8a03e4a91020e7d1cafc32400a6dd8183b396094235d482bada1e669d089fbf5b3a8f6eb5d71f363115034b7ed20aa092569919f69685439 WHIRLPOOL 646799bb78e30cba5c0a8f9c301a94c4585c452ddc01121aaadfea13c8a849880c6bf07571886b16784cd40d72b8c15ee2673f9c1c0f5002c276fdff547f8d10
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.tar.gz 7397210 SHA256 021aa936b06f5815474dd5c137f2325b3fe06caa38d9798ca53ec30b537301fa SHA512 a79c31d3ade72897928cdb1cfbf9236ea781fb1951904f2f5d9688afc4e55722ba75ea5a46622d1fa45d55bb2666d05a0df3a2c2ac16ce53335722618523c272 WHIRLPOOL 16277ba6cb3c71afeab7a5ce92ba0b3c0ec8622edc87bb1fe48dad86a910fa71a09db4c83ec8a973a048c5b925dbad2bc9d6361a66b94744479c47364e7ad5c5
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac

diff --git a/dev-libs/nss/nss-3.26.ebuild b/dev-libs/nss/nss-3.26.ebuild
deleted file mode 100644
index 3e9034e..00000000
--- a/dev-libs/nss/nss-3.26.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.12"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-cacert-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-10-05  6:59 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2016-10-05  6:59 UTC (permalink / raw
  To: gentoo-commits

commit:     fca2363cf83772feff552326a154ccd8b9d17011
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 06:56:21 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 06:59:13 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fca2363c

dev-libs/nss: Bump to version 3.27.1

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.27.1.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index ca7b4dd..53dac1c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -5,6 +5,7 @@ DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
 DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f
 DIST nss-3.26.tar.gz 7386943 SHA256 91783a570ab953693eb977ce47c501f04c104cec287fa011c91bcc8970d1c564 SHA512 39f733fcec11da8a8a03e4a91020e7d1cafc32400a6dd8183b396094235d482bada1e669d089fbf5b3a8f6eb5d71f363115034b7ed20aa092569919f69685439 WHIRLPOOL 646799bb78e30cba5c0a8f9c301a94c4585c452ddc01121aaadfea13c8a849880c6bf07571886b16784cd40d72b8c15ee2673f9c1c0f5002c276fdff547f8d10
+DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.tar.gz 7397210 SHA256 021aa936b06f5815474dd5c137f2325b3fe06caa38d9798ca53ec30b537301fa SHA512 a79c31d3ade72897928cdb1cfbf9236ea781fb1951904f2f5d9688afc4e55722ba75ea5a46622d1fa45d55bb2666d05a0df3a2c2ac16ce53335722618523c272 WHIRLPOOL 16277ba6cb3c71afeab7a5ce92ba0b3c0ec8622edc87bb1fe48dad86a910fa71a09db4c83ec8a973a048c5b925dbad2bc9d6361a66b94744479c47364e7ad5c5
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62

diff --git a/dev-libs/nss/nss-3.27.1.ebuild b/dev-libs/nss/nss-3.27.1.ebuild
new file mode 100644
index 00000000..3e9034e
--- /dev/null
+++ b/dev-libs/nss/nss-3.27.1.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-cacert-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2016-12-01 20:34 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2016-12-01 20:34 UTC (permalink / raw
  To: gentoo-commits

commit:     22aa8bae27e2d4856f31bb1e722e42c3d4aa237d
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  1 20:15:12 2016 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Thu Dec  1 20:34:03 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22aa8bae

dev-libs/nss: bump to 3.27.2, add cacert class-1 certs to USE=cacert

Package-Manager: portage-2.3.0

 dev-libs/nss/Manifest          |   2 +
 dev-libs/nss/nss-3.27.2.ebuild | 339 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 73164e5..998387a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -5,7 +5,9 @@ DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
 DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
+DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.27.tar.gz 7397210 SHA256 021aa936b06f5815474dd5c137f2325b3fe06caa38d9798ca53ec30b537301fa SHA512 a79c31d3ade72897928cdb1cfbf9236ea781fb1951904f2f5d9688afc4e55722ba75ea5a46622d1fa45d55bb2666d05a0df3a2c2ac16ce53335722618523c272 WHIRLPOOL 16277ba6cb3c71afeab7a5ce92ba0b3c0ec8622edc87bb1fe48dad86a910fa71a09db4c83ec8a973a048c5b925dbad2bc9d6361a66b94744479c47364e7ad5c5
+DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.27.2.ebuild b/dev-libs/nss/nss-3.27.2.ebuild
new file mode 100644
index 00000000..231ea3e
--- /dev/null
+++ b/dev-libs/nss/nss-3.27.2.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-04 14:37 Aaron Bauman
  0 siblings, 0 replies; 466+ messages in thread
From: Aaron Bauman @ 2017-01-04 14:37 UTC (permalink / raw
  To: gentoo-commits

commit:     3189ba4ae73a1d1e4adc61a1a093624a760499b3
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  4 14:36:27 2017 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Wed Jan  4 14:36:27 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3189ba4a

dev-libs/nss: amd64 stable wrt bug #593070

 dev-libs/nss/nss-3.27.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.27.2.ebuild b/dev-libs/nss/nss-3.27.2.ebuild
index 231ea3e..e0456f9 100644
--- a/dev-libs/nss/nss-3.27.2.ebuild
+++ b/dev-libs/nss/nss-3.27.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-06 14:33 Tobias Klausmann
  0 siblings, 0 replies; 466+ messages in thread
From: Tobias Klausmann @ 2017-01-06 14:33 UTC (permalink / raw
  To: gentoo-commits

commit:     e41542c2d38f43b87dfd3d7520df348c03aeef5b
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  6 14:22:08 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Fri Jan  6 14:32:40 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e41542c2

dev-libs/nss-3.27.2-r0: stable on alpha

Gentoo-Bug: 593070

 dev-libs/nss/nss-3.27.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.27.2.ebuild b/dev-libs/nss/nss-3.27.2.ebuild
index 9ff024b..c5ba59e 100644
--- a/dev-libs/nss/nss-3.27.2.ebuild
+++ b/dev-libs/nss/nss-3.27.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-08 18:17 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2017-01-08 18:17 UTC (permalink / raw
  To: gentoo-commits

commit:     82aa70be57dba872638e198e603fdb1930b7afd6
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  8 18:16:54 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sun Jan  8 18:16:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82aa70be

dev-libs/nss: arm stable, bug #593070

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.27.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.27.2.ebuild b/dev-libs/nss/nss-3.27.2.ebuild
index c5ba59e..c1ef5c7 100644
--- a/dev-libs/nss/nss-3.27.2.ebuild
+++ b/dev-libs/nss/nss-3.27.2.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-08 21:42 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2017-01-08 21:42 UTC (permalink / raw
  To: gentoo-commits

commit:     b4bc732dc2369867442d1a58b15de410ee4a675c
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  8 21:39:03 2017 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Jan  8 21:40:26 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4bc732d

dev-libs/nss - Update for cert removal and additions

 dev-libs/nss/Manifest                               | 2 +-
 dev-libs/nss/{nss-3.28.ebuild => nss-3.28.1.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c5f1d3b..51c832c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,7 +4,7 @@ DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f
 DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934
 DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
-DIST nss-3.28.tar.gz 7440502 SHA256 c79dd15f66f581c294ce0ef032119357d03fee3a0aa61be263747d84f1b33254 SHA512 dd442c6d04edd0507cc49a1e3c2bfaa64555f7cde5cb9e512ccf33f14de458dddbb17efddd83271056ed6e6e32327e6e1b6f6609e1910a05e625b08e6f0965df WHIRLPOOL d013972f18d75e83da03c3903b712ef1094e6b8543c1755ea2b7ed7f6335e39ac20112808c86bb9df74cda4a8c5c1159401ecd05d1d8b07b3ecdca85f7f0ac82
+DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.28.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.28.ebuild
rename to dev-libs/nss/nss-3.28.1.ebuild


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-09  2:15 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2017-01-09  2:15 UTC (permalink / raw
  To: gentoo-commits

commit:     a93b62580c415118b89a07264f7823de3b01bf8c
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 02:14:43 2017 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 02:14:43 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a93b6258

dev-libs/nss - Update nspr dep

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index 5b74267..dfc0cd6 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -6,7 +6,7 @@ EAPI=6
 
 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
 
-NSPR_VER="4.12"
+NSPR_VER="4.13.1"
 RTM_NAME="NSS_${PV//./_}_RTM"
 # Rev of https://git.fedorahosted.org/cgit/nss-pem.git
 PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-10 14:56 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2017-01-10 14:56 UTC (permalink / raw
  To: gentoo-commits

commit:     0a66576c7ef05868443dbed5bdcedc8f854e85fc
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 14:54:35 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 14:54:35 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a66576c

dev-libs/nss: amd64 stable wrt bug #604916

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.28.1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index dfc0cd6..f9d3dd6 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-10 15:22 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2017-01-10 15:22 UTC (permalink / raw
  To: gentoo-commits

commit:     19a5712b6bc20523c878553de4c393e88753b237
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 15:22:21 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 15:22:21 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19a5712b

dev-libs/nss: x86 stable wrt bug #604916

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index f9d3dd6..591d7a4 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-13 17:02 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2017-01-13 17:02 UTC (permalink / raw
  To: gentoo-commits

commit:     c8d19ae1dfe2d6384eae604d9167c7536eea323d
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 13 17:01:53 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 17:01:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8d19ae1

dev-libs/nss: arm stable, bug #604916

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index ce38d23..e43dd43 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-15 20:18 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2017-01-15 20:18 UTC (permalink / raw
  To: gentoo-commits

commit:     a18da6f386880abdc8a3ee2bffc39c31fd5ba584
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 15 20:16:42 2017 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sun Jan 15 20:16:42 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a18da6f3

dev-libs/nss: Stable for HPPA (bug #604916).

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index cb9cc49..a4fba6e 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-15 22:10 Tobias Klausmann
  0 siblings, 0 replies; 466+ messages in thread
From: Tobias Klausmann @ 2017-01-15 22:10 UTC (permalink / raw
  To: gentoo-commits

commit:     345ab79c221af3f38d06484ad7ff57882d364a4f
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 15 22:10:14 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Sun Jan 15 22:10:14 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=345ab79c

dev-libs/nss-3.28.1-r0: stable on alpha

Gentoo-Bug: 604916

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index a4fba6e..0cc3ffa 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-01-18 10:02 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2017-01-18 10:02 UTC (permalink / raw
  To: gentoo-commits

commit:     177c7b1881ecbfb5189f7619f28d26fe086eb6f5
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 18 10:01:52 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jan 18 10:02:40 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=177c7b18

dev-libs/nss: ppc64 stable wrt bug #604916

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index 6464c18..7e1647e 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-02-08  0:39 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2017-02-08  0:39 UTC (permalink / raw
  To: gentoo-commits

commit:     fd2d4c8bc8e4cfdcc99bf3bb632179e22f52ff99
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  8 00:37:39 2017 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Feb  8 00:37:39 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd2d4c8b

dev-libs/nss: Version bump

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.29.ebuild | 339 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 340 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e485949..6f2e627 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
+DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.29.ebuild b/dev-libs/nss/nss-3.29.ebuild
new file mode 100644
index 00000000..a253567
--- /dev/null
+++ b/dev-libs/nss/nss-3.29.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-02-21  9:30 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-02-21  9:30 UTC (permalink / raw
  To: gentoo-commits

commit:     04ba2c2095205898cf3c65c9ae1185956a38f881
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 21 09:16:26 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 21 09:30:15 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04ba2c20

dev-libs/nss: Bump to version 3.29.1

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.29.1.ebuild | 339 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 340 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6f2e62784a..bfc63a44b2 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
+DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.29.1.ebuild b/dev-libs/nss/nss-3.29.1.ebuild
new file mode 100644
index 0000000000..a253567a5f
--- /dev/null
+++ b/dev-libs/nss/nss-3.29.1.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-03-08  9:47 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-03-08  9:47 UTC (permalink / raw
  To: gentoo-commits

commit:     6b4d24a2925a71f8648bd53c7ed2294aaebcbdd7
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  8 09:43:27 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  8 09:47:18 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b4d24a2

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.4, Repoman-2.3.2

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.29.ebuild | 338 -------------------------------------------
 2 files changed, 339 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 99edac12573..88c1f3df7c4 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
-DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.29.ebuild b/dev-libs/nss/nss-3.29.ebuild
deleted file mode 100644
index 93080429b23..00000000000
--- a/dev-libs/nss/nss-3.29.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-03-08  9:47 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-03-08  9:47 UTC (permalink / raw
  To: gentoo-commits

commit:     a2f07623ceff778fafc2dc99a0d176c90611b668
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  8 09:43:00 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  8 09:47:16 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2f07623

dev-libs/nss: Bump to version 3.29.3

Package-Manager: Portage-2.3.4, Repoman-2.3.2

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.29.3.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index bfc63a44b20..99edac12573 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
+DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.29.3.ebuild b/dev-libs/nss/nss-3.29.3.ebuild
new file mode 100644
index 00000000000..93080429b23
--- /dev/null
+++ b/dev-libs/nss/nss-3.29.3.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-03-23  7:59 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-03-23  7:59 UTC (permalink / raw
  To: gentoo-commits

commit:     7eaca87a6799a45cf655ba6fbb1e9d54755c056a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 23 07:53:54 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Mar 23 07:53:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7eaca87a

dev-libs/nss: Bump to version 3.30

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.30.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 88c1f3df7c4..008785fa660 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
+DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.30.ebuild b/dev-libs/nss/nss-3.30.ebuild
new file mode 100644
index 00000000000..93080429b23
--- /dev/null
+++ b/dev-libs/nss/nss-3.30.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-03-29  0:02 Michael Weber
  0 siblings, 0 replies; 466+ messages in thread
From: Michael Weber @ 2017-03-29  0:02 UTC (permalink / raw
  To: gentoo-commits

commit:     f7be8bde58628fdb69172756c1cdf3b61ce3458e
Author:     Michael Weber <xmw <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 28 23:47:23 2017 +0000
Commit:     Michael Weber <xmw <AT> gentoo <DOT> org>
CommitDate: Wed Mar 29 00:01:45 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7be8bde

dev-libs/nss: arm64 stable.

Package-Manager: Portage-2.3.5, Repoman-2.3.2
RepoMan-Options: --include-arches="arm64"

 dev-libs/nss/nss-3.28.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
index fa3eb33292f..2b726851f96 100644
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ b/dev-libs/nss/nss-3.28.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-06 13:08 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-04-06 13:08 UTC (permalink / raw
  To: gentoo-commits

commit:     ced6b63841dd6518b12f3a99dc4ae8a2feba4ffd
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  6 12:38:31 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  6 13:07:52 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ced6b638

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.29.1.ebuild | 338 -----------------------------------------
 2 files changed, 339 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 23fde6e0307..c74549d92b8 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
-DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a

diff --git a/dev-libs/nss/nss-3.29.1.ebuild b/dev-libs/nss/nss-3.29.1.ebuild
deleted file mode 100644
index 93080429b23..00000000000
--- a/dev-libs/nss/nss-3.29.1.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-06 13:08 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-04-06 13:08 UTC (permalink / raw
  To: gentoo-commits

commit:     8760dbe77c8adf5e8cf6ab5b524e49471019088d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  6 12:37:43 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  6 13:07:49 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8760dbe7

dev-libs/nss: Bump to version 3.30.1

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.30.1.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 008785fa660..23fde6e0307 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,7 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
+DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.30.1.ebuild b/dev-libs/nss/nss-3.30.1.ebuild
new file mode 100644
index 00000000000..93080429b23
--- /dev/null
+++ b/dev-libs/nss/nss-3.30.1.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-19 20:20 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2017-04-19 20:20 UTC (permalink / raw
  To: gentoo-commits

commit:     65c02cda32e6a7005b91f8cdf2f8a1b85b2a36a3
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 20:19:53 2017 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 20:20:42 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65c02cda

dev-libs/nss: drop old/vulnerable 3.30

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.30.ebuild | 338 -------------------------------------------
 2 files changed, 339 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index fdc8f60046d..e3eb2743955 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
-DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.30.ebuild b/dev-libs/nss/nss-3.30.ebuild
deleted file mode 100644
index 93080429b23..00000000000
--- a/dev-libs/nss/nss-3.30.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-19 20:20 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2017-04-19 20:20 UTC (permalink / raw
  To: gentoo-commits

commit:     05e9b36ad9456d750b83339e11538e937d0a4c7b
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 19 20:18:52 2017 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Wed Apr 19 20:20:40 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05e9b36a

dev-libs/nss: bump 3.29 series to 3.29.5 for security

Bug: http://bugs.gentoo.org/616032
Bug: http://bugs.gentoo.org/616036

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/nss/Manifest                                 | 2 +-
 dev-libs/nss/{nss-3.29.3.ebuild => nss-3.29.5.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c74549d92b8..fdc8f60046d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,5 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
-DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
+DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/dev-libs/nss/nss-3.29.3.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.29.3.ebuild
rename to dev-libs/nss/nss-3.29.5.ebuild


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-22  7:33 Tobias Klausmann
  0 siblings, 0 replies; 466+ messages in thread
From: Tobias Klausmann @ 2017-04-22  7:33 UTC (permalink / raw
  To: gentoo-commits

commit:     af13fca0c0d505642d70a50adfdedf3a63deee92
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 21 11:51:57 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Sat Apr 22 07:33:48 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af13fca0

dev-libs/nss-3.29.5-r0: add alpha keyword

Gentoo-Bug: 616032

 dev-libs/nss/nss-3.29.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index 93080429b23..c21d57cf228 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-22 13:19 Jeroen Roovers
  0 siblings, 0 replies; 466+ messages in thread
From: Jeroen Roovers @ 2017-04-22 13:19 UTC (permalink / raw
  To: gentoo-commits

commit:     dc117d5f7cbbde90f007073dc909b0968236eb65
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 22 13:19:29 2017 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Apr 22 13:19:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc117d5f

dev-libs/nss: Stable for HPPA (bug #616032).

Package-Manager: Portage-2.3.5, Repoman-2.3.2
RepoMan-Options: --ignore-arches

 dev-libs/nss/nss-3.29.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index c21d57cf228..9eda92f5793 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-22 22:26 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-04-22 22:26 UTC (permalink / raw
  To: gentoo-commits

commit:     d115d09f6b5837ee0a901974fcff01f900ab4a78
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 22 22:26:06 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Apr 22 22:26:29 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d115d09f

dev-libs/nss: Bump to version 3.30.2

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.30.2.ebuild | 338 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e3eb2743955..871e7a28166 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
+DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.30.2.ebuild b/dev-libs/nss/nss-3.30.2.ebuild
new file mode 100644
index 00000000000..93080429b23
--- /dev/null
+++ b/dev-libs/nss/nss-3.30.2.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-29 15:02 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2017-04-29 15:02 UTC (permalink / raw
  To: gentoo-commits

commit:     f20c54ad0b14729499d3888a8d843fdc3f3fd7cc
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 29 15:00:01 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Apr 29 15:00:01 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f20c54ad

dev-libs/nss: ppc stable wrt bug #616032

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.29.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index ac6dde76e8b..27dd61246ca 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-04-30  9:37 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2017-04-30  9:37 UTC (permalink / raw
  To: gentoo-commits

commit:     92fe3edcb1a14fe73fb7506e7d5c0f2d9b7f586e
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 30 09:35:17 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:37:02 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92fe3edc

dev-libs/nss: ppc64 stable wrt bug #616032

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.29.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index 27dd61246ca..aa7e80c327b 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-05-04 20:03 Markus Meier
  0 siblings, 0 replies; 466+ messages in thread
From: Markus Meier @ 2017-05-04 20:03 UTC (permalink / raw
  To: gentoo-commits

commit:     af5a160180941f6e6bc77060f985dd33103984e7
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Thu May  4 20:03:32 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Thu May  4 20:03:32 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af5a1601

dev-libs/nss: arm stable, bug #616032

Package-Manager: Portage-2.3.5, Repoman-2.3.1
RepoMan-Options: --include-arches="arm"

 dev-libs/nss/nss-3.29.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index aa7e80c327b..accee6a437e 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-05-24 15:29 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2017-05-24 15:29 UTC (permalink / raw
  To: gentoo-commits

commit:     81e05db4ee782a240d52178d663206fad4f81572
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Wed May 24 15:29:16 2017 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Wed May 24 15:29:16 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81e05db4

dev-libs/nss: enhance to install libnssb.a, libnssckfw.a and nssck.api

Initially applied to nss-3.30.2-r1, may backport to others upon successful testing.

Bug: http://bugs.gentoo.org/610690

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 dev-libs/nss/nss-3.30.2-r1.ebuild | 339 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 339 insertions(+)

diff --git a/dev-libs/nss/nss-3.30.2-r1.ebuild b/dev-libs/nss/nss-3.30.2-r1.ebuild
new file mode 100644
index 00000000000..f20a355b12a
--- /dev/null
+++ b/dev-libs/nss/nss-3.30.2-r1.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.13.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-05-25 18:00 Ian Stakenvicius
  0 siblings, 0 replies; 466+ messages in thread
From: Ian Stakenvicius @ 2017-05-25 18:00 UTC (permalink / raw
  To: gentoo-commits

commit:     c6a39f2b386633057cc07766a339a1720e8f8714
Author:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Wed May 24 18:01:16 2017 +0000
Commit:     Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Thu May 25 17:59:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6a39f2b

dev-libs/nss-3.30.2-r1: ensure variable 'i' used in a for loop is local

Package-Manager: Portage-2.3.5, Repoman-2.3.1

 dev-libs/nss/nss-3.30.2-r1.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.30.2-r1.ebuild b/dev-libs/nss/nss-3.30.2-r1.ebuild
index f20a355b12a..3d6f566f242 100644
--- a/dev-libs/nss/nss-3.30.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.30.2-r1.ebuild
@@ -256,6 +256,7 @@ multilib_src_install() {
 
 	dodir /usr/$(get_libdir)
 	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
 	for i in crmf freebl nssb nssckfw ; do
 		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
 	done


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-06-12 13:39 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2017-06-12 13:39 UTC (permalink / raw
  To: gentoo-commits

commit:     953f52cfad2f672851b519dfcd79507bc1046986
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 12 13:39:30 2017 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Mon Jun 12 13:39:30 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=953f52cf

dev-libs/nss: version bump

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 dev-libs/nss/Manifest                              |   3 +-
 dev-libs/nss/nss-3.30.1.ebuild                     | 338 ---------------------
 dev-libs/nss/nss-3.30.2.ebuild                     | 338 ---------------------
 .../nss/{nss-3.30.2-r1.ebuild => nss-3.31.ebuild}  |   0
 4 files changed, 1 insertion(+), 678 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 871e7a28166..395b89e502e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
-DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
-DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
+DIST nss-3.31.tar.gz 9537011 SHA256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d SHA512 2b56405b32d37cc4386cbbe54462cc57092e47b3418a743adbae14e1825ca69d07256fbfe16c0cfd7540c46cea67259151b42a0d95419c80964015eacdcafea1 WHIRLPOOL b63b481436feaf48ef3acc03e7af3831b743e91fda802f1fb5d4e782cbefab979dda5b643766f3a600b16ff815a90dacabd0b06b79baa76386237b56e74676fb
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.30.1.ebuild b/dev-libs/nss/nss-3.30.1.ebuild
deleted file mode 100644
index 93080429b23..00000000000
--- a/dev-libs/nss/nss-3.30.1.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.30.2.ebuild b/dev-libs/nss/nss-3.30.2.ebuild
deleted file mode 100644
index 93080429b23..00000000000
--- a/dev-libs/nss/nss-3.30.2.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.30.2-r1.ebuild b/dev-libs/nss/nss-3.31.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.30.2-r1.ebuild
rename to dev-libs/nss/nss-3.31.ebuild


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-07-05  9:25 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-07-05  9:25 UTC (permalink / raw
  To: gentoo-commits

commit:     d20959fb60e5947f9dab5874e9ac52314b7fb542
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jul  5 09:22:52 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jul  5 09:25:05 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d20959fb

dev-libs/nss: Security cleanup for bug #616032

--
You are receiving this mail because:
You are on the CC list for the bug.

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.28.1.ebuild | 338 -----------------------------------------
 2 files changed, 339 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 395b89e502e..ec8d2813098 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.31.tar.gz 9537011 SHA256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d SHA512 2b56405b32d37cc4386cbbe54462cc57092e47b3418a743adbae14e1825ca69d07256fbfe16c0cfd7540c46cea67259151b42a0d95419c80964015eacdcafea1 WHIRLPOOL b63b481436feaf48ef3acc03e7af3831b743e91fda802f1fb5d4e782cbefab979dda5b643766f3a600b16ff815a90dacabd0b06b79baa76386237b56e74676fb
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/dev-libs/nss/nss-3.28.1.ebuild b/dev-libs/nss/nss-3.28.1.ebuild
deleted file mode 100644
index 2b726851f96..00000000000
--- a/dev-libs/nss/nss-3.28.1.ebuild
+++ /dev/null
@@ -1,338 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.h
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-09-13  1:49 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2017-09-13  1:49 UTC (permalink / raw
  To: gentoo-commits

commit:     957dd82e86abc89dc3544d20d6e6e86e5bf33a6f
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 13 01:49:41 2017 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Sep 13 01:49:41 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=957dd82e

dev-libs/nss: version bump 3.32.1

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 dev-libs/nss/Manifest                               | 2 +-
 dev-libs/nss/{nss-3.32.ebuild => nss-3.32.1.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index dca6632a35b..a838adb78b1 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,5 @@
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.31.tar.gz 9537011 SHA256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d SHA512 2b56405b32d37cc4386cbbe54462cc57092e47b3418a743adbae14e1825ca69d07256fbfe16c0cfd7540c46cea67259151b42a0d95419c80964015eacdcafea1 WHIRLPOOL b63b481436feaf48ef3acc03e7af3831b743e91fda802f1fb5d4e782cbefab979dda5b643766f3a600b16ff815a90dacabd0b06b79baa76386237b56e74676fb
-DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
+DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.32.ebuild b/dev-libs/nss/nss-3.32.1.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.32.ebuild
rename to dev-libs/nss/nss-3.32.1.ebuild


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-09-21 22:26 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-09-21 22:26 UTC (permalink / raw
  To: gentoo-commits

commit:     400e3f36fd647e71f52b9d74702ce576ab8f7a11
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 21 22:08:42 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 21 22:26:27 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=400e3f36

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.10, Repoman-2.3.3

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.31.ebuild | 340 -------------------------------------------
 2 files changed, 341 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c9a04742fce..94e69da45e2 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
-DIST nss-3.31.tar.gz 9537011 SHA256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d SHA512 2b56405b32d37cc4386cbbe54462cc57092e47b3418a743adbae14e1825ca69d07256fbfe16c0cfd7540c46cea67259151b42a0d95419c80964015eacdcafea1 WHIRLPOOL b63b481436feaf48ef3acc03e7af3831b743e91fda802f1fb5d4e782cbefab979dda5b643766f3a600b16ff815a90dacabd0b06b79baa76386237b56e74676fb
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/dev-libs/nss/nss-3.31.ebuild b/dev-libs/nss/nss-3.31.ebuild
deleted file mode 100644
index 3d6f566f242..00000000000
--- a/dev-libs/nss/nss-3.31.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.13.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.28-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-09-21 22:26 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-09-21 22:26 UTC (permalink / raw
  To: gentoo-commits

commit:     b030bd109d60c351d59e0b3201999ddb99f1c765
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 21 22:08:10 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 21 22:26:25 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b030bd10

dev-libs/nss: Bump to version 3.33

Package-Manager: Portage-2.3.10, Repoman-2.3.3

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.33.ebuild | 340 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a838adb78b1..c9a04742fce 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.31.tar.gz 9537011 SHA256 e90561256a3271486162c1fbe8d614d118c333d36a4455be2af8688bd420a65d SHA512 2b56405b32d37cc4386cbbe54462cc57092e47b3418a743adbae14e1825ca69d07256fbfe16c0cfd7540c46cea67259151b42a0d95419c80964015eacdcafea1 WHIRLPOOL b63b481436feaf48ef3acc03e7af3831b743e91fda802f1fb5d4e782cbefab979dda5b643766f3a600b16ff815a90dacabd0b06b79baa76386237b56e74676fb
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
+DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.33.ebuild b/dev-libs/nss/nss-3.33.ebuild
new file mode 100644
index 00000000000..2932e76b9fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.33.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-11-15 18:51 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-11-15 18:51 UTC (permalink / raw
  To: gentoo-commits

commit:     4719d6f983237657b04c287263a91eaf5774c1bb
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 15 18:48:09 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 15 18:50:49 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4719d6f9

dev-libs/nss: Bump to version 3.34

Package-Manager: Portage-2.3.14, Repoman-2.3.6

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.34.ebuild | 340 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 341 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 94e69da45e2..068ef3713e2 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
+DIST nss-3.34.tar.gz 9586315 SHA256 0d45954181373023c7cfc33e77c8c636d394ec7e55b93e059149ed7888652af5 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21 WHIRLPOOL ae6784022aa74671c62141023e40e5dfce51bc90b49c6520ad46307eb3b84246c1557bbcc0b63554d6aef42940a2667f46cebfe57f9962342f176e79fe9384e0
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.34.ebuild b/dev-libs/nss/nss-3.34.ebuild
new file mode 100644
index 00000000000..2932e76b9fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.34.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-11-29 17:27 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-11-29 17:27 UTC (permalink / raw
  To: gentoo-commits

commit:     2034d3abd4b32d2675e75a942e01f882b66e61c3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 17:22:48 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 17:27:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2034d3ab

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.33.ebuild | 340 -------------------------------------------
 2 files changed, 341 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 4caaffbc4d3..7080d954ffb 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
-DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/dev-libs/nss/nss-3.33.ebuild b/dev-libs/nss/nss-3.33.ebuild
deleted file mode 100644
index 2932e76b9fb..00000000000
--- a/dev-libs/nss/nss-3.33.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2017-11-29 17:27 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2017-11-29 17:27 UTC (permalink / raw
  To: gentoo-commits

commit:     5f1fafeb2855d43288b4f2044768a46687d6629c
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 17:20:56 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 17:27:49 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f1fafeb

dev-libs/nss: Bump to version 3.34.1

Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-libs/nss/Manifest          |   3 +-
 dev-libs/nss/nss-3.34.1.ebuild | 340 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 342 insertions(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 068ef3713e2..4caaffbc4d3 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,7 @@
 DIST nss-3.29.5.tar.gz 7480246 SHA256 5df483b73535d726207483f6349df23fe56aee83382b94b13298aec2e254d985 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa WHIRLPOOL ca341bc9e76208e01ee9b1b1fa8a67dd502676d1a2062468722ad80ed81fa3e4b0958907892871249b3596b310aa813259cf47b5bc64ec37b05613dc9d31323f
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
-DIST nss-3.34.tar.gz 9586315 SHA256 0d45954181373023c7cfc33e77c8c636d394ec7e55b93e059149ed7888652af5 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21 WHIRLPOOL ae6784022aa74671c62141023e40e5dfce51bc90b49c6520ad46307eb3b84246c1557bbcc0b63554d6aef42940a2667f46cebfe57f9962342f176e79fe9384e0
+DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
+DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836

diff --git a/dev-libs/nss/nss-3.34.1.ebuild b/dev-libs/nss/nss-3.34.1.ebuild
new file mode 100644
index 00000000000..2932e76b9fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.34.1.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-01-20 10:04 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-01-20 10:04 UTC (permalink / raw
  To: gentoo-commits

commit:     2cbfbefec138b32a5cecc33ac814f5f1efae0036
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 20 10:00:27 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan 20 10:03:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cbfbefe

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.32.1.ebuild | 340 -----------------------------------------
 dev-libs/nss/nss-3.34.ebuild   | 340 -----------------------------------------
 3 files changed, 682 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e65257d9111..fa99e77adb8 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
-DIST nss-3.32.1.tar.gz 9494609 BLAKE2B d5e4e87b8172022cfdaaebf3c76cb6702ecc0594bc9f2edbeeb4a0bde30faf2857b7a38f2f964bdb0fc6de2b439faf5477c55b91d0eb42bd35de6780afc6e6f0 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
-DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.32.1.ebuild b/dev-libs/nss/nss-3.32.1.ebuild
deleted file mode 100644
index 2932e76b9fb..00000000000
--- a/dev-libs/nss/nss-3.32.1.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.34.ebuild b/dev-libs/nss/nss-3.34.ebuild
deleted file mode 100644
index 2932e76b9fb..00000000000
--- a/dev-libs/nss/nss-3.34.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-01-20 10:04 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-01-20 10:04 UTC (permalink / raw
  To: gentoo-commits

commit:     4f4cf26441b1bffbf2a58a3e5f5ce3576ee51cab
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 20 09:59:38 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan 20 10:03:57 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f4cf264

dev-libs/nss: Bump to version 3.35

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.35.ebuild | 337 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 338 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8c795a5ecdb..e65257d9111 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524
 DIST nss-3.32.1.tar.gz 9494609 BLAKE2B d5e4e87b8172022cfdaaebf3c76cb6702ecc0594bc9f2edbeeb4a0bde30faf2857b7a38f2f964bdb0fc6de2b439faf5477c55b91d0eb42bd35de6780afc6e6f0 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
+DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.35.ebuild b/dev-libs/nss/nss-3.35.ebuild
new file mode 100644
index 00000000000..d21c8184ed4
--- /dev/null
+++ b/dev-libs/nss/nss-3.35.ebuild
@@ -0,0 +1,337 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-03-02 23:51 Mart Raudsepp
  0 siblings, 0 replies; 466+ messages in thread
From: Mart Raudsepp @ 2018-03-02 23:51 UTC (permalink / raw
  To: gentoo-commits

commit:     5403d6b80139796e09c0c3c0c8e3ea3d7019f6d1
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  2 22:14:33 2018 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Fri Mar  2 23:41:28 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5403d6b8

dev-libs/nss-3.29.5: arm64 stable

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-libs/nss/nss-3.29.5.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index fa3eb33292f..f2e16e8523f 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-03-07  9:13 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-03-07  9:13 UTC (permalink / raw
  To: gentoo-commits

commit:     040a525d45af91f96e4768dfbe15901ed97b0a56
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  7 09:07:38 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  7 09:07:38 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=040a525d

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.34.1.ebuild | 340 -----------------------------------------
 2 files changed, 341 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 61850ebf1ee..5d92675a62f 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
-DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.34.1.ebuild b/dev-libs/nss/nss-3.34.1.ebuild
deleted file mode 100644
index 2932e76b9fb..00000000000
--- a/dev-libs/nss/nss-3.34.1.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-03-07  9:13 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-03-07  9:13 UTC (permalink / raw
  To: gentoo-commits

commit:     bdc45dcb12aa84120cb2fd46313fa15b748b29e0
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  7 09:04:07 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  7 09:04:07 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bdc45dcb

dev-libs/nss: Bump to version 3.36

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.36.ebuild | 337 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 338 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index fa99e77adb8..61850ebf1ee 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
+DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.36.ebuild b/dev-libs/nss/nss-3.36.ebuild
new file mode 100644
index 00000000000..d21c8184ed4
--- /dev/null
+++ b/dev-libs/nss/nss-3.36.ebuild
@@ -0,0 +1,337 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-03-07 12:36 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-03-07 12:36 UTC (permalink / raw
  To: gentoo-commits

commit:     6ca1c6d7cc6314189ae3580b6234b5dc63b0665e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  7 12:31:56 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  7 12:36:47 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ca1c6d7

dev-libs/nss: certcgi has been removed from 3.36 release.

Thanks Kobboi!

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/nss/nss-3.36.ebuild | 47 +++++++++++++++++++++++++++++++++++++-------
 1 file changed, 40 insertions(+), 7 deletions(-)

diff --git a/dev-libs/nss/nss-3.36.ebuild b/dev-libs/nss/nss-3.36.ebuild
index d21c8184ed4..e98eac88ca8 100644
--- a/dev-libs/nss/nss-3.36.ebuild
+++ b/dev-libs/nss/nss-3.36.ebuild
@@ -281,7 +281,7 @@ multilib_src_install() {
 
 	local f nssutils
 	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
+	nssutils=( shlibsign )
 
 	if multilib_is_native_abi ; then
 		if use utils; then
@@ -291,16 +291,49 @@ multilib_src_install() {
 			# checkcert utils has been removed in nss-3.22:
 			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
 			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
 			# install man-pages for utils (bug #516810)
 			doman doc/nroff/*.1
 		fi
 		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
+		for f in ${nssutils[@]}; do
 			dobin ${f}
 		done
 		popd >/dev/null || die


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-03-21  7:50 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-03-21  7:50 UTC (permalink / raw
  To: gentoo-commits

commit:     dedfc58e5929bb90fc2020002a56d540d48659fc
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 21 07:48:32 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar 21 07:50:23 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dedfc58e

dev-libs/nss: Fixed build with clang.

Thanks-to: Wil Reichert <wil.reichert <AT> gmail.com>
Closes: https://bugs.gentoo.org/651044
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 dev-libs/nss/nss-3.36.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.36.ebuild b/dev-libs/nss/nss-3.36.ebuild
index e98eac88ca8..3a343d29931 100644
--- a/dev-libs/nss/nss-3.36.ebuild
+++ b/dev-libs/nss/nss-3.36.ebuild
@@ -154,6 +154,7 @@ multilib_src_compile() {
 
 	local makeargs=(
 		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
 		AR="$(tc-getAR) rc \$@"
 		RANLIB="$(tc-getRANLIB)"
 		OPTIMIZER=


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-04-11  8:19 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-04-11  8:19 UTC (permalink / raw
  To: gentoo-commits

commit:     6a339ae7c708d4c9260ca3c37611ddd80041b5f6
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 11 08:18:16 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 11 08:19:51 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a339ae7

dev-libs/nss: Bump to version 3.36.1

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.36.1.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 5d92675a62f..922f62ba576 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
+DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.36.1.ebuild b/dev-libs/nss/nss-3.36.1.ebuild
new file mode 100644
index 00000000000..3a343d29931
--- /dev/null
+++ b/dev-libs/nss/nss-3.36.1.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-05-08  8:47 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-05-08  8:47 UTC (permalink / raw
  To: gentoo-commits

commit:     aac98be2daa08c79f276c23234d5d210e1abaae5
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue May  8 08:40:20 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue May  8 08:46:56 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aac98be2

dev-libs/nss: Bump to version 3.37

Package-Manager: Portage-2.3.36, Repoman-2.3.9

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.37.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 922f62ba576..7d6a8427906 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
+DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.37.ebuild b/dev-libs/nss/nss-3.37.ebuild
new file mode 100644
index 00000000000..3a343d29931
--- /dev/null
+++ b/dev-libs/nss/nss-3.37.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-05-08  8:47 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-05-08  8:47 UTC (permalink / raw
  To: gentoo-commits

commit:     909a660af359503292538346bf22d56864fce456
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue May  8 08:41:05 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue May  8 08:46:58 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=909a660a

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.36, Repoman-2.3.9

 dev-libs/nss/Manifest        |   2 -
 dev-libs/nss/nss-3.35.ebuild | 340 ---------------------------------------
 dev-libs/nss/nss-3.36.ebuild | 371 -------------------------------------------
 3 files changed, 713 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7d6a8427906..6ef99fd6a96 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
-DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
-DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.35.ebuild b/dev-libs/nss/nss-3.35.ebuild
deleted file mode 100644
index dac240facdf..00000000000
--- a/dev-libs/nss/nss-3.35.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-	# bug 646382
-	# https://bugzilla.mozilla.org/show_bug.cgi?id=1432455
-	PATCHES+=( "${FILESDIR}"/${P}-Hacl_Poly1305_64-aarch64.patch )
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils="shlibsign"
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
-			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
-			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
-			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
-			symkeyutil tstclnt vfychain vfyserv"
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.36.ebuild b/dev-libs/nss/nss-3.36.ebuild
deleted file mode 100644
index 3a343d29931..00000000000
--- a/dev-libs/nss/nss-3.36.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-05-28 14:08 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-05-28 14:08 UTC (permalink / raw
  To: gentoo-commits

commit:     89ab4bdb628f625e2375b4cee68c6f12c9bf3142
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon May 28 14:07:32 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon May 28 14:08:16 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89ab4bdb

dev-libs/nss: Bump to version 3.37.1

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.37.1.ebuild | 372 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 373 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6ef99fd6a96..addd7ebcbe6 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
+DIST nss-3.37.1.tar.gz 23034142 BLAKE2B dd196606bf922a58c2d1f7443c6b8c570d5c5c5437f51b8c6c4ddfe84aad7d576cff46f2eba23e4d32f41984fb6ea8aaa29a63b2f010b6807df74ee71144b11d SHA512 61b8186f45afa5fade6f45737d60a86f519c8b5535963f4cc6f13fa6694be0723cdd8b0ed48bbc2eae621dfbfd80ccc249998eeb89ed565797ac4553895a01a1
 DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.37.1.ebuild b/dev-libs/nss/nss-3.37.1.ebuild
new file mode 100644
index 00000000000..15bc70a21c9
--- /dev/null
+++ b/dev-libs/nss/nss-3.37.1.ebuild
@@ -0,0 +1,372 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.37-fix-fstar-missing-symbols.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-06-22  9:56 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2018-06-22  9:56 UTC (permalink / raw
  To: gentoo-commits

commit:     788fd6ed150f5a8f64584569cf2e0c02cc4eedf7
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 22 09:53:38 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 09:53:38 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=788fd6ed

dev-libs/nss: mark s390 stable

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/nss/nss-3.29.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.29.5.ebuild b/dev-libs/nss/nss-3.29.5.ebuild
index c758958bb93..3c5afbacf3b 100644
--- a/dev-libs/nss/nss-3.29.5.ebuild
+++ b/dev-libs/nss/nss-3.29.5.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-06-27  8:13 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-06-27  8:13 UTC (permalink / raw
  To: gentoo-commits

commit:     164ead68b02787a3db4435d307c055e2b79d65df
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 27 07:53:47 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jun 27 07:53:47 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=164ead68

dev-libs/nss: Bump to version 3.38

Package-Manager: Portage-2.3.41, Repoman-2.3.9

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.38.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c5dd321dc02..a423681b571 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
+DIST nss-3.38.tar.gz 23023474 BLAKE2B 72500827955a25c53124ca6054850beef91868019ba155b70f8268fe79261b71e4f11ab42382241c2855478be7e6def57378cda5f398bf5e25f7fa5c035d630e SHA512 06804163daa08f1f65cfe0e9546ddf066ec7f773aa615431a5952f6c04956dd62425fec38d11037ff7fb02b709de03e5a7637c6ba13de5b7686db4f9ecda52ab
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.38.ebuild b/dev-libs/nss/nss-3.38.ebuild
new file mode 100644
index 00000000000..3a343d29931
--- /dev/null
+++ b/dev-libs/nss/nss-3.38.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-09-03 14:06 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-09-03 14:06 UTC (permalink / raw
  To: gentoo-commits

commit:     bd2899fea70178f1743a2bf96545fbfe8204341a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  3 13:41:27 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Sep  3 14:06:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd2899fe

dev-libs/nss: Bump to version 3.39

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.39.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a423681b571..0bb0afac0fc 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
 DIST nss-3.38.tar.gz 23023474 BLAKE2B 72500827955a25c53124ca6054850beef91868019ba155b70f8268fe79261b71e4f11ab42382241c2855478be7e6def57378cda5f398bf5e25f7fa5c035d630e SHA512 06804163daa08f1f65cfe0e9546ddf066ec7f773aa615431a5952f6c04956dd62425fec38d11037ff7fb02b709de03e5a7637c6ba13de5b7686db4f9ecda52ab
+DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.39.ebuild b/dev-libs/nss/nss-3.39.ebuild
new file mode 100644
index 00000000000..dce724d6b8d
--- /dev/null
+++ b/dev-libs/nss/nss-3.39.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-09-03 14:06 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-09-03 14:06 UTC (permalink / raw
  To: gentoo-commits

commit:     92bd4b6d35414c3e3e0bf9fccc95359be5241b9e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  3 13:42:02 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Sep  3 14:06:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92bd4b6d

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.36.1.ebuild | 371 -----------------------------------------
 2 files changed, 372 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0bb0afac0fc..c08c9560ae5 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
-DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
 DIST nss-3.38.tar.gz 23023474 BLAKE2B 72500827955a25c53124ca6054850beef91868019ba155b70f8268fe79261b71e4f11ab42382241c2855478be7e6def57378cda5f398bf5e25f7fa5c035d630e SHA512 06804163daa08f1f65cfe0e9546ddf066ec7f773aa615431a5952f6c04956dd62425fec38d11037ff7fb02b709de03e5a7637c6ba13de5b7686db4f9ecda52ab
 DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f

diff --git a/dev-libs/nss/nss-3.36.1.ebuild b/dev-libs/nss/nss-3.36.1.ebuild
deleted file mode 100644
index 3a343d29931..00000000000
--- a/dev-libs/nss/nss-3.36.1.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-09-09  1:12 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2018-09-09  1:12 UTC (permalink / raw
  To: gentoo-commits

commit:     4f399ff122a77fce35ba9c4c9e410dbdc303bde9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  9 00:58:23 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep  9 01:11:33 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f399ff1

dev-libs/nss: x86 stable (bug #665496)

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 dev-libs/nss/nss-3.37.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.37.3.ebuild b/dev-libs/nss/nss-3.37.3.ebuild
index 3a343d29931..5e24080a1b4 100644
--- a/dev-libs/nss/nss-3.37.3.ebuild
+++ b/dev-libs/nss/nss-3.37.3.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-09-09  6:51 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2018-09-09  6:51 UTC (permalink / raw
  To: gentoo-commits

commit:     29de13820dd813280b1da2037718542cf97c3fff
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  9 06:50:46 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Sep  9 06:50:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29de1382

dev-libs/nss: amd64 stable wrt bug #665496

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-libs/nss/nss-3.37.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.37.3.ebuild b/dev-libs/nss/nss-3.37.3.ebuild
index 5e24080a1b4..b8389b3ef86 100644
--- a/dev-libs/nss/nss-3.37.3.ebuild
+++ b/dev-libs/nss/nss-3.37.3.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-10-25 11:40 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-10-25 11:40 UTC (permalink / raw
  To: gentoo-commits

commit:     66678e8f6caa8761e709e4d8119e947aa4e056f1
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 25 11:40:31 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Oct 25 11:40:53 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66678e8f

dev-libs/nss: Bump to version 3.40

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.40.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c08c9560ae5..2224e73f53a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
 DIST nss-3.38.tar.gz 23023474 BLAKE2B 72500827955a25c53124ca6054850beef91868019ba155b70f8268fe79261b71e4f11ab42382241c2855478be7e6def57378cda5f398bf5e25f7fa5c035d630e SHA512 06804163daa08f1f65cfe0e9546ddf066ec7f773aa615431a5952f6c04956dd62425fec38d11037ff7fb02b709de03e5a7637c6ba13de5b7686db4f9ecda52ab
 DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
+DIST nss-3.40.tar.gz 23308315 BLAKE2B 02cc3ea9589f888e108bd3a6a99d5f52927bb4c63b2d9e03df88b7c1a188b6f2cd47d281dd5234b141b41684043e71d9fbee8f99223d0f5ae9778a4e1cfaa1ce SHA512 3781c94595126757c95ea82c3134eb3f06f4c3814e9ed2bfceae22623a413d622349d08c6779e1230b2dbebd1f07aba58094fe83dcddebb3e043481e7a478239
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.40.ebuild b/dev-libs/nss/nss-3.40.ebuild
new file mode 100644
index 00000000000..9ce8edd6659
--- /dev/null
+++ b/dev-libs/nss/nss-3.40.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-02 14:04 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-12-02 14:04 UTC (permalink / raw
  To: gentoo-commits

commit:     20579e89368537b851930659c93f9d36dcaa0bff
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Dec  2 14:03:59 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Dec  2 14:04:49 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20579e89

dev-libs/nss: Bump to version 3.40.1

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.40.1.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 2224e73f53a..9a4598c784c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,6 +2,7 @@ DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
 DIST nss-3.38.tar.gz 23023474 BLAKE2B 72500827955a25c53124ca6054850beef91868019ba155b70f8268fe79261b71e4f11ab42382241c2855478be7e6def57378cda5f398bf5e25f7fa5c035d630e SHA512 06804163daa08f1f65cfe0e9546ddf066ec7f773aa615431a5952f6c04956dd62425fec38d11037ff7fb02b709de03e5a7637c6ba13de5b7686db4f9ecda52ab
 DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
+DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.40.tar.gz 23308315 BLAKE2B 02cc3ea9589f888e108bd3a6a99d5f52927bb4c63b2d9e03df88b7c1a188b6f2cd47d281dd5234b141b41684043e71d9fbee8f99223d0f5ae9778a4e1cfaa1ce SHA512 3781c94595126757c95ea82c3134eb3f06f4c3814e9ed2bfceae22623a413d622349d08c6779e1230b2dbebd1f07aba58094fe83dcddebb3e043481e7a478239
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
new file mode 100644
index 00000000000..9ce8edd6659
--- /dev/null
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-02 14:04 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-12-02 14:04 UTC (permalink / raw
  To: gentoo-commits

commit:     4e15215b2d8cd4f19f225380bb2e3b8ca21cb620
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Dec  2 14:04:36 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Dec  2 14:04:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e15215b

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.38.ebuild | 371 -------------------------------------------
 2 files changed, 372 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 9a4598c784c..105bc1e4d06 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
-DIST nss-3.38.tar.gz 23023474 BLAKE2B 72500827955a25c53124ca6054850beef91868019ba155b70f8268fe79261b71e4f11ab42382241c2855478be7e6def57378cda5f398bf5e25f7fa5c035d630e SHA512 06804163daa08f1f65cfe0e9546ddf066ec7f773aa615431a5952f6c04956dd62425fec38d11037ff7fb02b709de03e5a7637c6ba13de5b7686db4f9ecda52ab
 DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.40.tar.gz 23308315 BLAKE2B 02cc3ea9589f888e108bd3a6a99d5f52927bb4c63b2d9e03df88b7c1a188b6f2cd47d281dd5234b141b41684043e71d9fbee8f99223d0f5ae9778a4e1cfaa1ce SHA512 3781c94595126757c95ea82c3134eb3f06f4c3814e9ed2bfceae22623a413d622349d08c6779e1230b2dbebd1f07aba58094fe83dcddebb3e043481e7a478239

diff --git a/dev-libs/nss/nss-3.38.ebuild b/dev-libs/nss/nss-3.38.ebuild
deleted file mode 100644
index 3a343d29931..00000000000
--- a/dev-libs/nss/nss-3.38.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-11 10:50 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-12-11 10:50 UTC (permalink / raw
  To: gentoo-commits

commit:     a80df54e6a19f46158ead8ea96b916be52d26922
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 11 09:15:57 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Dec 11 10:50:13 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a80df54e

dev-libs/nss: Bump to version 3.41

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.41.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 105bc1e4d06..87d4850586a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989
 DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.40.tar.gz 23308315 BLAKE2B 02cc3ea9589f888e108bd3a6a99d5f52927bb4c63b2d9e03df88b7c1a188b6f2cd47d281dd5234b141b41684043e71d9fbee8f99223d0f5ae9778a4e1cfaa1ce SHA512 3781c94595126757c95ea82c3134eb3f06f4c3814e9ed2bfceae22623a413d622349d08c6779e1230b2dbebd1f07aba58094fe83dcddebb3e043481e7a478239
+DIST nss-3.41.tar.gz 23319563 BLAKE2B 76636b704cd572f9b840c7699c29697a4a882e66afcc3895ceb7b59a7af7af2513074e1abc6a028a13126d44e0cf722ab29e52a4c69640a2247814292efa282d SHA512 b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.41.ebuild b/dev-libs/nss/nss-3.41.ebuild
new file mode 100644
index 00000000000..9ce8edd6659
--- /dev/null
+++ b/dev-libs/nss/nss-3.41.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-11 10:50 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2018-12-11 10:50 UTC (permalink / raw
  To: gentoo-commits

commit:     5b3560155c950ebb8ab544f6755b25ce72dea679
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 11 09:16:43 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Dec 11 10:50:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b356015

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.39.ebuild | 371 -------------------------------------------
 2 files changed, 372 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 87d4850586a..aa72e5cc2a6 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
 DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
-DIST nss-3.39.tar.gz 23048561 BLAKE2B 74214b6ed23a44a0b6e0d52b9a327f908668079413ee637d172e4f0c7769f252a6c6ecca33215c1865606eaebe4630f31b435f2d40cf1a24ab373874508531b9 SHA512 16358c2d8660ca301410b1d39b2eae64fe2ebbbfab797872410e5fcc67f802ef48f4e362edeecb0591626c77013537019094a6a5dfc8d24487b6b6e54564da8f
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.40.tar.gz 23308315 BLAKE2B 02cc3ea9589f888e108bd3a6a99d5f52927bb4c63b2d9e03df88b7c1a188b6f2cd47d281dd5234b141b41684043e71d9fbee8f99223d0f5ae9778a4e1cfaa1ce SHA512 3781c94595126757c95ea82c3134eb3f06f4c3814e9ed2bfceae22623a413d622349d08c6779e1230b2dbebd1f07aba58094fe83dcddebb3e043481e7a478239
 DIST nss-3.41.tar.gz 23319563 BLAKE2B 76636b704cd572f9b840c7699c29697a4a882e66afcc3895ceb7b59a7af7af2513074e1abc6a028a13126d44e0cf722ab29e52a4c69640a2247814292efa282d SHA512 b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114

diff --git a/dev-libs/nss/nss-3.39.ebuild b/dev-libs/nss/nss-3.39.ebuild
deleted file mode 100644
index dce724d6b8d..00000000000
--- a/dev-libs/nss/nss-3.39.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-11 23:24 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2018-12-11 23:24 UTC (permalink / raw
  To: gentoo-commits

commit:     6102894e89e4fc6c71aedc8c97c0278819c715ed
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 11 23:22:39 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Dec 11 23:24:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6102894e

dev-libs/nss: stable 3.40.1 for ia64, bug #667202

Package-Manager: Portage-2.3.52, Repoman-2.3.12
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index 9ce8edd6659..c3cb71e9a81 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-11 23:27 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2018-12-11 23:27 UTC (permalink / raw
  To: gentoo-commits

commit:     4317104784eec79efc90ccfa6860ad6bd82fac06
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 11 23:25:29 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Dec 11 23:25:29 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43171047

dev-libs/nss: stable 3.40.1 for ppc, bug #667202

Package-Manager: Portage-2.3.52, Repoman-2.3.12
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index c3cb71e9a81..a25b961845c 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-11 23:32 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2018-12-11 23:32 UTC (permalink / raw
  To: gentoo-commits

commit:     00923cd7756e1795693b3ba333c7fd982777ee78
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 11 23:29:00 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Dec 11 23:29:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00923cd7

dev-libs/nss: stable 3.40.1 for ppc64, bug #667202

Package-Manager: Portage-2.3.52, Repoman-2.3.12
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index a25b961845c..28b1cd1d1d8 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-12 20:13 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2018-12-12 20:13 UTC (permalink / raw
  To: gentoo-commits

commit:     6c95cafe82a4c7e2fbf292cef21ff18a99ce08eb
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Dec 12 20:09:16 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Dec 12 20:13:10 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c95cafe

dev-libs/nss: stable 3.40.1 for sparc, bug #667202

Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index 28b1cd1d1d8..c8a575e3133 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-13 12:48 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2018-12-13 12:48 UTC (permalink / raw
  To: gentoo-commits

commit:     be33a790dc0d6fadc6e79b3a4389523cb26dae16
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 13 12:29:40 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 12:47:55 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be33a790

dev-libs/nss: x86 stable (bug #667202)

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index c8a575e3133..d3401ef805b 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-13 20:53 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2018-12-13 20:53 UTC (permalink / raw
  To: gentoo-commits

commit:     e88c9fc057ded083147f0a90fd3cd9d487c63a5a
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 13 20:52:55 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 20:53:09 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e88c9fc0

dev-libs/nss: amd64 stable wrt bug #667202

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index d3401ef805b..f7dfae6ceea 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-15 22:39 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2018-12-15 22:39 UTC (permalink / raw
  To: gentoo-commits

commit:     be74e5d94d91c45c9ab3a08a671e280ecc0bd952
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 15 22:38:44 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Dec 15 22:39:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be74e5d9

dev-libs/nss: stable 3.40.1 for hppa, bug #667202

Package-Manager: Portage-2.3.52, Repoman-2.3.12
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index f7dfae6ceea..446703eb372 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2018-12-26 17:16 Matt Turner
  0 siblings, 0 replies; 466+ messages in thread
From: Matt Turner @ 2018-12-26 17:16 UTC (permalink / raw
  To: gentoo-commits

commit:     b6976c55fca03f0aa320c74f1299b53c197c0d94
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 26 17:16:28 2018 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Wed Dec 26 17:16:28 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6976c55

dev-libs/nss-3.40.1: alpha stable, bug 667202

Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index 446703eb372..3a5a82a781d 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-01-11 21:00 Mart Raudsepp
  0 siblings, 0 replies; 466+ messages in thread
From: Mart Raudsepp @ 2019-01-11 21:00 UTC (permalink / raw
  To: gentoo-commits

commit:     b3ceb11e426a99e601c6d2e13d5ef78b19fa1de5
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 11 12:38:02 2019 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Fri Jan 11 20:58:55 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3ceb11e

dev-libs/nss: arm64 stable (bug #667202)

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index 3a5a82a781d..544eacce9d2 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-01-18  8:02 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2019-01-18  8:02 UTC (permalink / raw
  To: gentoo-commits

commit:     c355cd4c8f64ae325a62cd618abcedf87854969e
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 18 08:02:31 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Jan 18 08:02:31 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c355cd4c

dev-libs/nss: s390 stable wrt bug #667202

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index 544eacce9d2..27457b147d2 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-01-18  8:03 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2019-01-18  8:03 UTC (permalink / raw
  To: gentoo-commits

commit:     69500bcbaee4525299e723f1fa673be56021a01e
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 18 08:03:26 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Jan 18 08:03:26 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69500bcb

dev-libs/nss: arm stable wrt bug #667202

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-libs/nss/nss-3.40.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
index 27457b147d2..02de23a58d2 100644
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ b/dev-libs/nss/nss-3.40.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-01-30 13:43 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-01-30 13:43 UTC (permalink / raw
  To: gentoo-commits

commit:     023791b487bc0df756b1884a29f56f48a2024d1d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 30 13:43:29 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jan 30 13:43:42 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=023791b4

dev-libs/nss: Bump to version 3.42

Package-Manager: Portage-2.3.59, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.42.ebuild | 373 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 374 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f0a8a67af27..3437d83ccf8 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.41.tar.gz 23319563 BLAKE2B 76636b704cd572f9b840c7699c29697a4a882e66afcc3895ceb7b59a7af7af2513074e1abc6a028a13126d44e0cf722ab29e52a4c69640a2247814292efa282d SHA512 b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114
+DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.42.ebuild b/dev-libs/nss/nss-3.42.ebuild
new file mode 100644
index 00000000000..907e54788a6
--- /dev/null
+++ b/dev-libs/nss/nss-3.42.ebuild
@@ -0,0 +1,373 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	# fix for bugs ported forward from 3.36.7
+	"${FILESDIR}/${PN}-3.36.7-fix-cms.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-01-30 21:27 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2019-01-30 21:27 UTC (permalink / raw
  To: gentoo-commits

commit:     41a4829d205ebb3f64c5f60a99d71b98bdf9881f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 30 21:26:43 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 30 21:26:43 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41a4829d

dev-libs/nss: move stable keywords

Package-Manager: Portage-2.3.58, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.40.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.40.1-r1.ebuild b/dev-libs/nss/nss-3.40.1-r1.ebuild
index 907e54788a6..5200c1dcab7 100644
--- a/dev-libs/nss/nss-3.40.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.40.1-r1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-01-30 21:27 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2019-01-30 21:27 UTC (permalink / raw
  To: gentoo-commits

commit:     1bbde33e03e34eb417cacb7509dbc7083b599ce5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 30 21:27:19 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 30 21:27:19 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bbde33e

dev-libs/nss: security cleanup

Package-Manager: Portage-2.3.58, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 -
 dev-libs/nss/nss-3.40.1.ebuild  | 371 ---------------------------------------
 dev-libs/nss/nss-3.41-r1.ebuild | 373 ----------------------------------------
 3 files changed, 745 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3437d83ccf8..2fd800019fc 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
-DIST nss-3.41.tar.gz 23319563 BLAKE2B 76636b704cd572f9b840c7699c29697a4a882e66afcc3895ceb7b59a7af7af2513074e1abc6a028a13126d44e0cf722ab29e52a4c69640a2247814292efa282d SHA512 b5a43fe86ded664002fd714c493d9222a64539cd6139b64720625d1742fec5100712cbe401c90c79196e9cbad9ec07d9b4f0f517ce34e4b207beaa3e01c9e114
 DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.40.1.ebuild b/dev-libs/nss/nss-3.40.1.ebuild
deleted file mode 100644
index 02de23a58d2..00000000000
--- a/dev-libs/nss/nss-3.40.1.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.41-r1.ebuild b/dev-libs/nss/nss-3.41-r1.ebuild
deleted file mode 100644
index 907e54788a6..00000000000
--- a/dev-libs/nss/nss-3.41-r1.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	# fix for bugs ported forward from 3.36.7
-	"${FILESDIR}/${PN}-3.36.7-fix-cms.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-02-02 10:36 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-02-02 10:36 UTC (permalink / raw
  To: gentoo-commits

commit:     7c4f6ff9ee73fb4c6df054b6c54fd59d951500c8
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  2 10:35:38 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Feb  2 10:35:56 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c4f6ff9

dev-libs/nss: Bump to version 3.42.1

Package-Manager: Portage-2.3.59, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.42.1.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 2fd800019fc..f17c829faeb 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
+DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.42.1.ebuild b/dev-libs/nss/nss-3.42.1.ebuild
new file mode 100644
index 00000000000..af7bfd8bc22
--- /dev/null
+++ b/dev-libs/nss/nss-3.42.1.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-03-17 17:34 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2019-03-17 17:34 UTC (permalink / raw
  To: gentoo-commits

commit:     c810ed618d351a67c9f02174adede01846dc06b8
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 17:34:20 2019 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 17:34:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c810ed61

dev-libs/nss: Version bump

Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest                               | 2 +-
 dev-libs/nss/{nss-3.42.1.ebuild => nss-3.43.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f17c829faeb..6f613dc63ea 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
-DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
+DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.42.1.ebuild b/dev-libs/nss/nss-3.43.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.42.1.ebuild
rename to dev-libs/nss/nss-3.43.ebuild


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-03-18  9:01 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-03-18  9:01 UTC (permalink / raw
  To: gentoo-commits

commit:     5929714ab343fc4a2f2722583ba3b6d74ecbbdfb
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 18 09:01:15 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Mar 18 09:01:15 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5929714a

dev-libs/nss: Reinstate version 3.42.1

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.42.1.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6f613dc63ea..7537d1f895d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
+DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
 DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.42.1.ebuild b/dev-libs/nss/nss-3.42.1.ebuild
new file mode 100644
index 00000000000..af7bfd8bc22
--- /dev/null
+++ b/dev-libs/nss/nss-3.42.1.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-05-12 10:20 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-05-12 10:20 UTC (permalink / raw
  To: gentoo-commits

commit:     76c3a6bfb69146d23bf90e55632db3bdde57010d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun May 12 09:53:48 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun May 12 10:20:47 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76c3a6bf

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.42.ebuild | 373 -------------------------------------------
 2 files changed, 374 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 22d249736f7..d96e2edb680 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
-DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
 DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.42.ebuild b/dev-libs/nss/nss-3.42.ebuild
deleted file mode 100644
index 907e54788a6..00000000000
--- a/dev-libs/nss/nss-3.42.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	# fix for bugs ported forward from 3.36.7
-	"${FILESDIR}/${PN}-3.36.7-fix-cms.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-05-12 10:20 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-05-12 10:20 UTC (permalink / raw
  To: gentoo-commits

commit:     c6930c50c594fec1c6d3e94778d20b3ea203abd4
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun May 12 09:53:10 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun May 12 10:20:46 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6930c50

dev-libs/nss: Bump to version 3.44

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.44.ebuild | 371 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 372 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7537d1f895d..22d249736f7 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1
 DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.42.tar.gz 23416008 BLAKE2B 4aaf31fbc13b57ef438cfd8ee0c42a681af6939c707a51a25cb551c120221a5b37b1471926e75920dc2a53466d2f47599973b6f53175d7e952b49527bf3f34a6 SHA512 ad22f4b2672b4f29c7dd5544cbb642d3ec4b451137ffde4f608ff7b9826c762caa885f4802e1df291d2067a291aae9ffa1cf7298af96e1c6afa019fc7c3935bd
 DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
+DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.44.ebuild b/dev-libs/nss/nss-3.44.ebuild
new file mode 100644
index 00000000000..af7bfd8bc22
--- /dev/null
+++ b/dev-libs/nss/nss-3.44.ebuild
@@ -0,0 +1,371 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-05-13 12:02 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-05-13 12:02 UTC (permalink / raw
  To: gentoo-commits

commit:     9d0002dd500a56e742fe62f40a76acf72f9beda5
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon May 13 12:01:49 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon May 13 12:02:02 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d0002dd

dev-libs/nss: Revbump to drop utils USE flag. Removed old.

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../nss/{nss-3.44.ebuild => nss-3.44-r1.ebuild}    | 51 +---------------------
 1 file changed, 2 insertions(+), 49 deletions(-)

diff --git a/dev-libs/nss/nss-3.44.ebuild b/dev-libs/nss/nss-3.44-r1.ebuild
similarity index 89%
rename from dev-libs/nss/nss-3.44.ebuild
rename to dev-libs/nss/nss-3.44-r1.ebuild
index af7bfd8bc22..8e716b19d50 100644
--- a/dev-libs/nss/nss-3.44.ebuild
+++ b/dev-libs/nss/nss-3.44-r1.ebuild
@@ -20,7 +20,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
+IUSE="cacert +nss-pem"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
 DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
@@ -180,6 +180,7 @@ multilib_src_compile() {
 	export NSDISTMODE=copy
 	export NSS_ENABLE_ECC=1
 	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
 	export ASFLAGS=""
 
 	local d
@@ -285,54 +286,6 @@ multilib_src_install() {
 	nssutils=( shlibsign )
 
 	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
 		pushd dist/*/bin >/dev/null || die
 		for f in ${nssutils[@]}; do
 			dobin ${f}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-05-17  1:45 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2019-05-17  1:45 UTC (permalink / raw
  To: gentoo-commits

commit:     7ecc0e26d71004fc4b7a5debad61dbd52cd3fc2e
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Fri May 17 01:45:08 2019 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Fri May 17 01:45:34 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ecc0e26

dev-libs/nss: re-add utils #685976, dont use weak entropy fallback

closes: https://github.com/gentoo/gentoo/pull/9726
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest                                | 1 -
 dev-libs/nss/{nss-3.43.ebuild => nss-3.44-r2.ebuild} | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index d96e2edb680..559d38aabac 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
-DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.43.ebuild b/dev-libs/nss/nss-3.44-r2.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.43.ebuild
rename to dev-libs/nss/nss-3.44-r2.ebuild
index af7bfd8bc22..bd22251e605 100644
--- a/dev-libs/nss/nss-3.43.ebuild
+++ b/dev-libs/nss/nss-3.44-r2.ebuild
@@ -180,6 +180,8 @@ multilib_src_compile() {
 	export NSDISTMODE=copy
 	export NSS_ENABLE_ECC=1
 	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
 	export ASFLAGS=""
 
 	local d


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-06-25  8:00 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-06-25  8:00 UTC (permalink / raw
  To: gentoo-commits

commit:     1911e3cbe9f5ef32b6c9840293cbc41284500c77
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 25 07:59:48 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jun 25 08:00:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1911e3cb

dev-libs/nss: Bump to version 3.44.1

Package-Manager: Portage-2.3.67, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.44.1.ebuild | 373 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 374 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 559d38aabac..f48684c335e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
+DIST nss-3.44.1.tar.gz 75986343 BLAKE2B b0a91ffdf879c8fd684abcb92480dd465466e83d3bad346d937bae285543705d10817527ed4f5ddbb618ad52103d4aedfc25e03053225010abc80267d2f94034 SHA512 eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
 DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.44.1.ebuild b/dev-libs/nss/nss-3.44.1.ebuild
new file mode 100644
index 00000000000..bd22251e605
--- /dev/null
+++ b/dev-libs/nss/nss-3.44.1.ebuild
@@ -0,0 +1,373 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-07-10  8:23 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-07-10  8:23 UTC (permalink / raw
  To: gentoo-commits

commit:     e33aa9bce9d36324aff1f9c9f2dec435a3fbba6f
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 10 08:22:55 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jul 10 08:23:09 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e33aa9bc

dev-libs/nss: Removed old.

Package-Manager: Portage-2.3.68, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest           |   2 -
 dev-libs/nss/nss-3.42.1.ebuild  | 371 ---------------------------------------
 dev-libs/nss/nss-3.44-r1.ebuild | 324 ----------------------------------
 dev-libs/nss/nss-3.44-r2.ebuild | 373 ----------------------------------------
 4 files changed, 1070 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 36675874c49..3d235a76349 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
-DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.44.1.tar.gz 75986343 BLAKE2B b0a91ffdf879c8fd684abcb92480dd465466e83d3bad346d937bae285543705d10817527ed4f5ddbb618ad52103d4aedfc25e03053225010abc80267d2f94034 SHA512 eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
-DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
 DIST nss-3.45.tar.gz 76017462 BLAKE2B 33b310a2cfe86bbbcbb34aa0ea8f11ef8bc9ba45301bf338a1271e88f606b89cb98ad12fad9ae248fa1205218bcf10a106437972fbf56c6563255f3ba0cbf466 SHA512 33360a1bb4e0a0a974070c354ee82c515d5cfa2a12c9c96817a9fdb3e4ca1ad62eb95886b9b0d60e2f69efda964376d0671c1e3c920b2ea614aeecb719c6ff29
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.42.1.ebuild b/dev-libs/nss/nss-3.42.1.ebuild
deleted file mode 100644
index af7bfd8bc22..00000000000
--- a/dev-libs/nss/nss-3.42.1.ebuild
+++ /dev/null
@@ -1,371 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.44-r1.ebuild b/dev-libs/nss/nss-3.44-r1.ebuild
deleted file mode 100644
index 8e716b19d50..00000000000
--- a/dev-libs/nss/nss-3.44-r1.ebuild
+++ /dev/null
@@ -1,324 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.44-r2.ebuild b/dev-libs/nss/nss-3.44-r2.ebuild
deleted file mode 100644
index bd22251e605..00000000000
--- a/dev-libs/nss/nss-3.44-r2.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-07-10  8:23 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-07-10  8:23 UTC (permalink / raw
  To: gentoo-commits

commit:     029b766a25c37c84adcdcfb26216c5741d9ae4ac
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 10 08:21:40 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jul 10 08:23:09 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=029b766a

dev-libs/nss: Bump to version 3.45

Package-Manager: Portage-2.3.68, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.45.ebuild | 373 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 374 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f48684c335e..36675874c49 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1
 DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.44.1.tar.gz 75986343 BLAKE2B b0a91ffdf879c8fd684abcb92480dd465466e83d3bad346d937bae285543705d10817527ed4f5ddbb618ad52103d4aedfc25e03053225010abc80267d2f94034 SHA512 eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
 DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
+DIST nss-3.45.tar.gz 76017462 BLAKE2B 33b310a2cfe86bbbcbb34aa0ea8f11ef8bc9ba45301bf338a1271e88f606b89cb98ad12fad9ae248fa1205218bcf10a106437972fbf56c6563255f3ba0cbf466 SHA512 33360a1bb4e0a0a974070c354ee82c515d5cfa2a12c9c96817a9fdb3e4ca1ad62eb95886b9b0d60e2f69efda964376d0671c1e3c920b2ea614aeecb719c6ff29
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.45.ebuild b/dev-libs/nss/nss-3.45.ebuild
new file mode 100644
index 00000000000..bd22251e605
--- /dev/null
+++ b/dev-libs/nss/nss-3.45.ebuild
@@ -0,0 +1,373 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.16"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-08-31 15:42 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2019-08-31 15:42 UTC (permalink / raw
  To: gentoo-commits

commit:     0c22394323177090d7424be41deb88df6a15294b
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 31 15:41:31 2019 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sat Aug 31 15:41:49 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c223943

dev-libs/nss: Version bump 3.46

Package-Manager: Portage-2.3.73, Repoman-2.3.17
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest                             | 2 +-
 dev-libs/nss/{nss-3.45.ebuild => nss-3.46.ebuild} | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3d235a76349..5699cf88f3e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,5 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.44.1.tar.gz 75986343 BLAKE2B b0a91ffdf879c8fd684abcb92480dd465466e83d3bad346d937bae285543705d10817527ed4f5ddbb618ad52103d4aedfc25e03053225010abc80267d2f94034 SHA512 eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
-DIST nss-3.45.tar.gz 76017462 BLAKE2B 33b310a2cfe86bbbcbb34aa0ea8f11ef8bc9ba45301bf338a1271e88f606b89cb98ad12fad9ae248fa1205218bcf10a106437972fbf56c6563255f3ba0cbf466 SHA512 33360a1bb4e0a0a974070c354ee82c515d5cfa2a12c9c96817a9fdb3e4ca1ad62eb95886b9b0d60e2f69efda964376d0671c1e3c920b2ea614aeecb719c6ff29
+DIST nss-3.46.tar.gz 76417155 BLAKE2B 18e22a60df185764f434779211289a78d05270d8493766100e378e2ecfdb3013feb73359088d53667fb3c57a5b29633c9f800d29739cff5aab2af81e7ddbe2d7 SHA512 de309ec8d6aa2c3cf4d5ebfe9fa1f8bf5def717d22018d5c88c1de963b4ae7b0d69ad64e68d830574fc85613483fd538cb2f319ffb3fa2e1b97ec02f85d37c48
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.45.ebuild b/dev-libs/nss/nss-3.46.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.45.ebuild
rename to dev-libs/nss/nss-3.46.ebuild
index bd22251e605..919cd43b699 100644
--- a/dev-libs/nss/nss-3.45.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -5,7 +5,7 @@ EAPI=7
 
 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
 
-NSPR_VER="4.16"
+NSPR_VER="4.22"
 RTM_NAME="NSS_${PV//./_}_RTM"
 # Rev of https://git.fedorahosted.org/cgit/nss-pem.git
 PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-04  6:00 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2019-09-04  6:00 UTC (permalink / raw
  To: gentoo-commits

commit:     1802c72a1c31478ffa697eb2f6dff9eb41b0d547
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  4 05:59:27 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Sep  4 05:59:27 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1802c72a

dev-libs/nss: alpha stable wrt bug #693450

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="alpha"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index be68826b7ee..442c4d88e25 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-04  6:00 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2019-09-04  6:00 UTC (permalink / raw
  To: gentoo-commits

commit:     bfbb7134a7ff53db11bf9b5e7b39287a1846b7fb
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  4 05:59:48 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Sep  4 05:59:48 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfbb7134

dev-libs/nss: arm stable wrt bug #693450

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="arm"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index 442c4d88e25..ee16dfbb2b0 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-04  6:00 Mikle Kolyada
  0 siblings, 0 replies; 466+ messages in thread
From: Mikle Kolyada @ 2019-09-04  6:00 UTC (permalink / raw
  To: gentoo-commits

commit:     e5116d886d5d5f09cd1462f9d2bec859e32ef6d6
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  4 05:59:04 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Sep  4 05:59:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5116d88

dev-libs/nss: amd64 stable wrt bug #693450

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index 919cd43b699..be68826b7ee 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-04  9:41 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-09-04  9:41 UTC (permalink / raw
  To: gentoo-commits

commit:     72a1549a11581e93dbb0173a96683916396287a5
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  4 09:41:03 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Sep  4 09:41:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72a1549a

dev-libs/nss: x86 stable wrt bug #693450

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index ee16dfbb2b0..d89d7044e62 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-04 18:32 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2019-09-04 18:32 UTC (permalink / raw
  To: gentoo-commits

commit:     588b0b4764592d894b3d9f7460468b553387d269
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Sep  4 17:13:26 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Sep  4 18:32:38 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=588b0b47

dev-libs/nss: stable 3.46 for sparc, bug #693450

Package-Manager: Portage-2.3.69, Repoman-2.3.16
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index d89d7044e62..d9753ccde6c 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-08 18:26 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2019-09-08 18:26 UTC (permalink / raw
  To: gentoo-commits

commit:     0f05bbf1e612bef6f71cc9ccca115fef5e0d5e05
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  8 18:24:24 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Sep  8 18:24:24 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f05bbf1

dev-libs/nss: stable 3.46 for ppc, bug #693450

Package-Manager: Portage-2.3.75, Repoman-2.3.17
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index d9753ccde6c..264c0f04a23 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-08 18:30 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2019-09-08 18:30 UTC (permalink / raw
  To: gentoo-commits

commit:     3422bfa44cf3618f250290217ce4ca06174e8589
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  8 18:28:59 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Sep  8 18:28:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3422bfa4

dev-libs/nss: stable 3.46 for ppc64, bug #693450

Package-Manager: Portage-2.3.75, Repoman-2.3.17
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index 264c0f04a23..86bc756f0b9 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-20  6:39 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2019-09-20  6:39 UTC (permalink / raw
  To: gentoo-commits

commit:     2db8105d89ea4e84588e134d087b1f688f25a718
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 20 06:38:59 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Sep 20 06:38:59 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2db8105d

dev-libs/nss: stable 3.46 for hppa, bug #693450

Package-Manager: Portage-2.3.76, Repoman-2.3.17
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index 86bc756f0b9..83bbfe36630 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-22 20:57 Aaron Bauman
  0 siblings, 0 replies; 466+ messages in thread
From: Aaron Bauman @ 2019-09-22 20:57 UTC (permalink / raw
  To: gentoo-commits

commit:     232ba4ee74256d995d152f410fd58912649fbfdd
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 22 20:56:06 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sun Sep 22 20:56:06 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=232ba4ee

dev-libs/nss: arm64 stable (bug #693450)

Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
Package-Manager: Portage-2.3.76, Repoman-2.3.17

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index 83bbfe36630..2ee3ca3946d 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-09-26  6:42 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2019-09-26  6:42 UTC (permalink / raw
  To: gentoo-commits

commit:     f736486b1548c4351fcf04557f9c8dcb48ec1860
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 26 06:41:29 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Sep 26 06:41:29 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f736486b

dev-libs/nss: stable 3.46 for ia64, bug #693450

Package-Manager: Portage-2.3.76, Repoman-2.3.17
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.46.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
index 2ee3ca3946d..83757c5a353 100644
--- a/dev-libs/nss/nss-3.46.ebuild
+++ b/dev-libs/nss/nss-3.46.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-10-06 11:14 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-10-06 11:14 UTC (permalink / raw
  To: gentoo-commits

commit:     55c87f1c16303cd85c48df755214e12404f2b954
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  6 11:04:49 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Oct  6 11:13:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55c87f1c

dev-libs/nss: Removed old

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.44.1.ebuild | 373 -----------------------------------------
 2 files changed, 374 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 370d9ad7f1a..1c9580a8742 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
-DIST nss-3.44.1.tar.gz 75986343 BLAKE2B b0a91ffdf879c8fd684abcb92480dd465466e83d3bad346d937bae285543705d10817527ed4f5ddbb618ad52103d4aedfc25e03053225010abc80267d2f94034 SHA512 eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
 DIST nss-3.46.1.tar.gz 76417797 BLAKE2B c65679a7eb50991958858afe2a20824dd9ff4c0f554f3c1964ccec269c2da9de1fa674a6ebf24fd3c8465315e491a9b50188382d1032b0cfe74c289d49049926 SHA512 f4c24f0e31d11413cbbf791a24687c02cd934b9baf4a3e9ce27406638a1d497654fbeec79c22ab4ad29374dd0063c05104c9514580b1b8156ed8d18404e1681b
 DIST nss-3.46.tar.gz 76417155 BLAKE2B 18e22a60df185764f434779211289a78d05270d8493766100e378e2ecfdb3013feb73359088d53667fb3c57a5b29633c9f800d29739cff5aab2af81e7ddbe2d7 SHA512 de309ec8d6aa2c3cf4d5ebfe9fa1f8bf5def717d22018d5c88c1de963b4ae7b0d69ad64e68d830574fc85613483fd538cb2f319ffb3fa2e1b97ec02f85d37c48
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.44.1.ebuild b/dev-libs/nss/nss-3.44.1.ebuild
deleted file mode 100644
index bd22251e605..00000000000
--- a/dev-libs/nss/nss-3.44.1.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-10-06 11:14 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-10-06 11:14 UTC (permalink / raw
  To: gentoo-commits

commit:     90c15e18da185de1c5aed6b1a06e0ccd8273ba59
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  6 11:02:30 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Oct  6 11:13:43 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90c15e18

dev-libs/nss: Bump to version 3.46.1

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.46.1.ebuild | 373 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 374 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 5699cf88f3e..370d9ad7f1a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.44.1.tar.gz 75986343 BLAKE2B b0a91ffdf879c8fd684abcb92480dd465466e83d3bad346d937bae285543705d10817527ed4f5ddbb618ad52103d4aedfc25e03053225010abc80267d2f94034 SHA512 eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169
+DIST nss-3.46.1.tar.gz 76417797 BLAKE2B c65679a7eb50991958858afe2a20824dd9ff4c0f554f3c1964ccec269c2da9de1fa674a6ebf24fd3c8465315e491a9b50188382d1032b0cfe74c289d49049926 SHA512 f4c24f0e31d11413cbbf791a24687c02cd934b9baf4a3e9ce27406638a1d497654fbeec79c22ab4ad29374dd0063c05104c9514580b1b8156ed8d18404e1681b
 DIST nss-3.46.tar.gz 76417155 BLAKE2B 18e22a60df185764f434779211289a78d05270d8493766100e378e2ecfdb3013feb73359088d53667fb3c57a5b29633c9f800d29739cff5aab2af81e7ddbe2d7 SHA512 de309ec8d6aa2c3cf4d5ebfe9fa1f8bf5def717d22018d5c88c1de963b4ae7b0d69ad64e68d830574fc85613483fd538cb2f319ffb3fa2e1b97ec02f85d37c48
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.46.1.ebuild b/dev-libs/nss/nss-3.46.1.ebuild
new file mode 100644
index 00000000000..919cd43b699
--- /dev/null
+++ b/dev-libs/nss/nss-3.46.1.ebuild
@@ -0,0 +1,373 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.22"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED%/}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-11-22  9:11 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2019-11-22  9:11 UTC (permalink / raw
  To: gentoo-commits

commit:     85d2bbd8cda2c489b4bf753ef600644bbc8432ec
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 22 09:06:58 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Nov 22 09:11:00 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85d2bbd8

dev-libs/nss: Bump to version 3.47.1

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.47.1.ebuild | 374 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 375 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 108988a7784..a99f1232f30 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,7 @@
 DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
 DIST nss-3.46.1.tar.gz 76417797 BLAKE2B c65679a7eb50991958858afe2a20824dd9ff4c0f554f3c1964ccec269c2da9de1fa674a6ebf24fd3c8465315e491a9b50188382d1032b0cfe74c289d49049926 SHA512 f4c24f0e31d11413cbbf791a24687c02cd934b9baf4a3e9ce27406638a1d497654fbeec79c22ab4ad29374dd0063c05104c9514580b1b8156ed8d18404e1681b
 DIST nss-3.46.tar.gz 76417155 BLAKE2B 18e22a60df185764f434779211289a78d05270d8493766100e378e2ecfdb3013feb73359088d53667fb3c57a5b29633c9f800d29739cff5aab2af81e7ddbe2d7 SHA512 de309ec8d6aa2c3cf4d5ebfe9fa1f8bf5def717d22018d5c88c1de963b4ae7b0d69ad64e68d830574fc85613483fd538cb2f319ffb3fa2e1b97ec02f85d37c48
+DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
 DIST nss-3.47.tar.gz 76461837 BLAKE2B 8b11b5330cf134f2f94c2b4a07d52e153ff40006770e31cbba379ff623b822778bd8ae4510493912263299bbb8f6e0706f30d59633256a3141cbd8faedd1f257 SHA512 99d04d28c38092826f5aab125662780865de49a97743ff0ab49a191bafae3ba3a937369cd6909ab23e7dcaf06482c8852b31ef057dc12c758f2681e03822e247
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
new file mode 100644
index 00000000000..a7be090b64e
--- /dev/null
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -0,0 +1,374 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.22"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-03  1:54 Aaron Bauman
  0 siblings, 0 replies; 466+ messages in thread
From: Aaron Bauman @ 2019-12-03  1:54 UTC (permalink / raw
  To: gentoo-commits

commit:     6592b0ab7fb2a1ce9e9bc9b915ec85bf9c86bde3
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  3 01:54:06 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Tue Dec  3 01:54:06 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6592b0ab

dev-libs/nss: arm64 stable (bug #701840)

Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
Package-Manager: Portage-2.3.80, Repoman-2.3.19

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index a7be090b64e..a6135ca58a4 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-03 10:03 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-12-03 10:03 UTC (permalink / raw
  To: gentoo-commits

commit:     1681a5fce6462158ccc4f9192ad22c849b40a01c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  3 10:01:41 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Dec  3 10:01:41 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1681a5fc

dev-libs/nss: amd64 stable wrt bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index a6135ca58a4..7493df276b0 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-03 10:06 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-12-03 10:06 UTC (permalink / raw
  To: gentoo-commits

commit:     35ff4fc7e48b6872d05536e7291b988b6b84d72c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  3 10:06:07 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Dec  3 10:06:07 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35ff4fc7

dev-libs/nss: x86 stable wrt bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index 7493df276b0..e924b36c10c 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-03 10:07 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-12-03 10:07 UTC (permalink / raw
  To: gentoo-commits

commit:     7f39e34a6e64f19c9e24cddb4615514431d1533c
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  3 10:07:49 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Dec  3 10:07:49 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f39e34a

dev-libs/nss: sparc stable wrt bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index e924b36c10c..c3fcfd05976 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-03 11:56 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-12-03 11:56 UTC (permalink / raw
  To: gentoo-commits

commit:     e431694b1df6ed8f79835117a43be14a6fb22cdf
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  3 11:56:36 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Dec  3 11:56:36 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e431694b

dev-libs/nss: ia64 stable wrt bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index c3fcfd05976..75a473b0d2b 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-03 11:58 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-12-03 11:58 UTC (permalink / raw
  To: gentoo-commits

commit:     753a6d39ee9310c069d6d6d3728f1b7e72402d1b
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  3 11:57:37 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Dec  3 11:57:37 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=753a6d39

dev-libs/nss: ppc64 stable wrt bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index 75a473b0d2b..4f37cb1143a 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-06  5:46 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2019-12-06  5:46 UTC (permalink / raw
  To: gentoo-commits

commit:     c61ccde76c5fec5616c57cb05ad6d4dce813810e
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  6 05:46:22 2019 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Fri Dec  6 05:46:33 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c61ccde7

dev-libs/nss: Version bump 3.48

Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.48.ebuild | 374 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 375 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a99f1232f30..2a4c5e79063 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.46.1.tar.gz 76417797 BLAKE2B c65679a7eb50991958858afe2a20824dd9ff4c0f
 DIST nss-3.46.tar.gz 76417155 BLAKE2B 18e22a60df185764f434779211289a78d05270d8493766100e378e2ecfdb3013feb73359088d53667fb3c57a5b29633c9f800d29739cff5aab2af81e7ddbe2d7 SHA512 de309ec8d6aa2c3cf4d5ebfe9fa1f8bf5def717d22018d5c88c1de963b4ae7b0d69ad64e68d830574fc85613483fd538cb2f319ffb3fa2e1b97ec02f85d37c48
 DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
 DIST nss-3.47.tar.gz 76461837 BLAKE2B 8b11b5330cf134f2f94c2b4a07d52e153ff40006770e31cbba379ff623b822778bd8ae4510493912263299bbb8f6e0706f30d59633256a3141cbd8faedd1f257 SHA512 99d04d28c38092826f5aab125662780865de49a97743ff0ab49a191bafae3ba3a937369cd6909ab23e7dcaf06482c8852b31ef057dc12c758f2681e03822e247
+DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.48.ebuild b/dev-libs/nss/nss-3.48.ebuild
new file mode 100644
index 00000000000..3211b8962ae
--- /dev/null
+++ b/dev-libs/nss/nss-3.48.ebuild
@@ -0,0 +1,374 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.24"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-10 10:54 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2019-12-10 10:54 UTC (permalink / raw
  To: gentoo-commits

commit:     13ac2d0c841b866a9f22d36c902fb3f5f6f08b55
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 10 10:53:53 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Dec 10 10:53:53 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13ac2d0c

dev-libs/nss: ppc stable wrt bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index 4f37cb1143a..b8de2976c7a 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-10 19:25 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2019-12-10 19:25 UTC (permalink / raw
  To: gentoo-commits

commit:     e74c4bf009ca1f108b4f0629137822bf90d73b85
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Tue Dec 10 17:04:50 2019 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Dec 10 19:25:32 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74c4bf0

dev-libs/nss: stable 3.47.1 for hppa, bug #701840

Package-Manager: Portage-2.3.79, Repoman-2.3.16
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index b8de2976c7a..03c8cdd583b 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-15 16:37 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2019-12-15 16:37 UTC (permalink / raw
  To: gentoo-commits

commit:     47e37fb7de043ffc8d472c5caf8e084c4b24f9ee
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 15 16:33:16 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Dec 15 16:36:53 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47e37fb7

dev-libs/nss: security cleanup (bug #701840)

Package-Manager: Portage-2.3.81, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest             |   4 -
 dev-libs/nss/nss-3.40.1-r1.ebuild | 373 --------------------------------------
 dev-libs/nss/nss-3.46.1.ebuild    | 373 --------------------------------------
 dev-libs/nss/nss-3.46.ebuild      | 373 --------------------------------------
 dev-libs/nss/nss-3.47.ebuild      | 373 --------------------------------------
 5 files changed, 1496 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 2a4c5e79063..3c1bd15c514 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,8 +1,4 @@
-DIST nss-3.40.1.tar.gz 23311074 BLAKE2B 9cd723e983a3f70748b0734bb2a6cc1ddfa280f1c167c3b1b371a58900fb3d9b3bf3482293bb8614d39ffb538bcca815a2aedbe03d2d643731817452f82bc2ca SHA512 464ae843161e8deb911975d2117e8bf1194a968689b4ce70f9a12d5a33dba7ddd69f1248ec45244139c30fcc87678b206a4e124f032b26ead8bf894e4e8d0564
-DIST nss-3.46.1.tar.gz 76417797 BLAKE2B c65679a7eb50991958858afe2a20824dd9ff4c0f554f3c1964ccec269c2da9de1fa674a6ebf24fd3c8465315e491a9b50188382d1032b0cfe74c289d49049926 SHA512 f4c24f0e31d11413cbbf791a24687c02cd934b9baf4a3e9ce27406638a1d497654fbeec79c22ab4ad29374dd0063c05104c9514580b1b8156ed8d18404e1681b
-DIST nss-3.46.tar.gz 76417155 BLAKE2B 18e22a60df185764f434779211289a78d05270d8493766100e378e2ecfdb3013feb73359088d53667fb3c57a5b29633c9f800d29739cff5aab2af81e7ddbe2d7 SHA512 de309ec8d6aa2c3cf4d5ebfe9fa1f8bf5def717d22018d5c88c1de963b4ae7b0d69ad64e68d830574fc85613483fd538cb2f319ffb3fa2e1b97ec02f85d37c48
 DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
-DIST nss-3.47.tar.gz 76461837 BLAKE2B 8b11b5330cf134f2f94c2b4a07d52e153ff40006770e31cbba379ff623b822778bd8ae4510493912263299bbb8f6e0706f30d59633256a3141cbd8faedd1f257 SHA512 99d04d28c38092826f5aab125662780865de49a97743ff0ab49a191bafae3ba3a937369cd6909ab23e7dcaf06482c8852b31ef057dc12c758f2681e03822e247
 DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.40.1-r1.ebuild b/dev-libs/nss/nss-3.40.1-r1.ebuild
deleted file mode 100644
index cf653745a3c..00000000000
--- a/dev-libs/nss/nss-3.40.1-r1.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	# fix for bugs ported forward from 3.36.7
-	"${FILESDIR}/${PN}-3.36.7-fix-cms.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.46.1.ebuild b/dev-libs/nss/nss-3.46.1.ebuild
deleted file mode 100644
index f99ef74485f..00000000000
--- a/dev-libs/nss/nss-3.46.1.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.22"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.46.ebuild b/dev-libs/nss/nss-3.46.ebuild
deleted file mode 100644
index 1385aed733c..00000000000
--- a/dev-libs/nss/nss-3.46.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.22"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.47.ebuild b/dev-libs/nss/nss-3.47.ebuild
deleted file mode 100644
index 3c41aeeeb56..00000000000
--- a/dev-libs/nss/nss-3.47.ebuild
+++ /dev/null
@@ -1,373 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.22"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED%/}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-15 16:37 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2019-12-15 16:37 UTC (permalink / raw
  To: gentoo-commits

commit:     f7560034f34dd96a8a74001c07c369624a89ae83
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 15 16:30:42 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Dec 15 16:36:52 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7560034

dev-libs/nss: mark alpha, arm & s390 stable (bug #701840)

Package-Manager: Portage-2.3.81, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.47.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1.ebuild
index 03c8cdd583b..504f14e2fce 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1.ebuild
@@ -19,7 +19,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert +nss-pem utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2019-12-15 16:37 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2019-12-15 16:37 UTC (permalink / raw
  To: gentoo-commits

commit:     bb2d6491fd7b64675fd0ccf1007b40f87b99f674
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 15 16:36:34 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Dec 15 16:36:54 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb2d6491

dev-libs/nss: allow usage of SSLKEYLOGFILE environment variable

Closes: https://github.com/gentoo/gentoo/pull/13990
Package-Manager: Portage-2.3.81, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/{nss-3.47.1.ebuild => nss-3.47.1-r1.ebuild} | 1 +
 dev-libs/nss/{nss-3.48.ebuild => nss-3.48-r1.ebuild}     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/dev-libs/nss/nss-3.47.1.ebuild b/dev-libs/nss/nss-3.47.1-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.47.1.ebuild
rename to dev-libs/nss/nss-3.47.1-r1.ebuild
index 504f14e2fce..deb76ced6d5 100644
--- a/dev-libs/nss/nss-3.47.1.ebuild
+++ b/dev-libs/nss/nss-3.47.1-r1.ebuild
@@ -175,6 +175,7 @@ multilib_src_compile() {
 		)
 	fi
 
+	export NSS_ALLOW_SSLKEYLOGFILE=1
 	export NSS_ENABLE_WERROR=0 #567158
 	export BUILD_OPT=1
 	export NSS_USE_SYSTEM_SQLITE=1

diff --git a/dev-libs/nss/nss-3.48.ebuild b/dev-libs/nss/nss-3.48-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.48.ebuild
rename to dev-libs/nss/nss-3.48-r1.ebuild
index 3211b8962ae..124eca85b0b 100644
--- a/dev-libs/nss/nss-3.48.ebuild
+++ b/dev-libs/nss/nss-3.48-r1.ebuild
@@ -175,6 +175,7 @@ multilib_src_compile() {
 		)
 	fi
 
+	export NSS_ALLOW_SSLKEYLOGFILE=1
 	export NSS_ENABLE_WERROR=0 #567158
 	export BUILD_OPT=1
 	export NSS_USE_SYSTEM_SQLITE=1


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-01-07 20:56 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2020-01-07 20:56 UTC (permalink / raw
  To: gentoo-commits

commit:     8b56d3b18b8cc73aa487d30b712cb9d4a4b73e57
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  7 20:56:13 2020 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Tue Jan  7 20:56:26 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b56d3b1

dev-libs/nss: Version bump to 3.49

Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.49.ebuild | 375 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 376 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3c1bd15c514..aa2ddbe4d7c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
 DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
+DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.49.ebuild b/dev-libs/nss/nss-3.49.ebuild
new file mode 100644
index 00000000000..bec0e4b6e2f
--- /dev/null
+++ b/dev-libs/nss/nss-3.49.ebuild
@@ -0,0 +1,375 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.24"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-01-15 10:35 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-01-15 10:35 UTC (permalink / raw
  To: gentoo-commits

commit:     1667d12616f6cdce43baad300fd2ecdf322f9a46
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 15 10:34:50 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jan 15 10:35:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1667d126

dev-libs/nss: Bump to version 3.49.1

Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.49.1.ebuild | 375 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 376 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index aa2ddbe4d7c..c22b237b168 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
 DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
+DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bff872305993369c2caa1e1aef654fa02308957bc2a2774b7e0b4bafd097ad16831d38d7da53753991419839b7 SHA512 e463c9d71537ac30dbd2998cbdbc0cadc734768a6f3a316c57b6a6d01ad6d26ca732dff65e9c88555a834ae7d71fc857e4cbc1799438069f544a1e27f75985e8
 DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.49.1.ebuild b/dev-libs/nss/nss-3.49.1.ebuild
new file mode 100644
index 00000000000..bec0e4b6e2f
--- /dev/null
+++ b/dev-libs/nss/nss-3.49.1.ebuild
@@ -0,0 +1,375 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.24"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-01-24 21:31 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-01-24 21:31 UTC (permalink / raw
  To: gentoo-commits

commit:     8f982fe8644f5380dc09863eba9d5bcffefafc0b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 24 21:29:28 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jan 24 21:29:28 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f982fe8

dev-libs/nss: bump to v3.49.2

Package-Manager: Portage-2.3.85, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.49.2.ebuild | 375 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 376 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c22b237b168..526631f87c1 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,7 @@
 DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
 DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
 DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bff872305993369c2caa1e1aef654fa02308957bc2a2774b7e0b4bafd097ad16831d38d7da53753991419839b7 SHA512 e463c9d71537ac30dbd2998cbdbc0cadc734768a6f3a316c57b6a6d01ad6d26ca732dff65e9c88555a834ae7d71fc857e4cbc1799438069f544a1e27f75985e8
+DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
 DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.49.2.ebuild b/dev-libs/nss/nss-3.49.2.ebuild
new file mode 100644
index 00000000000..bec0e4b6e2f
--- /dev/null
+++ b/dev-libs/nss/nss-3.49.2.ebuild
@@ -0,0 +1,375 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.24"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-02-08 15:19 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2020-02-08 15:19 UTC (permalink / raw
  To: gentoo-commits

commit:     f63496a7c3af3525fec385a43fbb7d4adde3bb95
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  8 15:18:55 2020 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sat Feb  8 15:19:07 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f63496a7

dev-libs/nss: Version bump 3.50

Package-Manager: Portage-2.3.87, Repoman-2.3.20
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.50.ebuild | 375 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 376 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 526631f87c1..44dc960dbf0 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7
 DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bff872305993369c2caa1e1aef654fa02308957bc2a2774b7e0b4bafd097ad16831d38d7da53753991419839b7 SHA512 e463c9d71537ac30dbd2998cbdbc0cadc734768a6f3a316c57b6a6d01ad6d26ca732dff65e9c88555a834ae7d71fc857e4cbc1799438069f544a1e27f75985e8
 DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
 DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
+DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.50.ebuild b/dev-libs/nss/nss-3.50.ebuild
new file mode 100644
index 00000000000..c3b9fde9344
--- /dev/null
+++ b/dev-libs/nss/nss-3.50.ebuild
@@ -0,0 +1,375 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
+PEM_P="${PN}-pem-20160329"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
+	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert +nss-pem utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
+		)
+	fi
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-06 14:16 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2020-03-06 14:16 UTC (permalink / raw
  To: gentoo-commits

commit:     5eca3e02c87163b3c541cdee893830d201abfb86
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  6 14:13:38 2020 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Fri Mar  6 14:15:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eca3e02

dev-libs/nss: Drop pem support in favor of new nss-pem package

Package-Manager: Portage-2.3.92, Repoman-2.3.20
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 .../nss/{nss-3.50.ebuild => nss-3.50-r1.ebuild}    | 22 +++-------------------
 1 file changed, 3 insertions(+), 19 deletions(-)

diff --git a/dev-libs/nss/nss-3.50.ebuild b/dev-libs/nss/nss-3.50-r1.ebuild
similarity index 94%
rename from dev-libs/nss/nss-3.50.ebuild
rename to dev-libs/nss/nss-3.50-r1.ebuild
index c3b9fde9344..b6a9c7b9594 100644
--- a/dev-libs/nss/nss-3.50.ebuild
+++ b/dev-libs/nss/nss-3.50-r1.ebuild
@@ -7,20 +7,16 @@ inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
 
 NSPR_VER="4.25"
 RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
+IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
 "
@@ -46,19 +42,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
 )
 
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
 src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
-		)
-	fi
 	if use cacert ; then #521462
 		PATCHES+=(
 			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
@@ -280,7 +264,7 @@ multilib_src_install() {
 	insinto /usr/include/nss
 	doins public/nss/*.{h,api}
 	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
+	doins private/nss/{blapi,alghmac,cmac}.h
 
 	popd >/dev/null || die
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-07 15:21 Jory Pratt
  0 siblings, 0 replies; 466+ messages in thread
From: Jory Pratt @ 2020-03-07 15:21 UTC (permalink / raw
  To: gentoo-commits

commit:     1309f6637ab1d26fe55f9bba427d33695e28c181
Author:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  7 15:21:29 2020 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sat Mar  7 15:21:42 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1309f663

dev-libs/nss: Version bump 3.51

Package-Manager: Portage-2.3.92, Repoman-2.3.20
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.51.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 360 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 44dc960dbf0..aab1611b521 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bf
 DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
 DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
 DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1
+DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
 DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
new file mode 100644
index 00000000000..b6a9c7b9594
--- /dev/null
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -0,0 +1,359 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-09 10:44 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-03-09 10:44 UTC (permalink / raw
  To: gentoo-commits

commit:     98db96c8f9ba3f7253b5d2128c38f7352d0e5c1c
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  9 10:43:52 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Mar  9 10:43:52 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98db96c8

dev-libs/nss: Removed old

Package-Manager: Portage-2.3.93, Repoman-2.3.20
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.49.1.ebuild | 375 -----------------------------------------
 dev-libs/nss/nss-3.49.ebuild   | 375 -----------------------------------------
 3 files changed, 752 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index aab1611b521..96974b35f57 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,8 +1,6 @@
 DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
 DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
-DIST nss-3.49.1.tar.gz 76489134 BLAKE2B 4b1ceb6e1a366f506d13ceaa88663fba400318bff872305993369c2caa1e1aef654fa02308957bc2a2774b7e0b4bafd097ad16831d38d7da53753991419839b7 SHA512 e463c9d71537ac30dbd2998cbdbc0cadc734768a6f3a316c57b6a6d01ad6d26ca732dff65e9c88555a834ae7d71fc857e4cbc1799438069f544a1e27f75985e8
 DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
-DIST nss-3.49.tar.gz 76488781 BLAKE2B 12ce6477b95bc0b0623cfe297c771832818798e39d1ab5cbc7f30e21336644498f5201abeb2ea1cbfd7cf75d64e4423152b9fe4e5c6b1761c5c049ec3da0e9fc SHA512 7d8df73a2e585585a7cb3f887af3f933854984479531b3dd30316873bdd92c130e2fadb54e7b3b1f0b10675b1bce09112ef39860d74ef6f0df7b57bf430bd072
 DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1
 DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.49.1.ebuild b/dev-libs/nss/nss-3.49.1.ebuild
deleted file mode 100644
index bec0e4b6e2f..00000000000
--- a/dev-libs/nss/nss-3.49.1.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.24"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-BDEPEND="
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.49.ebuild b/dev-libs/nss/nss-3.49.ebuild
deleted file mode 100644
index bec0e4b6e2f..00000000000
--- a/dev-libs/nss/nss-3.49.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.24"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
-	nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-BDEPEND="
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
-	unpack ${A}
-	if use nss-pem ; then
-		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
-	fi
-}
-
-src_prepare() {
-	if use nss-pem ; then
-		PATCHES+=(
-			"${FILESDIR}/${PN}-3.47-enable-pem.patch"
-		)
-	fi
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-16 18:25 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-03-16 18:25 UTC (permalink / raw
  To: gentoo-commits

commit:     6703d8038de5e65a92cd05581c2ea45d3a713a81
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Mon Mar 16 17:28:50 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Mon Mar 16 18:25:15 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6703d803

dev-libs/nss: stable 3.51 for sparc, bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index b6a9c7b9594..3b9dca07ca2 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-17  8:34 Mart Raudsepp
  0 siblings, 0 replies; 466+ messages in thread
From: Mart Raudsepp @ 2020-03-17  8:34 UTC (permalink / raw
  To: gentoo-commits

commit:     7c2e279a88e366b842fbb6e8b40304663296a2c6
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 17 08:32:08 2020 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Tue Mar 17 08:32:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c2e279a

dev-libs/nss: arm64 stable (bug #627534)

Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 3b9dca07ca2..6846e138548 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-17 18:44 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-17 18:44 UTC (permalink / raw
  To: gentoo-commits

commit:     31ec2db38353dbd795f501da5871430eb887586d
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 17 18:43:33 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Mar 17 18:44:21 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31ec2db3

dev-libs/nss: amd64 stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 6846e138548..a96078714bf 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-18  9:49 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-18  9:49 UTC (permalink / raw
  To: gentoo-commits

commit:     1fcf9211af2989aae75de761c64e6db7fccf308a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 09:49:04 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 09:49:04 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fcf9211

dev-libs/nss: s390 stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index a96078714bf..9cf381f215d 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-18 11:11 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-18 11:11 UTC (permalink / raw
  To: gentoo-commits

commit:     9aeb72eab006bc1705f8f6af87561ecd665165d5
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 11:10:42 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 11:10:42 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9aeb72ea

dev-libs/nss: ppc stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 9cf381f215d..12edd975a92 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-18 11:31 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-18 11:31 UTC (permalink / raw
  To: gentoo-commits

commit:     e57eb19871780de9dc60c72f4bd03c6f8f9a9e8a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 11:31:57 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 11:31:57 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e57eb198

dev-libs/nss: ppc64 stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 12edd975a92..f7799558a54 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-18 12:03 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-18 12:03 UTC (permalink / raw
  To: gentoo-commits

commit:     639c0f28cd35c6144b7b9e8129ed270a126df59a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 12:03:37 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 12:03:37 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=639c0f28

dev-libs/nss: ia64 stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="ia64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index f7799558a54..ad367fac1f6 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-18 16:03 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-18 16:03 UTC (permalink / raw
  To: gentoo-commits

commit:     1b2a59f9e4899fd2edae9b446666881d3cc664f2
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 18 16:03:27 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 18 16:03:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b2a59f9

dev-libs/nss: x86 stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index ad367fac1f6..4d213bdc94e 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-20  9:16 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-03-20  9:16 UTC (permalink / raw
  To: gentoo-commits

commit:     07eb12f67c391b58b1d3c31524e7edba32e01011
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Mar 20 08:25:43 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Mar 20 09:16:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07eb12f6

dev-libs/nss: stable 3.51 for hppa, bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 4d213bdc94e..1c32cc02a15 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-03-25  8:12 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-03-25  8:12 UTC (permalink / raw
  To: gentoo-commits

commit:     c19c955d4d6bfe46ae828c379943d9a08d242116
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 25 08:11:53 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 25 08:11:53 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c19c955d

dev-libs/nss: arm stable wrt bug #627534

Package-Manager: Portage-2.3.89, Repoman-2.3.20
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.51.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 1c32cc02a15..7427324642c 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 BDEPEND="
 	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-04-10 11:12 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-04-10 11:12 UTC (permalink / raw
  To: gentoo-commits

commit:     752cecd5dee2e00aa7f1c56d73ae277c80314313
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 10 11:12:09 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Apr 10 11:12:39 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=752cecd5

dev-libs/nss: Bump to version 3.51.1

Package-Manager: Portage-2.3.98, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.51.1.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 360 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 663b875e316..beda8d670fa 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,2 +1,3 @@
+DIST nss-3.51.1.tar.gz 78310874 BLAKE2B c295b5fdf6e1d24cc79474f2c5a9e91fccf777212fbb072e8a64576ed1b060fea6ecbde1fa59bb07c998b9aa92bb7d450e722a8f34a72eaa35aef6cbd693420a SHA512 1878780886cc330489a14a60ee5cb67b174f3167d020db256eacdce079652ef8af65813914cd0fb5684457053fa27acc9bff72d0713fbea28795613ca45a6d46
 DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.51.1.ebuild b/dev-libs/nss/nss-3.51.1.ebuild
new file mode 100644
index 00000000000..b1c3b3f782f
--- /dev/null
+++ b/dev-libs/nss/nss-3.51.1.ebuild
@@ -0,0 +1,359 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-04-20  7:46 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-04-20  7:46 UTC (permalink / raw
  To: gentoo-commits

commit:     782dfd8c56f6edabb0ce4a75e2ccadf6c5f83745
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 20 07:45:49 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Apr 20 07:46:15 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=782dfd8c

dev-libs/nss: Moved virtual/pkgconfig to RDEPEND

Anarchy pointed that out and leio confirmed that it's being used by
nss-config.

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/nss-3.51.1.ebuild | 4 +---
 dev-libs/nss/nss-3.51.ebuild   | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/dev-libs/nss/nss-3.51.1.ebuild b/dev-libs/nss/nss-3.51.1.ebuild
index b1c3b3f782f..2a63453b474 100644
--- a/dev-libs/nss/nss-3.51.1.ebuild
+++ b/dev-libs/nss/nss-3.51.1.ebuild
@@ -17,13 +17,11 @@ LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
-BDEPEND="
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
 	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
 "
 DEPEND="${RDEPEND}"
 

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 0b2315560be..7cba16c1fb0 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -17,13 +17,11 @@ LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
-BDEPEND="
-	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
 	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
 	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
 "
 DEPEND="${RDEPEND}"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-04-20  9:00 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-04-20  9:00 UTC (permalink / raw
  To: gentoo-commits

commit:     882bf7bfc3f09229add0e873040113e44542164e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 20 08:59:44 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Apr 20 09:00:23 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=882bf7bf

dev-libs/nss: Added comment about virtual/pkgconfig being in RDEPEND

Thanks-to: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org>
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/nss-3.51.1.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.51.1.ebuild b/dev-libs/nss/nss-3.51.1.ebuild
index 2a63453b474..6ad4600ae7d 100644
--- a/dev-libs/nss/nss-3.51.1.ebuild
+++ b/dev-libs/nss/nss-3.51.1.ebuild
@@ -17,6 +17,7 @@ LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
 	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-05-02 19:12 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-05-02 19:12 UTC (permalink / raw
  To: gentoo-commits

commit:     89dadea09fea4dfa3bdf3302f2c3ea8b720bde03
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat May  2 19:11:51 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat May  2 19:12:12 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89dadea0

dev-libs/nss: Bump to version 3.52

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.52.ebuild | 358 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index beda8d670fa..0adc5af284f 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.51.1.tar.gz 78310874 BLAKE2B c295b5fdf6e1d24cc79474f2c5a9e91fccf777212fbb072e8a64576ed1b060fea6ecbde1fa59bb07c998b9aa92bb7d450e722a8f34a72eaa35aef6cbd693420a SHA512 1878780886cc330489a14a60ee5cb67b174f3167d020db256eacdce079652ef8af65813914cd0fb5684457053fa27acc9bff72d0713fbea28795613ca45a6d46
 DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
+DIST nss-3.52.tar.gz 81220587 BLAKE2B 0208c9047c61233ed36f02d57fdc64fa1734ef69d17fa499707f4a3b14a2e880b1dcf4b19b17a38e9b41d2e46b4a9488613d82989be747ad82aebc35b8e491af SHA512 a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.52.ebuild b/dev-libs/nss/nss-3.52.ebuild
new file mode 100644
index 00000000000..6ad4600ae7d
--- /dev/null
+++ b/dev-libs/nss/nss-3.52.ebuild
@@ -0,0 +1,358 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-05-22 16:47 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-05-22 16:47 UTC (permalink / raw
  To: gentoo-commits

commit:     498ed33e16b69a9bbbd2c5e75269eb2254099d8f
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri May 22 16:47:19 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri May 22 16:47:31 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=498ed33e

dev-libs/nss: Bump to version 3.52.1

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.52.1.ebuild | 358 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0adc5af284f..a54e9bfb1ed 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.51.1.tar.gz 78310874 BLAKE2B c295b5fdf6e1d24cc79474f2c5a9e91fccf777212fbb072e8a64576ed1b060fea6ecbde1fa59bb07c998b9aa92bb7d450e722a8f34a72eaa35aef6cbd693420a SHA512 1878780886cc330489a14a60ee5cb67b174f3167d020db256eacdce079652ef8af65813914cd0fb5684457053fa27acc9bff72d0713fbea28795613ca45a6d46
 DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
+DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6
 DIST nss-3.52.tar.gz 81220587 BLAKE2B 0208c9047c61233ed36f02d57fdc64fa1734ef69d17fa499707f4a3b14a2e880b1dcf4b19b17a38e9b41d2e46b4a9488613d82989be747ad82aebc35b8e491af SHA512 a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.52.1.ebuild b/dev-libs/nss/nss-3.52.1.ebuild
new file mode 100644
index 00000000000..6ad4600ae7d
--- /dev/null
+++ b/dev-libs/nss/nss-3.52.1.ebuild
@@ -0,0 +1,358 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-07 11:26 James Le Cuirot
  0 siblings, 0 replies; 466+ messages in thread
From: James Le Cuirot @ 2020-06-07 11:26 UTC (permalink / raw
  To: gentoo-commits

commit:     925c79e2672da8f8bb4995b38735721f6ba863b9
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Sun Jun  7 11:22:03 2020 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Sun Jun  7 11:26:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=925c79e2

dev-libs/nss: Fix cross-compiling from 32-bit to 64-bit

Closes: https://bugs.gentoo.org/723324
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: James Le Cuirot <chewi <AT> gentoo.org>

 dev-libs/nss/nss-3.51.1.ebuild | 2 +-
 dev-libs/nss/nss-3.51.ebuild   | 2 +-
 dev-libs/nss/nss-3.52.1.ebuild | 2 +-
 dev-libs/nss/nss-3.52.ebuild   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/dev-libs/nss/nss-3.51.1.ebuild b/dev-libs/nss/nss-3.51.1.ebuild
index 6ad4600ae7d..61acd9960f9 100644
--- a/dev-libs/nss/nss-3.51.1.ebuild
+++ b/dev-libs/nss/nss-3.51.1.ebuild
@@ -177,7 +177,7 @@ multilib_src_compile() {
 	NSPR_LIB_DIR="${T}/fakedir" \
 	emake -j1 -C coreconf \
 		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
+		${buildbits-${mybits}}
 	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
 
 	# Then build the target tools.

diff --git a/dev-libs/nss/nss-3.51.ebuild b/dev-libs/nss/nss-3.51.ebuild
index 7cba16c1fb0..f3bc7847267 100644
--- a/dev-libs/nss/nss-3.51.ebuild
+++ b/dev-libs/nss/nss-3.51.ebuild
@@ -176,7 +176,7 @@ multilib_src_compile() {
 	NSPR_LIB_DIR="${T}/fakedir" \
 	emake -j1 -C coreconf \
 		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
+		${buildbits-${mybits}}
 	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
 
 	# Then build the target tools.

diff --git a/dev-libs/nss/nss-3.52.1.ebuild b/dev-libs/nss/nss-3.52.1.ebuild
index 6ad4600ae7d..61acd9960f9 100644
--- a/dev-libs/nss/nss-3.52.1.ebuild
+++ b/dev-libs/nss/nss-3.52.1.ebuild
@@ -177,7 +177,7 @@ multilib_src_compile() {
 	NSPR_LIB_DIR="${T}/fakedir" \
 	emake -j1 -C coreconf \
 		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
+		${buildbits-${mybits}}
 	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
 
 	# Then build the target tools.

diff --git a/dev-libs/nss/nss-3.52.ebuild b/dev-libs/nss/nss-3.52.ebuild
index 6ad4600ae7d..61acd9960f9 100644
--- a/dev-libs/nss/nss-3.52.ebuild
+++ b/dev-libs/nss/nss-3.52.ebuild
@@ -177,7 +177,7 @@ multilib_src_compile() {
 	NSPR_LIB_DIR="${T}/fakedir" \
 	emake -j1 -C coreconf \
 		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
+		${buildbits-${mybits}}
 	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
 
 	# Then build the target tools.


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-09  9:20 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-06-09  9:20 UTC (permalink / raw
  To: gentoo-commits

commit:     d1e076b77709c625d5f7bed619970734d31c1a7e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  9 09:20:23 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jun  9 09:20:39 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1e076b7

dev-libs/nss: Revbump to finally link against system-zlib

Thanks-to: Jory Pratt <anarchy <AT> gentoo.org>
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/{nss-3.52.1.ebuild => nss-3.52.1-r1.ebuild} | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dev-libs/nss/nss-3.52.1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.52.1.ebuild
rename to dev-libs/nss/nss-3.52.1-r1.ebuild
index 61acd9960f9..109a0775a1f 100644
--- a/dev-libs/nss/nss-3.52.1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -168,6 +168,8 @@ multilib_src_compile() {
 	export FREEBL_LOWHASH=1
 	export NSS_SEED_ONLY_DEV_URANDOM=1
 	export ASFLAGS=""
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
 
 	local d
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-09 14:42 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-09 14:42 UTC (permalink / raw
  To: gentoo-commits

commit:     d9385a09feeca1a179d2c3052be3890951afe44f
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  9 14:42:10 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jun  9 14:42:10 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9385a09

dev-libs/nss: s390 stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 109a0775a1f..16e14efa8d2 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-09 20:00 Mart Raudsepp
  0 siblings, 0 replies; 466+ messages in thread
From: Mart Raudsepp @ 2020-06-09 20:00 UTC (permalink / raw
  To: gentoo-commits

commit:     56bb2d779a6e4bdb46aaf74f108aba0176c11e66
Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Tue Jun  9 12:12:17 2020 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Tue Jun  9 20:00:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56bb2d77

dev-libs/nss: arm64 stable (bug #726842)

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 16e14efa8d2..96ae280841c 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-10 13:01 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-10 13:01 UTC (permalink / raw
  To: gentoo-commits

commit:     b20d332e7cb74e2815adfecbcfd754b1b7072be2
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 13:01:27 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 13:01:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b20d332e

dev-libs/nss: sparc stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 96ae280841c..e68e511cb10 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-11  8:25 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-11  8:25 UTC (permalink / raw
  To: gentoo-commits

commit:     de0725616d01e90be4163053e996df447639b1a7
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 11 08:25:23 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Jun 11 08:25:23 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de072561

dev-libs/nss: amd64 stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index e68e511cb10..9fdac8718ec 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-11  8:27 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-11  8:27 UTC (permalink / raw
  To: gentoo-commits

commit:     f01fe207ab9637fc5096aa9634d87129b43920a0
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 11 08:27:45 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Jun 11 08:27:45 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f01fe207

dev-libs/nss: arm stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 9fdac8718ec..01d88be4c76 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-11  8:29 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-11  8:29 UTC (permalink / raw
  To: gentoo-commits

commit:     a3de67f5f6bdf6a419db7baa2f0e5112d08b6d0f
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 11 08:29:17 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Jun 11 08:29:43 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3de67f5

dev-libs/nss: ppc stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 01d88be4c76..466f6fe036b 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-11  8:34 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-11  8:34 UTC (permalink / raw
  To: gentoo-commits

commit:     dc4127ffe59fcf051487bf70cd95540616faecd0
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 11 08:33:53 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Jun 11 08:34:29 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc4127ff

dev-libs/nss: x86 stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 466f6fe036b..4f53d6a652e 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-12 18:44 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-06-12 18:44 UTC (permalink / raw
  To: gentoo-commits

commit:     96b375369c9507aeccbd1c7d01bc785d7490e1cf
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Jun 12 18:30:57 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Jun 12 18:44:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96b37536

dev-libs/nss: stable 3.52.1-r1 for hppa, bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 4f53d6a652e..0f733991c19 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-13 17:05 Mike Gilbert
  0 siblings, 0 replies; 466+ messages in thread
From: Mike Gilbert @ 2020-06-13 17:05 UTC (permalink / raw
  To: gentoo-commits

commit:     f91597fe9706fdaf1ee19d199452ee29f471311d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  6 19:39:20 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Jun 13 16:58:14 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f91597fe

dev-libs/nss: revbump for RDEPEND change

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/nss/{nss-3.51.1.ebuild => nss-3.51.1-r1.ebuild} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/dev-libs/nss/nss-3.51.1.ebuild b/dev-libs/nss/nss-3.51.1-r1.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.51.1.ebuild
rename to dev-libs/nss/nss-3.51.1-r1.ebuild


^ permalink raw reply	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-19  7:58 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-06-19  7:58 UTC (permalink / raw
  To: gentoo-commits

commit:     b34443de419cfc164c98101594abcdb6f4000654
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 19 07:58:18 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Jun 19 07:58:25 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b34443de

dev-libs/nss: Re-add aarch64 cross compile fix

Closes: https://bugs.gentoo.org/723324
Package-Manager: Portage-2.3.101, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/nss-3.53.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.53.1.ebuild b/dev-libs/nss/nss-3.53.1.ebuild
index 83d65eeb386..df2971ed709 100644
--- a/dev-libs/nss/nss-3.53.1.ebuild
+++ b/dev-libs/nss/nss-3.53.1.ebuild
@@ -169,7 +169,7 @@ multilib_src_compile() {
 	NSPR_LIB_DIR="${T}/fakedir" \
 	emake -j1 -C coreconf \
 		CC="$(tc-getBUILD_CC)" \
-		${buildbits:-${mybits}}
+		${buildbits-${mybits}}
 	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
 
 	# Then build the target tools.


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-29 10:02 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-06-29 10:02 UTC (permalink / raw
  To: gentoo-commits

commit:     4e10c55d94aa8ced633714413346f350fd437f56
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 29 10:02:41 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Jun 29 10:02:49 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e10c55d

dev-libs/nss: Removed old

Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest             |   2 -
 dev-libs/nss/nss-3.51.1-r1.ebuild | 358 --------------------------------------
 dev-libs/nss/nss-3.52.ebuild      | 358 --------------------------------------
 3 files changed, 718 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 673342d8225..b1158e7ca13 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
-DIST nss-3.51.1.tar.gz 78310874 BLAKE2B c295b5fdf6e1d24cc79474f2c5a9e91fccf777212fbb072e8a64576ed1b060fea6ecbde1fa59bb07c998b9aa92bb7d450e722a8f34a72eaa35aef6cbd693420a SHA512 1878780886cc330489a14a60ee5cb67b174f3167d020db256eacdce079652ef8af65813914cd0fb5684457053fa27acc9bff72d0713fbea28795613ca45a6d46
 DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
 DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6
-DIST nss-3.52.tar.gz 81220587 BLAKE2B 0208c9047c61233ed36f02d57fdc64fa1734ef69d17fa499707f4a3b14a2e880b1dcf4b19b17a38e9b41d2e46b4a9488613d82989be747ad82aebc35b8e491af SHA512 a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
 DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0
 DIST nss-3.54.tar.gz 81190188 BLAKE2B bf91aa3e2081f0d123d3adfbfc2e3cadfeccf6b15ce03f429fede73bd57ebf96ba7317b890762b01820d75020bb99383c022e2e6558aa1a6d44e8c92cd533bd2 SHA512 9b9253469514c085730ae580f6544e882a8264e253687950627a4fa1eeb956287c9da46caf7d8988cd6363f6dee26cb8db755203375751fe53795697d7ae9b7b
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.51.1-r1.ebuild b/dev-libs/nss/nss-3.51.1-r1.ebuild
deleted file mode 100644
index 2c01890c4d3..00000000000
--- a/dev-libs/nss/nss-3.51.1-r1.ebuild
+++ /dev/null
@@ -1,358 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.25"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.52.ebuild b/dev-libs/nss/nss-3.52.ebuild
deleted file mode 100644
index 2c01890c4d3..00000000000
--- a/dev-libs/nss/nss-3.52.ebuild
+++ /dev/null
@@ -1,358 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.25"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	# Do not let `uname` be used.
-	if use kernel_linux ; then
-		makeargs+=(
-			OS_TARGET=Linux
-			OS_RELEASE=2.6
-			OS_TEST="$(nssarch)"
-		)
-	fi
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export NSS_ENABLE_ECC=1
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-29 10:02 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-06-29 10:02 UTC (permalink / raw
  To: gentoo-commits

commit:     7c069960016136f3e6d856250584b0bda4b318c6
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 29 09:59:39 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Jun 29 10:02:49 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c069960

dev-libs/nss: Bump to version 3.54

Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.54.ebuild | 351 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 352 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 809bdb00ebb..673342d8225 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,4 +3,5 @@ DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0
 DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6
 DIST nss-3.52.tar.gz 81220587 BLAKE2B 0208c9047c61233ed36f02d57fdc64fa1734ef69d17fa499707f4a3b14a2e880b1dcf4b19b17a38e9b41d2e46b4a9488613d82989be747ad82aebc35b8e491af SHA512 a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
 DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0
+DIST nss-3.54.tar.gz 81190188 BLAKE2B bf91aa3e2081f0d123d3adfbfc2e3cadfeccf6b15ce03f429fede73bd57ebf96ba7317b890762b01820d75020bb99383c022e2e6558aa1a6d44e8c92cd533bd2 SHA512 9b9253469514c085730ae580f6544e882a8264e253687950627a4fa1eeb956287c9da46caf7d8988cd6363f6dee26cb8db755203375751fe53795697d7ae9b7b
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.54.ebuild b/dev-libs/nss/nss-3.54.ebuild
new file mode 100644
index 00000000000..d94d193dbe9
--- /dev/null
+++ b/dev-libs/nss/nss-3.54.ebuild
@@ -0,0 +1,351 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-29 13:37 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-06-29 13:37 UTC (permalink / raw
  To: gentoo-commits

commit:     57435acc5e6506b4c07e65a31ab66bac118acaf8
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 29 13:37:10 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Mon Jun 29 13:37:10 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57435acc

dev-libs/nss: ppc64 stable wrt bug #726842

Package-Manager: Portage-2.3.99, Repoman-2.3.22
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.52.1-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.52.1-r1.ebuild b/dev-libs/nss/nss-3.52.1-r1.ebuild
index 56359ce5955..ac5506ab597 100644
--- a/dev-libs/nss/nss-3.52.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.52.1-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-06-29 22:08 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-06-29 22:08 UTC (permalink / raw
  To: gentoo-commits

commit:     039f8edb45f36e64b71cdfcdd1f0dd3cd81076df
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 29 22:08:43 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 29 22:08:43 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=039f8edb

dev-libs/nss: bump to require >=dev-libs/nspr-4.26

Reported-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/{nss-3.54.ebuild => nss-3.54-r1.ebuild} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.54.ebuild b/dev-libs/nss/nss-3.54-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.54.ebuild
rename to dev-libs/nss/nss-3.54-r1.ebuild
index d94d193dbe9..5d96e159be4 100644
--- a/dev-libs/nss/nss-3.54.ebuild
+++ b/dev-libs/nss/nss-3.54-r1.ebuild
@@ -5,7 +5,7 @@ EAPI=7
 
 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
 
-NSPR_VER="4.25"
+NSPR_VER="4.26"
 RTM_NAME="NSS_${PV//./_}_RTM"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-07-26  9:27 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-07-26  9:27 UTC (permalink / raw
  To: gentoo-commits

commit:     7620d4da951fccd3f701f1a3413bc13514693350
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 26 09:27:29 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Jul 26 09:27:37 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7620d4da

dev-libs/nss: Bump to version 3.55

Package-Manager: Portage-3.0.0, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.55.ebuild | 351 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 352 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b1158e7ca13..eac4d25268a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0
 DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6
 DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0
 DIST nss-3.54.tar.gz 81190188 BLAKE2B bf91aa3e2081f0d123d3adfbfc2e3cadfeccf6b15ce03f429fede73bd57ebf96ba7317b890762b01820d75020bb99383c022e2e6558aa1a6d44e8c92cd533bd2 SHA512 9b9253469514c085730ae580f6544e882a8264e253687950627a4fa1eeb956287c9da46caf7d8988cd6363f6dee26cb8db755203375751fe53795697d7ae9b7b
+DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
new file mode 100644
index 00000000000..5d96e159be4
--- /dev/null
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -0,0 +1,351 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.26"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-11 14:12 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-08-11 14:12 UTC (permalink / raw
  To: gentoo-commits

commit:     99c6453fad1d59552abd0b3e33751f7f3a82c038
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 14:12:24 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 14:12:24 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99c6453f

dev-libs/nss: arm stable wrt bug #734986

Package-Manager: Portage-2.3.103, Repoman-2.3.23
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index 5d96e159be4..cd589bc7f76 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-11 14:13 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-08-11 14:13 UTC (permalink / raw
  To: gentoo-commits

commit:     eab950e54510da9c0975a04452c2845c7be8d7cb
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 14:13:33 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 14:13:33 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eab950e5

dev-libs/nss: s390 stable wrt bug #734986

Package-Manager: Portage-2.3.103, Repoman-2.3.23
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index cd589bc7f76..c423156a8d4 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-11 14:18 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-08-11 14:18 UTC (permalink / raw
  To: gentoo-commits

commit:     a06581b79a1e06fd08daeaacc98ba41c5bed817f
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 14:17:29 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 14:17:29 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a06581b7

dev-libs/nss: sparc stable wrt bug #734986

Package-Manager: Portage-2.3.103, Repoman-2.3.23
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index c423156a8d4..b0619cd4533 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-11 16:18 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-08-11 16:18 UTC (permalink / raw
  To: gentoo-commits

commit:     46551a1c3ce2bb4681560497e4440a2e38c35c62
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 16:17:43 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 16:17:43 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46551a1c

dev-libs/nss: Stabilize 3.55 arm64, #734986

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index b0619cd4533..bc755d71c24 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-11 17:46 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-08-11 17:46 UTC (permalink / raw
  To: gentoo-commits

commit:     5d138403ed88c255aaa5d3d8ebcadb97564a2e4b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 17:44:16 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 17:44:16 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d138403

dev-libs/nss: Stabilize 3.55 x86, #734986

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index bc755d71c24..43278d91ecc 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-11 17:46 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-08-11 17:46 UTC (permalink / raw
  To: gentoo-commits

commit:     0b321667f70e26d33d6ef682c2f68e0e31d54182
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 17:45:12 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 17:45:12 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b321667

dev-libs/nss: Stabilize 3.55 amd64, #734986

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index 43278d91ecc..f78665f95a1 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-14 18:02 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-08-14 18:02 UTC (permalink / raw
  To: gentoo-commits

commit:     febe0f7cf2e1c5d0bfd4a8f31dea295dc1cdf711
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Fri Aug 14 12:37:59 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 18:02:17 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=febe0f7c

dev-libs/nss: stable 3.55 for hppa, bug #734986

Package-Manager: Portage-2.3.103, Repoman-2.3.23
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index f78665f95a1..b933080a7de 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-23  8:12 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-08-23  8:12 UTC (permalink / raw
  To: gentoo-commits

commit:     9f4f13150f84c865d39ca1053e3737a0d84addb6
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 23 08:12:07 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sun Aug 23 08:12:07 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f4f1315

dev-libs/nss: stable 3.55 for ppc

stable wrt bug #
Tested-by: ernsteiswuerfel
Package-Manager: Portage-3.0.4, Repoman-3.0.1
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index b933080a7de..cf5f55320aa 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-23 20:46 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-08-23 20:46 UTC (permalink / raw
  To: gentoo-commits

commit:     e0fd2d1f23f7222ff2c07374ecfb84b76999073e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 23 20:41:22 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Aug 23 20:46:05 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0fd2d1f

dev-libs/nss: bump to v3.56

Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.56.ebuild | 351 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 352 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index eac4d25268a..e2468639f8b 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,4 +3,5 @@ DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b
 DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0
 DIST nss-3.54.tar.gz 81190188 BLAKE2B bf91aa3e2081f0d123d3adfbfc2e3cadfeccf6b15ce03f429fede73bd57ebf96ba7317b890762b01820d75020bb99383c022e2e6558aa1a6d44e8c92cd533bd2 SHA512 9b9253469514c085730ae580f6544e882a8264e253687950627a4fa1eeb956287c9da46caf7d8988cd6363f6dee26cb8db755203375751fe53795697d7ae9b7b
 DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e
+DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
new file mode 100644
index 00000000000..f241d8e565d
--- /dev/null
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -0,0 +1,351 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.28"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-23 21:18 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-08-23 21:18 UTC (permalink / raw
  To: gentoo-commits

commit:     f980f7e5ed5a164a8d490b34a776590f96c3b5ff
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 23 21:18:06 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Aug 23 21:18:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f980f7e5

dev-libs/nss: fix cross-compile

Closes: https://bugs.gentoo.org/728764
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 dev-libs/nss/nss-3.56.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index cf5f55320aa..a3fb150caaa 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -178,7 +178,7 @@ multilib_src_compile() {
 		CPPFLAGS="${myCPPFLAGS}" \
 		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
 		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
 	done
 }
 

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index f241d8e565d..1be5f0e7ebe 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -178,7 +178,7 @@ multilib_src_compile() {
 		CPPFLAGS="${myCPPFLAGS}" \
 		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
 		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d}
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
 	done
 }
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-30 22:49 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-08-30 22:49 UTC (permalink / raw
  To: gentoo-commits

commit:     dcc7ed700319048bf48b895782877bd8142f80bc
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 30 22:49:06 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Aug 30 22:49:06 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dcc7ed70

dev-libs/nss: Stabilize 3.55 ppc64, #734986

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.55.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
index a3fb150caaa..827349d454c 100644
--- a/dev-libs/nss/nss-3.55.ebuild
+++ b/dev-libs/nss/nss-3.55.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-31 22:09 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-08-31 22:09 UTC (permalink / raw
  To: gentoo-commits

commit:     c7bb7c1750e54218dcf79b622eb6fed17ffa1fa1
Author:     Ross Charles Campbell <rossbridger.cc <AT> gmail <DOT> com>
AuthorDate: Sun Aug 30 17:33:08 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 22:08:56 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7bb7c17

dev-libs/nss: detect compiler type and set CC_IS_{GCC,CLANG}

The two flags enables the build system to detect certain compiler features
and optimizations.

Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Ross Charles Campbell <rossbridger.cc <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/17269
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index 1404b61e14c..c5e3dea3064 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -163,6 +163,12 @@ multilib_src_compile() {
 	export ASFLAGS=""
 	# Fix build failure on arm64
 	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
 
 	local d
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-08-31 22:09 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-08-31 22:09 UTC (permalink / raw
  To: gentoo-commits

commit:     6edf65f8d7e2d643df9e1bba1ef27ac687a35714
Author:     Ross Charles Campbell <rossbridger.cc <AT> gmail <DOT> com>
AuthorDate: Wed Aug 26 15:11:03 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 22:08:55 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6edf65f8

dev-libs/nss: Add NS_USE_GCC environment variable

This variable seems to be required to be be set in order to have certain
files to be compiled on arm64 linux systems, otherwise some symbols will
be missing at linking thus causing build failure.

This addition seems to be harmless on amd64 systems.

Closes: https://bugs.gentoo.org/738924
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Ross Charles Campbell <rossbridger.cc <AT> gmail.com>
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index 1be5f0e7ebe..1404b61e14c 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -161,6 +161,8 @@ multilib_src_compile() {
 	export USE_SYSTEM_ZLIB=1
 	export ZLIB_LIBS=-lz
 	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
 
 	local d
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-09-30 18:05 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-09-30 18:05 UTC (permalink / raw
  To: gentoo-commits

commit:     a8e4ac5096ba8a73d001aa447c58a08d0a16fd33
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 30 16:00:35 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep 30 18:03:40 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8e4ac50

dev-libs/nss: bump to v3.57

Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.57.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 360 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a4426510d65..8c7ce2e3a1c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e
 DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
+DIST nss-3.57.tar.gz 81712830 BLAKE2B 998160fe16e13d1997f3d11a054148349b068214afb3c0cd3b9e82ce03999e46ca34b02907dc27e3f253653f6e57a9f1498e6c16f8665350c629f5c3c98ea0bc SHA512 7e312d7539a26f57b968548935a7715cfa895aa61da21d0542ae45b71cb16f63167728534cdfd15f8eca68c75753a0df3d05e87b4c5acaabbda63c736e552ea2
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.57.ebuild b/dev-libs/nss/nss-3.57.ebuild
new file mode 100644
index 00000000000..37ab7c58696
--- /dev/null
+++ b/dev-libs/nss/nss-3.57.ebuild
@@ -0,0 +1,359 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-01 11:13 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-01 11:13 UTC (permalink / raw
  To: gentoo-commits

commit:     8b078911df4fc9b56080928803543d597745086b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 11:09:46 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 11:09:46 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b078911

dev-libs/nss: Stabilize 3.56 arm64, #745795

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index c5e3dea3064..a1300521280 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-01 17:29 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-01 17:29 UTC (permalink / raw
  To: gentoo-commits

commit:     e80bfafa8b68dd2633badb922d20156b877d6a84
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Thu Oct  1 16:10:18 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 17:28:44 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e80bfafa

dev-libs/nss: stable 3.56 for sparc, bug #745795

Package-Manager: Portage-3.0.4, Repoman-3.0.1
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index a1300521280..db3bc67fd55 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-01 22:55 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-01 22:55 UTC (permalink / raw
  To: gentoo-commits

commit:     3e67780a4c1d69663f60bfee5abcd01205c1649d
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 22:46:59 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 22:55:36 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e67780a

dev-libs/nss: stable 3.56 for ppc64

stable wrt bug #745795

Package-Manager: Portage-3.0.8, Repoman-3.0.1
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index db3bc67fd55..07756ac543a 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-01 23:06 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-01 23:06 UTC (permalink / raw
  To: gentoo-commits

commit:     5fee8064ddb74be2452b843db644c136984b1245
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 22:59:29 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 22:59:29 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fee8064

dev-libs/nss: stable 3.56 for ppc

stable wrt bug #745795

Package-Manager: Portage-3.0.8, Repoman-3.0.1
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index 07756ac543a..304508efa8c 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-02 22:22 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-02 22:22 UTC (permalink / raw
  To: gentoo-commits

commit:     594d54d5a08594edb86c3a4fcd4716b38441ae3f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct  2 22:21:23 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct  2 22:21:23 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=594d54d5

dev-libs/nss: Stabilize 3.56 arm, #745795

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index 304508efa8c..e3a21376663 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-03  9:16 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-03  9:16 UTC (permalink / raw
  To: gentoo-commits

commit:     9337b0f527d008d8e0f038856f908aecc5b1be88
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  3 09:16:22 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Oct  3 09:16:50 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9337b0f5

dev-libs/nss: stable 3.56 for hppa

stable wrt bug #745795

Package-Manager: Portage-3.0.8, Repoman-3.0.1
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index e3a21376663..8a72fe7d60c 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-07  6:42 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-10-07  6:42 UTC (permalink / raw
  To: gentoo-commits

commit:     10e1ad402717858c9cfbe7cd38aabfddda01d273
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  7 06:42:41 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Oct  7 06:42:41 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10e1ad40

dev-libs/nss: amd64 stable wrt bug #745795

Package-Manager: Portage-2.3.103, Repoman-2.3.23
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index 8a72fe7d60c..d698f5f88f1 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-07  6:55 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-10-07  6:55 UTC (permalink / raw
  To: gentoo-commits

commit:     1fd06868f720a555b9118738c81a90cb8254fcb5
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  7 06:55:51 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Oct  7 06:55:51 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fd06868

dev-libs/nss: s390 stable wrt bug #745795

Package-Manager: Portage-2.3.103, Repoman-2.3.23
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.56.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
index d698f5f88f1..8a91a1de518 100644
--- a/dev-libs/nss/nss-3.56.ebuild
+++ b/dev-libs/nss/nss-3.56.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-19 21:04 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-10-19 21:04 UTC (permalink / raw
  To: gentoo-commits

commit:     8e18430ce14e579a2b7c6c5afbede6281dff231a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 19 21:00:36 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct 19 21:00:36 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e18430c

dev-libs/nss: bump to v3.58

Bug: https://bugs.gentoo.org/750254
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.58.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 360 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8c7ce2e3a1c..b0fb6928ac4 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e
 DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
 DIST nss-3.57.tar.gz 81712830 BLAKE2B 998160fe16e13d1997f3d11a054148349b068214afb3c0cd3b9e82ce03999e46ca34b02907dc27e3f253653f6e57a9f1498e6c16f8665350c629f5c3c98ea0bc SHA512 7e312d7539a26f57b968548935a7715cfa895aa61da21d0542ae45b71cb16f63167728534cdfd15f8eca68c75753a0df3d05e87b4c5acaabbda63c736e552ea2
+DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58.ebuild
new file mode 100644
index 00000000000..37ab7c58696
--- /dev/null
+++ b/dev-libs/nss/nss-3.58.ebuild
@@ -0,0 +1,359 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-21  1:08 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-21  1:08 UTC (permalink / raw
  To: gentoo-commits

commit:     e4fe1964f6f96f1ddc4c60bcf16f87da4f188304
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 21 01:07:49 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 21 01:07:49 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4fe1964

dev-libs/nss: Stabilize 3.58 arm, #750254

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.58.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58.ebuild
index 37ab7c58696..ef10886acf0 100644
--- a/dev-libs/nss/nss-3.58.ebuild
+++ b/dev-libs/nss/nss-3.58.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-21  1:09 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-21  1:09 UTC (permalink / raw
  To: gentoo-commits

commit:     41d46d9dfbebb8f7b261248abd0b6b581e855b51
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 21 01:08:53 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 21 01:08:53 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41d46d9d

dev-libs/nss: Stabilize 3.58 arm64, #750254

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.58.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58.ebuild
index ef10886acf0..45e896e17bf 100644
--- a/dev-libs/nss/nss-3.58.ebuild
+++ b/dev-libs/nss/nss-3.58.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-21  3:43 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-21  3:43 UTC (permalink / raw
  To: gentoo-commits

commit:     4c030dfc33ccd38c9ba413cb85abef2ffd779f2c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 21 03:39:53 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 21 03:39:53 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c030dfc

dev-libs/nss: Stabilize 3.58 sparc, #750254

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.58.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58.ebuild
index 45e896e17bf..c77a4bad75b 100644
--- a/dev-libs/nss/nss-3.58.ebuild
+++ b/dev-libs/nss/nss-3.58.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-23 12:16 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-23 12:16 UTC (permalink / raw
  To: gentoo-commits

commit:     6ebfd820b1074bbdd0409328af0af1328fdd3ee9
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 23 12:16:11 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 23 12:16:16 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ebfd820

dev-libs/nss: drop 3.58 stable keywords

There is a regression in 3.58 currently being
investigated. See the bug for details.

Bug: https://bugs.gentoo.org/750746
Bug: https://bugs.gentoo.org/750254
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.58.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58.ebuild
index c77a4bad75b..37ab7c58696 100644
--- a/dev-libs/nss/nss-3.58.ebuild
+++ b/dev-libs/nss/nss-3.58.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-26 16:12 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-10-26 16:12 UTC (permalink / raw
  To: gentoo-commits

commit:     0938117d3a1e268bc13ec1bd4e784cc7282371d5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 16:11:33 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 16:12:47 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0938117d

dev-libs/nss: x86 stable (bug #750254)

Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index 9fd66130955..d52eb5c4590 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-28  3:05 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-28  3:05 UTC (permalink / raw
  To: gentoo-commits

commit:     2a746317b1ee2d37976fd967758e386e18bb6aea
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 03:04:31 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 03:04:31 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a746317

dev-libs/nss: Stabilize 3.58-r2 arm64, #750254

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index d52eb5c4590..cd38d79a3f9 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-28 16:18 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2020-10-28 16:18 UTC (permalink / raw
  To: gentoo-commits

commit:     519ce41e880891fade155f3969e7e03bde084871
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 16:14:51 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 16:18:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=519ce41e

dev-libs/nss: Stabilize 3.58-r2 arm, #750254

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index cd38d79a3f9..42f422fd2dd 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-28 22:27 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-28 22:27 UTC (permalink / raw
  To: gentoo-commits

commit:     eef889bbfdaba46e74dea01b889e6d611f326a5e
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 22:26:42 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 22:26:42 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eef889bb

dev-libs/nss: stable 3.58-r2 for hppa

stable wrt bug #750254

Package-Manager: Portage-3.0.8, Repoman-3.0.2
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index 42f422fd2dd..f10682cb9d9 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-28 22:30 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-28 22:30 UTC (permalink / raw
  To: gentoo-commits

commit:     a0b9696ab802a8bd1d10427e8e5e998111368286
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 22:30:20 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 22:30:20 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0b9696a

dev-libs/nss: stable 3.58-r2 for ppc

stable wrt bug #750254

Package-Manager: Portage-3.0.8, Repoman-3.0.2
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index f10682cb9d9..b9e20f36820 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-28 22:33 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-28 22:33 UTC (permalink / raw
  To: gentoo-commits

commit:     f88f007ba047bfbee474dd1a19d63502274e0e8d
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 22:33:39 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 22:33:39 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f88f007b

dev-libs/nss: stable 3.58-r2 for ppc64

stable wrt bug #750254

Package-Manager: Portage-3.0.8, Repoman-3.0.2
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index b9e20f36820..8fdc5e38b35 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-28 22:35 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2020-10-28 22:35 UTC (permalink / raw
  To: gentoo-commits

commit:     7723df58e1e8b84d617179a526719cd7288498ca
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 22:34:57 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 22:35:02 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7723df58

dev-libs/nss: stable 3.58-r2 for sparc

stable wrt bug #750254

Package-Manager: Portage-3.0.8, Repoman-3.0.2
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index 8fdc5e38b35..e0af2a29a38 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-10-31 15:47 Piotr Karbowski
  0 siblings, 0 replies; 466+ messages in thread
From: Piotr Karbowski @ 2020-10-31 15:47 UTC (permalink / raw
  To: gentoo-commits

commit:     88101aae1aed42efeca0d2103647ffbb0736e017
Author:     Piotr Karbowski <slashbeast <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 31 15:41:00 2020 +0000
Commit:     Piotr Karbowski <slashbeast <AT> gentoo <DOT> org>
CommitDate: Sat Oct 31 15:47:48 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88101aae

dev-libs/nss: 3.58-r2 amd64 stable.

Signed-off-by: Piotr Karbowski <slashbeast <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index e0af2a29a38..a90ad4c67ec 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-11-14 10:44 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-11-14 10:44 UTC (permalink / raw
  To: gentoo-commits

commit:     fd9e0df20c20f00cc4cfc915327db46feac02281
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 14 10:41:27 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 10:44:34 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd9e0df2

dev-libs/nss: Bump to version 3.59

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.59.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 360 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b0fb6928ac4..a00b563aad0 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08
 DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
 DIST nss-3.57.tar.gz 81712830 BLAKE2B 998160fe16e13d1997f3d11a054148349b068214afb3c0cd3b9e82ce03999e46ca34b02907dc27e3f253653f6e57a9f1498e6c16f8665350c629f5c3c98ea0bc SHA512 7e312d7539a26f57b968548935a7715cfa895aa61da21d0542ae45b71cb16f63167728534cdfd15f8eca68c75753a0df3d05e87b4c5acaabbda63c736e552ea2
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
+DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.59.ebuild b/dev-libs/nss/nss-3.59.ebuild
new file mode 100644
index 00000000000..37ab7c58696
--- /dev/null
+++ b/dev-libs/nss/nss-3.59.ebuild
@@ -0,0 +1,359 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-11-14 10:44 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2020-11-14 10:44 UTC (permalink / raw
  To: gentoo-commits

commit:     9ace661e72cc03df481a491e364a8c86cd32ac6d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 14 10:42:33 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 10:44:34 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ace661e

dev-libs/nss: Removed old

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   2 -
 dev-libs/nss/nss-3.55.ebuild | 351 ------------------------------------------
 dev-libs/nss/nss-3.57.ebuild | 359 -------------------------------------------
 3 files changed, 712 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a00b563aad0..2ceff703f43 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,4 @@
-DIST nss-3.55.tar.gz 81759883 BLAKE2B 5b663d2b1861eb74cf070f2711b4db1afbfbc40b08e1f117e6b4a62e9f997de06889de3afc654cf6547c371ab2a1183904a1a014d1dc4b3e94f734107c81e1cf SHA512 acae7b803a3219cd4b78216cb8a6352805741e42eca6a42a5e6289ebbabc6189c7c6bc138cbd8a93d8631d06175c4d34e72957d49fe726adada6aaa2566e399e
 DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
-DIST nss-3.57.tar.gz 81712830 BLAKE2B 998160fe16e13d1997f3d11a054148349b068214afb3c0cd3b9e82ce03999e46ca34b02907dc27e3f253653f6e57a9f1498e6c16f8665350c629f5c3c98ea0bc SHA512 7e312d7539a26f57b968548935a7715cfa895aa61da21d0542ae45b71cb16f63167728534cdfd15f8eca68c75753a0df3d05e87b4c5acaabbda63c736e552ea2
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.55.ebuild b/dev-libs/nss/nss-3.55.ebuild
deleted file mode 100644
index 827349d454c..00000000000
--- a/dev-libs/nss/nss-3.55.ebuild
+++ /dev/null
@@ -1,351 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.26"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.57.ebuild b/dev-libs/nss/nss-3.57.ebuild
deleted file mode 100644
index 37ab7c58696..00000000000
--- a/dev-libs/nss/nss-3.57.ebuild
+++ /dev/null
@@ -1,359 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-11-17 19:05 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2020-11-17 19:05 UTC (permalink / raw
  To: gentoo-commits

commit:     3ed046f3dae889329802c647d22ded0ed95a1b6d
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 17 19:04:52 2020 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Nov 17 19:04:52 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ed046f3

dev-libs/nss: s390 stable wrt bug #750254

Package-Manager: Portage-3.0.8, Repoman-3.0.2
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index a90ad4c67ec..38528576dc7 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-12-14 18:38 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-12-14 18:38 UTC (permalink / raw
  To: gentoo-commits

commit:     5515f15a4b68a776c6b551efc8be3569cbef8110
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 14 18:10:39 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Dec 14 18:38:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5515f15a

dev-libs/nss: bump to v3.60

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.60.ebuild | 358 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 2ceff703f43..bcb4d937030 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
+DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.60.ebuild b/dev-libs/nss/nss-3.60.ebuild
new file mode 100644
index 00000000000..383f86723a3
--- /dev/null
+++ b/dev-libs/nss/nss-3.60.ebuild
@@ -0,0 +1,358 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2020-12-22 23:08 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2020-12-22 23:08 UTC (permalink / raw
  To: gentoo-commits

commit:     3f612dc6e8123864c4bdbf03440301918ff62a6c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 22 23:08:07 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Dec 22 23:08:19 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f612dc6

dev-libs/nss: security cleanup (bug #750254)

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.56.ebuild | 359 -------------------------------------------
 2 files changed, 360 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index bcb4d937030..23a2d7aed51 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.56.tar.gz 81706176 BLAKE2B 84c3b9fd649ce38ad843725b180982692dcac34e851734813b959734054f2e9ebfad66496de320f46e861381f6d5f52db0cc4c0953f7504b79f6b529b871f173 SHA512 f2eed8252c13b38a4d80a11203136d22a521205f814b6d954cc119ccf8921fcb8f689d919944bea4739d1575e9bda7e13cf2ad054ac91d51e049abe246efc845
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
 DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695

diff --git a/dev-libs/nss/nss-3.56.ebuild b/dev-libs/nss/nss-3.56.ebuild
deleted file mode 100644
index fd9f45030fa..00000000000
--- a/dev-libs/nss/nss-3.56.ebuild
+++ /dev/null
@@ -1,359 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.28"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-01-06 19:34 Fabian Groffen
  0 siblings, 0 replies; 466+ messages in thread
From: Fabian Groffen @ 2021-01-06 19:34 UTC (permalink / raw
  To: gentoo-commits

commit:     3f4e9d5edbd547beba1393dd4b5428ab35a91b7a
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  6 19:29:49 2021 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Jan  6 19:33:43 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f4e9d5e

dev-libs/nss: drop x86-macos

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 4 ++--
 dev-libs/nss/nss-3.59-r1.ebuild | 4 ++--
 dev-libs/nss/nss-3.60.ebuild    | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index 38528576dc7..ddd6a22d512 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="

diff --git a/dev-libs/nss/nss-3.59-r1.ebuild b/dev-libs/nss/nss-3.59-r1.ebuild
index 82184ff8a71..88811b3a567 100644
--- a/dev-libs/nss/nss-3.59-r1.ebuild
+++ b/dev-libs/nss/nss-3.59-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="

diff --git a/dev-libs/nss/nss-3.60.ebuild b/dev-libs/nss/nss-3.60.ebuild
index 383f86723a3..314e496305c 100644
--- a/dev-libs/nss/nss-3.60.ebuild
+++ b/dev-libs/nss/nss-3.60.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-01-09 12:38 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-01-09 12:38 UTC (permalink / raw
  To: gentoo-commits

commit:     b6567432e2a5d691a0e76c66c938195ba281ff15
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  9 12:37:11 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jan  9 12:37:11 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6567432

dev-libs/nss: update HOMEPAGE

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild | 2 +-
 dev-libs/nss/nss-3.59-r1.ebuild | 2 +-
 dev-libs/nss/nss-3.60.ebuild    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index ddd6a22d512..f7bb97581f3 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -9,7 +9,7 @@ NSPR_VER="4.29"
 RTM_NAME="NSS_${PV//./_}_RTM"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
 	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
 

diff --git a/dev-libs/nss/nss-3.59-r1.ebuild b/dev-libs/nss/nss-3.59-r1.ebuild
index 88811b3a567..5342986caa4 100644
--- a/dev-libs/nss/nss-3.59-r1.ebuild
+++ b/dev-libs/nss/nss-3.59-r1.ebuild
@@ -9,7 +9,7 @@ NSPR_VER="4.29"
 RTM_NAME="NSS_${PV//./_}_RTM"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
 	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
 

diff --git a/dev-libs/nss/nss-3.60.ebuild b/dev-libs/nss/nss-3.60.ebuild
index 314e496305c..7ac46a177d7 100644
--- a/dev-libs/nss/nss-3.60.ebuild
+++ b/dev-libs/nss/nss-3.60.ebuild
@@ -9,7 +9,7 @@ NSPR_VER="4.29"
 RTM_NAME="NSS_${PV//./_}_RTM"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://www.mozilla.org/projects/security/pki/nss/"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
 	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-01-09 13:53 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2021-01-09 13:53 UTC (permalink / raw
  To: gentoo-commits

commit:     8e3080cd1925770b49d9ab649facbc75ed88b20b
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  9 13:48:42 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan  9 13:53:06 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e3080cd

dev-libs/nss: Bump to version 3.60.1

Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.60.1.ebuild | 358 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 23a2d7aed51..d5daaa19eb3 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
+DIST nss-3.60.1.tar.gz 82036869 BLAKE2B 71f4ab4ee41a05b05493bb43bd0ebaa6258122ddf6bc82af565121ec32f72ae0f187ac2383501ed8e228b32b796f75a89538c76f737530215b3c6448ef1242a3 SHA512 ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
 DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.60.1.ebuild b/dev-libs/nss/nss-3.60.1.ebuild
new file mode 100644
index 00000000000..7ac46a177d7
--- /dev/null
+++ b/dev-libs/nss/nss-3.60.1.ebuild
@@ -0,0 +1,358 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-01-24  0:58 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-01-24  0:58 UTC (permalink / raw
  To: gentoo-commits

commit:     225fe6eb0b1b5896be4150a945ef2f848c059e93
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 24 00:55:59 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jan 24 00:55:59 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=225fe6eb

dev-libs/nss: drop old

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.60.ebuild | 358 -------------------------------------------
 2 files changed, 359 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 9ccebd00959..39bedf160fd 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.60.1.tar.gz 82036869 BLAKE2B 71f4ab4ee41a05b05493bb43bd0ebaa6258122ddf6bc82af565121ec32f72ae0f187ac2383501ed8e228b32b796f75a89538c76f737530215b3c6448ef1242a3 SHA512 ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
-DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
 DIST nss-3.61.tar.gz 82034245 BLAKE2B f04dd0dd79d44abd335799ee53bb2229ab0c65f5b9d5bf5b61e49fb33ae2eb5c061c278d5e03328e697a6f0f461411ca35df79afb9ab51df9b555cb410c0167b SHA512 b2fb2288d20b49097b6b24286ee39ec839ebabe2a84afe2d6a31dbefa9c2d1386dc85c97e41011eb11b12b1e4a410242c84648ac19bbabb7432dba460305bb37
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.60.ebuild b/dev-libs/nss/nss-3.60.ebuild
deleted file mode 100644
index 7ac46a177d7..00000000000
--- a/dev-libs/nss/nss-3.60.ebuild
+++ /dev/null
@@ -1,358 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-01-24  0:58 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-01-24  0:58 UTC (permalink / raw
  To: gentoo-commits

commit:     5d7d2c151d1bc190cd5b01e5fbb421d02cd7ccfb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 24 00:55:31 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jan 24 00:55:31 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d7d2c15

dev-libs/nss: bump to v3.61

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.61.ebuild | 358 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7b74a4a17fd..9ccebd00959 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.60.1.tar.gz 82036869 BLAKE2B 71f4ab4ee41a05b05493bb43bd0ebaa6258122ddf6bc82af565121ec32f72ae0f187ac2383501ed8e228b32b796f75a89538c76f737530215b3c6448ef1242a3 SHA512 ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
 DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
+DIST nss-3.61.tar.gz 82034245 BLAKE2B f04dd0dd79d44abd335799ee53bb2229ab0c65f5b9d5bf5b61e49fb33ae2eb5c061c278d5e03328e697a6f0f461411ca35df79afb9ab51df9b555cb410c0167b SHA512 b2fb2288d20b49097b6b24286ee39ec839ebabe2a84afe2d6a31dbefa9c2d1386dc85c97e41011eb11b12b1e4a410242c84648ac19bbabb7432dba460305bb37
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.61.ebuild b/dev-libs/nss/nss-3.61.ebuild
new file mode 100644
index 00000000000..7ac46a177d7
--- /dev/null
+++ b/dev-libs/nss/nss-3.61.ebuild
@@ -0,0 +1,358 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-02-21  2:17 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-02-21  2:17 UTC (permalink / raw
  To: gentoo-commits

commit:     cfa727234b757c5492df2139bfb8167cd9543d37
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 01:03:51 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 02:17:17 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfa72723

dev-libs/nss: bump to v3.62

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.62.ebuild | 358 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 359 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 39bedf160fd..9572d561eda 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
 DIST nss-3.60.1.tar.gz 82036869 BLAKE2B 71f4ab4ee41a05b05493bb43bd0ebaa6258122ddf6bc82af565121ec32f72ae0f187ac2383501ed8e228b32b796f75a89538c76f737530215b3c6448ef1242a3 SHA512 ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
 DIST nss-3.61.tar.gz 82034245 BLAKE2B f04dd0dd79d44abd335799ee53bb2229ab0c65f5b9d5bf5b61e49fb33ae2eb5c061c278d5e03328e697a6f0f461411ca35df79afb9ab51df9b555cb410c0167b SHA512 b2fb2288d20b49097b6b24286ee39ec839ebabe2a84afe2d6a31dbefa9c2d1386dc85c97e41011eb11b12b1e4a410242c84648ac19bbabb7432dba460305bb37
+DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.62.ebuild b/dev-libs/nss/nss-3.62.ebuild
new file mode 100644
index 00000000000..7ac46a177d7
--- /dev/null
+++ b/dev-libs/nss/nss-3.62.ebuild
@@ -0,0 +1,358 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-02-21 12:58 Fabian Groffen
  0 siblings, 0 replies; 466+ messages in thread
From: Fabian Groffen @ 2021-02-21 12:58 UTC (permalink / raw
  To: gentoo-commits

commit:     b387f1bfd1d5104ad747f490f46ee559d5719770
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 12:57:34 2021 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 12:58:04 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b387f1bf

dev-libs/nss: drop ~sparc-solaris, fix config for x86-based Solaris

- nspr support for sparc-solaris was dropped, so drop for this pkg too
- OS_ARCH on Solaris is i86pc for intel/amd64 targets

Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/nss/nss-3.58-r2.ebuild |  2 +-
 dev-libs/nss/nss-3.60.1.ebuild  |  2 +-
 dev-libs/nss/nss-3.61.ebuild    |  2 +-
 dev-libs/nss/nss-3.62.ebuild    | 13 +++++++------
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/dev-libs/nss/nss-3.58-r2.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
index f7bb97581f3..50de523f59f 100644
--- a/dev-libs/nss/nss-3.58-r2.ebuild
+++ b/dev-libs/nss/nss-3.58-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="

diff --git a/dev-libs/nss/nss-3.60.1.ebuild b/dev-libs/nss/nss-3.60.1.ebuild
index 7ac46a177d7..22ec72ccc32 100644
--- a/dev-libs/nss/nss-3.60.1.ebuild
+++ b/dev-libs/nss/nss-3.60.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="

diff --git a/dev-libs/nss/nss-3.61.ebuild b/dev-libs/nss/nss-3.61.ebuild
index 7ac46a177d7..22ec72ccc32 100644
--- a/dev-libs/nss/nss-3.61.ebuild
+++ b/dev-libs/nss/nss-3.61.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="

diff --git a/dev-libs/nss/nss-3.62.ebuild b/dev-libs/nss/nss-3.62.ebuild
index 7ac46a177d7..5e3240e8db8 100644
--- a/dev-libs/nss/nss-3.62.ebuild
+++ b/dev-libs/nss/nss-3.62.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
@@ -94,11 +94,12 @@ nssarch() {
 	# Most of the arches are the same as $ARCH
 	local t=${1:-${CHOST}}
 	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
 	esac
 }
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-19  9:24 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2021-03-19  9:24 UTC (permalink / raw
  To: gentoo-commits

commit:     e17bb54672fa958cd4b0a32badf01e5d5c09df52
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 19 09:24:47 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Mar 19 09:24:47 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e17bb546

dev-libs/nss: Removed old

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.60.1.ebuild | 358 -----------------------------------------
 dev-libs/nss/nss-3.61.ebuild   | 358 -----------------------------------------
 3 files changed, 718 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 86338099480..c54a531abad 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,4 @@
 DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d76d4f09aff523cc4cd071a3184f02dc488259df22109b70be7b8a5d5fa7ea2273a830de825cc9a8c95dcca9 SHA512 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
-DIST nss-3.60.1.tar.gz 82036869 BLAKE2B 71f4ab4ee41a05b05493bb43bd0ebaa6258122ddf6bc82af565121ec32f72ae0f187ac2383501ed8e228b32b796f75a89538c76f737530215b3c6448ef1242a3 SHA512 ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
-DIST nss-3.61.tar.gz 82034245 BLAKE2B f04dd0dd79d44abd335799ee53bb2229ab0c65f5b9d5bf5b61e49fb33ae2eb5c061c278d5e03328e697a6f0f461411ca35df79afb9ab51df9b555cb410c0167b SHA512 b2fb2288d20b49097b6b24286ee39ec839ebabe2a84afe2d6a31dbefa9c2d1386dc85c97e41011eb11b12b1e4a410242c84648ac19bbabb7432dba460305bb37
 DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
 DIST nss-3.63.tar.gz 82167087 BLAKE2B 3db1aea3aea8373ba8e285a5a87e8b5e39107af8cc5977701fb2fe29b6e7657dba1b1ea3bf80aa0768b0d5f6d130cacc3e029eec69b071a0d87da0825860ffd9 SHA512 2f1f75dce7fd049453cbcf53263a3d9d4d9e62ad2cc2fef4dd0d5645fe14dad4ce47ed64aae507a09214d7fccbe83c142844121f55b44783e5a1bcfe24ea671c
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.60.1.ebuild b/dev-libs/nss/nss-3.60.1.ebuild
deleted file mode 100644
index 22ec72ccc32..00000000000
--- a/dev-libs/nss/nss-3.60.1.ebuild
+++ /dev/null
@@ -1,358 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.61.ebuild b/dev-libs/nss/nss-3.61.ebuild
deleted file mode 100644
index 22ec72ccc32..00000000000
--- a/dev-libs/nss/nss-3.61.ebuild
+++ /dev/null
@@ -1,358 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
-	default
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		aarch64*)echo "aarch64";;
-		hppa*)   echo "parisc";;
-		i?86*)   echo "i686";;
-		x86_64*) echo "x86_64";;
-		*)       tc-arch ${t};;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-19  9:24 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2021-03-19  9:24 UTC (permalink / raw
  To: gentoo-commits

commit:     53d3fb8d3d50037dbcff8a325edfcdecd6d3bc49
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 19 09:24:05 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Mar 19 09:24:05 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53d3fb8d

dev-libs/nss: Bump to version 3.63

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.63.ebuild | 359 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 360 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 9572d561eda..86338099480 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.58.tar.gz 81846254 BLAKE2B f8e7d0b231916b197ad21706a057d055f8377059d7
 DIST nss-3.60.1.tar.gz 82036869 BLAKE2B 71f4ab4ee41a05b05493bb43bd0ebaa6258122ddf6bc82af565121ec32f72ae0f187ac2383501ed8e228b32b796f75a89538c76f737530215b3c6448ef1242a3 SHA512 ba398ddad6f90f3562a041b7fd5fc7b72eb20961cc5c1f4890c3b0d95d438404b26ae6feb54cb8c650707134479a915e1f522f0e9257bc2ede053dd0811156d5
 DIST nss-3.61.tar.gz 82034245 BLAKE2B f04dd0dd79d44abd335799ee53bb2229ab0c65f5b9d5bf5b61e49fb33ae2eb5c061c278d5e03328e697a6f0f461411ca35df79afb9ab51df9b555cb410c0167b SHA512 b2fb2288d20b49097b6b24286ee39ec839ebabe2a84afe2d6a31dbefa9c2d1386dc85c97e41011eb11b12b1e4a410242c84648ac19bbabb7432dba460305bb37
 DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
+DIST nss-3.63.tar.gz 82167087 BLAKE2B 3db1aea3aea8373ba8e285a5a87e8b5e39107af8cc5977701fb2fe29b6e7657dba1b1ea3bf80aa0768b0d5f6d130cacc3e029eec69b071a0d87da0825860ffd9 SHA512 2f1f75dce7fd049453cbcf53263a3d9d4d9e62ad2cc2fef4dd0d5645fe14dad4ce47ed64aae507a09214d7fccbe83c142844121f55b44783e5a1bcfe24ea671c
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
new file mode 100644
index 00000000000..5e3240e8db8
--- /dev/null
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -0,0 +1,359 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	if use cacert ; then #521462
+		PATCHES+=(
+			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
+		)
+	fi
+
+	default
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-28 18:18 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-03-28 18:18 UTC (permalink / raw
  To: gentoo-commits

commit:     c9b96f357ad5d4ba6c9a0793bfb09d48b37c7fc7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 18:17:54 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 18:17:54 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9b96f35

dev-libs/nss: Stabilize 3.63 amd64, #778941

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index 5e3240e8db8..f9d4f7c2d46 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-28 18:18 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-03-28 18:18 UTC (permalink / raw
  To: gentoo-commits

commit:     a1704e0d5a1f191194f3d0a88973d19a464c5021
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 18:18:39 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 18:18:39 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1704e0d

dev-libs/nss: Stabilize 3.63 x86, #778941

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index f9d4f7c2d46..0e40652520b 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-28 18:20 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-03-28 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     6966aa03c90318f5578709e7290396344d4f5451
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 18:19:42 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 18:19:42 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6966aa03

dev-libs/nss: Stabilize 3.63 ppc64, #778941

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index 3197b48ea67..07bacf4f7c8 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-28 18:20 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-03-28 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     75ef9f4a532f481b7b54cfa70419e2e4c6166d21
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 18:19:25 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 18:19:25 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75ef9f4a

dev-libs/nss: Stabilize 3.63 ppc, #778941

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index 0e40652520b..3197b48ea67 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-28 18:20 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-03-28 18:20 UTC (permalink / raw
  To: gentoo-commits

commit:     b6d3f9e3c25baa1987efd176fa0782d33aa04862
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 28 18:20:01 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 28 18:20:01 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6d3f9e3

dev-libs/nss: Stabilize 3.63 sparc, #778941

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index 07bacf4f7c8..6c5fec70e37 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-29 14:50 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-03-29 14:50 UTC (permalink / raw
  To: gentoo-commits

commit:     310de9bddc48434be099e942fe75cd145d32dcb7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 29 14:31:13 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 29 14:31:13 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=310de9bd

dev-libs/nss: Stabilize 3.63 arm, #778941

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index b4e81e8ddbe..5aa4ded66b4 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-31 14:08 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2021-03-31 14:08 UTC (permalink / raw
  To: gentoo-commits

commit:     cfc0bae547581b461877284a271aa6e0eda04a08
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 31 14:07:28 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Mar 31 14:08:15 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfc0bae5

dev-libs/nss: s390 stable wrt bug #778941

Package-Manager: Portage-3.0.13, Repoman-3.0.2
RepoMan-Options: --include-arches="s390"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index 5aa4ded66b4..685431a7f4c 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-03-31 15:25 Sergei Trofimovich
  0 siblings, 0 replies; 466+ messages in thread
From: Sergei Trofimovich @ 2021-03-31 15:25 UTC (permalink / raw
  To: gentoo-commits

commit:     0056162b5869f4a03b3295ac0e8fe23fbdda19e1
Author:     Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Wed Mar 31 15:05:08 2021 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Wed Mar 31 15:25:38 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0056162b

dev-libs/nss: stable 3.63 for hppa, bug #778941

Package-Manager: Portage-3.0.17, Repoman-3.0.2
RepoMan-Options: --include-arches="hppa"
Signed-off-by: Rolf Eike Beer <eike <AT> sf-mail.de>
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 dev-libs/nss/nss-3.63.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.ebuild
index 685431a7f4c..026fd9ebc50 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-04-16 11:35 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-04-16 11:35 UTC (permalink / raw
  To: gentoo-commits

commit:     7e632979a0b254e614aa01535860907eee6902cb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 16 11:23:32 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 11:34:02 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e632979

dev-libs/nss: bump to v3.64

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.64.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6d44c3bca5b..eb9a177cd00 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,2 +1,3 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
+DIST nss-3.64.tar.gz 82173054 BLAKE2B 4786a1ff6f4e47dbb6bfef6a2bc47ffeac51aa37f12168872d23799b8d6ca440578acf512e9ec7563ef64331d3fd84c387f17e41afa2ee30d8623c6f66207631 SHA512 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66

diff --git a/dev-libs/nss/nss-3.64.ebuild b/dev-libs/nss/nss-3.64.ebuild
new file mode 100644
index 00000000000..f05b462f30d
--- /dev/null
+++ b/dev-libs/nss/nss-3.64.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-04-16 11:35 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-04-16 11:35 UTC (permalink / raw
  To: gentoo-commits

commit:     c2cc6f938e7d434886140bba6c0e96e27d09384a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 16 11:15:41 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 11:34:01 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2cc6f93

dev-libs/nss: update cacert certificate

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest                               |  4 ++--
 dev-libs/nss/{nss-3.63.ebuild => nss-3.63.1.ebuild} | 12 +++++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 94f7cbcc143..6d44c3bca5b 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,2 +1,2 @@
-DIST nss-3.63.tar.gz 82167087 BLAKE2B 3db1aea3aea8373ba8e285a5a87e8b5e39107af8cc5977701fb2fe29b6e7657dba1b1ea3bf80aa0768b0d5f6d130cacc3e029eec69b071a0d87da0825860ffd9 SHA512 2f1f75dce7fd049453cbcf53263a3d9d4d9e62ad2cc2fef4dd0d5645fe14dad4ce47ed64aae507a09214d7fccbe83c142844121f55b44783e5a1bcfe24ea671c
-DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
+DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
+DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66

diff --git a/dev-libs/nss/nss-3.63.ebuild b/dev-libs/nss/nss-3.63.1.ebuild
similarity index 98%
rename from dev-libs/nss/nss-3.63.ebuild
rename to dev-libs/nss/nss-3.63.1.ebuild
index 447c0480c7d..106c5b77225 100644
--- a/dev-libs/nss/nss-3.63.ebuild
+++ b/dev-libs/nss/nss-3.63.1.ebuild
@@ -11,7 +11,7 @@ RTM_NAME="NSS_${PV//./_}_RTM"
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
@@ -42,14 +42,12 @@ PATCHES=(
 )
 
 src_prepare() {
-	if use cacert ; then #521462
-		PATCHES+=(
-			"${DISTDIR}/${PN}-cacert-class1-class3.patch"
-		)
-	fi
-
 	default
 
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+	fi
+
 	pushd coreconf >/dev/null || die
 	# hack nspr paths
 	echo 'INCLUDES += -I$(DIST)/include/dbm' \


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-05-16 20:51 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-05-16 20:51 UTC (permalink / raw
  To: gentoo-commits

commit:     f2f864eec817772f9de72988913e80593448f106
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun May 16 20:36:10 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun May 16 20:51:44 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2f864ee

dev-libs/nss: bump to v3.65

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.65.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index eb9a177cd00..6c552e5c377 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.64.tar.gz 82173054 BLAKE2B 4786a1ff6f4e47dbb6bfef6a2bc47ffeac51aa37f12168872d23799b8d6ca440578acf512e9ec7563ef64331d3fd84c387f17e41afa2ee30d8623c6f66207631 SHA512 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04
+DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66

diff --git a/dev-libs/nss/nss-3.65.ebuild b/dev-libs/nss/nss-3.65.ebuild
new file mode 100644
index 00000000000..f05b462f30d
--- /dev/null
+++ b/dev-libs/nss/nss-3.65.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-05-28 19:16 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-05-28 19:16 UTC (permalink / raw
  To: gentoo-commits

commit:     9a827f07cbf0aaaf7b41abcebda69b17cff5a170
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 28 19:10:41 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 28 19:16:22 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a827f07

dev-libs/nss: drop old

Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.64.ebuild | 357 -------------------------------------------
 2 files changed, 358 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6c552e5c377..35b0cdd18b5 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
-DIST nss-3.64.tar.gz 82173054 BLAKE2B 4786a1ff6f4e47dbb6bfef6a2bc47ffeac51aa37f12168872d23799b8d6ca440578acf512e9ec7563ef64331d3fd84c387f17e41afa2ee30d8623c6f66207631 SHA512 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04
 DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66

diff --git a/dev-libs/nss/nss-3.64.ebuild b/dev-libs/nss/nss-3.64.ebuild
deleted file mode 100644
index f05b462f30d..00000000000
--- a/dev-libs/nss/nss-3.64.ebuild
+++ /dev/null
@@ -1,357 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-05-28 19:16 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-05-28 19:16 UTC (permalink / raw
  To: gentoo-commits

commit:     cbf168552e2bc2111b344be2f42e794a0146d48a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 28 19:11:53 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 28 19:16:22 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cbf16855

dev-libs/nss: update CAcert Root 3 certificate

Bug: https://bugs.gentoo.org/791286
Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest                                    | 2 +-
 dev-libs/nss/metadata.xml                                | 2 +-
 dev-libs/nss/{nss-3.63.1.ebuild => nss-3.63.1-r1.ebuild} | 4 ++--
 dev-libs/nss/{nss-3.65.ebuild => nss-3.65-r1.ebuild}     | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 35b0cdd18b5..d56dec8421e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,3 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
-DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66
+DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index c76b165099c..117bb1aac77 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -7,7 +7,7 @@
 </maintainer>
 <use>
   <flag name="cacert">
-    Include root/class3 certs from CAcert (http://www.cacert.org/)
+    Include root/class3 certs from CAcert (https://www.cacert.org/)
   </flag>
   <flag name="utils">Install utilities included with the library</flag>
 </use>

diff --git a/dev-libs/nss/nss-3.63.1.ebuild b/dev-libs/nss/nss-3.63.1-r1.ebuild
similarity index 98%
rename from dev-libs/nss/nss-3.63.1.ebuild
rename to dev-libs/nss/nss-3.63.1-r1.ebuild
index 106c5b77225..ab23dc3b558 100644
--- a/dev-libs/nss/nss-3.63.1.ebuild
+++ b/dev-libs/nss/nss-3.63.1-r1.ebuild
@@ -11,7 +11,7 @@ RTM_NAME="NSS_${PV//./_}_RTM"
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch )"
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
@@ -45,7 +45,7 @@ src_prepare() {
 	default
 
 	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
 	fi
 
 	pushd coreconf >/dev/null || die

diff --git a/dev-libs/nss/nss-3.65.ebuild b/dev-libs/nss/nss-3.65-r1.ebuild
similarity index 98%
rename from dev-libs/nss/nss-3.65.ebuild
rename to dev-libs/nss/nss-3.65-r1.ebuild
index f05b462f30d..200e2c3b7bf 100644
--- a/dev-libs/nss/nss-3.65.ebuild
+++ b/dev-libs/nss/nss-3.65-r1.ebuild
@@ -11,7 +11,7 @@ RTM_NAME="NSS_${PV//./_}_RTM"
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch )"
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
@@ -45,7 +45,7 @@ src_prepare() {
 	default
 
 	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
 	fi
 
 	pushd coreconf >/dev/null || die


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-05-28 19:36 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-05-28 19:36 UTC (permalink / raw
  To: gentoo-commits

commit:     7b03da02da69388bbeb972a9641194f23ee59237
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 28 19:33:25 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 28 19:36:08 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b03da02

dev-libs/nss: bump to v3.66

Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.66.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index d56dec8421e..a51cccc229f 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
+DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.66.ebuild b/dev-libs/nss/nss-3.66.ebuild
new file mode 100644
index 00000000000..200e2c3b7bf
--- /dev/null
+++ b/dev-libs/nss/nss-3.66.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-06-11 12:37 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-06-11 12:37 UTC (permalink / raw
  To: gentoo-commits

commit:     755dc8ef5923d769e5e94508f582cb3acc2cd106
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 11 12:36:59 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jun 11 12:36:59 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=755dc8ef

dev-libs/nss: bump to v3.67

Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.67.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a51cccc229f..e832dd81efb 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
+DIST nss-3.67.tar.gz 82402188 BLAKE2B 00733c3f3b47e9dd5d5492ecc67baf2507b2bb446a7245422065f1ff28fcfdca25b6e93854ab5b1bd8b2706821a143b5d1d33273008982416148a8ced8e5117e SHA512 1d3fa3fafbf3e54c9c3b54b0b3c291aebb48542380a1b704fa07359d3cefab93f166b31928c9db190ed58118e289e67ce8aa1619e4219d69b2c098484a22bc9d
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.67.ebuild b/dev-libs/nss/nss-3.67.ebuild
new file mode 100644
index 00000000000..200e2c3b7bf
--- /dev/null
+++ b/dev-libs/nss/nss-3.67.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.29"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-07-13 21:04 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-07-13 21:04 UTC (permalink / raw
  To: gentoo-commits

commit:     47c1dc4f1bfef0d1eec234405f723dec68d42aee
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 13 20:52:47 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 13 21:04:49 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47c1dc4f

dev-libs/nss: bump to v3.68

Package-Manager: Portage-3.0.21, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.68.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e832dd81efb..7ad49eef752 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70
 DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.67.tar.gz 82402188 BLAKE2B 00733c3f3b47e9dd5d5492ecc67baf2507b2bb446a7245422065f1ff28fcfdca25b6e93854ab5b1bd8b2706821a143b5d1d33273008982416148a8ced8e5117e SHA512 1d3fa3fafbf3e54c9c3b54b0b3c291aebb48542380a1b704fa07359d3cefab93f166b31928c9db190ed58118e289e67ce8aa1619e4219d69b2c098484a22bc9d
+DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
new file mode 100644
index 00000000000..6f5630e8928
--- /dev/null
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-08-08 18:57 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2021-08-08 18:57 UTC (permalink / raw
  To: gentoo-commits

commit:     dde892feb1c91fcd93546f544e58c53c9ee185d1
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  8 18:49:30 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Aug  8 18:57:26 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dde892fe

dev-libs/nss: Bump to version 3.69

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.69.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7ad49eef752..9f24de60870 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,4 +3,5 @@ DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.67.tar.gz 82402188 BLAKE2B 00733c3f3b47e9dd5d5492ecc67baf2507b2bb446a7245422065f1ff28fcfdca25b6e93854ab5b1bd8b2706821a143b5d1d33273008982416148a8ced8e5117e SHA512 1d3fa3fafbf3e54c9c3b54b0b3c291aebb48542380a1b704fa07359d3cefab93f166b31928c9db190ed58118e289e67ce8aa1619e4219d69b2c098484a22bc9d
 DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
+DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.69.ebuild b/dev-libs/nss/nss-3.69.ebuild
new file mode 100644
index 00000000000..2b0b9c2e628
--- /dev/null
+++ b/dev-libs/nss/nss-3.69.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-08-08 18:57 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2021-08-08 18:57 UTC (permalink / raw
  To: gentoo-commits

commit:     3248939819158a42a9811d4f78bfcc71765878ca
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  8 18:53:20 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Aug  8 18:57:26 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32489398

dev-libs/nss: Removed old

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest           |   3 -
 dev-libs/nss/nss-3.65-r1.ebuild | 357 ----------------------------------------
 dev-libs/nss/nss-3.66.ebuild    | 357 ----------------------------------------
 dev-libs/nss/nss-3.67.ebuild    | 357 ----------------------------------------
 4 files changed, 1074 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 9f24de60870..fc6e2e47052 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,4 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
-DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
-DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
-DIST nss-3.67.tar.gz 82402188 BLAKE2B 00733c3f3b47e9dd5d5492ecc67baf2507b2bb446a7245422065f1ff28fcfdca25b6e93854ab5b1bd8b2706821a143b5d1d33273008982416148a8ced8e5117e SHA512 1d3fa3fafbf3e54c9c3b54b0b3c291aebb48542380a1b704fa07359d3cefab93f166b31928c9db190ed58118e289e67ce8aa1619e4219d69b2c098484a22bc9d
 DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.65-r1.ebuild b/dev-libs/nss/nss-3.65-r1.ebuild
deleted file mode 100644
index 200e2c3b7bf..00000000000
--- a/dev-libs/nss/nss-3.65-r1.ebuild
+++ /dev/null
@@ -1,357 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.66.ebuild b/dev-libs/nss/nss-3.66.ebuild
deleted file mode 100644
index 200e2c3b7bf..00000000000
--- a/dev-libs/nss/nss-3.66.ebuild
+++ /dev/null
@@ -1,357 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.67.ebuild b/dev-libs/nss/nss-3.67.ebuild
deleted file mode 100644
index ef875241a2f..00000000000
--- a/dev-libs/nss/nss-3.67.ebuild
+++ /dev/null
@@ -1,357 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-09-01 14:17 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-09-01 14:17 UTC (permalink / raw
  To: gentoo-commits

commit:     22a7f74cd073475de223ab74952c2e4ad0b8f167
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  1 14:11:34 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Sep  1 14:11:34 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22a7f74c

dev-libs/nss: bump to v3.69.1

Package-Manager: Portage-3.0.22, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.69.1.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index fc6e2e47052..3ee3c349398 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
+DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf688c900eb283f83f0ac60498cce2d936950836b0bfb097ee9315860dbbd402a3b63ab28d23b3bd90523b65ead3 SHA512 26895e542e66bb99965da9832cd7f5b191336aa1027b2e90f194473dd8f6277909102f21833d988fa8d8b0e2178eaca9437b182d1155038abb0743eda2cc5697
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.69.1.ebuild b/dev-libs/nss/nss-3.69.1.ebuild
new file mode 100644
index 00000000000..2b0b9c2e628
--- /dev/null
+++ b/dev-libs/nss/nss-3.69.1.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-09-02 18:10 Georgy Yakovlev
  0 siblings, 0 replies; 466+ messages in thread
From: Georgy Yakovlev @ 2021-09-02 18:10 UTC (permalink / raw
  To: gentoo-commits

commit:     255c6d278fa321dbd5be0bd1edf1ca2e776a4b8d
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  2 17:55:30 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Thu Sep  2 18:09:39 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=255c6d27

dev-libs/nss: add ppc cpu flags

Closes: https://bugs.gentoo.org/764191
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 dev-libs/nss/nss-3.63.1-r1.ebuild | 11 ++++++++++-
 dev-libs/nss/nss-3.68.ebuild      | 11 ++++++++++-
 dev-libs/nss/nss-3.69.1.ebuild    | 11 ++++++++++-
 dev-libs/nss/nss-3.69.ebuild      | 11 ++++++++++-
 4 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/dev-libs/nss/nss-3.63.1-r1.ebuild b/dev-libs/nss/nss-3.63.1-r1.ebuild
index ab23dc3b558..35a01a196be 100644
--- a/dev-libs/nss/nss-3.63.1-r1.ebuild
+++ b/dev-libs/nss/nss-3.63.1-r1.ebuild
@@ -16,7 +16,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
@@ -168,6 +168,15 @@ multilib_src_compile() {
 		export CC_IS_CLANG=1
 	fi
 
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
 	local d
 
 	# Build the host tools first.

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index 6f5630e8928..a4a9893d778 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -16,7 +16,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
@@ -168,6 +168,15 @@ multilib_src_compile() {
 		export CC_IS_CLANG=1
 	fi
 
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
 	local d
 
 	# Build the host tools first.

diff --git a/dev-libs/nss/nss-3.69.1.ebuild b/dev-libs/nss/nss-3.69.1.ebuild
index 2b0b9c2e628..973f651b763 100644
--- a/dev-libs/nss/nss-3.69.1.ebuild
+++ b/dev-libs/nss/nss-3.69.1.ebuild
@@ -16,7 +16,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
@@ -168,6 +168,15 @@ multilib_src_compile() {
 		export CC_IS_CLANG=1
 	fi
 
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
 	local d
 
 	# Build the host tools first.

diff --git a/dev-libs/nss/nss-3.69.ebuild b/dev-libs/nss/nss-3.69.ebuild
index 2b0b9c2e628..973f651b763 100644
--- a/dev-libs/nss/nss-3.69.ebuild
+++ b/dev-libs/nss/nss-3.69.ebuild
@@ -16,7 +16,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
@@ -168,6 +168,15 @@ multilib_src_compile() {
 		export CC_IS_CLANG=1
 	fi
 
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
 	local d
 
 	# Build the host tools first.


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-09-04  6:26 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-09-04  6:26 UTC (permalink / raw
  To: gentoo-commits

commit:     aecd18f8b95bb6b64976bc7de16593e45668efe7
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  4 05:57:38 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Sep  4 05:57:38 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aecd18f8

dev-libs/nss: add perl as BDEPEND to 3.69.1

-----
perl certdata.perl certdata.txt Linux5.13_x86_x86_64-pc-linux-gnu-gcc_glibc_PTH_OPT.OBJ/certdata.c
make[6]: perl: No such file or directory
* ERROR: dev-libs/nss-3.69.1::gentoo failed (compile phase):
-----

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.69.1.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.69.1.ebuild b/dev-libs/nss/nss-3.69.1.ebuild
index 973f651b763..0618a36a643 100644
--- a/dev-libs/nss/nss-3.69.1.ebuild
+++ b/dev-libs/nss/nss-3.69.1.ebuild
@@ -25,6 +25,7 @@ RDEPEND="
 	virtual/pkgconfig
 "
 DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl:*"
 
 RESTRICT="test"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-09-05 19:31 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-09-05 19:31 UTC (permalink / raw
  To: gentoo-commits

commit:     a7bae57bfda9c2d90680c2898bcf28cf240177b3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  5 19:24:54 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep  5 19:31:35 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7bae57b

dev-libs/nss: bump to v3.70

Package-Manager: Portage-3.0.22, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.70.ebuild | 357 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 358 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3ee3c349398..c6d5d3a2c2d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70
 DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
 DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf688c900eb283f83f0ac60498cce2d936950836b0bfb097ee9315860dbbd402a3b63ab28d23b3bd90523b65ead3 SHA512 26895e542e66bb99965da9832cd7f5b191336aa1027b2e90f194473dd8f6277909102f21833d988fa8d8b0e2178eaca9437b182d1155038abb0743eda2cc5697
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
+DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
new file mode 100644
index 00000000000..2b0b9c2e628
--- /dev/null
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -0,0 +1,357 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-09-08  1:07 Georgy Yakovlev
  0 siblings, 0 replies; 466+ messages in thread
From: Georgy Yakovlev @ 2021-09-08  1:07 UTC (permalink / raw
  To: gentoo-commits

commit:     8703298c9881647a622a941b05757df2794211a3
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  8 01:06:57 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Wed Sep  8 01:06:57 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8703298c

dev-libs/nss: re-introduce cpu_flags_ppc to 3.70

Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index 2b0b9c2e628..973f651b763 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -16,7 +16,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
@@ -168,6 +168,15 @@ multilib_src_compile() {
 		export CC_IS_CLANG=1
 	fi
 
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
 	local d
 
 	# Build the host tools first.


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-09-09 12:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-09-09 12:10 UTC (permalink / raw
  To: gentoo-commits

commit:     a539ae2fa8122bdaa2418be3c27f0476b778d73b
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Sep  9 12:09:14 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Sep  9 12:10:30 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a539ae2f

dev-libs/nss: add BDEPEND="dev-lang/perl" to 3.70

 - still needed,
     $(PERL) certdata.perl $(NSS_CERTDATA_TXT) $@

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index 973f651b763..97adb106159 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -25,6 +25,7 @@ RDEPEND="
 	virtual/pkgconfig
 "
 DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
 
 RESTRICT="test"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-10-15 14:33 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-10-15 14:33 UTC (permalink / raw
  To: gentoo-commits

commit:     869780e434f1c5738412860f85962b98a1bc01a3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 15 13:06:00 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Oct 15 14:32:55 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=869780e4

dev-libs/nss: bump to v3.71

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.71.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c6d5d3a2c2d..7d209501bfa 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,4 +3,5 @@ DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf
 DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf688c900eb283f83f0ac60498cce2d936950836b0bfb097ee9315860dbbd402a3b63ab28d23b3bd90523b65ead3 SHA512 26895e542e66bb99965da9832cd7f5b191336aa1027b2e90f194473dd8f6277909102f21833d988fa8d8b0e2178eaca9437b182d1155038abb0743eda2cc5697
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
+DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.71.ebuild b/dev-libs/nss/nss-3.71.ebuild
new file mode 100644
index 00000000000..97adb106159
--- /dev/null
+++ b/dev-libs/nss/nss-3.71.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-01  1:25 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-11-01  1:25 UTC (permalink / raw
  To: gentoo-commits

commit:     8c67f2a1b088c44d08eba35cf93ace5143813423
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  1 01:11:47 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Nov  1 01:11:47 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c67f2a1

dev-libs/nss: bump to v3.72

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.72.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7d209501bfa..105a2721e80 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf68
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
+DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.72.ebuild b/dev-libs/nss/nss-3.72.ebuild
new file mode 100644
index 00000000000..97adb106159
--- /dev/null
+++ b/dev-libs/nss/nss-3.72.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-04  8:41 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-11-04  8:41 UTC (permalink / raw
  To: gentoo-commits

commit:     54e673915f1e51b62414f329b9d970eb546ed1a9
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  4 08:39:23 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Nov  4 08:39:23 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54e67391

dev-libs/nss: stabilize 3.70 for amd64

Bug: https://bugs.gentoo.org/821385
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index 97adb106159..ef1f3adb133 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-05  3:43 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-11-05  3:43 UTC (permalink / raw
  To: gentoo-commits

commit:     443cf3080016a0c97788a57dbb22695bb1d46e41
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov  5 03:43:43 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov  5 03:43:43 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=443cf308

dev-libs/nss: Stabilize 3.70 arm64, #821679

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index ef1f3adb133..ca2058ee56a 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-07  7:43 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-11-07  7:43 UTC (permalink / raw
  To: gentoo-commits

commit:     22cc63e7235a7c5e5c48c036235f37cffbb45599
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  7 07:42:24 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Nov  7 07:42:24 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22cc63e7

dev-libs/nss: stabilize 3.70 for x86

Bug: https://bugs.gentoo.org/821679
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index ca2058ee56a..35df645e13f 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-10 18:11 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2021-11-10 18:11 UTC (permalink / raw
  To: gentoo-commits

commit:     7dc622642ea86e5b87aaa0164ab0c660fea014f0
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 10 18:09:58 2021 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Nov 10 18:10:29 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dc62264

dev-libs/nss: Stabilize 3.70 sparc, #822957

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index 35df645e13f..e4ab90fa544 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-11  6:51 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-11-11  6:51 UTC (permalink / raw
  To: gentoo-commits

commit:     bd8726ac86dd56ba8406e0d4c0ff1cc1ef8c19f7
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 11 06:49:36 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 06:49:36 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd8726ac

dev-libs/nss: add BDEPEND="dev-lang/perl" for 3.68

 - make[6]: perl: No such file or directory

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index a4a9893d778..df232f044ef 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -25,6 +25,7 @@ RDEPEND="
 	virtual/pkgconfig
 "
 DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
 
 RESTRICT="test"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-11  7:32 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-11-11  7:32 UTC (permalink / raw
  To: gentoo-commits

commit:     d3a8c48feb861e66a76fd2bb05509c2bc9164b4b
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 11 07:31:59 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 07:31:59 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3a8c48f

dev-libs/nss: stabilize 3.68 for x86

Bug: https://bugs.gentoo.org/822957
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index df232f044ef..a77a87337fb 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-11 15:14 Jakov Smolić
  0 siblings, 0 replies; 466+ messages in thread
From: Jakov Smolić @ 2021-11-11 15:14 UTC (permalink / raw
  To: gentoo-commits

commit:     d05a48b1826ddc15cdf0d4c9125c0a3b77a35e44
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 11 15:14:32 2021 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 15:14:32 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d05a48b1

dev-libs/nss: Stabilize 3.68 amd64, #822957

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index a77a87337fb..c3aa85dcf08 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-11 18:36 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2021-11-11 18:36 UTC (permalink / raw
  To: gentoo-commits

commit:     86bc568b09788a7aacd3cfd35722a4f86f2ca4a3
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 11 18:35:40 2021 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 18:35:59 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86bc568b

dev-libs/nss: Stabilize 3.68 sparc, #822957

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index c3aa85dcf08..c128276faa6 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-13 19:50 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-11-13 19:50 UTC (permalink / raw
  To: gentoo-commits

commit:     50b8f483c01b258ea1e013b150e843e61c682157
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 13 19:49:09 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Nov 13 19:49:09 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50b8f483

dev-libs/nss: Stabilize 3.68 ppc64, #822957

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index 831a383c78d..9c16f8eb783 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-14  2:15 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-11-14  2:15 UTC (permalink / raw
  To: gentoo-commits

commit:     510b4259129776e8a3d8a3692cc6d353942f8596
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 02:14:43 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 02:14:43 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=510b4259

dev-libs/nss: Stabilize 3.68 arm, #822957

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index 9c16f8eb783e..f3a82e5a9be6 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-14  9:21 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-11-14  9:21 UTC (permalink / raw
  To: gentoo-commits

commit:     3d2549c4f647a5a78dd51a1ca801698940719e3d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 09:20:52 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 09:20:52 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d2549c4

dev-libs/nss: Stabilize 3.68 arm64, #822957

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
index f3a82e5a9be6..b4b769ddec09 100644
--- a/dev-libs/nss/nss-3.68.ebuild
+++ b/dev-libs/nss/nss-3.68.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-11-16  6:33 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-11-16  6:33 UTC (permalink / raw
  To: gentoo-commits

commit:     2f6400b39358f13bfd0b0da6bb0930b889ee477a
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 16 06:31:10 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Nov 16 06:31:10 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f6400b3

dev-libs/nss: drop ~amd64, ~arm64, ~sparc, ~x86 on 3.70

 - mistakenly stabilized instead of the ESR version. Luckily they seem
   API-compliant.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.70.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
index e4ab90fa5446..97adb106159f 100644
--- a/dev-libs/nss/nss-3.70.ebuild
+++ b/dev-libs/nss/nss-3.70.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-01 17:28 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-12-01 17:28 UTC (permalink / raw
  To: gentoo-commits

commit:     4e38a2a73eee2d035983aaf05b21694979c0c128
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Dec  1 17:23:16 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Dec  1 17:28:11 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e38a2a7

dev-libs/nss: bump to v3.68.1

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.68.1.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6e917b1cda2c..385866c59d4e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
+DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
 DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
 DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf688c900eb283f83f0ac60498cce2d936950836b0bfb097ee9315860dbbd402a3b63ab28d23b3bd90523b65ead3 SHA512 26895e542e66bb99965da9832cd7f5b191336aa1027b2e90f194473dd8f6277909102f21833d988fa8d8b0e2178eaca9437b182d1155038abb0743eda2cc5697
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
new file mode 100644
index 000000000000..df232f044ef4
--- /dev/null
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-01 17:28 Thomas Deutschmann
  0 siblings, 0 replies; 466+ messages in thread
From: Thomas Deutschmann @ 2021-12-01 17:28 UTC (permalink / raw
  To: gentoo-commits

commit:     b5c9c8b6fba353f7d71ccb82cce8ed74cabff414
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Dec  1 17:22:30 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Dec  1 17:28:11 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5c9c8b6

dev-libs/nss: bump to v3.73

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.73.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 105a2721e809..6e917b1cda2c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d101
 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
+DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.73.ebuild b/dev-libs/nss/nss-3.73.ebuild
new file mode 100644
index 000000000000..97adb106159f
--- /dev/null
+++ b/dev-libs/nss/nss-3.73.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-01 22:12 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-12-01 22:12 UTC (permalink / raw
  To: gentoo-commits

commit:     71125cbc1b71b868fe4b55c20771dc477f07582c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Dec  1 22:11:54 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec  1 22:11:54 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71125cbc

dev-libs/nss: Stabilize 3.68.1 amd64, #827951

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index df232f044ef4..cadfb970a377 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-02  1:01 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-12-02  1:01 UTC (permalink / raw
  To: gentoo-commits

commit:     3488b84226be718b5531f75f56119e07d37551bf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  2 01:01:12 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec  2 01:01:12 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3488b842

dev-libs/nss: Stabilize 3.68.1 ppc, #827951

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index cadfb970a377..03339b5f43f5 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-02  3:20 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-12-02  3:20 UTC (permalink / raw
  To: gentoo-commits

commit:     6e568164056e6e2e37b317083986f9f9317d2e10
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  2 03:19:58 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec  2 03:19:58 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e568164

dev-libs/nss: Stabilize 3.68.1 arm, #827951

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index 03339b5f43f5..6a25c8d8c82e 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-02  3:20 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-12-02  3:20 UTC (permalink / raw
  To: gentoo-commits

commit:     cc337df20b0ce43c962d5567f291ade681d92e99
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  2 03:20:02 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec  2 03:20:02 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc337df2

dev-libs/nss: Stabilize 3.68.1 arm64, #827951

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index 6a25c8d8c82e..b821c8482891 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-02  8:26 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2021-12-02  8:26 UTC (permalink / raw
  To: gentoo-commits

commit:     8f315d340faa5219db9d1e415e57e49d771e183a
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  2 08:26:27 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Dec  2 08:26:27 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f315d34

dev-libs/nss: ppc64 stable wrt bug #827951

Package-Manager: Portage-3.0.20, Repoman-3.0.3
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index b821c8482891..783fd398e821 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-02  8:27 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2021-12-02  8:27 UTC (permalink / raw
  To: gentoo-commits

commit:     e24ea2f3cd86e76c7bf748dbd68f4b981821caf0
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  2 08:27:07 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Dec  2 08:27:07 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e24ea2f3

dev-libs/nss: sparc stable wrt bug #827951

Package-Manager: Portage-3.0.20, Repoman-3.0.3
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index 783fd398e821..bee4614bed69 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-02  8:29 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2021-12-02  8:29 UTC (permalink / raw
  To: gentoo-commits

commit:     7659b52c98bafa16caaf34656ae9cab318e7a541
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Dec  2 08:29:18 2021 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Dec  2 08:29:21 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7659b52c

dev-libs/nss: x86 stable wrt bug #827951

Package-Manager: Portage-3.0.20, Repoman-3.0.3
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index bee4614bed69..b4b769ddec09 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-04  1:32 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2021-12-04  1:32 UTC (permalink / raw
  To: gentoo-commits

commit:     82313f487ac2354fcedefdfb725ad59ac8243ab5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  4 01:32:30 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec  4 01:32:30 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82313f48

dev-libs/nss: Stabilize 3.68.1 hppa, #827951

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
index b4b769ddec09..e0e1815712f9 100644
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ b/dev-libs/nss/nss-3.68.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-17  9:06 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-12-17  9:06 UTC (permalink / raw
  To: gentoo-commits

commit:     56d751ef9a79fcf0dd7c29401f8fdf1d79623986
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 17 07:27:31 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 09:06:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56d751ef

dev-libs/nss: add 3.72.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.72.1.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 385866c59d4e..131f49c36b73 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -5,6 +5,7 @@ DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf68
 DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
+DIST nss-3.72.1.tar.gz 83929867 BLAKE2B 8be49eef0c1845a65da61829798d119b6b88b5aad6e07059d42e7c4b41d6a03975d82bb598ba0614f596107eb73408269f6a78c9a173f82566948638aeafde96 SHA512 57abc2752484049b59b3a7606814341c194bfa0db781dd5fc805fbe79787073ab4dbc1944719a8def71e5d4f371f2948aaa558290134c4f247c61dd5e96daf8a
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.72.1.ebuild b/dev-libs/nss/nss-3.72.1.ebuild
new file mode 100644
index 000000000000..97adb106159f
--- /dev/null
+++ b/dev-libs/nss/nss-3.72.1.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-17  9:06 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-12-17  9:06 UTC (permalink / raw
  To: gentoo-commits

commit:     b1a935544f674baa6ae5a4ba3440273430a032ca
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 17 07:27:58 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 09:06:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1a93554

dev-libs/nss: add 3.73.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.73.1.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 131f49c36b73..2c50f23eaa66 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -7,5 +7,6 @@ DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8a
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-3.72.1.tar.gz 83929867 BLAKE2B 8be49eef0c1845a65da61829798d119b6b88b5aad6e07059d42e7c4b41d6a03975d82bb598ba0614f596107eb73408269f6a78c9a173f82566948638aeafde96 SHA512 57abc2752484049b59b3a7606814341c194bfa0db781dd5fc805fbe79787073ab4dbc1944719a8def71e5d4f371f2948aaa558290134c4f247c61dd5e96daf8a
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
+DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071
 DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.73.1.ebuild b/dev-libs/nss/nss-3.73.1.ebuild
new file mode 100644
index 000000000000..97adb106159f
--- /dev/null
+++ b/dev-libs/nss/nss-3.73.1.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2021-12-17  9:06 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2021-12-17  9:06 UTC (permalink / raw
  To: gentoo-commits

commit:     6c81ae9c3099aec58efef49f09b70163c996b9c1
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 17 09:01:03 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 09:06:50 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c81ae9c

dev-libs/nss: drop 3.68, 3.69, 3.69.1, 3.70, 3.71

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   5 -
 dev-libs/nss/nss-3.68.ebuild   | 367 -----------------------------------------
 dev-libs/nss/nss-3.69.1.ebuild | 367 -----------------------------------------
 dev-libs/nss/nss-3.69.ebuild   | 366 ----------------------------------------
 dev-libs/nss/nss-3.70.ebuild   | 367 -----------------------------------------
 dev-libs/nss/nss-3.71.ebuild   | 367 -----------------------------------------
 6 files changed, 1839 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 2c50f23eaa66..e488378e443d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,10 +1,5 @@
 DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
-DIST nss-3.68.tar.gz 82405833 BLAKE2B 0a48c599bb3c97f41e41c5723e6c1b12d7f03469bf37593f62973817b7cbc9257b97a17ca2393d737bda51536c0b81169ec38b9ac6baa2c9dc7a61ae7817f103 SHA512 be1197320620ffc9c00aa8aec14de71b5c0bdbfc286309fcc5e995c74d1249cea798fd226ba613b345719238b73883af9f2bc28e1e1f698563767295df518a6e
-DIST nss-3.69.1.tar.gz 82426679 BLAKE2B 71948a9fee08536c41da9916e6d2eb82bf52bf688c900eb283f83f0ac60498cce2d936950836b0bfb097ee9315860dbbd402a3b63ab28d23b3bd90523b65ead3 SHA512 26895e542e66bb99965da9832cd7f5b191336aa1027b2e90f194473dd8f6277909102f21833d988fa8d8b0e2178eaca9437b182d1155038abb0743eda2cc5697
-DIST nss-3.69.tar.gz 82427268 BLAKE2B 1467c7f17b1d3d46fb4fcb1d19112585c24ec3d10125d7e954a87c3a6d0e20a300d2084a9480c88dad20274c500e1efb70143bb92b4a8110c2080abf3fe68dfe SHA512 9dd824b3e96aa5a032d5005cdf60a55efac23f69f3857cd1f4337f3ebad92fc2354bb05ed85f04a368e55306a46ebd17a91f7f432f1c191a96e99aecfa62cfdf
-DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
-DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-3.72.1.tar.gz 83929867 BLAKE2B 8be49eef0c1845a65da61829798d119b6b88b5aad6e07059d42e7c4b41d6a03975d82bb598ba0614f596107eb73408269f6a78c9a173f82566948638aeafde96 SHA512 57abc2752484049b59b3a7606814341c194bfa0db781dd5fc805fbe79787073ab4dbc1944719a8def71e5d4f371f2948aaa558290134c4f247c61dd5e96daf8a
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071

diff --git a/dev-libs/nss/nss-3.68.ebuild b/dev-libs/nss/nss-3.68.ebuild
deleted file mode 100644
index b4b769ddec09..000000000000
--- a/dev-libs/nss/nss-3.68.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.69.1.ebuild b/dev-libs/nss/nss-3.69.1.ebuild
deleted file mode 100644
index 0618a36a6438..000000000000
--- a/dev-libs/nss/nss-3.69.1.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl:*"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.69.ebuild b/dev-libs/nss/nss-3.69.ebuild
deleted file mode 100644
index 973f651b763d..000000000000
--- a/dev-libs/nss/nss-3.69.ebuild
+++ /dev/null
@@ -1,366 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.70.ebuild b/dev-libs/nss/nss-3.70.ebuild
deleted file mode 100644
index 97adb106159f..000000000000
--- a/dev-libs/nss/nss-3.70.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.71.ebuild b/dev-libs/nss/nss-3.71.ebuild
deleted file mode 100644
index 97adb106159f..000000000000
--- a/dev-libs/nss/nss-3.71.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-08 17:13 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2022-01-08 17:13 UTC (permalink / raw
  To: gentoo-commits

commit:     28113e379a42a5e50ca8651776445224014be8a0
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  8 16:59:36 2022 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan  8 17:13:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28113e37

dev-libs/nss: Bump to version 3.74

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.74.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e488378e443d..8fc42c03a5a1 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.72.1.tar.gz 83929867 BLAKE2B 8be49eef0c1845a65da61829798d119b6b88b5aa
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071
 DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
+DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.74.ebuild b/dev-libs/nss/nss-3.74.ebuild
new file mode 100644
index 000000000000..df96481cbb3d
--- /dev/null
+++ b/dev-libs/nss/nss-3.74.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-08 17:13 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2022-01-08 17:13 UTC (permalink / raw
  To: gentoo-commits

commit:     e5e6a5f2f76cf91ce97cd7993a52452e62c4ed2c
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  8 17:02:10 2022 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan  8 17:13:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5e6a5f2

dev-libs/nss: Removed old

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest             |   4 -
 dev-libs/nss/nss-3.63.1-r1.ebuild | 366 -------------------------------------
 dev-libs/nss/nss-3.72.1.ebuild    | 367 --------------------------------------
 dev-libs/nss/nss-3.72.ebuild      | 367 --------------------------------------
 dev-libs/nss/nss-3.73.ebuild      | 367 --------------------------------------
 5 files changed, 1471 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8fc42c03a5a1..cfcc2327039a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,8 +1,4 @@
-DIST nss-3.63.1.tar.gz 82166899 BLAKE2B a3c1939d16dcb083fae819659c0a61ff1d4dab70c8a7fc4b176a391bf7cd22eae1c93c85533b6af15e1c1cd9fb6b007380741e0b1670f3891f298ffa1b309284 SHA512 62d1bc161fc8eea6be191dc23ec42042a2626e119b7329f6449cf78729775776fd8e9faebd0457c2413684c15be6e10722ee4a7087c7c3e103fe993f3acec730
 DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
-DIST nss-3.72.1.tar.gz 83929867 BLAKE2B 8be49eef0c1845a65da61829798d119b6b88b5aad6e07059d42e7c4b41d6a03975d82bb598ba0614f596107eb73408269f6a78c9a173f82566948638aeafde96 SHA512 57abc2752484049b59b3a7606814341c194bfa0db781dd5fc805fbe79787073ab4dbc1944719a8def71e5d4f371f2948aaa558290134c4f247c61dd5e96daf8a
-DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071
-DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
 DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.63.1-r1.ebuild b/dev-libs/nss/nss-3.63.1-r1.ebuild
deleted file mode 100644
index 35a01a196be9..000000000000
--- a/dev-libs/nss/nss-3.63.1-r1.ebuild
+++ /dev/null
@@ -1,366 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.29"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.72.1.ebuild b/dev-libs/nss/nss-3.72.1.ebuild
deleted file mode 100644
index 97adb106159f..000000000000
--- a/dev-libs/nss/nss-3.72.1.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.72.ebuild b/dev-libs/nss/nss-3.72.ebuild
deleted file mode 100644
index 97adb106159f..000000000000
--- a/dev-libs/nss/nss-3.72.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.73.ebuild b/dev-libs/nss/nss-3.73.ebuild
deleted file mode 100644
index 97adb106159f..000000000000
--- a/dev-libs/nss/nss-3.73.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-09 12:36 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-01-09 12:36 UTC (permalink / raw
  To: gentoo-commits

commit:     68de637a9d975d54eb37ff90d00fd3160c7503b0
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  9 12:10:12 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jan  9 12:36:06 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68de637a

dev-libs/nss: add ESR version 3.68.2

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.68.2.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index cfcc2327039a..b2925f995782 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
+DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
 DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071
 DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
new file mode 100644
index 000000000000..204996686c03
--- /dev/null
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-22 13:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-01-22 13:10 UTC (permalink / raw
  To: gentoo-commits

commit:     3494293806bce9d75621fa9363e94e8fed3adbf6
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 22 13:10:23 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jan 22 13:10:23 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34942938

dev-libs/nss: stabilize 3.68.2 for x86

Bug: https://bugs.gentoo.org/831816
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index 295781e4976a..9b6fff453214 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-22 13:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-01-22 13:10 UTC (permalink / raw
  To: gentoo-commits

commit:     4467b29e4724bf84d98d419b4ce5dbb37924d80e
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 22 13:09:58 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jan 22 13:09:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4467b29e

dev-libs/nss: stabilize 3.68.2 for amd64

Bug: https://bugs.gentoo.org/831816
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index 204996686c03..295781e4976a 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-23  7:41 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-01-23  7:41 UTC (permalink / raw
  To: gentoo-commits

commit:     f0d54bc8cb872f71d7ac624e3926b8de3e6054b1
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 23 07:40:52 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jan 23 07:40:52 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0d54bc8

dev-libs/nss: drop 3.73.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.73.1.ebuild | 367 -----------------------------------------
 2 files changed, 368 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b2925f995782..d45bd9dbd004 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
-DIST nss-3.73.1.tar.gz 83931597 BLAKE2B 590e3c9c5262f4ca0d9137905ce396ddc81f722fabbb54f235eb1bab344d9b7913b0be8d4ddf99fef34d45ed0102e8b7b571764eefe055eefe6bb487c22bafbe SHA512 4cca26cb430f1c167ce7c3a2654c1315938c73bbd425c89d4e636a966fd052724499f34affc5764ec680eeaa080892caab28ef00fe21992421c739f7623cf071
 DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.73.1.ebuild b/dev-libs/nss/nss-3.73.1.ebuild
deleted file mode 100644
index 97adb106159f..000000000000
--- a/dev-libs/nss/nss-3.73.1.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-23 15:21 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-01-23 15:21 UTC (permalink / raw
  To: gentoo-commits

commit:     11cfa27bc8cd9589b44518d30f42a69d9de4f661
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 23 15:21:15 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 23 15:21:15 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11cfa27b

dev-libs/nss: Stabilize 3.68.2 sparc, #831816

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index 9b6fff453214..532c3d0ce975 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-24  3:42 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-01-24  3:42 UTC (permalink / raw
  To: gentoo-commits

commit:     5b4e6c7788aa18045e222f7434b5efd99b2653a6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 24 03:41:52 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 24 03:41:52 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b4e6c77

dev-libs/nss: Stabilize 3.68.2 ppc, #831816

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index 532c3d0ce975..d5eab16fa067 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-24  3:42 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-01-24  3:42 UTC (permalink / raw
  To: gentoo-commits

commit:     3273adb432f163cafda62aaf4533047d66d8f589
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 24 03:42:20 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 24 03:42:20 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3273adb4

dev-libs/nss: Stabilize 3.68.2 ppc64, #831816

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index d5eab16fa067..57b5af1b5bb5 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-24 14:42 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-01-24 14:42 UTC (permalink / raw
  To: gentoo-commits

commit:     6e149325a32c5605c49232198126bcd9032785cc
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 24 14:41:43 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 24 14:41:43 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e149325

dev-libs/nss: Stabilize 3.68.2 arm, #831816

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index 57b5af1b5bb5..fd1ac7f692e7 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-25 21:25 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-01-25 21:25 UTC (permalink / raw
  To: gentoo-commits

commit:     977d8385531cec257e4db12c8ba34435b4b830bd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 25 21:25:08 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 25 21:25:08 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=977d8385

dev-libs/nss: Stabilize 3.68.2 arm64, #831816

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2.ebuild
index f238f0e50036..9f45dee60454 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-01-26 13:44 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-01-26 13:44 UTC (permalink / raw
  To: gentoo-commits

commit:     7517babd8dd6c843a46b42da1b6575635346ee85
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 26 13:44:30 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Jan 26 13:44:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7517babd

dev-libs/nss: drop 3.68.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.68.1.ebuild | 367 -----------------------------------------
 2 files changed, 368 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index d45bd9dbd004..b13e67c27568 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.68.1.tar.gz 82405747 BLAKE2B 89a2e893d3af02b192d044049ec84462e53d96bf2ba9a88112b4dfde5af5c0d9a615ed94b5c97c26775de998cc38240d19d5f2e5eb2573a6715d2a7106d99fe3 SHA512 9aa932e8ba1a0c3bffd402f7129d03de30481bde712aaa197bc79d14b307179e691423aa0c6300767fce2c667917c8d2e2b38e361269b7671548d72435887f84
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
 DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.68.1.ebuild b/dev-libs/nss/nss-3.68.1.ebuild
deleted file mode 100644
index e0e1815712f9..000000000000
--- a/dev-libs/nss/nss-3.68.1.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-02-05 13:16 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-02-05 13:16 UTC (permalink / raw
  To: gentoo-commits

commit:     7138e18fcab9588c22d93138fc313a40237f4f8d
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  5 13:06:55 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Feb  5 13:06:55 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7138e18f

dev-libs/nss: add 3.75

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.75.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b13e67c27568..025d4118a352 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
 DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
+DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.75.ebuild b/dev-libs/nss/nss-3.75.ebuild
new file mode 100644
index 000000000000..df96481cbb3d
--- /dev/null
+++ b/dev-libs/nss/nss-3.75.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-02-19  6:20 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-02-19  6:20 UTC (permalink / raw
  To: gentoo-commits

commit:     aeb00e3976a7223f5abd981b25e59d76d49d7525
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 19 06:19:41 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Feb 19 06:19:41 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aeb00e39

dev-libs/nss: drop 3.74

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.74.ebuild | 367 -------------------------------------------
 2 files changed, 368 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 025d4118a352..54b9b2500e60 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
-DIST nss-3.74.tar.gz 83937875 BLAKE2B 55881f0e78e0ccc9b246c4323f6f2a5f7a84cb5e57aa3902d3d5a4068ec0be6f2669a9da11377b86d11d2ce400c2e73a6132fd4e490a04aad96be399110edbea SHA512 6fb322b64a5b42e5e22e803c8985986240d2990849d576cfc4b94cdc5c4ab27f683ebc4e1cf5e0ad16c636fc32debb24ec3b2d02d5baedc8fbaedec79c908226
 DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.74.ebuild b/dev-libs/nss/nss-3.74.ebuild
deleted file mode 100644
index df96481cbb3d..000000000000
--- a/dev-libs/nss/nss-3.74.ebuild
+++ /dev/null
@@ -1,367 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-03-04  8:07 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-03-04  8:07 UTC (permalink / raw
  To: gentoo-commits

commit:     4d401d06cabfcf01256c7cc4c0098195dbd4296e
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Mar  4 07:42:57 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Mar  4 08:07:12 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d401d06

dev-libs/nss: add 3.76

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.76.ebuild | 367 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 368 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 54b9b2500e60..023b5b2f2dfc 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
 DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
+DIST nss-3.76.tar.gz 84623743 BLAKE2B 4e7ce8cfbfccae4d92357a86a0170427a50594387a73bd101e7400c85945de6104247900b4a0d5c0571370f718dc01b40749eba460b87ff339e097c07769412d SHA512 ffbdd8a27f60b796e1204912cde2fa62ac99747ce550258ccdd6fe96d60a46c6ac3f82758a7aba3c7ee58da4e7bf09f1bf817fb9f0fa4e62faaea08a6301b8bd
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.76.ebuild b/dev-libs/nss/nss-3.76.ebuild
new file mode 100644
index 000000000000..df96481cbb3d
--- /dev/null
+++ b/dev-libs/nss/nss-3.76.ebuild
@@ -0,0 +1,367 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-03-06 17:30 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-03-06 17:30 UTC (permalink / raw
  To: gentoo-commits

commit:     1031e8a773bd92180a60a8ae8954d0680882c71f
Author:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sun Mar  6 14:51:03 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Mar  6 17:30:20 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1031e8a7

dev-libs/nss: remove prelink files

Since prelink has been last-rited, removing all prelink related stuff,
which is being installed.

Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/24422
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/{nss-3.68.2.ebuild => nss-3.68.2-r1.ebuild} | 6 ------
 dev-libs/nss/{nss-3.75.ebuild => nss-3.75-r1.ebuild}     | 6 ------
 dev-libs/nss/{nss-3.76.ebuild => nss-3.76-r1.ebuild}     | 6 ------
 3 files changed, 18 deletions(-)

diff --git a/dev-libs/nss/nss-3.68.2.ebuild b/dev-libs/nss/nss-3.68.2-r1.ebuild
similarity index 97%
rename from dev-libs/nss/nss-3.68.2.ebuild
rename to dev-libs/nss/nss-3.68.2-r1.ebuild
index 9f45dee60454..8d2e934a1557 100644
--- a/dev-libs/nss/nss-3.68.2.ebuild
+++ b/dev-libs/nss/nss-3.68.2-r1.ebuild
@@ -335,12 +335,6 @@ multilib_src_install() {
 		done
 		popd >/dev/null || die
 	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
 }
 
 pkg_postinst() {

diff --git a/dev-libs/nss/nss-3.75.ebuild b/dev-libs/nss/nss-3.75-r1.ebuild
similarity index 97%
rename from dev-libs/nss/nss-3.75.ebuild
rename to dev-libs/nss/nss-3.75-r1.ebuild
index df96481cbb3d..225e7a316b86 100644
--- a/dev-libs/nss/nss-3.75.ebuild
+++ b/dev-libs/nss/nss-3.75-r1.ebuild
@@ -335,12 +335,6 @@ multilib_src_install() {
 		done
 		popd >/dev/null || die
 	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
 }
 
 pkg_postinst() {

diff --git a/dev-libs/nss/nss-3.76.ebuild b/dev-libs/nss/nss-3.76-r1.ebuild
similarity index 97%
rename from dev-libs/nss/nss-3.76.ebuild
rename to dev-libs/nss/nss-3.76-r1.ebuild
index df96481cbb3d..225e7a316b86 100644
--- a/dev-libs/nss/nss-3.76.ebuild
+++ b/dev-libs/nss/nss-3.76-r1.ebuild
@@ -335,12 +335,6 @@ multilib_src_install() {
 		done
 		popd >/dev/null || die
 	fi
-
-	# Prelink breaks the CHK files. We don't have any reliable way to run
-	# shlibsign after prelink.
-	dodir /etc/prelink.conf.d
-	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
-		> "${ED}"/etc/prelink.conf.d/nss.conf
 }
 
 pkg_postinst() {


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-03-30  4:57 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-03-30  4:57 UTC (permalink / raw
  To: gentoo-commits

commit:     6d157cf9c7ecb644ca59c667e9b6a6e20c5a2200
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 30 04:56:41 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Mar 30 04:56:41 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d157cf9

dev-libs/nss: drop 3.75-r1, 3.76-r1 (security cleanup p1)

Bug: https://bugs.gentoo.org/836386
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   2 -
 dev-libs/nss/nss-3.75-r1.ebuild | 361 ----------------------------------------
 dev-libs/nss/nss-3.76-r1.ebuild | 361 ----------------------------------------
 3 files changed, 724 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c8bbe5f9d24b..dbb1c41e4afe 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,3 @@
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
-DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
-DIST nss-3.76.tar.gz 84623743 BLAKE2B 4e7ce8cfbfccae4d92357a86a0170427a50594387a73bd101e7400c85945de6104247900b4a0d5c0571370f718dc01b40749eba460b87ff339e097c07769412d SHA512 ffbdd8a27f60b796e1204912cde2fa62ac99747ce550258ccdd6fe96d60a46c6ac3f82758a7aba3c7ee58da4e7bf09f1bf817fb9f0fa4e62faaea08a6301b8bd
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.75-r1.ebuild b/dev-libs/nss/nss-3.75-r1.ebuild
deleted file mode 100644
index 225e7a316b86..000000000000
--- a/dev-libs/nss/nss-3.75-r1.ebuild
+++ /dev/null
@@ -1,361 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.76-r1.ebuild b/dev-libs/nss/nss-3.76-r1.ebuild
deleted file mode 100644
index 225e7a316b86..000000000000
--- a/dev-libs/nss/nss-3.76-r1.ebuild
+++ /dev/null
@@ -1,361 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-01  6:45 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-01  6:45 UTC (permalink / raw
  To: gentoo-commits

commit:     a6433469caebd193daf9b157e8c11fcdb2cbda21
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Apr  1 06:34:54 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Apr  1 06:45:01 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6433469

dev-libs/nss: add 3.77

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.77.ebuild | 361 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 362 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index dbb1c41e4afe..ea35913314bd 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
+DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.77.ebuild b/dev-libs/nss/nss-3.77.ebuild
new file mode 100644
index 000000000000..225e7a316b86
--- /dev/null
+++ b/dev-libs/nss/nss-3.77.ebuild
@@ -0,0 +1,361 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-02  5:30 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-02  5:30 UTC (permalink / raw
  To: gentoo-commits

commit:     e0d5c3a907c56c8ab278f57a6261e8ea875f15e7
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  2 05:29:01 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Apr  2 05:30:43 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0d5c3a9

dev-libs/nss: add 3.68.3

Bug: https://bugs.gentoo.org/836386
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.68.3.ebuild | 362 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 363 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index ea35913314bd..5b3b71381276 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
+DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
 DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
new file mode 100644
index 000000000000..21aa71ffc8c2
--- /dev/null
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -0,0 +1,362 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/nss-3.68-ld-fix.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-02  7:33 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-04-02  7:33 UTC (permalink / raw
  To: gentoo-commits

commit:     13e18805373697779994612700848cb3d58417bf
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  2 07:33:27 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr  2 07:33:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13e18805

dev-libs/nss: Stabilize 3.68.3 arm, #836621

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 21aa71ffc8c2..9d7d8a1b6d7b 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-02  8:11 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-02  8:11 UTC (permalink / raw
  To: gentoo-commits

commit:     0c4e1f50bbbb44ca5376a749045d3f8dba57b09d
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  2 08:05:49 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Apr  2 08:10:45 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c4e1f50

dev-libs/nss: stabilize 3.68.3 for amd64

Bug: https://bugs.gentoo.org/836621
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 6d5aebca367a..b252296046c6 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-02  8:11 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-02  8:11 UTC (permalink / raw
  To: gentoo-commits

commit:     f9700b262f391e2513574f8543007afc0afd1c32
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  2 07:10:03 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Apr  2 08:10:45 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9700b26

dev-libs/nss: stabilize 3.68.3 for x86

Bug: https://bugs.gentoo.org/836621
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 9d7d8a1b6d7b..6d5aebca367a 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-02 12:53 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-04-02 12:53 UTC (permalink / raw
  To: gentoo-commits

commit:     253c2653bfb1df3aab7e158464366a83c042a8ce
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  2 12:52:49 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr  2 12:52:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=253c2653

dev-libs/nss: Stabilize 3.68.3 arm64, #836621

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index b252296046c6..0d60fe122a27 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-02 22:25 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-04-02 22:25 UTC (permalink / raw
  To: gentoo-commits

commit:     747caea00a5f7178ce78baacd05b811551538d99
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  2 22:24:18 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Apr  2 22:24:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=747caea0

dev-libs/nss: Stabilize 3.68.3 ppc64, #836621

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 0d60fe122a27..7811c327577e 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-05  2:37 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-04-05  2:37 UTC (permalink / raw
  To: gentoo-commits

commit:     1f958aa5b2cacfe4b3b3d047c3b449cd37d19d05
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  5 02:36:43 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Apr  5 02:36:43 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f958aa5

dev-libs/nss: Stabilize 3.68.3 ppc, #836621

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 7811c327577e..1a0aceed903f 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-09 16:32 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-04-09 16:32 UTC (permalink / raw
  To: gentoo-commits

commit:     559a3793dc6e01fbeaeb54410f5ff0af7c552959
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  9 16:31:46 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr  9 16:31:46 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=559a3793

dev-libs/nss: Stabilize 3.68.3 hppa, #836621

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 1a0aceed903f..3c775e855ec0 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-09 19:57 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-04-09 19:57 UTC (permalink / raw
  To: gentoo-commits

commit:     7089e1dea5c6fc260ee007cdda60810dbc3daa3a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  9 19:57:30 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Apr  9 19:57:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7089e1de

dev-libs/nss: Stabilize 3.68.3 sparc, #836621

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
index 3c775e855ec0..a3ff3dba2827 100644
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ b/dev-libs/nss/nss-3.68.3.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-10 12:59 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-10 12:59 UTC (permalink / raw
  To: gentoo-commits

commit:     35b2d5cf4c16277977814b89becd779d20f84726
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 10 12:58:00 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Apr 10 12:58:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35b2d5cf

dev-libs/nss: drop 3.68.2-r1

Bug: https://bugs.gentoo.org/836386
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest             |   1 -
 dev-libs/nss/nss-3.68.2-r1.ebuild | 361 --------------------------------------
 2 files changed, 362 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 5b3b71381276..c69ba2f48264 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
 DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
 DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e

diff --git a/dev-libs/nss/nss-3.68.2-r1.ebuild b/dev-libs/nss/nss-3.68.2-r1.ebuild
deleted file mode 100644
index 8d2e934a1557..000000000000
--- a/dev-libs/nss/nss-3.68.2-r1.ebuild
+++ /dev/null
@@ -1,361 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-29  5:58 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-29  5:58 UTC (permalink / raw
  To: gentoo-commits

commit:     c857f043607dfe1a38b735e43cce89173ad0c289
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 29 05:57:27 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Apr 29 05:58:03 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c857f043

dev-libs/nss: add 3.78

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.78.ebuild | 361 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 362 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e37c1b1a90e7..44e3cc3329bc 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
 DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
+DIST nss-3.78.tar.gz 84815720 BLAKE2B f140fb49e5edff98abdaae5d90adc5fac080cedfd2fcc2cc86968ac8f51116af648802655986a95dba8f1ca4257dca3c01d850bfd2b064abadea215cb9fd8c5e SHA512 ab54d838f41f963fdd4b87477b1e769186ae1f138f7c5d764cd6873be4791146d14dcc85697a2ca92e08f3bfcbeb61d64e26e7b5398095272c18a8196d43ac6c
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.78.ebuild b/dev-libs/nss/nss-3.78.ebuild
new file mode 100644
index 000000000000..225e7a316b86
--- /dev/null
+++ b/dev-libs/nss/nss-3.78.ebuild
@@ -0,0 +1,361 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-04-29  5:58 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-04-29  5:58 UTC (permalink / raw
  To: gentoo-commits

commit:     a416305d1ac2af1a732081c55f0de31182ef4c72
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 29 05:30:03 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Apr 29 05:58:02 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a416305d

dev-libs/nss: drop 3.76.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.76.1.ebuild | 363 -----------------------------------------
 2 files changed, 364 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c69ba2f48264..e37c1b1a90e7 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
-DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
 DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.76.1.ebuild b/dev-libs/nss/nss-3.76.1.ebuild
deleted file mode 100644
index f927277815f9..000000000000
--- a/dev-libs/nss/nss-3.76.1.ebuild
+++ /dev/null
@@ -1,363 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/nss-3.68-ld-fix.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		LD="$(tc-getLD)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-05-16  6:25 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-05-16  6:25 UTC (permalink / raw
  To: gentoo-commits

commit:     e79d861e34bd10fe5ceb26a199bf162daa46995d
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon May 16 06:22:55 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon May 16 06:22:55 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e79d861e

dev-libs/nss: drop 3.77

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.77.ebuild | 361 -------------------------------------------
 2 files changed, 362 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 44e3cc3329bc..d1ac5396fe9f 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
-DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
 DIST nss-3.78.tar.gz 84815720 BLAKE2B f140fb49e5edff98abdaae5d90adc5fac080cedfd2fcc2cc86968ac8f51116af648802655986a95dba8f1ca4257dca3c01d850bfd2b064abadea215cb9fd8c5e SHA512 ab54d838f41f963fdd4b87477b1e769186ae1f138f7c5d764cd6873be4791146d14dcc85697a2ca92e08f3bfcbeb61d64e26e7b5398095272c18a8196d43ac6c
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.77.ebuild b/dev-libs/nss/nss-3.77.ebuild
deleted file mode 100644
index 225e7a316b86..000000000000
--- a/dev-libs/nss/nss-3.77.ebuild
+++ /dev/null
@@ -1,361 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-05-26  0:58 WANG Xuerui
  0 siblings, 0 replies; 466+ messages in thread
From: WANG Xuerui @ 2022-05-26  0:58 UTC (permalink / raw
  To: gentoo-commits

commit:     afe5b08c640d838490468986618fa5ab52e0b6e2
Author:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Wed May 25 14:24:28 2022 +0000
Commit:     WANG Xuerui <xen0n <AT> gentoo <DOT> org>
CommitDate: Thu May 26 00:57:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afe5b08c

dev-libs/nss: keyword 3.78 for ~loong

See: https://github.com/gentoo/gentoo/pull/25632
Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>

 dev-libs/nss/nss-3.78.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.78.ebuild b/dev-libs/nss/nss-3.78.ebuild
index 225e7a316b86..07756d89615d 100644
--- a/dev-libs/nss/nss-3.78.ebuild
+++ b/dev-libs/nss/nss-3.78.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-01  7:34 Lars Wendler
  0 siblings, 0 replies; 466+ messages in thread
From: Lars Wendler @ 2022-06-01  7:34 UTC (permalink / raw
  To: gentoo-commits

commit:     e1c564b624a9a23b70f55714dc5ddbf55b45a595
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jun  1 07:29:26 2022 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jun  1 07:34:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1c564b6

dev-libs/nss: Bump to versions 3.68.4 and 3.79

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/nss/Manifest          |   2 +
 dev-libs/nss/nss-3.68.4.ebuild | 362 +++++++++++++++++++++++++++++++++++++++++
 dev-libs/nss/nss-3.79.ebuild   | 361 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 725 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index d1ac5396fe9f..4ea83ed8fb33 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,5 @@
 DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
+DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.78.tar.gz 84815720 BLAKE2B f140fb49e5edff98abdaae5d90adc5fac080cedfd2fcc2cc86968ac8f51116af648802655986a95dba8f1ca4257dca3c01d850bfd2b064abadea215cb9fd8c5e SHA512 ab54d838f41f963fdd4b87477b1e769186ae1f138f7c5d764cd6873be4791146d14dcc85697a2ca92e08f3bfcbeb61d64e26e7b5398095272c18a8196d43ac6c
+DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
new file mode 100644
index 000000000000..21aa71ffc8c2
--- /dev/null
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -0,0 +1,362 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/nss-3.68-ld-fix.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}

diff --git a/dev-libs/nss/nss-3.79.ebuild b/dev-libs/nss/nss-3.79.ebuild
new file mode 100644
index 000000000000..07756d89615d
--- /dev/null
+++ b/dev-libs/nss/nss-3.79.ebuild
@@ -0,0 +1,361 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-01  9:38 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-06-01  9:38 UTC (permalink / raw
  To: gentoo-commits

commit:     3f0dc5548d49dda1c99b671b87d32a0480ea0742
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun  1 09:38:03 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun  1 09:38:16 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f0dc554

dev-libs/nss: fix NSPR lower bound for 3.79

As per release notes.

Closes: https://bugs.gentoo.org/848978
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/{nss-3.79.ebuild => nss-3.79-r1.ebuild} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.ebuild b/dev-libs/nss/nss-3.79-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.79.ebuild
rename to dev-libs/nss/nss-3.79-r1.ebuild
index 07756d89615d..0d91f55e8bd4 100644
--- a/dev-libs/nss/nss-3.79.ebuild
+++ b/dev-libs/nss/nss-3.79-r1.ebuild
@@ -5,7 +5,7 @@ EAPI=8
 
 inherit flag-o-matic multilib toolchain-funcs multilib-minimal
 
-NSPR_VER="4.32"
+NSPR_VER="4.34"
 RTM_NAME="NSS_${PV//./_}_RTM"
 
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-02 11:49 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-06-02 11:49 UTC (permalink / raw
  To: gentoo-commits

commit:     9b06577e025fc5898dd924e5ca13fe1285a5b892
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  2 05:16:01 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jun  2 11:49:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b06577e

dev-libs/nss: stabilize 3.68.4 for amd64

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index 6c78abf74889..c2af45272943 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-02 11:49 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-06-02 11:49 UTC (permalink / raw
  To: gentoo-commits

commit:     5180284da1bf76416afcc527dddf2e2077f9af19
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  2 05:15:35 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jun  2 11:49:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5180284d

dev-libs/nss: stabilize 3.68.4 for x86

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index 21aa71ffc8c2..6c78abf74889 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-02 23:13 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-06-02 23:13 UTC (permalink / raw
  To: gentoo-commits

commit:     d7c14f780f03f681dcf51c1f3d85b6178192f29a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  2 23:13:32 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  2 23:13:32 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7c14f78

dev-libs/nss: Stabilize 3.68.4 ppc64, #849347

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index c2af45272943..580086202e60 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-02 23:13 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-06-02 23:13 UTC (permalink / raw
  To: gentoo-commits

commit:     eab3a26e99e32493e6c524e94917e83ef8250168
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  2 23:13:37 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  2 23:13:37 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eab3a26e

dev-libs/nss: Stabilize 3.68.4 ppc, #849347

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index 580086202e60..883f063b1797 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-03  6:41 Jakov Smolić
  0 siblings, 0 replies; 466+ messages in thread
From: Jakov Smolić @ 2022-06-03  6:41 UTC (permalink / raw
  To: gentoo-commits

commit:     8866c54732847eba11bdf0fa5909c41b9bc80948
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Fri Jun  3 06:33:19 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Fri Jun  3 06:41:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8866c547

dev-libs/nss: Stabilize 3.68.4 arm64, #849347

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index 883f063b1797..a36ec5d86bc3 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-03 11:17 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2022-06-03 11:17 UTC (permalink / raw
  To: gentoo-commits

commit:     3a6d530aac769251a5519c21fa94760bb9c913eb
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jun  3 11:17:21 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jun  3 11:17:21 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a6d530a

dev-libs/nss: arm stable wrt bug #849347

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="arm"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index a36ec5d86bc3..1a0aceed903f 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-03 11:20 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2022-06-03 11:20 UTC (permalink / raw
  To: gentoo-commits

commit:     1807675b8923ab2589167e237cc52b118daafff8
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Jun  3 11:20:22 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Jun  3 11:20:22 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1807675b

dev-libs/nss: sparc stable wrt bug #849347

Package-Manager: Portage-3.0.30, Repoman-3.0.3
RepoMan-Options: --include-arches="sparc"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index 1a0aceed903f..d567831d4d7d 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-04 11:15 Jakov Smolić
  0 siblings, 0 replies; 466+ messages in thread
From: Jakov Smolić @ 2022-06-04 11:15 UTC (permalink / raw
  To: gentoo-commits

commit:     17cd46b743db099185d9c8f70d42589ac05def72
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  4 11:15:34 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Sat Jun  4 11:15:34 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17cd46b7

dev-libs/nss: Stabilize 3.68.4 hppa, #849347

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/nss/nss-3.68.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
index d567831d4d7d..a3ff3dba2827 100644
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ b/dev-libs/nss/nss-3.68.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-05  6:18 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-06-05  6:18 UTC (permalink / raw
  To: gentoo-commits

commit:     1ee8a8e476ad9d6c92c003cc7fa62d1c93b39e34
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jun  5 06:13:26 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jun  5 06:18:35 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ee8a8e4

dev-libs/nss: security cleanup

Bug: https://bugs.gentoo.org/848984
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.68.3.ebuild | 362 -----------------------------------------
 dev-libs/nss/nss-3.78.ebuild   | 361 ----------------------------------------
 3 files changed, 725 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 4ea83ed8fb33..e889d96a707f 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,3 @@
-DIST nss-3.68.3.tar.gz 82406947 BLAKE2B 92461f20294a9dce8c8a7eead9d06a4159e66afeb2d42a3313983fc5606a5f97321e038b9c25a7c7a361506910aee027ec91efd3096efdbf62096556d40896de SHA512 70fa8ab48d45249c04424979640583e8bc867432b7e3f26c1602db49a13861dd070f081ed82660bb7451f835dc859b5788ae12a67f9ddab1f6bd1a7afb1174d2
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
-DIST nss-3.78.tar.gz 84815720 BLAKE2B f140fb49e5edff98abdaae5d90adc5fac080cedfd2fcc2cc86968ac8f51116af648802655986a95dba8f1ca4257dca3c01d850bfd2b064abadea215cb9fd8c5e SHA512 ab54d838f41f963fdd4b87477b1e769186ae1f138f7c5d764cd6873be4791146d14dcc85697a2ca92e08f3bfcbeb61d64e26e7b5398095272c18a8196d43ac6c
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.68.3.ebuild b/dev-libs/nss/nss-3.68.3.ebuild
deleted file mode 100644
index a3ff3dba2827..000000000000
--- a/dev-libs/nss/nss-3.68.3.ebuild
+++ /dev/null
@@ -1,362 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/nss-3.68-ld-fix.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.78.ebuild b/dev-libs/nss/nss-3.78.ebuild
deleted file mode 100644
index 07756d89615d..000000000000
--- a/dev-libs/nss/nss-3.78.ebuild
+++ /dev/null
@@ -1,361 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-17  7:37 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-06-17  7:37 UTC (permalink / raw
  To: gentoo-commits

commit:     4237f0004a5d71777fd4f7fbe437a915c79875d0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 16 19:42:51 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jun 17 07:37:11 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4237f000

dev-libs/nss: build in parallel

Neither Fedora nor openSUSE seem to force -j1 and it built fine for me
w/ -j32. Let's try dropping it as it gives a substantial speedup.

(Also, seemingly(?), conditionalising the test build seems to speed
things up too.)

Signed-off-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79-r1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.79-r1.ebuild b/dev-libs/nss/nss-3.79-r1.ebuild
index 52cecb9ce52d..2f82bbb29d11 100644
--- a/dev-libs/nss/nss-3.79-r1.ebuild
+++ b/dev-libs/nss/nss-3.79-r1.ebuild
@@ -186,7 +186,7 @@ multilib_src_compile() {
 	LDFLAGS="${BUILD_LDFLAGS}" \
 	XCFLAGS="${BUILD_CFLAGS}" \
 	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -j1 -C coreconf \
+	emake -C coreconf \
 		CC="$(tc-getBUILD_CC)" \
 		${buildbits-${mybits}}
 	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
@@ -196,7 +196,7 @@ multilib_src_compile() {
 		CPPFLAGS="${myCPPFLAGS}" \
 		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
 		NSPR_LIB_DIR="${T}/fakedir" \
-		emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
 	done
 }
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-17  7:37 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-06-17  7:37 UTC (permalink / raw
  To: gentoo-commits

commit:     5b12191959f0606be45499923f4b0589eef95a82
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 16 18:19:26 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jun 17 07:37:10 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b121919

dev-libs/nss: re-enable tests

Bug: https://bugs.gentoo.org/474056
Signed-off-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79-r1.ebuild | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/dev-libs/nss/nss-3.79-r1.ebuild b/dev-libs/nss/nss-3.79-r1.ebuild
index f0a86b80c6b6..52cecb9ce52d 100644
--- a/dev-libs/nss/nss-3.79-r1.ebuild
+++ b/dev-libs/nss/nss-3.79-r1.ebuild
@@ -16,7 +16,8 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+IUSE="cacert test utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
 RDEPEND="
 	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
@@ -27,8 +28,6 @@ RDEPEND="
 DEPEND="${RDEPEND}"
 BDEPEND="dev-lang/perl"
 
-RESTRICT="test"
-
 S="${WORKDIR}/${P}/${PN}"
 
 MULTILIB_CHOST_TOOLS=(
@@ -170,6 +169,8 @@ multilib_src_compile() {
 		export CC_IS_CLANG=1
 	fi
 
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
 	# explicitly disable altivec/vsx if not requested
 	# https://bugs.gentoo.org/789114
 	case ${ARCH} in
@@ -199,6 +200,28 @@ multilib_src_compile() {
 	done
 }
 
+multilib_src_test() {
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+        # Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
 # Altering these 3 libraries breaks the CHK verification.
 # All of the following cause it to break:
 # - stripping


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-06-25  9:32 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-06-25  9:32 UTC (permalink / raw
  To: gentoo-commits

commit:     c30fc7d7ea39cb59ef460a98b2620c07d55c99df
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 25 09:19:19 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jun 25 09:32:42 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c30fc7d7

dev-libs/nss: add 3.80

 - default '+utils' on, as it's not obvious where pkcs11 support
   comes from.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.80.ebuild | 389 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 390 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e889d96a707f..3e43feb94e2e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
+DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.80.ebuild b/dev-libs/nss/nss-3.80.ebuild
new file mode 100644
index 000000000000..b273c86582a8
--- /dev/null
+++ b/dev-libs/nss/nss-3.80.ebuild
@@ -0,0 +1,389 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.34"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-07-23  9:13 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-07-23  9:13 UTC (permalink / raw
  To: gentoo-commits

commit:     645e467defd1d6080f242b71bcdf9a50af3a6f43
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 23 08:34:08 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jul 23 09:13:32 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=645e467d

dev-libs/nss: add 3.81

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.81.ebuild | 391 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 392 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3e43feb94e2e..b9e97f8cbead 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
+DIST nss-3.81.tar.gz 84842767 BLAKE2B 01b6bf96a1507f8f16693b11aec7897c2fd046a97109fe30dcd4dbd53f82247d9809d189d885fded1f9c89e87b4051d2c121003a30e180ba685a95c46d3232fd SHA512 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.81.ebuild b/dev-libs/nss/nss-3.81.ebuild
new file mode 100644
index 000000000000..b55ab89370ad
--- /dev/null
+++ b/dev-libs/nss/nss-3.81.ebuild
@@ -0,0 +1,391 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.34"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-07-23  9:13 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-07-23  9:13 UTC (permalink / raw
  To: gentoo-commits

commit:     84ea60b925efec5fa77c57be56dea528d85f80b5
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 23 08:34:14 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jul 23 09:13:32 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84ea60b9

dev-libs/nss: drop 3.80

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.80.ebuild | 389 -------------------------------------------
 2 files changed, 390 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b9e97f8cbead..ab8b50c4d271 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
-DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
 DIST nss-3.81.tar.gz 84842767 BLAKE2B 01b6bf96a1507f8f16693b11aec7897c2fd046a97109fe30dcd4dbd53f82247d9809d189d885fded1f9c89e87b4051d2c121003a30e180ba685a95c46d3232fd SHA512 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.80.ebuild b/dev-libs/nss/nss-3.80.ebuild
deleted file mode 100644
index b273c86582a8..000000000000
--- a/dev-libs/nss/nss-3.80.ebuild
+++ /dev/null
@@ -1,389 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-08-19  8:15 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-08-19  8:15 UTC (permalink / raw
  To: gentoo-commits

commit:     65d4c3d62edc73f0d78ffc02e520e4e88dcb0dec
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 19 07:36:21 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Aug 19 08:15:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65d4c3d6

dev-libs/nss: add 3.82

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.82.ebuild | 391 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 392 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index ab8b50c4d271..6d7b5bc76bf8 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.81.tar.gz 84842767 BLAKE2B 01b6bf96a1507f8f16693b11aec7897c2fd046a97109fe30dcd4dbd53f82247d9809d189d885fded1f9c89e87b4051d2c121003a30e180ba685a95c46d3232fd SHA512 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
+DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.82.ebuild b/dev-libs/nss/nss-3.82.ebuild
new file mode 100644
index 000000000000..b55ab89370ad
--- /dev/null
+++ b/dev-libs/nss/nss-3.82.ebuild
@@ -0,0 +1,391 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.34"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-08-23 13:11 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-08-23 13:11 UTC (permalink / raw
  To: gentoo-commits

commit:     37eae5484a31264b75e492a37d109725e697fc2a
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 23 07:45:19 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Aug 23 13:11:19 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37eae548

dev-libs/nss: add 3.79.1 (new esr)

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.79.1.ebuild | 390 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 391 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6d7b5bc76bf8..7349ac2f9e29 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
+DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.81.tar.gz 84842767 BLAKE2B 01b6bf96a1507f8f16693b11aec7897c2fd046a97109fe30dcd4dbd53f82247d9809d189d885fded1f9c89e87b4051d2c121003a30e180ba685a95c46d3232fd SHA512 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
 DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
new file mode 100644
index 000000000000..758e290ed0af
--- /dev/null
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -0,0 +1,390 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.34"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed -e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-08-23 13:11 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-08-23 13:11 UTC (permalink / raw
  To: gentoo-commits

commit:     2b18736862d208e4f29fe4983fa27b8e73134c76
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 23 07:45:49 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Aug 23 13:11:19 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b187368

dev-libs/nss: drop 3.79-r1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 -
 dev-libs/nss/nss-3.79-r1.ebuild | 385 ----------------------------------------
 2 files changed, 386 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7349ac2f9e29..b6cfb5e98f55 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
-DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.81.tar.gz 84842767 BLAKE2B 01b6bf96a1507f8f16693b11aec7897c2fd046a97109fe30dcd4dbd53f82247d9809d189d885fded1f9c89e87b4051d2c121003a30e180ba685a95c46d3232fd SHA512 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
 DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.79-r1.ebuild b/dev-libs/nss/nss-3.79-r1.ebuild
deleted file mode 100644
index 2f82bbb29d11..000000000000
--- a/dev-libs/nss/nss-3.79-r1.ebuild
+++ /dev/null
@@ -1,385 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-        # Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-08-24 17:57 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-08-24 17:57 UTC (permalink / raw
  To: gentoo-commits

commit:     8a965036d0748cd1cfce44e4a0e56adfb846b75d
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 24 13:32:10 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Aug 24 17:55:08 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a965036

dev-libs/nss: drop 3.81

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.81.ebuild | 391 -------------------------------------------
 2 files changed, 392 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b6cfb5e98f55..fb3be315d393 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
-DIST nss-3.81.tar.gz 84842767 BLAKE2B 01b6bf96a1507f8f16693b11aec7897c2fd046a97109fe30dcd4dbd53f82247d9809d189d885fded1f9c89e87b4051d2c121003a30e180ba685a95c46d3232fd SHA512 206faa29ff9fc9c70f85cbb86690b55bd11003a1a5b1d49f5f3731fdd1221690f957a17d912ee5272505afb938968327f4532ae8f5d2d77e6e13370768229747
 DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.81.ebuild b/dev-libs/nss/nss-3.81.ebuild
deleted file mode 100644
index b55ab89370ad..000000000000
--- a/dev-libs/nss/nss-3.81.ebuild
+++ /dev/null
@@ -1,391 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-16  9:34 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-09-16  9:34 UTC (permalink / raw
  To: gentoo-commits

commit:     9bec3215d11605ca1fdedbe31bf706f4e6e77605
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 16 09:30:47 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Sep 16 09:34:20 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bec3215

dev-libs/nss: add 3.83

 - drop gcc-13 patch as it's upstreamed now.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.83.ebuild | 390 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 391 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index fb3be315d393..78f6cfcc07b4 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
 DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
+DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.83.ebuild b/dev-libs/nss/nss-3.83.ebuild
new file mode 100644
index 000000000000..93860af4e645
--- /dev/null
+++ b/dev-libs/nss/nss-3.83.ebuild
@@ -0,0 +1,390 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.34.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-19  6:06 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-09-19  6:06 UTC (permalink / raw
  To: gentoo-commits

commit:     483ee30de5d0bf95116609e5f2df407505c4095b
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 19 05:55:39 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Sep 19 05:55:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=483ee30d

dev-libs/nss: drop 3.82

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.82.ebuild | 391 -------------------------------------------
 2 files changed, 392 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 78f6cfcc07b4..8fc36005b1ff 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
-DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.82.ebuild b/dev-libs/nss/nss-3.82.ebuild
deleted file mode 100644
index b55ab89370ad..000000000000
--- a/dev-libs/nss/nss-3.82.ebuild
+++ /dev/null
@@ -1,391 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-21 12:30 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-09-21 12:30 UTC (permalink / raw
  To: gentoo-commits

commit:     c4bd8039580e321b1212e6420863d9e93bbe6eba
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 12:29:36 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 12:30:22 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4bd8039

dev-libs/nss: Stabilize 3.79.1 x86, #872188

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 758e290ed0af..770640acb1a8 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-21 12:30 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-09-21 12:30 UTC (permalink / raw
  To: gentoo-commits

commit:     60fecd87e6c09b8883d2c03dc812ec5b41423fd8
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 12:30:04 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 12:30:22 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60fecd87

dev-libs/nss: Stabilize 3.79.1 amd64, #872188

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 770640acb1a8..7aec0ea7eb78 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-21 17:45 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-09-21 17:45 UTC (permalink / raw
  To: gentoo-commits

commit:     e1ee4915d67e263a0ff8cfb612c621a64505ea0f
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 17:45:24 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 17:45:24 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1ee4915

dev-libs/nss: Stabilize 3.79.1 ppc64, #872188

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 7aec0ea7eb78..971a6e2d8312 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-21 17:45 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-09-21 17:45 UTC (permalink / raw
  To: gentoo-commits

commit:     fa380f04e1916a893fabe94afce9e9fe93a451aa
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 21 17:45:26 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Sep 21 17:45:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa380f04

dev-libs/nss: Stabilize 3.79.1 ppc, #872188

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 971a6e2d8312..1a245e50b15a 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-22  4:09 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-09-22  4:09 UTC (permalink / raw
  To: gentoo-commits

commit:     39c8d9f2f0a9501f174ee387077d3f6c131e0eed
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 22 04:09:00 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 22 04:09:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39c8d9f2

dev-libs/nss: Stabilize 3.79.1 arm, #872188

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 1a245e50b15a..558a163dc039 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-22  4:09 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-09-22  4:09 UTC (permalink / raw
  To: gentoo-commits

commit:     1421c6d6c28705e893ce1ac0975d3f51f4d583aa
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 22 04:09:02 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 22 04:09:02 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1421c6d6

dev-libs/nss: Stabilize 3.79.1 arm64, #872188

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 558a163dc039..26d71716e527 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-09-23  7:03 Agostino Sarubbo
  0 siblings, 0 replies; 466+ messages in thread
From: Agostino Sarubbo @ 2022-09-23  7:03 UTC (permalink / raw
  To: gentoo-commits

commit:     a02e562dc7c7b616cfea02a7d853f9cff1d75dad
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 23 07:03:31 2022 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 07:03:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a02e562d

dev-libs/nss: Stabilize 3.79.1 sparc, #872188

Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 dev-libs/nss/nss-3.79.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
index 26d71716e527..0568f7c8439e 100644
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ b/dev-libs/nss/nss-3.79.1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-10-14  7:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-10-14  7:10 UTC (permalink / raw
  To: gentoo-commits

commit:     06daea99b8c0b59bb12d03cd8f37a4c5f7201c11
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 14 07:10:31 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Oct 14 07:10:48 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06daea99

dev-libs/nss: add 3.84

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.84.ebuild | 391 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 392 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8fc36005b1ff..309faadfdaef 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
+DIST nss-3.84.tar.gz 84851235 BLAKE2B 5dead5ae336998db97acc6dc2a59b387aac9baeba0f2fad6eaf921bdc894867f6177179545378091d9b50b295b71409781b5ef5044222afe7a1cd2f920a7d15f SHA512 b4ed4b2e44d9f896a4a4c33f92813a84825dc4502f4e14e047f3583666c453138515e6edbcd71144c4b02a8ee16b3443803f1ff12458fd82c338ee1dd911b175
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.84.ebuild b/dev-libs/nss/nss-3.84.ebuild
new file mode 100644
index 000000000000..ec5014639954
--- /dev/null
+++ b/dev-libs/nss/nss-3.84.ebuild
@@ -0,0 +1,391 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-10-17  5:16 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-10-17  5:16 UTC (permalink / raw
  To: gentoo-commits

commit:     9122e909c2bf10ecfcc5ae5abe4032e3dde77549
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 17 05:08:54 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Oct 17 05:08:54 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9122e909

dev-libs/nss: drop 3.83

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.83.ebuild | 390 -------------------------------------------
 2 files changed, 391 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 309faadfdaef..cfba94d405f5 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
 DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
-DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-3.84.tar.gz 84851235 BLAKE2B 5dead5ae336998db97acc6dc2a59b387aac9baeba0f2fad6eaf921bdc894867f6177179545378091d9b50b295b71409781b5ef5044222afe7a1cd2f920a7d15f SHA512 b4ed4b2e44d9f896a4a4c33f92813a84825dc4502f4e14e047f3583666c453138515e6edbcd71144c4b02a8ee16b3443803f1ff12458fd82c338ee1dd911b175
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.83.ebuild b/dev-libs/nss/nss-3.83.ebuild
deleted file mode 100644
index 93860af4e645..000000000000
--- a/dev-libs/nss/nss-3.83.ebuild
+++ /dev/null
@@ -1,390 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 14:24 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-02 14:24 UTC (permalink / raw
  To: gentoo-commits

commit:     6f7c640150114ec14edd48c4a937ca9814cad05c
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 14:20:46 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 14:24:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f7c6401

dev-libs/nss: Stabilize 3.79.2 amd64, #879175

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index 7f2b0be9c181..6e3861bb5c5e 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 14:24 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-02 14:24 UTC (permalink / raw
  To: gentoo-commits

commit:     07da7e64dae340cb83b79f4597202e5be1553ad5
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 14:21:52 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 14:24:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07da7e64

dev-libs/nss: Stabilize 3.79.2 x86, #879175

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index 6e3861bb5c5e..03750cf4b54b 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 16:15 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2022-11-02 16:15 UTC (permalink / raw
  To: gentoo-commits

commit:     8968399b90fbb975fac23e00667be2ca16d4da76
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 16:15:06 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 16:15:06 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8968399b

dev-libs/nss: Stabilize 3.79.2 arm64, #879175

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index 03750cf4b54b..14d92b2b1984 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 18:08 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-11-02 18:08 UTC (permalink / raw
  To: gentoo-commits

commit:     f3069404765511806309da078e82731c7fe3fde9
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 18:08:31 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 18:08:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3069404

dev-libs/nss: Stabilize 3.79.2 arm, #879175

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index 14d92b2b1984..a346a32e82ae 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 18:12 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-11-02 18:12 UTC (permalink / raw
  To: gentoo-commits

commit:     398934be00cec0ccc902a5458f7bd5b3c69f19a9
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 18:12:08 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 18:12:08 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=398934be

dev-libs/nss: Stabilize 3.79.2 ppc64, #879175

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index 5f013471997b..639cb42e10c3 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 18:12 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-11-02 18:12 UTC (permalink / raw
  To: gentoo-commits

commit:     9c2500339b5ab34104a5322dd5ee7a43e83dfaac
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 18:12:11 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 18:12:11 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c250033

dev-libs/nss: Stabilize 3.79.2 sparc, #879175

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index 639cb42e10c3..c760ecde76c9 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-02 18:12 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2022-11-02 18:12 UTC (permalink / raw
  To: gentoo-commits

commit:     9b4d1db0ab29009dfbbaeaa5161c92343c2d3aeb
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  2 18:12:05 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  2 18:12:05 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b4d1db0

dev-libs/nss: Stabilize 3.79.2 ppc, #879175

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
index a346a32e82ae..5f013471997b 100644
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ b/dev-libs/nss/nss-3.79.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-03  8:08 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-03  8:08 UTC (permalink / raw
  To: gentoo-commits

commit:     26b81b79032324ae209aac26bfafaed78a47ea18
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  3 08:07:09 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Nov  3 08:07:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26b81b79

dev-libs/nss: drop 3.79.1

Bug: https://bugs.gentoo.org/877169
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.79.1.ebuild | 390 -----------------------------------------
 2 files changed, 391 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index dd8aeff08fed..87f988612229 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
 DIST nss-3.84.tar.gz 84851235 BLAKE2B 5dead5ae336998db97acc6dc2a59b387aac9baeba0f2fad6eaf921bdc894867f6177179545378091d9b50b295b71409781b5ef5044222afe7a1cd2f920a7d15f SHA512 b4ed4b2e44d9f896a4a4c33f92813a84825dc4502f4e14e047f3583666c453138515e6edbcd71144c4b02a8ee16b3443803f1ff12458fd82c338ee1dd911b175
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.79.1.ebuild b/dev-libs/nss/nss-3.79.1.ebuild
deleted file mode 100644
index 0568f7c8439e..000000000000
--- a/dev-libs/nss/nss-3.79.1.ebuild
+++ /dev/null
@@ -1,390 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed -e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-03  8:08 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-03  8:08 UTC (permalink / raw
  To: gentoo-commits

commit:     d1aceed34097d9899e80a6567576304a208eb817
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  3 08:06:36 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Nov  3 08:07:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1aceed3

dev-libs/nss: include the fix-client-cert-crash.patch in 3.84

Bug: https://bugs.gentoo.org/877169
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/{nss-3.84.ebuild => nss-3.84-r1.ebuild} | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/nss-3.84.ebuild b/dev-libs/nss/nss-3.84-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.84.ebuild
rename to dev-libs/nss/nss-3.84-r1.ebuild
index ec5014639954..33bd21cf6e8c 100644
--- a/dev-libs/nss/nss-3.84.ebuild
+++ b/dev-libs/nss/nss-3.84-r1.ebuild
@@ -39,6 +39,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
 	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
 	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
 )
 
 QA_PKGCONFIG_VERSION="${PV}.0"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-11  8:34 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-11  8:34 UTC (permalink / raw
  To: gentoo-commits

commit:     09599eb4281b6f5d92ecf06683e155b502baf682
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 11 08:33:42 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Nov 11 08:33:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09599eb4

dev-libs/nss: add 3.85

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.85.ebuild | 392 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 393 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 87f988612229..0f3e65925cf0 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
 DIST nss-3.84.tar.gz 84851235 BLAKE2B 5dead5ae336998db97acc6dc2a59b387aac9baeba0f2fad6eaf921bdc894867f6177179545378091d9b50b295b71409781b5ef5044222afe7a1cd2f920a7d15f SHA512 b4ed4b2e44d9f896a4a4c33f92813a84825dc4502f4e14e047f3583666c453138515e6edbcd71144c4b02a8ee16b3443803f1ff12458fd82c338ee1dd911b175
+DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.85.ebuild b/dev-libs/nss/nss-3.85.ebuild
new file mode 100644
index 000000000000..33bd21cf6e8c
--- /dev/null
+++ b/dev-libs/nss/nss-3.85.ebuild
@@ -0,0 +1,392 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-18  7:20 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-18  7:20 UTC (permalink / raw
  To: gentoo-commits

commit:     e01746d14506eaf1c67691a9f26dafc9cb846c7f
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:29:23 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 07:20:03 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e01746d1

dev-libs/nss: drop 3.84-r1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 -
 dev-libs/nss/nss-3.84-r1.ebuild | 392 ----------------------------------------
 2 files changed, 393 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0f3e65925cf0..e951ed774910 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
-DIST nss-3.84.tar.gz 84851235 BLAKE2B 5dead5ae336998db97acc6dc2a59b387aac9baeba0f2fad6eaf921bdc894867f6177179545378091d9b50b295b71409781b5ef5044222afe7a1cd2f920a7d15f SHA512 b4ed4b2e44d9f896a4a4c33f92813a84825dc4502f4e14e047f3583666c453138515e6edbcd71144c4b02a8ee16b3443803f1ff12458fd82c338ee1dd911b175
 DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.84-r1.ebuild b/dev-libs/nss/nss-3.84-r1.ebuild
deleted file mode 100644
index 33bd21cf6e8c..000000000000
--- a/dev-libs/nss/nss-3.84-r1.ebuild
+++ /dev/null
@@ -1,392 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2022-11-20 14:42 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2022-11-20 14:42 UTC (permalink / raw
  To: gentoo-commits

commit:     239fa7c0967ac799d4614268463f5bbfc9c17f90
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 20 14:41:22 2022 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Nov 20 14:42:04 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=239fa7c0

dev-libs/nss: fix make-4.4 breakage on some arches (hopefully all!)

Closes: https://bugs.gentoo.org/882069
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.85.ebuild | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dev-libs/nss/nss-3.85.ebuild b/dev-libs/nss/nss-3.85.ebuild
index 33bd21cf6e8c..4e55e80c37cf 100644
--- a/dev-libs/nss/nss-3.85.ebuild
+++ b/dev-libs/nss/nss-3.85.ebuild
@@ -63,6 +63,9 @@ src_prepare() {
 	# Respect LDFLAGS
 	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
 
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
 	popd >/dev/null || die
 
 	# Fix pkgconfig file for Prefix


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-01-06  8:36 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-01-06  8:36 UTC (permalink / raw
  To: gentoo-commits

commit:     8487503498098091d880814aa69e29bfd8c86f16
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  6 08:35:06 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jan  6 08:35:06 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84875034

dev-libs/nss: add 3.87

Bug: https://bugs.gentoo.org/877169
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.87.ebuild | 394 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 395 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e3c6b85c4e96..9c4c2b05e7d1 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
 DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
 DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
+DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.87.ebuild b/dev-libs/nss/nss-3.87.ebuild
new file mode 100644
index 000000000000..9f7409bf5cbe
--- /dev/null
+++ b/dev-libs/nss/nss-3.87.ebuild
@@ -0,0 +1,394 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-02-22  7:14 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-02-22  7:14 UTC (permalink / raw
  To: gentoo-commits

commit:     b5ee1246920c182620a049bec9a61a51b2bb8000
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 22 07:13:22 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Feb 22 07:13:22 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5ee1246

dev-libs/nss: drop 3.87

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.87.ebuild | 394 -------------------------------------------
 2 files changed, 395 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 5ca3926c8ee3..28db8881b279 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
-DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.87.ebuild b/dev-libs/nss/nss-3.87.ebuild
deleted file mode 100644
index 9f7409bf5cbe..000000000000
--- a/dev-libs/nss/nss-3.87.ebuild
+++ /dev/null
@@ -1,394 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-03-10  9:14 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-03-10  9:14 UTC (permalink / raw
  To: gentoo-commits

commit:     0f9ca58084dbe2f29de7563d4419c82ecbcc07be
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 09:13:17 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 09:14:09 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f9ca580

dev-libs/nss: add 3.89

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.89.ebuild | 392 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 393 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 1abfc93f4220..713c2ecda2dd 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
+DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.89.ebuild b/dev-libs/nss/nss-3.89.ebuild
new file mode 100644
index 000000000000..91b77a605179
--- /dev/null
+++ b/dev-libs/nss/nss-3.89.ebuild
@@ -0,0 +1,392 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-03-10  9:14 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-03-10  9:14 UTC (permalink / raw
  To: gentoo-commits

commit:     3c491310c31193d8903febfa06d4c72cc1a91c76
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 08:45:52 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 09:14:09 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c491310

dev-libs/nss: add 3.79.4 (esr)

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.79.4.ebuild | 395 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 396 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 28db8881b279..1abfc93f4220 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
+DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
new file mode 100644
index 000000000000..713db9506bc1
--- /dev/null
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -0,0 +1,395 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.34.1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
+	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk || die
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed -e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-03-25  6:32 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-03-25  6:32 UTC (permalink / raw
  To: gentoo-commits

commit:     84615cbe15f7d0c230a1866cd1f5825e6c31580d
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 25 05:49:54 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Mar 25 06:32:26 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84615cbe

dev-libs/nss: drop 3.88.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.88.1.ebuild | 394 -----------------------------------------
 2 files changed, 395 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 713c2ecda2dd..7b54f2156aa6 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
-DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.88.1.ebuild b/dev-libs/nss/nss-3.88.1.ebuild
deleted file mode 100644
index bde8efaba018..000000000000
--- a/dev-libs/nss/nss-3.88.1.ebuild
+++ /dev/null
@@ -1,394 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-11  7:01 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-04-11  7:01 UTC (permalink / raw
  To: gentoo-commits

commit:     6576858d9741af8712c35616e203e29d00b83328
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 11 07:01:13 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Apr 11 07:01:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6576858d

dev-libs/nss: Stabilize 3.79.4 x86, #904149

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index 2ab81c6946b8..6ec2c0d43e59 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-11  7:01 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-04-11  7:01 UTC (permalink / raw
  To: gentoo-commits

commit:     5a5fe8f734e4742693361d14f78faf96844ac2da
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 11 07:00:50 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Apr 11 07:00:50 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a5fe8f7

dev-libs/nss: Stabilize 3.79.4 amd64, #904149

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index 713db9506bc1..2ab81c6946b8 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-11 13:11 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-04-11 13:11 UTC (permalink / raw
  To: gentoo-commits

commit:     13eec7cb78d0e098422a93140cd34d240e35b1bb
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 11 13:11:18 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Apr 11 13:11:18 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13eec7cb

dev-libs/nss: Stabilize 3.79.4 arm64, #904149

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index 67cd0b112abf..e0d710041c1e 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-11 13:11 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-04-11 13:11 UTC (permalink / raw
  To: gentoo-commits

commit:     0ee8b9b9fa39aa2ed1e0f110af8d14d2317291b9
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 11 13:11:18 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Apr 11 13:11:18 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ee8b9b9

dev-libs/nss: Stabilize 3.79.4 ppc64, #904149

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index 6ec2c0d43e59..67cd0b112abf 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-11 20:11 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-04-11 20:11 UTC (permalink / raw
  To: gentoo-commits

commit:     8b3b60405bbd29c70369e82b547b5a003147ba75
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 11 20:11:03 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Apr 11 20:11:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b3b6040

dev-libs/nss: Stabilize 3.79.4 arm, #904149

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index e0d710041c1e..62da25aff262 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-12  2:41 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-04-12  2:41 UTC (permalink / raw
  To: gentoo-commits

commit:     787f2f0b25da0af57476c45878711a9c2af76195
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 12 02:41:14 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 12 02:41:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=787f2f0b

dev-libs/nss: Stabilize 3.79.4 ppc, #904149

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index 62da25aff262..850c53a7510e 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-12 13:23 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-04-12 13:23 UTC (permalink / raw
  To: gentoo-commits

commit:     7b08f1f5c2c958b4268d6c4528e72c37c7e257db
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 12 13:23:18 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 12 13:23:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b08f1f5

dev-libs/nss: Stabilize 3.79.4 sparc, #904149

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.79.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
index 850c53a7510e..ca625894adb3 100644
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ b/dev-libs/nss/nss-3.79.4.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-04-15  6:19 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-04-15  6:19 UTC (permalink / raw
  To: gentoo-commits

commit:     d32b5bf7fe7e64a386eece279cf057af26e2d6c5
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 15 06:16:40 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Apr 15 06:18:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d32b5bf7

dev-libs/nss: drop 3.79.2

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.79.2.ebuild | 391 -----------------------------------------
 2 files changed, 392 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7b54f2156aa6..6cb6cf63ddae 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.79.2.ebuild b/dev-libs/nss/nss-3.79.2.ebuild
deleted file mode 100644
index c760ecde76c9..000000000000
--- a/dev-libs/nss/nss-3.79.2.ebuild
+++ /dev/null
@@ -1,391 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed -e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-05-06  8:18 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-05-06  8:18 UTC (permalink / raw
  To: gentoo-commits

commit:     3d726ee7b9a70e8e2252caae63297e2404f71afa
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat May  6 08:16:59 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat May  6 08:18:43 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d726ee7

dev-libs/nss: add 3.89.1

 - allow user-defined extra config via EXTRA_NSSCONF. Please see the ebuild
   for examples how to use it, since the build system is not based on regular
   autotools.

Closes: https://bugs.gentoo.org/900915
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.89.1.ebuild | 411 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 412 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6cb6cf63ddae..19743bff3a89 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
+DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.89.1.ebuild b/dev-libs/nss/nss-3.89.1.ebuild
new file mode 100644
index 000000000000..96e5dcdfa9f4
--- /dev/null
+++ b/dev-libs/nss/nss-3.89.1.ebuild
@@ -0,0 +1,411 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-05-06  8:51 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-05-06  8:51 UTC (permalink / raw
  To: gentoo-commits

commit:     5dfe8d7c0ea00357fd6b99550381978c3cc84903
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May  6 08:51:28 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May  6 08:51:28 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5dfe8d7c

dev-libs/nss: add github upstream metadata

Mirror but it's an official one, linked from https://hg.mozilla.org/projects/nss/file/tip/readme.md,
so useful to quickly see changes (mainly interested for ca-certificates purposes).

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/metadata.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index 3c9d1ca00671..551a7406e401 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -13,5 +13,6 @@
 </use>
 <upstream>
   <remote-id type="cpe">cpe:/a:mozilla:nss</remote-id>
+  <remote-id type="github">nss-dev/nss</remote-id>
 </upstream>
 </pkgmetadata>


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-05-11  7:01 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-05-11  7:01 UTC (permalink / raw
  To: gentoo-commits

commit:     ce8c3a635179988fa5f1acd67d028e1480c822a3
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu May 11 05:48:25 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu May 11 07:01:38 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce8c3a63

dev-libs/nss: drop 3.89

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.89.ebuild | 392 -------------------------------------------
 2 files changed, 393 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 19743bff3a89..bfebc1340b4a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
-DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.89.ebuild b/dev-libs/nss/nss-3.89.ebuild
deleted file mode 100644
index 91b77a605179..000000000000
--- a/dev-libs/nss/nss-3.89.ebuild
+++ /dev/null
@@ -1,392 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-06-05  9:31 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-06-05  9:31 UTC (permalink / raw
  To: gentoo-commits

commit:     2294dc1f3d8f713ceaf821e661862e167c64c8de
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  5 09:28:15 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Jun  5 09:28:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2294dc1f

dev-libs/nss: add 3.90

Closes: https://bugs.gentoo.org/721102
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.90.ebuild | 414 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 415 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index bfebc1340b4a..50e7ff8624ba 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
+DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.90.ebuild b/dev-libs/nss/nss-3.90.ebuild
new file mode 100644
index 000000000000..463187e5c65a
--- /dev/null
+++ b/dev-libs/nss/nss-3.90.ebuild
@@ -0,0 +1,414 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-06-29  6:41 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-06-29  6:41 UTC (permalink / raw
  To: gentoo-commits

commit:     84c677ef67f9b33081137ffde50025199c76d8a6
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 29 06:36:43 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jun 29 06:41:18 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84c677ef

dev-libs/nss: describe the purpose of 'utils' use flag

Closes: https://bugs.gentoo.org/600760
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index 551a7406e401..52c561421696 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -9,7 +9,7 @@
   <flag name="cacert">
     Include root/class3 certs from CAcert (https://www.cacert.org/)
   </flag>
-  <flag name="utils">Install utilities included with the library</flag>
+  <flag name="utils">Compile and install all extra binaries, such as certutil, modutil and tons more</flag>
 </use>
 <upstream>
   <remote-id type="cpe">cpe:/a:mozilla:nss</remote-id>


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-06-29  6:51 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-06-29  6:51 UTC (permalink / raw
  To: gentoo-commits

commit:     01dc8485455bbe0245835966b7c19a9f27537bf9
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 29 06:50:34 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jun 29 06:51:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01dc8485

dev-libs/nss: utils "tons" -> "few"

 - overall there's around 30 binaries, along with their man pages.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index 52c561421696..ed59ce5ad9ec 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -9,7 +9,7 @@
   <flag name="cacert">
     Include root/class3 certs from CAcert (https://www.cacert.org/)
   </flag>
-  <flag name="utils">Compile and install all extra binaries, such as certutil, modutil and tons more</flag>
+  <flag name="utils">Compile and install all extra binaries, such as certutil, modutil and few more</flag>
 </use>
 <upstream>
   <remote-id type="cpe">cpe:/a:mozilla:nss</remote-id>


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-07-02 16:47 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-07-02 16:47 UTC (permalink / raw
  To: gentoo-commits

commit:     76dc2166c56050fbb03b31c7fce26dc4340057c2
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jul  2 16:45:03 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jul  2 16:45:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76dc2166

dev-libs/nss: add 3.91

Closes: https://bugs.gentoo.org/907932
Closes: https://bugs.gentoo.org/845273
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.91.ebuild | 414 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 415 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 50e7ff8624ba..8c81212f947c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
+DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
new file mode 100644
index 000000000000..463187e5c65a
--- /dev/null
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -0,0 +1,414 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-07-28  8:24 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-07-28  8:24 UTC (permalink / raw
  To: gentoo-commits

commit:     4ee42e09fa5c07ba2fa24416375d01c4cf74990a
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 28 08:23:34 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jul 28 08:23:59 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ee42e09

dev-libs/nss: add 3.92

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.92.ebuild | 413 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 414 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 89119092fa02..26b30e6090ed 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
+DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.92.ebuild b/dev-libs/nss/nss-3.92.ebuild
new file mode 100644
index 000000000000..051c4682bcae
--- /dev/null
+++ b/dev-libs/nss/nss-3.92.ebuild
@@ -0,0 +1,413 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-08-22  5:45 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-08-22  5:45 UTC (permalink / raw
  To: gentoo-commits

commit:     ce1ddf5e7d94f9f43d85571e58bb6aa832f0825f
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 22 05:37:50 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Aug 22 05:37:50 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce1ddf5e

dev-libs/nss: drop 3.89.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.89.1.ebuild | 411 -----------------------------------------
 2 files changed, 412 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 26b30e6090ed..6eb2f47df92d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
-DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.89.1.ebuild b/dev-libs/nss/nss-3.89.1.ebuild
deleted file mode 100644
index e1949015036f..000000000000
--- a/dev-libs/nss/nss-3.89.1.ebuild
+++ /dev/null
@@ -1,411 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-09-01  8:56 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-09-01  8:56 UTC (permalink / raw
  To: gentoo-commits

commit:     7a56c4026623b7c788a87f3d3838fe1af645eeec
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  1 08:55:27 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Sep  1 08:55:27 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a56c402

dev-libs/nss: add 3.93

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.93.ebuild | 413 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 414 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 6eb2f47df92d..761f383fef7c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
+DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.93.ebuild b/dev-libs/nss/nss-3.93.ebuild
new file mode 100644
index 000000000000..051c4682bcae
--- /dev/null
+++ b/dev-libs/nss/nss-3.93.ebuild
@@ -0,0 +1,413 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-09-26 20:40 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-09-26 20:40 UTC (permalink / raw
  To: gentoo-commits

commit:     26cf23940f9316141904461a1e752ebf77b12fa8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 26 20:38:43 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Sep 26 20:38:43 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26cf2394

dev-libs/nss: Stabilize 3.91 amd64, #914752

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index 463187e5c65a..d5a9f55cd485 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-09-27  2:55 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-09-27  2:55 UTC (permalink / raw
  To: gentoo-commits

commit:     778dfe572bb96d566d1dcf03da46bae7af03d913
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 27 02:50:44 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Sep 27 02:50:44 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=778dfe57

dev-libs/nss: Stabilize 3.91 arm64, #914752

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index d5a9f55cd485..379f96f21c7e 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-09-28  6:43 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-09-28  6:43 UTC (permalink / raw
  To: gentoo-commits

commit:     45bafdff6d99acf654655200b08c45263ebf80ec
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 28 06:42:43 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Sep 28 06:43:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45bafdff

dev-libs/nss: Stabilize 3.91 x86, #914752

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index 379f96f21c7e..af7565b1cdfa 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-10-03  6:57 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-10-03  6:57 UTC (permalink / raw
  To: gentoo-commits

commit:     e743fb524090eb3fb85c95572ab052a627fc1f0b
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Oct  3 06:55:27 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Oct  3 06:57:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e743fb52

dev-libs/nss: add 3.94

 - only run the standard tests in src_test to reduce time dramatically.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.94.ebuild | 417 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 418 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 761f383fef7c..7f9e7fdaea7d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
+DIST nss-3.94.tar.gz 76580364 BLAKE2B ad7d4fb7c8ddb063100b70717642677fcea177e46f04cf1a172eb4a7d565f99fdf0fca8b431498d83948f88aa89d4d53fbbc871cd8d64fb95242990eae203852 SHA512 3a839a6cc7267e45749f769621c3e8823f92cb654ee40460187e59b50825bb0f84ca278cd61881a3e0e7d95f95e0ffcd266a10c780cdcf8a08a2f0a9bb71892f
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.94.ebuild b/dev-libs/nss/nss-3.94.ebuild
new file mode 100644
index 000000000000..ef59d94cde49
--- /dev/null
+++ b/dev-libs/nss/nss-3.94.ebuild
@@ -0,0 +1,417 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-10-04 19:37 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-10-04 19:37 UTC (permalink / raw
  To: gentoo-commits

commit:     b14945d098d2dcf04f6da6debcca26ccf850d467
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  4 19:14:58 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct  4 19:27:50 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b14945d0

dev-libs/nss: backport NSS_CYCLES testsuite tweak to 3.91/3.93

I tested these so may as well chuck this in, especially for the possible-ESR
of 3.91 to make life easier for arch testing etc.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 ++
 dev-libs/nss/nss-3.93.ebuild | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index af7565b1cdfa..3cbea7fe57fa 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -238,6 +238,8 @@ multilib_src_test() {
 	export DOMSUF="localdomain"
 	export USE_IP=TRUE
 	export IP_ADDRESS="127.0.0.1"
+	# Per README, this is recommended to make run tests quicker.
+	export NSS_CYCLES="standard"
 
 	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
 

diff --git a/dev-libs/nss/nss-3.93.ebuild b/dev-libs/nss/nss-3.93.ebuild
index 051c4682bcae..e5b28698782c 100644
--- a/dev-libs/nss/nss-3.93.ebuild
+++ b/dev-libs/nss/nss-3.93.ebuild
@@ -237,6 +237,8 @@ multilib_src_test() {
 	export DOMSUF="localdomain"
 	export USE_IP=TRUE
 	export IP_ADDRESS="127.0.0.1"
+	# Per README, this is recommended to make run tests quicker.
+	export NSS_CYCLES="standard"
 
 	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
 


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-10-17 12:32 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2023-10-17 12:32 UTC (permalink / raw
  To: gentoo-commits

commit:     d75783862503b381d47835d5c8d120b6853fffd1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 17 12:29:51 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 17 12:30:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7578386

dev-libs/nss: backport test fix to 3.91 (expired certs)

Pull in fixed certs (test data) for test suite from upstream for 3.91
as it's the current stable version.

Closes: https://bugs.gentoo.org/914837
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/Manifest        | 1 +
 dev-libs/nss/nss-3.91.ebuild | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 7f9e7fdaea7d..e4dfadfe5113 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
 DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
+DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660a1afd64d6c8d9da84f521aea18cb12bdf3d08426c47302a4b444b0e4b4ed2f2251ed8234d5bc0006b00cd4b97aacc51 SHA512 88d2a47ba160f93f2f2c88a1e2a591c516d19209bd77cc18111c8538d9cf86498cbfd57c7e36478819bde307d90ba31e0a12a9c17320ae5dc736d02959a32a3a
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index 3cbea7fe57fa..19f9b1d315d8 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -8,10 +8,13 @@ inherit flag-o-matic multilib toolchain-funcs multilib-minimal
 NSPR_VER="4.35"
 RTM_NAME="NSS_${PV//./_}_RTM"
 
+# nss-3.91-fixed-certs.tar.xz is a workaround for older NSS versions to
+# fix tests for bug #914837.
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )
+	test? ( https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-3.91-fixed-certs.tar.xz )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
@@ -82,6 +85,10 @@ src_prepare() {
 	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
 		cmd/platlibs.mk || die
 
+	if use test ; then
+		cp "${WORKDIR}"/${PN}-3.91-fixed-certs/* tests/libpkix/certs/ || die
+	fi
+
 	multilib_copy_sources
 
 	strip-flags


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-02  6:51 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-02  6:51 UTC (permalink / raw
  To: gentoo-commits

commit:     f2f306b202ae91a9ea18d52d54b57f8ecad988e4
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  2 06:51:07 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec  2 06:51:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2f306b2

dev-libs/nss: add 3.95

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.95.ebuild | 417 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 418 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e4dfadfe5113..ed33c3a2398a 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e408414705
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
 DIST nss-3.94.tar.gz 76580364 BLAKE2B ad7d4fb7c8ddb063100b70717642677fcea177e46f04cf1a172eb4a7d565f99fdf0fca8b431498d83948f88aa89d4d53fbbc871cd8d64fb95242990eae203852 SHA512 3a839a6cc7267e45749f769621c3e8823f92cb654ee40460187e59b50825bb0f84ca278cd61881a3e0e7d95f95e0ffcd266a10c780cdcf8a08a2f0a9bb71892f
+DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.95.ebuild b/dev-libs/nss/nss-3.95.ebuild
new file mode 100644
index 000000000000..ef59d94cde49
--- /dev/null
+++ b/dev-libs/nss/nss-3.95.ebuild
@@ -0,0 +1,417 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-05 19:56 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-12-05 19:56 UTC (permalink / raw
  To: gentoo-commits

commit:     070d839d1892d6af22b7f996135849d3e5eeaaa1
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  5 19:53:29 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Dec  5 19:53:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=070d839d

dev-libs/nss: Stabilize 3.91 arm, #914752

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index 19f9b1d315d8..7c713a6409a5 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-05 19:56 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-12-05 19:56 UTC (permalink / raw
  To: gentoo-commits

commit:     371441461659514c18030a45966479ee71f3ddaa
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  5 19:53:35 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Dec  5 19:53:35 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37144146

dev-libs/nss: Stabilize 3.91 ppc, #914752

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index 7c713a6409a5..3f9d0b39f0b0 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-05 19:56 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-12-05 19:56 UTC (permalink / raw
  To: gentoo-commits

commit:     4b4c1cf588df27087cc85207342c983bb6b98b07
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  5 19:53:57 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Dec  5 19:53:57 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b4c1cf5

dev-libs/nss: Stabilize 3.91 sparc, #914752

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index f7d637148fda..dc4d953a74ad 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-05 19:56 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2023-12-05 19:56 UTC (permalink / raw
  To: gentoo-commits

commit:     3e1f3b2b498a15ca4a1f8856cbb8867edbf46726
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec  5 19:53:43 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Tue Dec  5 19:53:43 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e1f3b2b

dev-libs/nss: Stabilize 3.91 ppc64, #914752

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.91.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
index 3f9d0b39f0b0..f7d637148fda 100644
--- a/dev-libs/nss/nss-3.91.ebuild
+++ b/dev-libs/nss/nss-3.91.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-16  8:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-16  8:10 UTC (permalink / raw
  To: gentoo-commits

commit:     f7ed2901332214add97e1427e3dc24a66af709eb
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 16 08:10:05 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec 16 08:10:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7ed2901

dev-libs/nss: drop 3.93, 3.94

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   2 -
 dev-libs/nss/nss-3.93.ebuild | 415 ------------------------------------------
 dev-libs/nss/nss-3.94.ebuild | 417 -------------------------------------------
 3 files changed, 834 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index cac9fe8a9439..b0a4a44694f7 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,8 +2,6 @@ DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298
 DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660a1afd64d6c8d9da84f521aea18cb12bdf3d08426c47302a4b444b0e4b4ed2f2251ed8234d5bc0006b00cd4b97aacc51 SHA512 88d2a47ba160f93f2f2c88a1e2a591c516d19209bd77cc18111c8538d9cf86498cbfd57c7e36478819bde307d90ba31e0a12a9c17320ae5dc736d02959a32a3a
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
-DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
-DIST nss-3.94.tar.gz 76580364 BLAKE2B ad7d4fb7c8ddb063100b70717642677fcea177e46f04cf1a172eb4a7d565f99fdf0fca8b431498d83948f88aa89d4d53fbbc871cd8d64fb95242990eae203852 SHA512 3a839a6cc7267e45749f769621c3e8823f92cb654ee40460187e59b50825bb0f84ca278cd61881a3e0e7d95f95e0ffcd266a10c780cdcf8a08a2f0a9bb71892f
 DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
 DIST nss-3.96.tar.gz 76724862 BLAKE2B 307c4ebcd6124a0006a24c8e2e9e884788f44c83645fd8cdd49cfa49497ed5c4f83d2d4f22ce5dd3b5256fffd6aec572b289af5e84f8131f1f23be3ea4264245 SHA512 96fdc1f09882c15678515f46f2daf966862fbf7525b92241297f26b95475de21e95128ffd63a0f9f9063e6c99e4abf435da8e93a19327885bfb0ad384ef15227
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.93.ebuild b/dev-libs/nss/nss-3.93.ebuild
deleted file mode 100644
index e5b28698782c..000000000000
--- a/dev-libs/nss/nss-3.93.ebuild
+++ /dev/null
@@ -1,415 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-	# Per README, this is recommended to make run tests quicker.
-	export NSS_CYCLES="standard"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.94.ebuild b/dev-libs/nss/nss-3.94.ebuild
deleted file mode 100644
index ef59d94cde49..000000000000
--- a/dev-libs/nss/nss-3.94.ebuild
+++ /dev/null
@@ -1,417 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-16  8:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-16  8:10 UTC (permalink / raw
  To: gentoo-commits

commit:     01b78fa1fa33ff3163083833b992e5e000e21a82
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 16 08:09:54 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec 16 08:09:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01b78fa1

dev-libs/nss: add 3.96

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.96.ebuild | 417 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 418 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index ed33c3a2398a..cac9fe8a9439 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc5
 DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
 DIST nss-3.94.tar.gz 76580364 BLAKE2B ad7d4fb7c8ddb063100b70717642677fcea177e46f04cf1a172eb4a7d565f99fdf0fca8b431498d83948f88aa89d4d53fbbc871cd8d64fb95242990eae203852 SHA512 3a839a6cc7267e45749f769621c3e8823f92cb654ee40460187e59b50825bb0f84ca278cd61881a3e0e7d95f95e0ffcd266a10c780cdcf8a08a2f0a9bb71892f
 DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
+DIST nss-3.96.tar.gz 76724862 BLAKE2B 307c4ebcd6124a0006a24c8e2e9e884788f44c83645fd8cdd49cfa49497ed5c4f83d2d4f22ce5dd3b5256fffd6aec572b289af5e84f8131f1f23be3ea4264245 SHA512 96fdc1f09882c15678515f46f2daf966862fbf7525b92241297f26b95475de21e95128ffd63a0f9f9063e6c99e4abf435da8e93a19327885bfb0ad384ef15227
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.96.ebuild b/dev-libs/nss/nss-3.96.ebuild
new file mode 100644
index 000000000000..ef59d94cde49
--- /dev/null
+++ b/dev-libs/nss/nss-3.96.ebuild
@@ -0,0 +1,417 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-16  8:24 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-16  8:24 UTC (permalink / raw
  To: gentoo-commits

commit:     c39014fbcff1d16d14556bf750066a99d69c9e68
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 16 08:23:52 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec 16 08:24:48 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c39014fb

dev-libs/nss: disable lto with clang on x86, on 3.96

Bug: https://bugs.gentoo.org/917792
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.96.ebuild | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dev-libs/nss/nss-3.96.ebuild b/dev-libs/nss/nss-3.96.ebuild
index ef59d94cde49..5cab1c328c41 100644
--- a/dev-libs/nss/nss-3.96.ebuild
+++ b/dev-libs/nss/nss-3.96.ebuild
@@ -105,6 +105,11 @@ nssarch() {
 }
 
 nssbits() {
+	# bgo#917792
+	if tc-is-clang && use x86 ; then
+		filter-lto
+	fi
+
 	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
 	if [[ ${1} == BUILD_ ]]; then
 		cc=$(tc-getBUILD_CC)
@@ -170,6 +175,10 @@ multilib_src_compile() {
 		export CC_IS_GCC=1
 	elif tc-is-clang; then
 		export CC_IS_CLANG=1
+		if use x86 ; then
+			filter-lto
+			elog "lto disabled when using clang on x86. bgo#917792"
+		fi
 	fi
 
 	export NSS_DISABLE_GTESTS=$(usex !test 1 0)


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-16  9:53 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-16  9:53 UTC (permalink / raw
  To: gentoo-commits

commit:     1387931f892a0eadab06a7f9f6cc2854f1105c24
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 16 08:35:46 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec 16 09:53:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1387931f

dev-libs/nss: fix bitness check for LTO

Closes: https://bugs.gentoo.org/917792
Signed-off-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.96.ebuild | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/dev-libs/nss/nss-3.96.ebuild b/dev-libs/nss/nss-3.96.ebuild
index 5cab1c328c41..35503a7b5874 100644
--- a/dev-libs/nss/nss-3.96.ebuild
+++ b/dev-libs/nss/nss-3.96.ebuild
@@ -105,19 +105,15 @@ nssarch() {
 }
 
 nssbits() {
-	# bgo#917792
-	if tc-is-clang && use x86 ; then
-		filter-lto
-	fi
-
 	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
 	if [[ ${1} == BUILD_ ]]; then
 		cc=$(tc-getBUILD_CC)
 	else
 		cc=$(tc-getCC)
 	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
 	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
 	case $(file "${T}/${1}test.o") in
 		*32-bit*x86-64*) echo USE_X32=1;;
 		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
@@ -175,10 +171,6 @@ multilib_src_compile() {
 		export CC_IS_GCC=1
 	elif tc-is-clang; then
 		export CC_IS_CLANG=1
-		if use x86 ; then
-			filter-lto
-			elog "lto disabled when using clang on x86. bgo#917792"
-		fi
 	fi
 
 	export NSS_DISABLE_GTESTS=$(usex !test 1 0)


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-16  9:53 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-16  9:53 UTC (permalink / raw
  To: gentoo-commits

commit:     4a8259d53400b26766eec198df9ca9cf9dae9668
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 16 08:37:15 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec 16 09:53:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a8259d5

dev-libs/nss: disable seccomp sandbox for file(1) in bitness check

We just built the file that file(1) is being used on, so it's entirely safe.

We don't need the sandboxing here which leads to a confusing error if file(1)
bails out.

Bug: https://bugs.gentoo.org/915890
Signed-off-by: Sam James <sam <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/34308
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.96.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.96.ebuild b/dev-libs/nss/nss-3.96.ebuild
index 35503a7b5874..68af01795644 100644
--- a/dev-libs/nss/nss-3.96.ebuild
+++ b/dev-libs/nss/nss-3.96.ebuild
@@ -114,7 +114,7 @@ nssbits() {
 	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
 	echo > "${T}"/test.c || die
 	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
+	case $(file -S "${T}/${1}test.o") in
 		*32-bit*x86-64*) echo USE_X32=1;;
 		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
 		*32-bit*|*ppc*|*i386*) ;;


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-19  7:59 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-19  7:59 UTC (permalink / raw
  To: gentoo-commits

commit:     43dfb9b608739c9ff9e427b1595747c09a5d39ba
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 19 07:58:56 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Dec 19 07:58:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43dfb9b6

dev-libs/nss: drop 3.96

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 -
 dev-libs/nss/nss-3.96.ebuild | 418 -------------------------------------------
 2 files changed, 419 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index dc6f8fdab446..f61f7a2d512d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,5 +4,4 @@ DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e408414705
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
-DIST nss-3.96.tar.gz 76724862 BLAKE2B 307c4ebcd6124a0006a24c8e2e9e884788f44c83645fd8cdd49cfa49497ed5c4f83d2d4f22ce5dd3b5256fffd6aec572b289af5e84f8131f1f23be3ea4264245 SHA512 96fdc1f09882c15678515f46f2daf966862fbf7525b92241297f26b95475de21e95128ffd63a0f9f9063e6c99e4abf435da8e93a19327885bfb0ad384ef15227
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.96.ebuild b/dev-libs/nss/nss-3.96.ebuild
deleted file mode 100644
index 68af01795644..000000000000
--- a/dev-libs/nss/nss-3.96.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2023-12-19  7:59 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2023-12-19  7:59 UTC (permalink / raw
  To: gentoo-commits

commit:     e991c1e390d4c23452977fef011489b40a0538b1
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 19 07:58:40 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Dec 19 07:58:40 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e991c1e3

dev-libs/nss: add 3.96.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.96.1.ebuild | 418 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index b0a4a44694f7..dc6f8fdab446 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
+DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
 DIST nss-3.96.tar.gz 76724862 BLAKE2B 307c4ebcd6124a0006a24c8e2e9e884788f44c83645fd8cdd49cfa49497ed5c4f83d2d4f22ce5dd3b5256fffd6aec572b289af5e84f8131f1f23be3ea4264245 SHA512 96fdc1f09882c15678515f46f2daf966862fbf7525b92241297f26b95475de21e95128ffd63a0f9f9063e6c99e4abf435da8e93a19327885bfb0ad384ef15227
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.96.1.ebuild b/dev-libs/nss/nss-3.96.1.ebuild
new file mode 100644
index 000000000000..68af01795644
--- /dev/null
+++ b/dev-libs/nss/nss-3.96.1.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-01-06  9:32 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-01-06  9:32 UTC (permalink / raw
  To: gentoo-commits

commit:     16d56e4316f4ae4d8e411e5d562be14c5d202820
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  6 09:29:50 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jan  6 09:32:29 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16d56e43

dev-libs/nss: drop 3.79.4, 3.95

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   2 -
 dev-libs/nss/nss-3.79.4.ebuild | 395 --------------------------------------
 dev-libs/nss/nss-3.95.ebuild   | 417 -----------------------------------------
 3 files changed, 814 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f61f7a2d512d..0b782763591c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
-DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
 DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660a1afd64d6c8d9da84f521aea18cb12bdf3d08426c47302a4b444b0e4b4ed2f2251ed8234d5bc0006b00cd4b97aacc51 SHA512 88d2a47ba160f93f2f2c88a1e2a591c516d19209bd77cc18111c8538d9cf86498cbfd57c7e36478819bde307d90ba31e0a12a9c17320ae5dc736d02959a32a3a
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
-DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.79.4.ebuild b/dev-libs/nss/nss-3.79.4.ebuild
deleted file mode 100644
index 674f9a0934b3..000000000000
--- a/dev-libs/nss/nss-3.79.4.ebuild
+++ /dev/null
@@ -1,395 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.34.1"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	# Custom changes for gentoo
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
-	"${FILESDIR}/${PN}-3.79-gcc-13.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk || die
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-		${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed -e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.95.ebuild b/dev-libs/nss/nss-3.95.ebuild
deleted file mode 100644
index ef59d94cde49..000000000000
--- a/dev-libs/nss/nss-3.95.ebuild
+++ /dev/null
@@ -1,417 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-01-23  8:54 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-01-23  8:54 UTC (permalink / raw
  To: gentoo-commits

commit:     0580dfbdc7f9e9d59370a3e67dd1f1b8f6880178
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 23 08:37:38 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Jan 23 08:54:14 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0580dfbd

dev-libs/nss: add 3.97

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.97.ebuild | 418 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 0b782763591c..9e4e1e80d14e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
+DIST nss-3.97.tar.gz 76664827 BLAKE2B ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6 SHA512 1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.97.ebuild b/dev-libs/nss/nss-3.97.ebuild
new file mode 100644
index 000000000000..0977ca4223fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.97.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-02-17  9:18 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-02-17  9:18 UTC (permalink / raw
  To: gentoo-commits

commit:     884c7883a97c717148ab9dd944079488b5383c05
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 17 09:17:13 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Feb 17 09:17:13 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=884c7883

dev-libs/nss: add 3.98

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.98.ebuild | 418 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 9e4e1e80d14e..db5fee608c5e 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,4 +3,5 @@ DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e408414705
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
 DIST nss-3.97.tar.gz 76664827 BLAKE2B ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6 SHA512 1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
+DIST nss-3.98.tar.gz 76685475 BLAKE2B d382cc65e450b5b7d6b152952a8188822eab5fdbaa0faeefc3f98ef5aa70ed7534abcb7114aaa25c1e49f89dcda7cf75d85957d1a8e5ff964599362757138cb4 SHA512 4f335c5c284eff6424745cc15e32037715a915f6f61687ec36a8ffaef0e45d152602a1be275bbb2f14650c7d258d6488430cdcf512b18ba7cb73cd43ac625681
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.98.ebuild b/dev-libs/nss/nss-3.98.ebuild
new file mode 100644
index 000000000000..0977ca4223fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.98.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-02-21  8:45 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-02-21  8:45 UTC (permalink / raw
  To: gentoo-commits

commit:     629b39c4e1723ce530653175269fd679985df9ff
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 21 08:29:55 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Feb 21 08:29:55 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=629b39c4

dev-libs/nss: add 3.90.2

 - bring back the intended ESR version, with fixes to the original broken 3.90.

Bug: https://bugs.gentoo.org/925027
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 +
 dev-libs/nss/nss-3.90.2.ebuild | 418 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index db5fee608c5e..abb1ec68a5ea 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
+DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660a1afd64d6c8d9da84f521aea18cb12bdf3d08426c47302a4b444b0e4b4ed2f2251ed8234d5bc0006b00cd4b97aacc51 SHA512 88d2a47ba160f93f2f2c88a1e2a591c516d19209bd77cc18111c8538d9cf86498cbfd57c7e36478819bde307d90ba31e0a12a9c17320ae5dc736d02959a32a3a
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
new file mode 100644
index 000000000000..0977ca4223fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-02-22  7:07 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-02-22  7:07 UTC (permalink / raw
  To: gentoo-commits

commit:     593fa2a8606fab22fa00a8fd519088dd1d3693e1
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 22 07:07:25 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Feb 22 07:07:25 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=593fa2a8

dev-libs/nss: Stabilize 3.90.2 x86, #925211

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index 5a8cf000041c..174028b9a91b 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-02-22  7:07 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-02-22  7:07 UTC (permalink / raw
  To: gentoo-commits

commit:     4623326796b8d5cf96af1f64c210b2b845961969
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 22 07:05:25 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Feb 22 07:05:25 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46233267

dev-libs/nss: Stabilize 3.90.2 amd64, #925211

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index 0977ca4223fb..5a8cf000041c 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-02-22 11:15 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2024-02-22 11:15 UTC (permalink / raw
  To: gentoo-commits

commit:     c0ba0f5f3eba0f5465a4dc98f83c41f360a1743d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 22 11:15:08 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 22 11:15:08 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0ba0f5f

dev-libs/nss: Stabilize 3.90.2 arm, #925211

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index 174028b9a91b..62ba736993a0 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-03-17  7:40 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-03-17  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     d8013c3bc7296cf8f7c5673238fadec24434d8dd
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 07:39:58 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 07:39:58 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8013c3b

dev-libs/nss: drop 3.92, 3.96.1, 3.97, 3.98

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   4 -
 dev-libs/nss/nss-3.92.ebuild   | 413 ----------------------------------------
 dev-libs/nss/nss-3.96.1.ebuild | 418 -----------------------------------------
 dev-libs/nss/nss-3.97.ebuild   | 418 -----------------------------------------
 dev-libs/nss/nss-3.98.ebuild   | 418 -----------------------------------------
 5 files changed, 1671 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index eb383c4c0753..f149c1b512b6 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,9 +1,5 @@
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660a1afd64d6c8d9da84f521aea18cb12bdf3d08426c47302a4b444b0e4b4ed2f2251ed8234d5bc0006b00cd4b97aacc51 SHA512 88d2a47ba160f93f2f2c88a1e2a591c516d19209bd77cc18111c8538d9cf86498cbfd57c7e36478819bde307d90ba31e0a12a9c17320ae5dc736d02959a32a3a
 DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
-DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc57fe02fb3d4f0b8a083aaf00046844145721a1e7620ecfbdbbb93206591e47386c12662765c09cf99db42bc SHA512 dc317ec909433c9026f108b466bc436110b3c77edc3f73aef3d6dc6782f584c205053a368e4a134715bfdf63d2c1ae2185fc23238e5c2dca8f88ec185b1fec2a
-DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
-DIST nss-3.97.tar.gz 76664827 BLAKE2B ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6 SHA512 1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
-DIST nss-3.98.tar.gz 76685475 BLAKE2B d382cc65e450b5b7d6b152952a8188822eab5fdbaa0faeefc3f98ef5aa70ed7534abcb7114aaa25c1e49f89dcda7cf75d85957d1a8e5ff964599362757138cb4 SHA512 4f335c5c284eff6424745cc15e32037715a915f6f61687ec36a8ffaef0e45d152602a1be275bbb2f14650c7d258d6488430cdcf512b18ba7cb73cd43ac625681
 DIST nss-3.99.tar.gz 76753982 BLAKE2B b6ce605232934644b6d80682615eac2fa171078fcdd75316ab2accc55caeaed5b548f16c2cef5cefcfb37b96a4d6eb918785be3aa195a561e46d2d3fd8fa217b SHA512 8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.92.ebuild b/dev-libs/nss/nss-3.92.ebuild
deleted file mode 100644
index 051c4682bcae..000000000000
--- a/dev-libs/nss/nss-3.92.ebuild
+++ /dev/null
@@ -1,413 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.96.1.ebuild b/dev-libs/nss/nss-3.96.1.ebuild
deleted file mode 100644
index 68af01795644..000000000000
--- a/dev-libs/nss/nss-3.96.1.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.97.ebuild b/dev-libs/nss/nss-3.97.ebuild
deleted file mode 100644
index 0977ca4223fb..000000000000
--- a/dev-libs/nss/nss-3.97.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.98.ebuild b/dev-libs/nss/nss-3.98.ebuild
deleted file mode 100644
index 0977ca4223fb..000000000000
--- a/dev-libs/nss/nss-3.98.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-03-17  7:40 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-03-17  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     a4aef06a6bca2a8e45bb95bdeb09ab128c0926e4
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 07:39:30 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 07:39:30 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4aef06a

dev-libs/nss: add 3.99

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   1 +
 dev-libs/nss/nss-3.99.ebuild | 418 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index abb1ec68a5ea..eb383c4c0753 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.92.tar.gz 72133646 BLAKE2B 251daae56ccf8b8f4fd0b4287fea2049b6e72d1fc5
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
 DIST nss-3.97.tar.gz 76664827 BLAKE2B ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6 SHA512 1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
 DIST nss-3.98.tar.gz 76685475 BLAKE2B d382cc65e450b5b7d6b152952a8188822eab5fdbaa0faeefc3f98ef5aa70ed7534abcb7114aaa25c1e49f89dcda7cf75d85957d1a8e5ff964599362757138cb4 SHA512 4f335c5c284eff6424745cc15e32037715a915f6f61687ec36a8ffaef0e45d152602a1be275bbb2f14650c7d258d6488430cdcf512b18ba7cb73cd43ac625681
+DIST nss-3.99.tar.gz 76753982 BLAKE2B b6ce605232934644b6d80682615eac2fa171078fcdd75316ab2accc55caeaed5b548f16c2cef5cefcfb37b96a4d6eb918785be3aa195a561e46d2d3fd8fa217b SHA512 8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
new file mode 100644
index 000000000000..0977ca4223fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-03-17  9:48 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-03-17  9:48 UTC (permalink / raw
  To: gentoo-commits

commit:     57c76e2d9bdfa6b39634df2f6b043fd394256f9f
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 09:48:08 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 09:48:08 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57c76e2d

dev-libs/nss: Stabilize 3.90.2 sparc, #925211

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index 577e3867e847..930fe521611a 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-03-17  9:48 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-03-17  9:48 UTC (permalink / raw
  To: gentoo-commits

commit:     91b2013733da3b529cb17774a158a0735c25fc7a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 09:48:05 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 09:48:05 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91b20137

dev-libs/nss: Stabilize 3.90.2 arm64, #925211

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index 8a837aa71637..577e3867e847 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-03-17  9:48 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-03-17  9:48 UTC (permalink / raw
  To: gentoo-commits

commit:     9d5448ca85074a1f333c7930b2a3ec9c21b3ba1f
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 09:47:56 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 09:47:56 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d5448ca

dev-libs/nss: Stabilize 3.90.2 ppc, #925211

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index a23171281796..a60126eed7be 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-03-17  9:48 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-03-17  9:48 UTC (permalink / raw
  To: gentoo-commits

commit:     cc9c8c9d3f612fd3d279d9e15df2af47a9e1198a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 17 09:48:02 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 17 09:48:02 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc9c8c9d

dev-libs/nss: Stabilize 3.90.2 ppc64, #925211

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
index a60126eed7be..8a837aa71637 100644
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ b/dev-libs/nss/nss-3.90.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-01  6:47 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-04-01  6:47 UTC (permalink / raw
  To: gentoo-commits

commit:     5b1a888864fa17c7be604b8b4a2f28f68d134c5f
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Apr  1 06:38:35 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Apr  1 06:47:34 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b1a8888

dev-libs/nss: drop 3.91

 - returning to the true ESR -> 3.90.2.

Bug: https://bugs.gentoo.org/925027
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest        |   2 -
 dev-libs/nss/nss-3.91.ebuild | 423 -------------------------------------------
 2 files changed, 425 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index f149c1b512b6..8fe609382f6b 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,3 @@
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
-DIST nss-3.91-fixed-certs.tar.xz 11300 BLAKE2B 85f191b85c7caf1ee24f92a2ff76f7660a1afd64d6c8d9da84f521aea18cb12bdf3d08426c47302a4b444b0e4b4ed2f2251ed8234d5bc0006b00cd4b97aacc51 SHA512 88d2a47ba160f93f2f2c88a1e2a591c516d19209bd77cc18111c8538d9cf86498cbfd57c7e36478819bde307d90ba31e0a12a9c17320ae5dc736d02959a32a3a
-DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
 DIST nss-3.99.tar.gz 76753982 BLAKE2B b6ce605232934644b6d80682615eac2fa171078fcdd75316ab2accc55caeaed5b548f16c2cef5cefcfb37b96a4d6eb918785be3aa195a561e46d2d3fd8fa217b SHA512 8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild
deleted file mode 100644
index dc4d953a74ad..000000000000
--- a/dev-libs/nss/nss-3.91.ebuild
+++ /dev/null
@@ -1,423 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-# nss-3.91-fixed-certs.tar.xz is a workaround for older NSS versions to
-# fix tests for bug #914837.
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )
-	test? ( https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-3.91-fixed-certs.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	if use test ; then
-		cp "${WORKDIR}"/${PN}-3.91-fixed-certs/* tests/libpkix/certs/ || die
-	fi
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-	# Per README, this is recommended to make run tests quicker.
-	export NSS_CYCLES="standard"
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-02  6:40 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-04-02  6:40 UTC (permalink / raw
  To: gentoo-commits

commit:     d9642651ab3b422c5cb56da2cb76d52ab9b493a3
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  2 06:39:48 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Apr  2 06:40:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9642651

dev-libs/nss: Stabilize 3.99 x86, #928403

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.99.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
index 0977ca4223fb..7cc22f6c02e2 100644
--- a/dev-libs/nss/nss-3.99.ebuild
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-02  6:40 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-04-02  6:40 UTC (permalink / raw
  To: gentoo-commits

commit:     fc7b791b712ad294452582ba8b5b9f5740ef7130
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  2 06:40:19 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Apr  2 06:40:19 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc7b791b

dev-libs/nss: Stabilize 3.99 amd64, #928403

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.99.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
index 7cc22f6c02e2..174028b9a91b 100644
--- a/dev-libs/nss/nss-3.99.ebuild
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-02 11:30 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2024-04-02 11:30 UTC (permalink / raw
  To: gentoo-commits

commit:     da3d8f32d34123456e8951dec579bcca1660fa4b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  2 11:30:05 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Apr  2 11:30:05 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da3d8f32

dev-libs/nss: Stabilize 3.99 ppc, #928403

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.99.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
index 0a3174af9cad..699d3678d23e 100644
--- a/dev-libs/nss/nss-3.99.ebuild
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-02 11:30 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2024-04-02 11:30 UTC (permalink / raw
  To: gentoo-commits

commit:     5006b026977c363fb94232561a5b3956893f548c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  2 11:30:04 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Apr  2 11:30:04 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5006b026

dev-libs/nss: Stabilize 3.99 ppc64, #928403

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.99.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
index 174028b9a91b..0a3174af9cad 100644
--- a/dev-libs/nss/nss-3.99.ebuild
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-02 11:30 Sam James
  0 siblings, 0 replies; 466+ messages in thread
From: Sam James @ 2024-04-02 11:30 UTC (permalink / raw
  To: gentoo-commits

commit:     28556cfce7a8d5512860ff78d2d4aa19eac3f9dd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  2 11:30:06 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Apr  2 11:30:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28556cfc

dev-libs/nss: Stabilize 3.99 arm, #928403

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/nss/nss-3.99.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
index 699d3678d23e..1b28b3db38d6 100644
--- a/dev-libs/nss/nss-3.99.ebuild
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-15  7:24 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-04-15  7:24 UTC (permalink / raw
  To: gentoo-commits

commit:     74ee457b2a75f9fedc93cd0d0d2ab4a5c26958b8
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 15 07:23:50 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Apr 15 07:24:16 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74ee457b

dev-libs/nss: Stabilize 3.90.2-r1 amd64, #928403

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index f1b7e6697ccc..e254a94eb676 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-04-15  7:37 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-04-15  7:37 UTC (permalink / raw
  To: gentoo-commits

commit:     90fb32e05b61ddd65ce84ebe7ec8bf2b7bf925c7
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 15 07:36:37 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Apr 15 07:36:58 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90fb32e0

dev-libs/nss: Stabilize 3.90.2-r1 x86, #928403

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index e254a94eb676..96f5c85ed19b 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-01  5:28 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-05-01  5:28 UTC (permalink / raw
  To: gentoo-commits

commit:     22e8544f2f42b449e861c669b2d18b6209838c47
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Tue Apr 30 20:08:17 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed May  1 05:28:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22e8544f

dev-libs/nss: Stabilize 3.90.2-r1 arm64, #928403

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index a7c0fa7d93eb..0ce14d18c580 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-01 23:18 Ionen Wolkens
  0 siblings, 0 replies; 466+ messages in thread
From: Ionen Wolkens @ 2024-05-01 23:18 UTC (permalink / raw
  To: gentoo-commits

commit:     07953b508aa4d1d2320f50ee0b222321be6dbf35
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Wed May  1 19:13:41 2024 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Wed May  1 23:17:42 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07953b50

dev-libs/nss: Stabilize 3.90.2-r1 ppc64, #928403

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index 0ce14d18c580..776ed95e2881 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-01 23:18 Ionen Wolkens
  0 siblings, 0 replies; 466+ messages in thread
From: Ionen Wolkens @ 2024-05-01 23:18 UTC (permalink / raw
  To: gentoo-commits

commit:     b2d39c06f3325837b99c69a89ab1f2f3b3892b1c
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Wed May  1 20:44:08 2024 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Wed May  1 23:17:43 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2d39c06

dev-libs/nss: Stabilize 3.90.2-r1 ppc, #928403

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index 776ed95e2881..adcbbb8206e4 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-01 23:18 Ionen Wolkens
  0 siblings, 0 replies; 466+ messages in thread
From: Ionen Wolkens @ 2024-05-01 23:18 UTC (permalink / raw
  To: gentoo-commits

commit:     86e990cf24f72242aa506748976b661c3099f672
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Wed May  1 22:45:27 2024 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Wed May  1 23:17:43 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86e990cf

dev-libs/nss: Stabilize 3.90.2-r1 arm, #928403

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index adcbbb8206e4..2e45d9109df5 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-09  5:23 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-05-09  5:23 UTC (permalink / raw
  To: gentoo-commits

commit:     c87393516940e0509b1096b9d22e487735c44af7
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu May  9 05:21:07 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu May  9 05:23:00 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8739351

dev-libs/nss: add 3.100

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   1 +
 dev-libs/nss/nss-3.100.ebuild | 418 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8fe609382f6b..26f62fc839a4 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
+DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf3153126be857b935c5f8db52defcfc2ef13820a896127172a5cb3628c0773965d29a928f41cb5c43630e64095344 SHA512 725c10ffc02fc17347a213b42fabad789aec2c6352fe803b4ad166695ab59495849e9a69684578eb274faf818ec2277f2d433167cdd27997dcf8d8e94dd4df34
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-3.99.tar.gz 76753982 BLAKE2B b6ce605232934644b6d80682615eac2fa171078fcdd75316ab2accc55caeaed5b548f16c2cef5cefcfb37b96a4d6eb918785be3aa195a561e46d2d3fd8fa217b SHA512 8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.100.ebuild b/dev-libs/nss/nss-3.100.ebuild
new file mode 100644
index 000000000000..0977ca4223fb
--- /dev/null
+++ b/dev-libs/nss/nss-3.100.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-26 16:14 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-05-26 16:14 UTC (permalink / raw
  To: gentoo-commits

commit:     40799b3cf5a50755f009ed5fe49692c29553a958
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun May 26 16:13:50 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun May 26 16:13:50 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40799b3c

dev-libs/nss: Stabilize 3.90.2-r1 sparc, #928403

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index 2e45d9109df5..254fcbac0a89 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-05-28 18:45 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-05-28 18:45 UTC (permalink / raw
  To: gentoo-commits

commit:     915e17c7b92995d2cc16b0f67a251b7b2c63fc3b
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue May 28 18:43:07 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue May 28 18:45:12 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=915e17c7

dev-libs/nss: destabilize 3.99

 - 3.90 is the real ESR line that we generally keep stabilized, but 3.90 used
   to be so broken before 3.90.2-r1 that we had to jump to >3.90 for a bit.
   NSS should be ABI-combatible even with this downgrade, and we're back at
   designated NSS-ESR usage.

Bug: https://bugs.gentoo.org/928401
Bug: https://bugs.gentoo.org/928403
Bug: https://bugs.gentoo.org/925211
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.99.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
index 1b28b3db38d6..0977ca4223fb 100644
--- a/dev-libs/nss/nss-3.99.ebuild
+++ b/dev-libs/nss/nss-3.99.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-06-01  8:37 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-06-01  8:37 UTC (permalink / raw
  To: gentoo-commits

commit:     c69866e5ec4e03a02ee74aff5ed8ad112f51524e
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  1 08:31:03 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jun  1 08:36:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c69866e5

dev-libs/nss: drop 3.90.2, 3.99

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest          |   1 -
 dev-libs/nss/nss-3.90.2.ebuild | 419 -----------------------------------------
 dev-libs/nss/nss-3.99.ebuild   | 418 ----------------------------------------
 3 files changed, 838 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 26f62fc839a4..c12179849b44 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
 DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf3153126be857b935c5f8db52defcfc2ef13820a896127172a5cb3628c0773965d29a928f41cb5c43630e64095344 SHA512 725c10ffc02fc17347a213b42fabad789aec2c6352fe803b4ad166695ab59495849e9a69684578eb274faf818ec2277f2d433167cdd27997dcf8d8e94dd4df34
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
-DIST nss-3.99.tar.gz 76753982 BLAKE2B b6ce605232934644b6d80682615eac2fa171078fcdd75316ab2accc55caeaed5b548f16c2cef5cefcfb37b96a4d6eb918785be3aa195a561e46d2d3fd8fa217b SHA512 8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.90.2.ebuild b/dev-libs/nss/nss-3.90.2.ebuild
deleted file mode 100644
index 930fe521611a..000000000000
--- a/dev-libs/nss/nss-3.90.2.ebuild
+++ /dev/null
@@ -1,419 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-	"${FILESDIR}"/nss-3.90.2-bmo-1885749-disable-ASM-C25519-on-non-X86_64.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.99.ebuild b/dev-libs/nss/nss-3.99.ebuild
deleted file mode 100644
index 0977ca4223fb..000000000000
--- a/dev-libs/nss/nss-3.99.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-06-08  6:39 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-06-08  6:39 UTC (permalink / raw
  To: gentoo-commits

commit:     8c12e4e03fd60e909dbdd95494c3e52314275e5b
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  8 06:36:39 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Jun  8 06:36:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c12e4e0

dev-libs/nss: add 3.101

 - rebase the cacert patch.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   2 +
 dev-libs/nss/nss-3.101.ebuild | 418 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 420 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index c12179849b44..bb23fce2f124 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,5 @@
 DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf3153126be857b935c5f8db52defcfc2ef13820a896127172a5cb3628c0773965d29a928f41cb5c43630e64095344 SHA512 725c10ffc02fc17347a213b42fabad789aec2c6352fe803b4ad166695ab59495849e9a69684578eb274faf818ec2277f2d433167cdd27997dcf8d8e94dd4df34
+DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
+DIST nss-3.101.tar.gz 76317799 BLAKE2B 0401ed203b9be9bc9c32cbbf9763cc22ecda15f81100080c3419b55f327350e10c4a1316670515d78b42b00a5f93749825d40645520fef27dd060617556ece81 SHA512 b1596e7d74c654825eabbcc1f71b1410cf44d816c3044429576782bc800186073d43da9ad76de2fbd7de73c4460ebeb91aa244457da9d0d0cdc08a50a11a165f
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.101.ebuild b/dev-libs/nss/nss-3.101.ebuild
new file mode 100644
index 000000000000..84a8b5aed29e
--- /dev/null
+++ b/dev-libs/nss/nss-3.101.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-06-30  6:10 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-06-30  6:10 UTC (permalink / raw
  To: gentoo-commits

commit:     ecf5ad1bd1793548d61d967ebf044b924f8a4c15
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 30 06:09:08 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jun 30 06:09:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecf5ad1b

dev-libs/nss: add 3.101.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 +
 dev-libs/nss/nss-3.101.1.ebuild | 418 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index bb23fce2f124..278743f0795d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf3153126be857b935c5f8db52defcfc2ef13820a896127172a5cb3628c0773965d29a928f41cb5c43630e64095344 SHA512 725c10ffc02fc17347a213b42fabad789aec2c6352fe803b4ad166695ab59495849e9a69684578eb274faf818ec2277f2d433167cdd27997dcf8d8e94dd4df34
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
+DIST nss-3.101.1.tar.gz 76462490 BLAKE2B 578a5ce6c9157c25db801a3fe37e094d8005130967ecf1cca19f52a69dfd43195cc8a0c5310dce48936aab4faae424b4e8f24bae6e4f6ac02ea4914e5af4e2be SHA512 0752ad801d00db0180fa72c06d40ee62f88fff220b88880c26f181ba5b9380e785486faa15f8799aaf7145afa47fdd10a27554ec23605a98fbe258951654822d
 DIST nss-3.101.tar.gz 76317799 BLAKE2B 0401ed203b9be9bc9c32cbbf9763cc22ecda15f81100080c3419b55f327350e10c4a1316670515d78b42b00a5f93749825d40645520fef27dd060617556ece81 SHA512 b1596e7d74c654825eabbcc1f71b1410cf44d816c3044429576782bc800186073d43da9ad76de2fbd7de73c4460ebeb91aa244457da9d0d0cdc08a50a11a165f
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.101.1.ebuild b/dev-libs/nss/nss-3.101.1.ebuild
new file mode 100644
index 000000000000..84a8b5aed29e
--- /dev/null
+++ b/dev-libs/nss/nss-3.101.1.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-07-01 18:55 Mike Gilbert
  0 siblings, 0 replies; 466+ messages in thread
From: Mike Gilbert @ 2024-07-01 18:55 UTC (permalink / raw
  To: gentoo-commits

commit:     9e2e1947377e566205cc06fc5fcfab1f201ece6d
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  1 18:40:49 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul  1 18:53:26 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e2e1947

dev-libs/nss: update SRC_URI

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 dev-libs/nss/nss-3.100.ebuild     | 2 +-
 dev-libs/nss/nss-3.90.2-r1.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-libs/nss/nss-3.100.ebuild b/dev-libs/nss/nss-3.100.ebuild
index 0977ca4223fb..b70cad223187 100644
--- a/dev-libs/nss/nss-3.100.ebuild
+++ b/dev-libs/nss/nss-3.100.ebuild
@@ -11,7 +11,7 @@ RTM_NAME="NSS_${PV//./_}_RTM"
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+	cacert? ( mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"

diff --git a/dev-libs/nss/nss-3.90.2-r1.ebuild b/dev-libs/nss/nss-3.90.2-r1.ebuild
index 254fcbac0a89..ea65793eebdb 100644
--- a/dev-libs/nss/nss-3.90.2-r1.ebuild
+++ b/dev-libs/nss/nss-3.90.2-r1.ebuild
@@ -11,7 +11,7 @@ RTM_NAME="NSS_${PV//./_}_RTM"
 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
 HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+	cacert? ( mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch )"
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-07-05  8:02 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-07-05  8:02 UTC (permalink / raw
  To: gentoo-commits

commit:     5793653bf0c4ac02fbe461f0e1f938b53281520c
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  5 08:01:31 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jul  5 08:02:08 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5793653b

dev-libs/nss: add 3.102

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   1 +
 dev-libs/nss/nss-3.102.ebuild | 418 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 278743f0795d..df4b6e57f50c 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf31531
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.1.tar.gz 76462490 BLAKE2B 578a5ce6c9157c25db801a3fe37e094d8005130967ecf1cca19f52a69dfd43195cc8a0c5310dce48936aab4faae424b4e8f24bae6e4f6ac02ea4914e5af4e2be SHA512 0752ad801d00db0180fa72c06d40ee62f88fff220b88880c26f181ba5b9380e785486faa15f8799aaf7145afa47fdd10a27554ec23605a98fbe258951654822d
 DIST nss-3.101.tar.gz 76317799 BLAKE2B 0401ed203b9be9bc9c32cbbf9763cc22ecda15f81100080c3419b55f327350e10c4a1316670515d78b42b00a5f93749825d40645520fef27dd060617556ece81 SHA512 b1596e7d74c654825eabbcc1f71b1410cf44d816c3044429576782bc800186073d43da9ad76de2fbd7de73c4460ebeb91aa244457da9d0d0cdc08a50a11a165f
+DIST nss-3.102.tar.gz 76455599 BLAKE2B 78eb95279640dcc46c29decd35fc4c2a2a591c5a39b8dbfcb232d72a08d1ee44d836ce8ee06fff2fe677d3ea19a8b6219a1fe9296f9b56ebfbab7295583e71fe SHA512 2706f15447afd6c26f6784e56c01e8328456523b464a2df2b054f230b6e6b5db2fdeccac74f4f4f0d683d7d4471a8ec1321102082d8a22d91887153a60ffac5b
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.102.ebuild b/dev-libs/nss/nss-3.102.ebuild
new file mode 100644
index 000000000000..84a8b5aed29e
--- /dev/null
+++ b/dev-libs/nss/nss-3.102.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-07-05  8:02 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-07-05  8:02 UTC (permalink / raw
  To: gentoo-commits

commit:     b7b17f0f19517a455ffe1f8d5fd81ac64be23660
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  5 08:01:48 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jul  5 08:02:08 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7b17f0f

dev-libs/nss: drop 3.100, 3.101

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   2 -
 dev-libs/nss/nss-3.100.ebuild | 418 ------------------------------------------
 dev-libs/nss/nss-3.101.ebuild | 418 ------------------------------------------
 3 files changed, 838 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index df4b6e57f50c..89f339c363d3 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,5 @@
-DIST nss-3.100.tar.gz 76746058 BLAKE2B 3e114ff7ae5b06a05af9cd62315cbc8d56bf3153126be857b935c5f8db52defcfc2ef13820a896127172a5cb3628c0773965d29a928f41cb5c43630e64095344 SHA512 725c10ffc02fc17347a213b42fabad789aec2c6352fe803b4ad166695ab59495849e9a69684578eb274faf818ec2277f2d433167cdd27997dcf8d8e94dd4df34
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.1.tar.gz 76462490 BLAKE2B 578a5ce6c9157c25db801a3fe37e094d8005130967ecf1cca19f52a69dfd43195cc8a0c5310dce48936aab4faae424b4e8f24bae6e4f6ac02ea4914e5af4e2be SHA512 0752ad801d00db0180fa72c06d40ee62f88fff220b88880c26f181ba5b9380e785486faa15f8799aaf7145afa47fdd10a27554ec23605a98fbe258951654822d
-DIST nss-3.101.tar.gz 76317799 BLAKE2B 0401ed203b9be9bc9c32cbbf9763cc22ecda15f81100080c3419b55f327350e10c4a1316670515d78b42b00a5f93749825d40645520fef27dd060617556ece81 SHA512 b1596e7d74c654825eabbcc1f71b1410cf44d816c3044429576782bc800186073d43da9ad76de2fbd7de73c4460ebeb91aa244457da9d0d0cdc08a50a11a165f
 DIST nss-3.102.tar.gz 76455599 BLAKE2B 78eb95279640dcc46c29decd35fc4c2a2a591c5a39b8dbfcb232d72a08d1ee44d836ce8ee06fff2fe677d3ea19a8b6219a1fe9296f9b56ebfbab7295583e71fe SHA512 2706f15447afd6c26f6784e56c01e8328456523b464a2df2b054f230b6e6b5db2fdeccac74f4f4f0d683d7d4471a8ec1321102082d8a22d91887153a60ffac5b
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.100.ebuild b/dev-libs/nss/nss-3.100.ebuild
deleted file mode 100644
index b70cad223187..000000000000
--- a/dev-libs/nss/nss-3.100.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.101.ebuild b/dev-libs/nss/nss-3.101.ebuild
deleted file mode 100644
index 84a8b5aed29e..000000000000
--- a/dev-libs/nss/nss-3.101.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-07-25 12:12 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-07-25 12:12 UTC (permalink / raw
  To: gentoo-commits

commit:     85236bc26311ad6d40412cd09c138b40933084f3
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 25 12:12:17 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jul 25 12:12:17 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85236bc2

dev-libs/nss: add 3.102.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 +
 dev-libs/nss/nss-3.102.1.ebuild | 418 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 89f339c363d3..e0a6b6ec4cf7 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.1.tar.gz 76462490 BLAKE2B 578a5ce6c9157c25db801a3fe37e094d8005130967ecf1cca19f52a69dfd43195cc8a0c5310dce48936aab4faae424b4e8f24bae6e4f6ac02ea4914e5af4e2be SHA512 0752ad801d00db0180fa72c06d40ee62f88fff220b88880c26f181ba5b9380e785486faa15f8799aaf7145afa47fdd10a27554ec23605a98fbe258951654822d
+DIST nss-3.102.1.tar.gz 76460182 BLAKE2B 47e61d13bf4d6615ecc830d7c745a7a736fe5f1b4de7375f4cf9274db8f42b5ea7cd737e03f6a83e26579cfec1ff1b349e24e548a57fd2d0950b955bfd208851 SHA512 1df10aab1f37c1d00dc3b81aaa341f99c2bac22997aae412ee639e0959ffa37e35cbc21b0f90c2612401aadb119bab4202209186f54fb8d58cf7c3123456e90f
 DIST nss-3.102.tar.gz 76455599 BLAKE2B 78eb95279640dcc46c29decd35fc4c2a2a591c5a39b8dbfcb232d72a08d1ee44d836ce8ee06fff2fe677d3ea19a8b6219a1fe9296f9b56ebfbab7295583e71fe SHA512 2706f15447afd6c26f6784e56c01e8328456523b464a2df2b054f230b6e6b5db2fdeccac74f4f4f0d683d7d4471a8ec1321102082d8a22d91887153a60ffac5b
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.102.1.ebuild b/dev-libs/nss/nss-3.102.1.ebuild
new file mode 100644
index 000000000000..84a8b5aed29e
--- /dev/null
+++ b/dev-libs/nss/nss-3.102.1.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-07-28  6:57 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-07-28  6:57 UTC (permalink / raw
  To: gentoo-commits

commit:     7403b22fe8eab674847ce0449743305aa8909658
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 28 06:56:53 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jul 28 06:56:53 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7403b22f

dev-libs/nss: add 3.101.2

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 +
 dev-libs/nss/nss-3.101.2.ebuild | 418 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 419 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e0a6b6ec4cf7..40e2084d85bf 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,6 @@
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.1.tar.gz 76462490 BLAKE2B 578a5ce6c9157c25db801a3fe37e094d8005130967ecf1cca19f52a69dfd43195cc8a0c5310dce48936aab4faae424b4e8f24bae6e4f6ac02ea4914e5af4e2be SHA512 0752ad801d00db0180fa72c06d40ee62f88fff220b88880c26f181ba5b9380e785486faa15f8799aaf7145afa47fdd10a27554ec23605a98fbe258951654822d
+DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a9dad556ad736229d7d3847e68aeaf5b74e68989a0483bd1b9e2e3afd3bdf8df3d428ebc815eda9a255f5695aa SHA512 65ac338ee1b13ecc2b190f1ea39c987110a06f3b67610e094ffc1ef4117d487c34af1e11b90de0c28035bfc5cb10ca7996ed991d9afce7985973fabb48cd7ac8
 DIST nss-3.102.1.tar.gz 76460182 BLAKE2B 47e61d13bf4d6615ecc830d7c745a7a736fe5f1b4de7375f4cf9274db8f42b5ea7cd737e03f6a83e26579cfec1ff1b349e24e548a57fd2d0950b955bfd208851 SHA512 1df10aab1f37c1d00dc3b81aaa341f99c2bac22997aae412ee639e0959ffa37e35cbc21b0f90c2612401aadb119bab4202209186f54fb8d58cf7c3123456e90f
 DIST nss-3.102.tar.gz 76455599 BLAKE2B 78eb95279640dcc46c29decd35fc4c2a2a591c5a39b8dbfcb232d72a08d1ee44d836ce8ee06fff2fe677d3ea19a8b6219a1fe9296f9b56ebfbab7295583e71fe SHA512 2706f15447afd6c26f6784e56c01e8328456523b464a2df2b054f230b6e6b5db2fdeccac74f4f4f0d683d7d4471a8ec1321102082d8a22d91887153a60ffac5b
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
new file mode 100644
index 000000000000..84a8b5aed29e
--- /dev/null
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -0,0 +1,418 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-08-03  7:18 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-08-03  7:18 UTC (permalink / raw
  To: gentoo-commits

commit:     663a8a48f961271b61771bfca62590ddd24842e5
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  3 07:15:35 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Aug  3 07:18:07 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=663a8a48

dev-libs/nss: drop 3.101.1, 3.102

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   2 -
 dev-libs/nss/nss-3.101.1.ebuild | 418 ----------------------------------------
 dev-libs/nss/nss-3.102.ebuild   | 418 ----------------------------------------
 3 files changed, 838 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 12673537ba54..eb875c8644e1 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,8 +1,6 @@
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
-DIST nss-3.101.1.tar.gz 76462490 BLAKE2B 578a5ce6c9157c25db801a3fe37e094d8005130967ecf1cca19f52a69dfd43195cc8a0c5310dce48936aab4faae424b4e8f24bae6e4f6ac02ea4914e5af4e2be SHA512 0752ad801d00db0180fa72c06d40ee62f88fff220b88880c26f181ba5b9380e785486faa15f8799aaf7145afa47fdd10a27554ec23605a98fbe258951654822d
 DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a9dad556ad736229d7d3847e68aeaf5b74e68989a0483bd1b9e2e3afd3bdf8df3d428ebc815eda9a255f5695aa SHA512 65ac338ee1b13ecc2b190f1ea39c987110a06f3b67610e094ffc1ef4117d487c34af1e11b90de0c28035bfc5cb10ca7996ed991d9afce7985973fabb48cd7ac8
 DIST nss-3.102.1.tar.gz 76460182 BLAKE2B 47e61d13bf4d6615ecc830d7c745a7a736fe5f1b4de7375f4cf9274db8f42b5ea7cd737e03f6a83e26579cfec1ff1b349e24e548a57fd2d0950b955bfd208851 SHA512 1df10aab1f37c1d00dc3b81aaa341f99c2bac22997aae412ee639e0959ffa37e35cbc21b0f90c2612401aadb119bab4202209186f54fb8d58cf7c3123456e90f
-DIST nss-3.102.tar.gz 76455599 BLAKE2B 78eb95279640dcc46c29decd35fc4c2a2a591c5a39b8dbfcb232d72a08d1ee44d836ce8ee06fff2fe677d3ea19a8b6219a1fe9296f9b56ebfbab7295583e71fe SHA512 2706f15447afd6c26f6784e56c01e8328456523b464a2df2b054f230b6e6b5db2fdeccac74f4f4f0d683d7d4471a8ec1321102082d8a22d91887153a60ffac5b
 DIST nss-3.103.tar.gz 76470174 BLAKE2B 0d57ad2479f26d0ff8f3021b435ee936e82408e5f3f213804397934f1d01c2178f641247cfc84de36616eb92d06fb002fb77a4285ff84a86a3217e960d175475 SHA512 bc7680fc34d84de7953b27f1a220681f3f5c5a501a82be210ec6134894313f6a2c9bfcc350f4802152a5e3a1fc2defc74d700445ade338d6c86a923ac8b4dc75
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.101.1.ebuild b/dev-libs/nss/nss-3.101.1.ebuild
deleted file mode 100644
index 84a8b5aed29e..000000000000
--- a/dev-libs/nss/nss-3.101.1.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.102.ebuild b/dev-libs/nss/nss-3.102.ebuild
deleted file mode 100644
index 84a8b5aed29e..000000000000
--- a/dev-libs/nss/nss-3.102.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-08-27  7:00 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-08-27  7:00 UTC (permalink / raw
  To: gentoo-commits

commit:     472e837a65c9797e3dfc98e8c0187dfbc13efb42
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 27 06:25:34 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Aug 27 06:25:34 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=472e837a

dev-libs/nss: drop 3.102.1

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest           |   1 -
 dev-libs/nss/nss-3.102.1.ebuild | 418 ----------------------------------------
 2 files changed, 419 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index eb875c8644e1..4a1b7b76c3bf 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a9dad556ad736229d7d3847e68aeaf5b74e68989a0483bd1b9e2e3afd3bdf8df3d428ebc815eda9a255f5695aa SHA512 65ac338ee1b13ecc2b190f1ea39c987110a06f3b67610e094ffc1ef4117d487c34af1e11b90de0c28035bfc5cb10ca7996ed991d9afce7985973fabb48cd7ac8
-DIST nss-3.102.1.tar.gz 76460182 BLAKE2B 47e61d13bf4d6615ecc830d7c745a7a736fe5f1b4de7375f4cf9274db8f42b5ea7cd737e03f6a83e26579cfec1ff1b349e24e548a57fd2d0950b955bfd208851 SHA512 1df10aab1f37c1d00dc3b81aaa341f99c2bac22997aae412ee639e0959ffa37e35cbc21b0f90c2612401aadb119bab4202209186f54fb8d58cf7c3123456e90f
 DIST nss-3.103.tar.gz 76470174 BLAKE2B 0d57ad2479f26d0ff8f3021b435ee936e82408e5f3f213804397934f1d01c2178f641247cfc84de36616eb92d06fb002fb77a4285ff84a86a3217e960d175475 SHA512 bc7680fc34d84de7953b27f1a220681f3f5c5a501a82be210ec6134894313f6a2c9bfcc350f4802152a5e3a1fc2defc74d700445ade338d6c86a923ac8b4dc75
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.102.1.ebuild b/dev-libs/nss/nss-3.102.1.ebuild
deleted file mode 100644
index 84a8b5aed29e..000000000000
--- a/dev-libs/nss/nss-3.102.1.ebuild
+++ /dev/null
@@ -1,418 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
-	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "30-45+ minutes per lib configuration. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-08-31 13:11 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-08-31 13:11 UTC (permalink / raw
  To: gentoo-commits

commit:     5456da54a2f2c6ea8fd38eccdd3bd2652a21a09f
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 31 13:10:51 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Aug 31 13:10:51 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5456da54

dev-libs/nss: add 3.104

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   2 +
 dev-libs/nss/nss-3.104.ebuild | 419 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 421 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 4a1b7b76c3bf..3e42ef462e53 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,7 @@
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a9dad556ad736229d7d3847e68aeaf5b74e68989a0483bd1b9e2e3afd3bdf8df3d428ebc815eda9a255f5695aa SHA512 65ac338ee1b13ecc2b190f1ea39c987110a06f3b67610e094ffc1ef4117d487c34af1e11b90de0c28035bfc5cb10ca7996ed991d9afce7985973fabb48cd7ac8
 DIST nss-3.103.tar.gz 76470174 BLAKE2B 0d57ad2479f26d0ff8f3021b435ee936e82408e5f3f213804397934f1d01c2178f641247cfc84de36616eb92d06fb002fb77a4285ff84a86a3217e960d175475 SHA512 bc7680fc34d84de7953b27f1a220681f3f5c5a501a82be210ec6134894313f6a2c9bfcc350f4802152a5e3a1fc2defc74d700445ade338d6c86a923ac8b4dc75
+DIST nss-3.104-cacert-class1-class3.patch 22038 BLAKE2B 66e2dd47230d6aa58a767e35c9c069fa29f3111d470345e0f69486d1eead3cd1741939ac394f6b9b637e79a10d658cfb1a9da4387953b8968a9001bab94d4de0 SHA512 bafc4212e0e0ca3eb129a5b88767727159c6ec3da450c7625d0b282f82699378d64eaa2c3fecb72c61000ec9b6d3c24f20bc7defdac6edc673e0fbb26e0c1f7e
+DIST nss-3.104.tar.gz 76468542 BLAKE2B 78bce851b831aee0e105a4bf2f3ff965dda5dcefc0988272298596ecf1c0fa03eb2059b2cf261536fc221fb5a620c0397dd9c1a53cc13e5dd339981ac0f9d665 SHA512 ec6eb32847da544ff5a2947360d9343f9b2cfea83b86cb8d7fdbacd9d97329f02de4844084c4bcbc4ebceb666d7c23bd3aa1a73a092e10792742e7b9aa7b98e8
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.104.ebuild b/dev-libs/nss/nss-3.104.ebuild
new file mode 100644
index 000000000000..4b2df22baf4f
--- /dev/null
+++ b/dev-libs/nss/nss-3.104.ebuild
@@ -0,0 +1,419 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.104-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
+	"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.104-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "~10 minutes per lib configuration with only 'standard' tests,"
+	einfo "~40 minutes per lib configuration with 'full' tests. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	export NSS_CYCLES=standard
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-09-27  8:35 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-09-27  8:35 UTC (permalink / raw
  To: gentoo-commits

commit:     7f6be98391d375fa0ca28af33c1efa82f4656eec
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 27 08:33:00 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Sep 27 08:35:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f6be983

dev-libs/nss: add 3.105

 - add "test-full" use flag to run all test sets.

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   1 +
 dev-libs/nss/metadata.xml     |   1 +
 dev-libs/nss/nss-3.105.ebuild | 427 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 429 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3e42ef462e53..ce07920cd486 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,5 +3,6 @@ DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a
 DIST nss-3.103.tar.gz 76470174 BLAKE2B 0d57ad2479f26d0ff8f3021b435ee936e82408e5f3f213804397934f1d01c2178f641247cfc84de36616eb92d06fb002fb77a4285ff84a86a3217e960d175475 SHA512 bc7680fc34d84de7953b27f1a220681f3f5c5a501a82be210ec6134894313f6a2c9bfcc350f4802152a5e3a1fc2defc74d700445ade338d6c86a923ac8b4dc75
 DIST nss-3.104-cacert-class1-class3.patch 22038 BLAKE2B 66e2dd47230d6aa58a767e35c9c069fa29f3111d470345e0f69486d1eead3cd1741939ac394f6b9b637e79a10d658cfb1a9da4387953b8968a9001bab94d4de0 SHA512 bafc4212e0e0ca3eb129a5b88767727159c6ec3da450c7625d0b282f82699378d64eaa2c3fecb72c61000ec9b6d3c24f20bc7defdac6edc673e0fbb26e0c1f7e
 DIST nss-3.104.tar.gz 76468542 BLAKE2B 78bce851b831aee0e105a4bf2f3ff965dda5dcefc0988272298596ecf1c0fa03eb2059b2cf261536fc221fb5a620c0397dd9c1a53cc13e5dd339981ac0f9d665 SHA512 ec6eb32847da544ff5a2947360d9343f9b2cfea83b86cb8d7fdbacd9d97329f02de4844084c4bcbc4ebceb666d7c23bd3aa1a73a092e10792742e7b9aa7b98e8
+DIST nss-3.105.tar.gz 76620664 BLAKE2B 560a906758200aca522e7bb723b40a315bd97e99602c2f8d781efc290210e993fa350c56b66c4154df0f8d1a7e9465d384d11d6e32301a34b7a5126482607173 SHA512 1bee0945c9725a0022bc80de628d139bb6c6d93385005f2a4025214c650e9821e5a98117edb92d53749c74ff229f1c58e4c15b169f7946aaf6a51ba5147da554
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index ed59ce5ad9ec..fbacbeb02ad5 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -9,6 +9,7 @@
   <flag name="cacert">
     Include root/class3 certs from CAcert (https://www.cacert.org/)
   </flag>
+  <flag name="test-full">Run all available tests, instead of the standard set only</flag>
   <flag name="utils">Compile and install all extra binaries, such as certutil, modutil and few more</flag>
 </use>
 <upstream>

diff --git a/dev-libs/nss/nss-3.105.ebuild b/dev-libs/nss/nss-3.105.ebuild
new file mode 100644
index 000000000000..3be838138e78
--- /dev/null
+++ b/dev-libs/nss/nss-3.105.ebuild
@@ -0,0 +1,427 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.104-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test test-full +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="test-full? ( test )"
+
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
+	"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.104-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "~10 minutes per lib configuration with only 'standard' tests,"
+	einfo "~40 minutes per lib configuration with 'full' tests. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	if use test-full ; then
+		# export NSS_CYCLES="standard pkix sharedb"
+		:;
+	else
+		export NSS_CYCLES="standard"
+	fi
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed -e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-09-28 12:46 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-09-28 12:46 UTC (permalink / raw
  To: gentoo-commits

commit:     679d06f0b6e163ed108f8e15ec764c1cce0bfc22
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 28 12:43:39 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Sep 28 12:43:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=679d06f0

dev-libs/nss: drop 3.103, 3.104

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   2 -
 dev-libs/nss/nss-3.103.ebuild | 419 ------------------------------------------
 dev-libs/nss/nss-3.104.ebuild | 419 ------------------------------------------
 3 files changed, 840 deletions(-)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index ce07920cd486..e199c341d5a4 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,8 +1,6 @@
 DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff0401b195c035f4b607865c4d29976e4ad2c8143321d65b41b996e922362e076aa8259304ed67b0c4a1f8df2fdfdb1d893319f5d5e7 SHA512 19438aefbb361881c1b4620d8b1b5e7d2bf5afb44900858d3728ff6999a792bf6fe073a11f591ab70461bee8c54fdfb097e4084b402842bc49d2139897de304d
 DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a9dad556ad736229d7d3847e68aeaf5b74e68989a0483bd1b9e2e3afd3bdf8df3d428ebc815eda9a255f5695aa SHA512 65ac338ee1b13ecc2b190f1ea39c987110a06f3b67610e094ffc1ef4117d487c34af1e11b90de0c28035bfc5cb10ca7996ed991d9afce7985973fabb48cd7ac8
-DIST nss-3.103.tar.gz 76470174 BLAKE2B 0d57ad2479f26d0ff8f3021b435ee936e82408e5f3f213804397934f1d01c2178f641247cfc84de36616eb92d06fb002fb77a4285ff84a86a3217e960d175475 SHA512 bc7680fc34d84de7953b27f1a220681f3f5c5a501a82be210ec6134894313f6a2c9bfcc350f4802152a5e3a1fc2defc74d700445ade338d6c86a923ac8b4dc75
 DIST nss-3.104-cacert-class1-class3.patch 22038 BLAKE2B 66e2dd47230d6aa58a767e35c9c069fa29f3111d470345e0f69486d1eead3cd1741939ac394f6b9b637e79a10d658cfb1a9da4387953b8968a9001bab94d4de0 SHA512 bafc4212e0e0ca3eb129a5b88767727159c6ec3da450c7625d0b282f82699378d64eaa2c3fecb72c61000ec9b6d3c24f20bc7defdac6edc673e0fbb26e0c1f7e
-DIST nss-3.104.tar.gz 76468542 BLAKE2B 78bce851b831aee0e105a4bf2f3ff965dda5dcefc0988272298596ecf1c0fa03eb2059b2cf261536fc221fb5a620c0397dd9c1a53cc13e5dd339981ac0f9d665 SHA512 ec6eb32847da544ff5a2947360d9343f9b2cfea83b86cb8d7fdbacd9d97329f02de4844084c4bcbc4ebceb666d7c23bd3aa1a73a092e10792742e7b9aa7b98e8
 DIST nss-3.105.tar.gz 76620664 BLAKE2B 560a906758200aca522e7bb723b40a315bd97e99602c2f8d781efc290210e993fa350c56b66c4154df0f8d1a7e9465d384d11d6e32301a34b7a5126482607173 SHA512 1bee0945c9725a0022bc80de628d139bb6c6d93385005f2a4025214c650e9821e5a98117edb92d53749c74ff229f1c58e4c15b169f7946aaf6a51ba5147da554
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.103.ebuild b/dev-libs/nss/nss-3.103.ebuild
deleted file mode 100644
index ed8e68fc8de7..000000000000
--- a/dev-libs/nss/nss-3.103.ebuild
+++ /dev/null
@@ -1,419 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.101-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
-	"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-3.101-cacert-class1-class3.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "~10 minutes per lib configuration with only 'standard' tests,"
-	einfo "~40 minutes per lib configuration with 'full' tests. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}

diff --git a/dev-libs/nss/nss-3.104.ebuild b/dev-libs/nss/nss-3.104.ebuild
deleted file mode 100644
index 9ef72894f5d2..000000000000
--- a/dev-libs/nss/nss-3.104.ebuild
+++ /dev/null
@@ -1,419 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
-	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.104-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
-	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
-	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
-	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-	virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/nss-config
-)
-
-PATCHES=(
-	"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
-	"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
-	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
-)
-
-src_prepare() {
-	default
-
-	if use cacert ; then
-		eapply -p2 "${DISTDIR}"/nss-3.104-cacert-class1-class3.patch
-	fi
-
-	pushd coreconf >/dev/null || die
-	# hack nspr paths
-	echo 'INCLUDES += -I$(DIST)/include/dbm' \
-		>> headers.mk || die "failed to append include"
-
-	# modify install path
-	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-		-i source.mk || die
-
-	# Respect LDFLAGS
-	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
-	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
-	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
-	popd >/dev/null || die
-
-	# Fix pkgconfig file for Prefix
-	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
-		config/Makefile || die
-
-	# use host shlibsign if need be #436216
-	if tc-is-cross-compiler ; then
-		sed -i \
-			-e 's:"${2}"/shlibsign:shlibsign:' \
-			cmd/shlibsign/sign.sh || die
-	fi
-
-	# dirty hack
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
-		lib/ssl/config.mk || die
-	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
-		cmd/platlibs.mk || die
-
-	multilib_copy_sources
-
-	strip-flags
-}
-
-multilib_src_configure() {
-	# Ensure we stay multilib aware
-	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
-	# Most of the arches are the same as $ARCH
-	local t=${1:-${CHOST}}
-	case ${t} in
-		*86*-pc-solaris2*) echo "i86pc"   ;;
-		aarch64*)          echo "aarch64" ;;
-		hppa*)             echo "parisc"  ;;
-		i?86*)             echo "i686"    ;;
-		x86_64*)           echo "x86_64"  ;;
-		*)                 tc-arch ${t}   ;;
-	esac
-}
-
-nssbits() {
-	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
-	if [[ ${1} == BUILD_ ]]; then
-		cc=$(tc-getBUILD_CC)
-	else
-		cc=$(tc-getCC)
-	fi
-	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
-	echo > "${T}"/test.c || die
-	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
-	case $(file -S "${T}/${1}test.o") in
-		*32-bit*x86-64*) echo USE_X32=1;;
-		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
-		*32-bit*|*ppc*|*i386*) ;;
-		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
-	esac
-}
-
-multilib_src_compile() {
-	# use ABI to determine bit'ness, or fallback if unset
-	local buildbits mybits
-	case "${ABI}" in
-		n32) mybits="USE_N32=1";;
-		x32) mybits="USE_X32=1";;
-		s390x|*64) mybits="USE_64=1";;
-		${DEFAULT_ABI})
-			einfo "Running compilation test to determine bit'ness"
-			mybits=$(nssbits)
-			;;
-	esac
-	# bitness of host may differ from target
-	if tc-is-cross-compiler; then
-		buildbits=$(nssbits BUILD_)
-	fi
-
-	local makeargs=(
-		CC="$(tc-getCC)"
-		CCC="$(tc-getCXX)"
-		AR="$(tc-getAR) rc \$@"
-		RANLIB="$(tc-getRANLIB)"
-		OPTIMIZER=
-		${mybits}
-		disable_ckbi=0
-	)
-
-	# Take care of nspr settings #436216
-	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
-	unset NSPR_INCLUDE_DIR
-
-	export NSS_ALLOW_SSLKEYLOGFILE=1
-	export NSS_ENABLE_WERROR=0 #567158
-	export BUILD_OPT=1
-	export NSS_USE_SYSTEM_SQLITE=1
-	export NSDISTMODE=copy
-	export FREEBL_NO_DEPEND=1
-	export FREEBL_LOWHASH=1
-	export NSS_SEED_ONLY_DEV_URANDOM=1
-	export USE_SYSTEM_ZLIB=1
-	export ZLIB_LIBS=-lz
-	export ASFLAGS=""
-	# Fix build failure on arm64
-	export NS_USE_GCC=1
-	# Detect compiler type and set proper environment value
-	if tc-is-gcc; then
-		export CC_IS_GCC=1
-	elif tc-is-clang; then
-		export CC_IS_CLANG=1
-	fi
-
-	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
-	# Include exportable custom settings defined by users, #900915
-	# Two examples uses:
-	#   EXTRA_NSSCONF="MYONESWITCH=1"
-	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
-	# e.g.
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
-	# or
-	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
-	# etc.
-	if [[ -n "${EXTRA_NSSCONF}" ]]; then
-		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
-		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
-		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
-			export "${myextranssconf[$i]}"
-			echo "exported ${myextranssconf[$i]}"
-		done
-	fi
-
-	# explicitly disable altivec/vsx if not requested
-	# https://bugs.gentoo.org/789114
-	case ${ARCH} in
-		ppc*)
-			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
-			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
-			;;
-	esac
-
-	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
-	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
-	local d
-
-	# Build the host tools first.
-	LDFLAGS="${BUILD_LDFLAGS}" \
-	XCFLAGS="${BUILD_CFLAGS}" \
-	NSPR_LIB_DIR="${T}/fakedir" \
-	emake -C coreconf \
-		CC="$(tc-getBUILD_CC)" \
-			${buildbits-${mybits}}
-	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
-	# Then build the target tools.
-	for d in . lib/dbm ; do
-		CPPFLAGS="${myCPPFLAGS}" \
-		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
-		NSPR_LIB_DIR="${T}/fakedir" \
-		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
-	done
-}
-
-multilib_src_test() {
-	einfo "Tests can take a *long* time, especially on a multilib system."
-	einfo "~10 minutes per lib configuration with only 'standard' tests,"
-	einfo "~40 minutes per lib configuration with 'full' tests. Bug #852755"
-
-	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
-	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
-	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
-	export BUILD_OPT=1
-	export HOST="localhost"
-	export DOMSUF="localdomain"
-	export USE_IP=TRUE
-	export IP_ADDRESS="127.0.0.1"
-
-	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
-	# per lib implementation.
-	export NSS_CYCLES=standard
-
-	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
-	cd "${BUILD_DIR}"/tests || die
-	# Hack to get current objdir (prefixed dir where built binaries are)
-	# Without this, at least multilib tests go wrong when building the amd64 variant
-	# after x86.
-	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
-	# Can tweak to a subset of tests in future if we need to, but would prefer not
-	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-#	*/${local_libdir}/libfreebl3.so*
-#	*/${local_libdir}/libnssdbm3.so*
-#	*/${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
-	local shlibsign="$1"
-	local libdir="$2"
-	einfo "Resigning core NSS libraries for FIPS validation"
-	shift 2
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libname=lib${i}.so
-		local chkname=lib${i}.chk
-		"${shlibsign}" \
-			-i "${libdir}"/${libname} \
-			-o "${libdir}"/${chkname}.tmp \
-		&& mv -f \
-			"${libdir}"/${chkname}.tmp \
-			"${libdir}"/${chkname} \
-		|| die "Failed to sign ${libname}"
-	done
-}
-
-cleanup_chk() {
-	local libdir="$1"
-	shift 1
-	local i
-	for i in ${NSS_CHK_SIGN_LIBS} ; do
-		local libfname="${libdir}/lib${i}.so"
-		# If the major version has changed, then we have old chk files.
-		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
-			&& rm -f "${libfname}.chk"
-	done
-}
-
-multilib_src_install() {
-	pushd dist >/dev/null || die
-
-	dodir /usr/$(get_libdir)
-	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
-	local i
-	for i in crmf freebl nssb nssckfw ; do
-		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
-	done
-
-	# Install nss-config and pkgconfig file
-	dodir /usr/bin
-	cp -L */bin/nss-config "${ED}"/usr/bin || die
-	dodir /usr/$(get_libdir)/pkgconfig
-	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
-	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
-	# bug 517266
-	sed 	-e 's#Libs:#Libs: -lfreebl#' \
-		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
-		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
-		|| die "could not create nss-softokn.pc"
-
-	# all the include files
-	insinto /usr/include/nss
-	doins public/nss/*.{h,api}
-	insinto /usr/include/nss/private
-	doins private/nss/{blapi,alghmac,cmac}.h
-
-	popd >/dev/null || die
-
-	local f nssutils
-	# Always enabled because we need it for chk generation.
-	nssutils=( shlibsign )
-
-	if multilib_is_native_abi ; then
-		if use utils; then
-			# The tests we do not need to install.
-			#nssutils_test="bltest crmftest dbtest dertimetest
-			#fipstest remtest sdrtest"
-			# checkcert utils has been removed in nss-3.22:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
-			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
-			# certcgi has been removed in nss-3.36:
-			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
-			nssutils+=(
-				addbuiltin
-				atob
-				baddbdir
-				btoa
-				certutil
-				cmsutil
-				conflict
-				crlutil
-				derdump
-				digest
-				makepqg
-				mangle
-				modutil
-				multinit
-				nonspr10
-				ocspclnt
-				oidcalc
-				p7content
-				p7env
-				p7sign
-				p7verify
-				pk11mode
-				pk12util
-				pp
-				rsaperf
-				selfserv
-				signtool
-				signver
-				ssltap
-				strsclnt
-				symkeyutil
-				tstclnt
-				vfychain
-				vfyserv
-			)
-			# install man-pages for utils (bug #516810)
-			doman doc/nroff/*.1
-		fi
-		pushd dist/*/bin >/dev/null || die
-		for f in ${nssutils[@]}; do
-			dobin ${f}
-		done
-		popd >/dev/null || die
-	fi
-}
-
-pkg_postinst() {
-	multilib_pkg_postinst() {
-		# We must re-sign the libraries AFTER they are stripped.
-		local shlibsign="${EROOT}/usr/bin/shlibsign"
-		# See if we can execute it (cross-compiling & such). #436216
-		"${shlibsign}" -h >&/dev/null
-		if [[ $? -gt 1 ]] ; then
-			shlibsign="shlibsign"
-		fi
-		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
-	multilib_pkg_postrm() {
-		cleanup_chk "${EROOT}"/usr/$(get_libdir)
-	}
-
-	multilib_foreach_abi multilib_pkg_postrm
-}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-02  8:14 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-10-02  8:14 UTC (permalink / raw
  To: gentoo-commits

commit:     c0d554a55e67402ead05080d83f7ab4d1a499565
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  2 08:14:17 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Oct  2 08:14:17 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0d554a5

dev-libs/nss: Stabilize 3.101.2 amd64, #940638

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.101.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
index e242b927b37e..3c29ff945fda 100644
--- a/dev-libs/nss/nss-3.101.2.ebuild
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-02  8:31 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-10-02  8:31 UTC (permalink / raw
  To: gentoo-commits

commit:     a5fe286759609769230afd40f3a5cb7eb405553e
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  2 08:31:17 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Oct  2 08:31:17 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5fe2867

dev-libs/nss: Stabilize 3.101.2 x86, #940638

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/nss-3.101.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
index 3c29ff945fda..704b1768205c 100644
--- a/dev-libs/nss/nss-3.101.2.ebuild
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-02 11:08 Jakov Smolić
  0 siblings, 0 replies; 466+ messages in thread
From: Jakov Smolić @ 2024-10-02 11:08 UTC (permalink / raw
  To: gentoo-commits

commit:     370006dededb40821c63ff58dbdf9859b9816c22
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  2 11:07:41 2024 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Wed Oct  2 11:07:41 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=370006de

dev-libs/nss: Stabilize 3.101.2 ppc64, #940638

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/nss/nss-3.101.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
index 704b1768205c..2f721aaa1aa9 100644
--- a/dev-libs/nss/nss-3.101.2.ebuild
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-02 11:08 Jakov Smolić
  0 siblings, 0 replies; 466+ messages in thread
From: Jakov Smolić @ 2024-10-02 11:08 UTC (permalink / raw
  To: gentoo-commits

commit:     d3f5a5656ab4dfd946691be44d0e7330eabbb852
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  2 11:08:22 2024 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Wed Oct  2 11:08:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3f5a565

dev-libs/nss: Stabilize 3.101.2 ppc, #940638

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 dev-libs/nss/nss-3.101.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
index 2f721aaa1aa9..11670ce80df7 100644
--- a/dev-libs/nss/nss-3.101.2.ebuild
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-03 16:11 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-10-03 16:11 UTC (permalink / raw
  To: gentoo-commits

commit:     3a38aa722b448d41cd79c10b20752b7bef09cc8a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  3 16:11:06 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Oct  3 16:11:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a38aa72

dev-libs/nss: Stabilize 3.101.2 arm, #940638

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.101.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
index 11670ce80df7..f7ade7b216b1 100644
--- a/dev-libs/nss/nss-3.101.2.ebuild
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-14 19:11 Arthur Zamarin
  0 siblings, 0 replies; 466+ messages in thread
From: Arthur Zamarin @ 2024-10-14 19:11 UTC (permalink / raw
  To: gentoo-commits

commit:     b4e543fe5019015f09944370a20445bc944d8899
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 14 19:10:11 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 14 19:10:55 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4e543fe

dev-libs/nss: Stabilize 3.101.2 sparc, #940638

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 dev-libs/nss/nss-3.101.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev-libs/nss/nss-3.101.2.ebuild b/dev-libs/nss/nss-3.101.2.ebuild
index f7ade7b216b1..d8f7f057b6c9 100644
--- a/dev-libs/nss/nss-3.101.2.ebuild
+++ b/dev-libs/nss/nss-3.101.2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/$
 
 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris"
 IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
 RESTRICT="!test? ( test )"
 # pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND


^ permalink raw reply related	[flat|nested] 466+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/
@ 2024-10-25 11:09 Joonas Niilola
  0 siblings, 0 replies; 466+ messages in thread
From: Joonas Niilola @ 2024-10-25 11:09 UTC (permalink / raw
  To: gentoo-commits

commit:     6e5e20b0ff363cf60179b106af2b66e8636b5221
Author:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 25 10:57:17 2024 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Oct 25 11:09:36 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e5e20b0

dev-libs/nss: add 3.106

Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 dev-libs/nss/Manifest         |   1 +
 dev-libs/nss/nss-3.106.ebuild | 427 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 428 insertions(+)

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e199c341d5a4..3105c791b75d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,5 +2,6 @@ DIST nss-3.101-cacert-class1-class3.patch 21925 BLAKE2B 2b37f6b69e0541f31087ff04
 DIST nss-3.101.2.tar.gz 76462495 BLAKE2B 3a0dfd7aa68bc11f332decfc9cb7003b8d8fa6a9dad556ad736229d7d3847e68aeaf5b74e68989a0483bd1b9e2e3afd3bdf8df3d428ebc815eda9a255f5695aa SHA512 65ac338ee1b13ecc2b190f1ea39c987110a06f3b67610e094ffc1ef4117d487c34af1e11b90de0c28035bfc5cb10ca7996ed991d9afce7985973fabb48cd7ac8
 DIST nss-3.104-cacert-class1-class3.patch 22038 BLAKE2B 66e2dd47230d6aa58a767e35c9c069fa29f3111d470345e0f69486d1eead3cd1741939ac394f6b9b637e79a10d658cfb1a9da4387953b8968a9001bab94d4de0 SHA512 bafc4212e0e0ca3eb129a5b88767727159c6ec3da450c7625d0b282f82699378d64eaa2c3fecb72c61000ec9b6d3c24f20bc7defdac6edc673e0fbb26e0c1f7e
 DIST nss-3.105.tar.gz 76620664 BLAKE2B 560a906758200aca522e7bb723b40a315bd97e99602c2f8d781efc290210e993fa350c56b66c4154df0f8d1a7e9465d384d11d6e32301a34b7a5126482607173 SHA512 1bee0945c9725a0022bc80de628d139bb6c6d93385005f2a4025214c650e9821e5a98117edb92d53749c74ff229f1c58e4c15b169f7946aaf6a51ba5147da554
+DIST nss-3.106.tar.gz 76621626 BLAKE2B 097a37c396915962a8058c8b8db9dfda11883a58ab36410aad18908fa2d36d886a19d3328d0d7b8d5dd23041bd8253db1d51a5968dfadf3051c3b0e2b0aa2469 SHA512 1659dbc587f93c019f9ca158b3739cb8a05e067ff5660cae586019c93fe5ebdc94885a564d129efbb7ed7ee029636a3a750f3932570c3b02e76fa2593492673f
 DIST nss-3.90.2.tar.gz 72215444 BLAKE2B 74b8eebf5f053dcebd9c6e6ef17c6113ac42a01f910f4ba621dadb09739d5a6090d022800d2c3a4bc0c58413f03512ca611ead1098488d303f1ee1e4bca5c222 SHA512 048a0c0a06fef8cd9c363ac511b9d6125ec131a306c5e093525a937f9e8740f1a2163f274c9a3907ed38331b2fb99b22b528b5e89da1e186c9ba9473d959ef4a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/dev-libs/nss/nss-3.106.ebuild b/dev-libs/nss/nss-3.106.ebuild
new file mode 100644
index 000000000000..3be838138e78
--- /dev/null
+++ b/dev-libs/nss/nss-3.106.ebuild
@@ -0,0 +1,427 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~juippis/mozilla/patchsets/nss-3.104-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="cacert test test-full +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="test-full? ( test )"
+
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
+	"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
+	"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+)
+
+src_prepare() {
+	default
+
+	if use cacert ; then
+		eapply -p2 "${DISTDIR}"/nss-3.104-cacert-class1-class3.patch
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+	sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		*86*-pc-solaris2*) echo "i86pc"   ;;
+		aarch64*)          echo "aarch64" ;;
+		hppa*)             echo "parisc"  ;;
+		i?86*)             echo "i686"    ;;
+		x86_64*)           echo "x86_64"  ;;
+		*)                 tc-arch ${t}   ;;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	# TODO: Port this to toolchain-funcs tc-get-ptr-size/tc-get-build-ptr-size
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -fno-lto -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file -S "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		CCC="$(tc-getCXX)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+		disable_ckbi=0
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	export NSS_ALLOW_SSLKEYLOGFILE=1
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export FREEBL_NO_DEPEND=1
+	export FREEBL_LOWHASH=1
+	export NSS_SEED_ONLY_DEV_URANDOM=1
+	export USE_SYSTEM_ZLIB=1
+	export ZLIB_LIBS=-lz
+	export ASFLAGS=""
+	# Fix build failure on arm64
+	export NS_USE_GCC=1
+	# Detect compiler type and set proper environment value
+	if tc-is-gcc; then
+		export CC_IS_GCC=1
+	elif tc-is-clang; then
+		export CC_IS_CLANG=1
+	fi
+
+	export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+	# Include exportable custom settings defined by users, #900915
+	# Two examples uses:
+	#   EXTRA_NSSCONF="MYONESWITCH=1"
+	#   EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
+	# e.g.
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
+	# or
+	#   EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
+	# etc.
+	if [[ -n "${EXTRA_NSSCONF}" ]]; then
+		ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
+		read -a myextranssconf <<< "${EXTRA_NSSCONF}"
+
+		for (( i=0; i<${#myextranssconf[@]}; i++ )); do
+			export "${myextranssconf[$i]}"
+			echo "exported ${myextranssconf[$i]}"
+		done
+	fi
+
+	# explicitly disable altivec/vsx if not requested
+	# https://bugs.gentoo.org/789114
+	case ${ARCH} in
+		ppc*)
+			use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+			use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+			;;
+	esac
+
+	use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
+	use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+			${buildbits-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+	done
+}
+
+multilib_src_test() {
+	einfo "Tests can take a *long* time, especially on a multilib system."
+	einfo "~10 minutes per lib configuration with only 'standard' tests,"
+	einfo "~40 minutes per lib configuration with 'full' tests. Bug #852755"
+
+	# https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+	# https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+	# https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+	export BUILD_OPT=1
+	export HOST="localhost"
+	export DOMSUF="localdomain"
+	export USE_IP=TRUE
+	export IP_ADDRESS="127.0.0.1"
+
+	# Only run the standard cycle instead of full, reducing testing time from 45 minutes to 15
+	# per lib implementation.
+	if use test-full ; then
+		# export NSS_CYCLES="standard pkix sharedb"
+		:;
+	else
+		export NSS_CYCLES="standard"
+	fi
+
+	NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+	cd "${BUILD_DIR}"/tests || die
+	# Hack to get current objdir (prefixed dir where built binaries are)
+	# Without this, at least multilib tests go wrong when building the amd64 variant
+	# after x86.
+	local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+	# Can tweak to a subset of tests in future if we need to, but would prefer not
+	OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	local i
+	for i in crmf freebl nssb nssckfw ; do
+		cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	done
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed -e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.{h,api}
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac,cmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils=( shlibsign )
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			# certcgi has been removed in nss-3.36:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+			nssutils+=(
+				addbuiltin
+				atob
+				baddbdir
+				btoa
+				certutil
+				cmsutil
+				conflict
+				crlutil
+				derdump
+				digest
+				makepqg
+				mangle
+				modutil
+				multinit
+				nonspr10
+				ocspclnt
+				oidcalc
+				p7content
+				p7env
+				p7sign
+				p7verify
+				pk11mode
+				pk12util
+				pp
+				rsaperf
+				selfserv
+				signtool
+				signver
+				ssltap
+				strsclnt
+				symkeyutil
+				tstclnt
+				vfychain
+				vfyserv
+			)
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils[@]}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}


^ permalink raw reply related	[flat|nested] 466+ messages in thread

end of thread, other threads:[~2024-10-25 11:09 UTC | newest]

Thread overview: 466+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-25  8:12 [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/ Agostino Sarubbo
  -- strict thread matches above, loose matches on Subject: below --
2024-10-25 11:09 Joonas Niilola
2024-10-14 19:11 Arthur Zamarin
2024-10-03 16:11 Arthur Zamarin
2024-10-02 11:08 Jakov Smolić
2024-10-02 11:08 Jakov Smolić
2024-10-02  8:31 Joonas Niilola
2024-10-02  8:14 Joonas Niilola
2024-09-28 12:46 Joonas Niilola
2024-09-27  8:35 Joonas Niilola
2024-08-31 13:11 Joonas Niilola
2024-08-27  7:00 Joonas Niilola
2024-08-03  7:18 Joonas Niilola
2024-07-28  6:57 Joonas Niilola
2024-07-25 12:12 Joonas Niilola
2024-07-05  8:02 Joonas Niilola
2024-07-05  8:02 Joonas Niilola
2024-07-01 18:55 Mike Gilbert
2024-06-30  6:10 Joonas Niilola
2024-06-08  6:39 Joonas Niilola
2024-06-01  8:37 Joonas Niilola
2024-05-28 18:45 Joonas Niilola
2024-05-26 16:14 Arthur Zamarin
2024-05-09  5:23 Joonas Niilola
2024-05-01 23:18 Ionen Wolkens
2024-05-01 23:18 Ionen Wolkens
2024-05-01 23:18 Ionen Wolkens
2024-05-01  5:28 Joonas Niilola
2024-04-15  7:37 Joonas Niilola
2024-04-15  7:24 Joonas Niilola
2024-04-02 11:30 Sam James
2024-04-02 11:30 Sam James
2024-04-02 11:30 Sam James
2024-04-02  6:40 Joonas Niilola
2024-04-02  6:40 Joonas Niilola
2024-04-01  6:47 Joonas Niilola
2024-03-17  9:48 Arthur Zamarin
2024-03-17  9:48 Arthur Zamarin
2024-03-17  9:48 Arthur Zamarin
2024-03-17  9:48 Arthur Zamarin
2024-03-17  7:40 Joonas Niilola
2024-03-17  7:40 Joonas Niilola
2024-02-22 11:15 Sam James
2024-02-22  7:07 Joonas Niilola
2024-02-22  7:07 Joonas Niilola
2024-02-21  8:45 Joonas Niilola
2024-02-17  9:18 Joonas Niilola
2024-01-23  8:54 Joonas Niilola
2024-01-06  9:32 Joonas Niilola
2023-12-19  7:59 Joonas Niilola
2023-12-19  7:59 Joonas Niilola
2023-12-16  9:53 Joonas Niilola
2023-12-16  9:53 Joonas Niilola
2023-12-16  8:24 Joonas Niilola
2023-12-16  8:10 Joonas Niilola
2023-12-16  8:10 Joonas Niilola
2023-12-05 19:56 Arthur Zamarin
2023-12-05 19:56 Arthur Zamarin
2023-12-05 19:56 Arthur Zamarin
2023-12-05 19:56 Arthur Zamarin
2023-12-02  6:51 Joonas Niilola
2023-10-17 12:32 Sam James
2023-10-04 19:37 Sam James
2023-10-03  6:57 Joonas Niilola
2023-09-28  6:43 Joonas Niilola
2023-09-27  2:55 Sam James
2023-09-26 20:40 Sam James
2023-09-01  8:56 Joonas Niilola
2023-08-22  5:45 Joonas Niilola
2023-07-28  8:24 Joonas Niilola
2023-07-02 16:47 Joonas Niilola
2023-06-29  6:51 Joonas Niilola
2023-06-29  6:41 Joonas Niilola
2023-06-05  9:31 Joonas Niilola
2023-05-11  7:01 Joonas Niilola
2023-05-06  8:51 Sam James
2023-05-06  8:18 Joonas Niilola
2023-04-15  6:19 Joonas Niilola
2023-04-12 13:23 Sam James
2023-04-12  2:41 Sam James
2023-04-11 20:11 Arthur Zamarin
2023-04-11 13:11 Arthur Zamarin
2023-04-11 13:11 Arthur Zamarin
2023-04-11  7:01 Joonas Niilola
2023-04-11  7:01 Joonas Niilola
2023-03-25  6:32 Joonas Niilola
2023-03-10  9:14 Joonas Niilola
2023-03-10  9:14 Joonas Niilola
2023-02-22  7:14 Joonas Niilola
2023-01-06  8:36 Joonas Niilola
2022-11-20 14:42 Joonas Niilola
2022-11-18  7:20 Joonas Niilola
2022-11-11  8:34 Joonas Niilola
2022-11-03  8:08 Joonas Niilola
2022-11-03  8:08 Joonas Niilola
2022-11-02 18:12 Arthur Zamarin
2022-11-02 18:12 Arthur Zamarin
2022-11-02 18:12 Arthur Zamarin
2022-11-02 18:08 Arthur Zamarin
2022-11-02 16:15 Sam James
2022-11-02 14:24 Joonas Niilola
2022-11-02 14:24 Joonas Niilola
2022-10-17  5:16 Joonas Niilola
2022-10-14  7:10 Joonas Niilola
2022-09-23  7:03 Agostino Sarubbo
2022-09-22  4:09 Sam James
2022-09-22  4:09 Sam James
2022-09-21 17:45 Arthur Zamarin
2022-09-21 17:45 Arthur Zamarin
2022-09-21 12:30 Joonas Niilola
2022-09-21 12:30 Joonas Niilola
2022-09-19  6:06 Joonas Niilola
2022-09-16  9:34 Joonas Niilola
2022-08-24 17:57 Joonas Niilola
2022-08-23 13:11 Joonas Niilola
2022-08-23 13:11 Joonas Niilola
2022-08-19  8:15 Joonas Niilola
2022-07-23  9:13 Joonas Niilola
2022-07-23  9:13 Joonas Niilola
2022-06-25  9:32 Joonas Niilola
2022-06-17  7:37 Joonas Niilola
2022-06-17  7:37 Joonas Niilola
2022-06-05  6:18 Joonas Niilola
2022-06-04 11:15 Jakov Smolić
2022-06-03 11:20 Agostino Sarubbo
2022-06-03 11:17 Agostino Sarubbo
2022-06-03  6:41 Jakov Smolić
2022-06-02 23:13 Sam James
2022-06-02 23:13 Sam James
2022-06-02 11:49 Joonas Niilola
2022-06-02 11:49 Joonas Niilola
2022-06-01  9:38 Sam James
2022-06-01  7:34 Lars Wendler
2022-05-26  0:58 WANG Xuerui
2022-05-16  6:25 Joonas Niilola
2022-04-29  5:58 Joonas Niilola
2022-04-29  5:58 Joonas Niilola
2022-04-10 12:59 Joonas Niilola
2022-04-09 19:57 Arthur Zamarin
2022-04-09 16:32 Arthur Zamarin
2022-04-05  2:37 Sam James
2022-04-02 22:25 Sam James
2022-04-02 12:53 Arthur Zamarin
2022-04-02  8:11 Joonas Niilola
2022-04-02  8:11 Joonas Niilola
2022-04-02  7:33 Arthur Zamarin
2022-04-02  5:30 Joonas Niilola
2022-04-01  6:45 Joonas Niilola
2022-03-30  4:57 Joonas Niilola
2022-03-06 17:30 Joonas Niilola
2022-03-04  8:07 Joonas Niilola
2022-02-19  6:20 Joonas Niilola
2022-02-05 13:16 Joonas Niilola
2022-01-26 13:44 Joonas Niilola
2022-01-25 21:25 Sam James
2022-01-24 14:42 Sam James
2022-01-24  3:42 Sam James
2022-01-24  3:42 Sam James
2022-01-23 15:21 Sam James
2022-01-23  7:41 Joonas Niilola
2022-01-22 13:10 Joonas Niilola
2022-01-22 13:10 Joonas Niilola
2022-01-09 12:36 Joonas Niilola
2022-01-08 17:13 Lars Wendler
2022-01-08 17:13 Lars Wendler
2021-12-17  9:06 Joonas Niilola
2021-12-17  9:06 Joonas Niilola
2021-12-17  9:06 Joonas Niilola
2021-12-04  1:32 Sam James
2021-12-02  8:29 Agostino Sarubbo
2021-12-02  8:27 Agostino Sarubbo
2021-12-02  8:26 Agostino Sarubbo
2021-12-02  3:20 Sam James
2021-12-02  3:20 Sam James
2021-12-02  1:01 Sam James
2021-12-01 22:12 Sam James
2021-12-01 17:28 Thomas Deutschmann
2021-12-01 17:28 Thomas Deutschmann
2021-11-16  6:33 Joonas Niilola
2021-11-14  9:21 Sam James
2021-11-14  2:15 Sam James
2021-11-13 19:50 Sam James
2021-11-11 18:36 Arthur Zamarin
2021-11-11 15:14 Jakov Smolić
2021-11-11  7:32 Joonas Niilola
2021-11-11  6:51 Joonas Niilola
2021-11-10 18:11 Arthur Zamarin
2021-11-07  7:43 Joonas Niilola
2021-11-05  3:43 Sam James
2021-11-04  8:41 Joonas Niilola
2021-11-01  1:25 Thomas Deutschmann
2021-10-15 14:33 Thomas Deutschmann
2021-09-09 12:10 Joonas Niilola
2021-09-08  1:07 Georgy Yakovlev
2021-09-05 19:31 Thomas Deutschmann
2021-09-04  6:26 Joonas Niilola
2021-09-02 18:10 Georgy Yakovlev
2021-09-01 14:17 Thomas Deutschmann
2021-08-08 18:57 Lars Wendler
2021-08-08 18:57 Lars Wendler
2021-07-13 21:04 Thomas Deutschmann
2021-06-11 12:37 Thomas Deutschmann
2021-05-28 19:36 Thomas Deutschmann
2021-05-28 19:16 Thomas Deutschmann
2021-05-28 19:16 Thomas Deutschmann
2021-05-16 20:51 Thomas Deutschmann
2021-04-16 11:35 Thomas Deutschmann
2021-04-16 11:35 Thomas Deutschmann
2021-03-31 15:25 Sergei Trofimovich
2021-03-31 14:08 Agostino Sarubbo
2021-03-29 14:50 Sam James
2021-03-28 18:20 Sam James
2021-03-28 18:20 Sam James
2021-03-28 18:20 Sam James
2021-03-28 18:18 Sam James
2021-03-28 18:18 Sam James
2021-03-19  9:24 Lars Wendler
2021-03-19  9:24 Lars Wendler
2021-02-21 12:58 Fabian Groffen
2021-02-21  2:17 Thomas Deutschmann
2021-01-24  0:58 Thomas Deutschmann
2021-01-24  0:58 Thomas Deutschmann
2021-01-09 13:53 Lars Wendler
2021-01-09 12:38 Joonas Niilola
2021-01-06 19:34 Fabian Groffen
2020-12-22 23:08 Thomas Deutschmann
2020-12-14 18:38 Thomas Deutschmann
2020-11-17 19:05 Agostino Sarubbo
2020-11-14 10:44 Lars Wendler
2020-11-14 10:44 Lars Wendler
2020-10-31 15:47 Piotr Karbowski
2020-10-28 22:35 Sergei Trofimovich
2020-10-28 22:33 Sergei Trofimovich
2020-10-28 22:30 Sergei Trofimovich
2020-10-28 22:27 Sergei Trofimovich
2020-10-28 16:18 Sam James
2020-10-28  3:05 Sam James
2020-10-26 16:12 Thomas Deutschmann
2020-10-23 12:16 Sam James
2020-10-21  3:43 Sam James
2020-10-21  1:09 Sam James
2020-10-21  1:08 Sam James
2020-10-19 21:04 Thomas Deutschmann
2020-10-07  6:55 Agostino Sarubbo
2020-10-07  6:42 Agostino Sarubbo
2020-10-03  9:16 Sergei Trofimovich
2020-10-02 22:22 Sam James
2020-10-01 23:06 Sergei Trofimovich
2020-10-01 22:55 Sergei Trofimovich
2020-10-01 17:29 Sergei Trofimovich
2020-10-01 11:13 Sam James
2020-09-30 18:05 Thomas Deutschmann
2020-08-31 22:09 Thomas Deutschmann
2020-08-31 22:09 Thomas Deutschmann
2020-08-30 22:49 Sam James
2020-08-23 21:18 Thomas Deutschmann
2020-08-23 20:46 Thomas Deutschmann
2020-08-23  8:12 Sergei Trofimovich
2020-08-14 18:02 Sergei Trofimovich
2020-08-11 17:46 Sam James
2020-08-11 17:46 Sam James
2020-08-11 16:18 Sam James
2020-08-11 14:18 Agostino Sarubbo
2020-08-11 14:13 Agostino Sarubbo
2020-08-11 14:12 Agostino Sarubbo
2020-07-26  9:27 Lars Wendler
2020-06-29 22:08 Thomas Deutschmann
2020-06-29 13:37 Agostino Sarubbo
2020-06-29 10:02 Lars Wendler
2020-06-29 10:02 Lars Wendler
2020-06-19  7:58 Lars Wendler
2020-06-13 17:05 Mike Gilbert
2020-06-12 18:44 Sergei Trofimovich
2020-06-11  8:34 Agostino Sarubbo
2020-06-11  8:29 Agostino Sarubbo
2020-06-11  8:27 Agostino Sarubbo
2020-06-11  8:25 Agostino Sarubbo
2020-06-10 13:01 Agostino Sarubbo
2020-06-09 20:00 Mart Raudsepp
2020-06-09 14:42 Agostino Sarubbo
2020-06-09  9:20 Lars Wendler
2020-06-07 11:26 James Le Cuirot
2020-05-22 16:47 Lars Wendler
2020-05-02 19:12 Lars Wendler
2020-04-20  9:00 Lars Wendler
2020-04-20  7:46 Lars Wendler
2020-04-10 11:12 Lars Wendler
2020-03-20  9:16 Sergei Trofimovich
2020-03-18 16:03 Agostino Sarubbo
2020-03-18 12:03 Agostino Sarubbo
2020-03-18 11:31 Agostino Sarubbo
2020-03-18 11:11 Agostino Sarubbo
2020-03-18  9:49 Agostino Sarubbo
2020-03-17 18:44 Agostino Sarubbo
2020-03-17  8:34 Mart Raudsepp
2020-03-16 18:25 Sergei Trofimovich
2020-03-09 10:44 Lars Wendler
2020-03-07 15:21 Jory Pratt
2020-03-06 14:16 Jory Pratt
2020-02-08 15:19 Jory Pratt
2020-01-24 21:31 Thomas Deutschmann
2020-01-15 10:35 Lars Wendler
2020-01-07 20:56 Jory Pratt
2019-12-15 16:37 Thomas Deutschmann
2019-12-15 16:37 Thomas Deutschmann
2019-12-15 16:37 Thomas Deutschmann
2019-12-10 19:25 Sergei Trofimovich
2019-12-10 10:54 Agostino Sarubbo
2019-12-06  5:46 Jory Pratt
2019-12-03 11:58 Agostino Sarubbo
2019-12-03 11:56 Agostino Sarubbo
2019-12-03 10:07 Agostino Sarubbo
2019-12-03 10:06 Agostino Sarubbo
2019-12-03 10:03 Agostino Sarubbo
2019-12-03  1:54 Aaron Bauman
2019-11-22  9:11 Lars Wendler
2019-10-06 11:14 Lars Wendler
2019-10-06 11:14 Lars Wendler
2019-09-26  6:42 Sergei Trofimovich
2019-09-22 20:57 Aaron Bauman
2019-09-20  6:39 Sergei Trofimovich
2019-09-08 18:30 Sergei Trofimovich
2019-09-08 18:26 Sergei Trofimovich
2019-09-04 18:32 Sergei Trofimovich
2019-09-04  9:41 Agostino Sarubbo
2019-09-04  6:00 Mikle Kolyada
2019-09-04  6:00 Mikle Kolyada
2019-09-04  6:00 Mikle Kolyada
2019-08-31 15:42 Jory Pratt
2019-07-10  8:23 Lars Wendler
2019-07-10  8:23 Lars Wendler
2019-06-25  8:00 Lars Wendler
2019-05-17  1:45 Jory Pratt
2019-05-13 12:02 Lars Wendler
2019-05-12 10:20 Lars Wendler
2019-05-12 10:20 Lars Wendler
2019-03-18  9:01 Lars Wendler
2019-03-17 17:34 Jory Pratt
2019-02-02 10:36 Lars Wendler
2019-01-30 21:27 Thomas Deutschmann
2019-01-30 21:27 Thomas Deutschmann
2019-01-30 13:43 Lars Wendler
2019-01-18  8:03 Mikle Kolyada
2019-01-18  8:02 Mikle Kolyada
2019-01-11 21:00 Mart Raudsepp
2018-12-26 17:16 Matt Turner
2018-12-15 22:39 Sergei Trofimovich
2018-12-13 20:53 Mikle Kolyada
2018-12-13 12:48 Thomas Deutschmann
2018-12-12 20:13 Sergei Trofimovich
2018-12-11 23:32 Sergei Trofimovich
2018-12-11 23:27 Sergei Trofimovich
2018-12-11 23:24 Sergei Trofimovich
2018-12-11 10:50 Lars Wendler
2018-12-11 10:50 Lars Wendler
2018-12-02 14:04 Lars Wendler
2018-12-02 14:04 Lars Wendler
2018-10-25 11:40 Lars Wendler
2018-09-09  6:51 Mikle Kolyada
2018-09-09  1:12 Thomas Deutschmann
2018-09-03 14:06 Lars Wendler
2018-09-03 14:06 Lars Wendler
2018-06-27  8:13 Lars Wendler
2018-06-22  9:56 Mikle Kolyada
2018-05-28 14:08 Lars Wendler
2018-05-08  8:47 Lars Wendler
2018-05-08  8:47 Lars Wendler
2018-04-11  8:19 Lars Wendler
2018-03-21  7:50 Lars Wendler
2018-03-07 12:36 Lars Wendler
2018-03-07  9:13 Lars Wendler
2018-03-07  9:13 Lars Wendler
2018-03-02 23:51 Mart Raudsepp
2018-01-20 10:04 Lars Wendler
2018-01-20 10:04 Lars Wendler
2017-11-29 17:27 Lars Wendler
2017-11-29 17:27 Lars Wendler
2017-11-15 18:51 Lars Wendler
2017-09-21 22:26 Lars Wendler
2017-09-21 22:26 Lars Wendler
2017-09-13  1:49 Jory Pratt
2017-07-05  9:25 Lars Wendler
2017-06-12 13:39 Jory Pratt
2017-05-25 18:00 Ian Stakenvicius
2017-05-24 15:29 Ian Stakenvicius
2017-05-04 20:03 Markus Meier
2017-04-30  9:37 Agostino Sarubbo
2017-04-29 15:02 Agostino Sarubbo
2017-04-22 22:26 Lars Wendler
2017-04-22 13:19 Jeroen Roovers
2017-04-22  7:33 Tobias Klausmann
2017-04-19 20:20 Ian Stakenvicius
2017-04-19 20:20 Ian Stakenvicius
2017-04-06 13:08 Lars Wendler
2017-04-06 13:08 Lars Wendler
2017-03-29  0:02 Michael Weber
2017-03-23  7:59 Lars Wendler
2017-03-08  9:47 Lars Wendler
2017-03-08  9:47 Lars Wendler
2017-02-21  9:30 Lars Wendler
2017-02-08  0:39 Jory Pratt
2017-01-18 10:02 Agostino Sarubbo
2017-01-15 22:10 Tobias Klausmann
2017-01-15 20:18 Jeroen Roovers
2017-01-13 17:02 Markus Meier
2017-01-10 15:22 Agostino Sarubbo
2017-01-10 14:56 Agostino Sarubbo
2017-01-09  2:15 Jory Pratt
2017-01-08 21:42 Jory Pratt
2017-01-08 18:17 Markus Meier
2017-01-06 14:33 Tobias Klausmann
2017-01-04 14:37 Aaron Bauman
2016-12-01 20:34 Ian Stakenvicius
2016-10-05  6:59 Lars Wendler
2016-10-05  6:59 Lars Wendler
2016-09-28 10:09 Lars Wendler
2016-08-08 17:57 Lars Wendler
2016-08-08 17:57 Lars Wendler
2016-08-04 19:29 Ian Stakenvicius
2016-08-02 11:26 Jeroen Roovers
2016-07-25  6:24 Jeroen Roovers
2016-07-09  2:58 Ian Stakenvicius
2016-07-09  2:54 Ian Stakenvicius
2016-07-02 20:36 Lars Wendler
2016-06-13 14:54 Tobias Klausmann
2016-06-12 20:02 Markus Meier
2016-06-10 15:32 Agostino Sarubbo
2016-06-07 20:57 Lars Wendler
2016-06-07 20:57 Lars Wendler
2016-03-20 12:24 Agostino Sarubbo
2016-03-19 12:28 Agostino Sarubbo
2016-03-19  7:23 Jeroen Roovers
2016-03-18  6:10 Markus Meier
2016-03-17 11:34 Agostino Sarubbo
2016-03-16 14:09 Agostino Sarubbo
2016-03-15 20:50 Tobias Klausmann
2016-03-15  9:27 Lars Wendler
2016-03-14 14:30 Agostino Sarubbo
2016-03-14 14:29 Agostino Sarubbo
2016-02-29 22:09 Ian Stakenvicius
2016-02-29 20:13 Ian Stakenvicius
2016-02-29 20:05 Ian Stakenvicius
2016-02-16  7:21 Lars Wendler
2016-02-15 22:27 Lars Wendler
2016-02-15 22:27 Lars Wendler
2016-02-03 20:44 Markus Meier
2016-01-31 11:11 Agostino Sarubbo
2016-01-31 11:09 Agostino Sarubbo
2016-01-31  9:57 Jeroen Roovers
2016-01-30 16:42 Tobias Klausmann
2016-01-30  7:51 Jeroen Roovers
2016-01-05  0:38 Mike Frysinger
2016-01-05  0:38 Mike Frysinger
2015-12-27 10:04 Mikle Kolyada
2015-12-16 18:35 Mike Frysinger
2015-11-18  9:32 Agostino Sarubbo
2015-11-15 18:26 Matt Turner
2015-11-14 16:52 Markus Meier
2015-11-09  8:53 Agostino Sarubbo
2015-11-06  4:21 Jeroen Roovers
2015-11-05 10:07 Agostino Sarubbo
2015-11-05 10:06 Agostino Sarubbo
2015-11-04 19:39 Ian Stakenvicius
2015-10-02 18:08 Ian Stakenvicius
2015-08-28 20:35 Ian Stakenvicius
2015-08-28 20:35 Ian Stakenvicius

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox