* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2015-12-25 15:39 Jeroen Roovers
0 siblings, 0 replies; 17+ messages in thread
From: Jeroen Roovers @ 2015-12-25 15:39 UTC (permalink / raw
To: gentoo-commits
commit: 6cdfec22408db7f818d559bae8d53e656e5ec364
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 25 15:38:46 2015 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Dec 25 15:39:05 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cdfec22
dev-libs/nss: Fix some definitions for HPPA.
Package-Manager: portage-2.2.26
dev-libs/nss/files/nss-3.21-hppa-byte_order.patch | 16 ++++++++++++++++
dev-libs/nss/nss-3.21-r1.ebuild | 2 ++
2 files changed, 18 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch b/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch
new file mode 100644
index 0000000..703df99
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch
@@ -0,0 +1,16 @@
+--- a/nss/lib/dbm/include/mcom_db.h
++++ b/nss/lib/dbm/include/mcom_db.h
+@@ -110,11 +110,13 @@
+ #endif /* !BYTE_ORDER */
+ #endif /* __sun */
+
++#ifndef BYTE_ORDER
+ #if defined(__hpux) || defined(__hppa)
+ #define BYTE_ORDER BIG_ENDIAN
+ #define BIG_ENDIAN 4321
+ #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+ #endif
++#endif /* !BYTE_ORDER */
+
+ #if defined(AIXV3) || defined(AIX)
+ /* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
diff --git a/dev-libs/nss/nss-3.21-r1.ebuild b/dev-libs/nss/nss-3.21-r1.ebuild
index 06f3df4..fe74af8 100644
--- a/dev-libs/nss/nss-3.21-r1.ebuild
+++ b/dev-libs/nss/nss-3.21-r1.ebuild
@@ -52,6 +52,8 @@ src_prepare() {
# Custom changes for gentoo
epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+ epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch"
+
if use cacert ; then
epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2016-03-15 9:27 Lars Wendler
0 siblings, 0 replies; 17+ messages in thread
From: Lars Wendler @ 2016-03-15 9:27 UTC (permalink / raw
To: gentoo-commits
commit: c7189ae6b143ea47799db7cd4849e7db93d2d966
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 09:26:40 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 09:27:50 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7189ae6
dev-libs/nss: Bump to version 3.23
Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
dev-libs/nss/Manifest | 1 +
dev-libs/nss/files/nss-3.21-cacert-class3.patch | 5 +-
dev-libs/nss/files/nss-3.21-enable-pem.patch | 5 +-
.../nss/files/nss-3.21-gentoo-fixup-warnings.patch | 7 +-
dev-libs/nss/files/nss-3.21-gentoo-fixups.patch | 25 +-
dev-libs/nss/files/nss-3.21-pem-werror.patch | 25 +-
dev-libs/nss/files/nss-3.23-hppa-byte_order.patch | 16 +
dev-libs/nss/nss-3.23.ebuild | 340 +++++++++++++++++++++
8 files changed, 384 insertions(+), 40 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a32331d..f308b8d 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d
DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
+DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
diff --git a/dev-libs/nss/files/nss-3.21-cacert-class3.patch b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
index 565f3e6..fb4cf74 100644
--- a/dev-libs/nss/files/nss-3.21-cacert-class3.patch
+++ b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/lib/ckfw/builtins/certdata.txt b/nss/lib/ckfw/builtins/certdata.txt
---- a/nss/lib/ckfw/builtins/certdata.txt 2015-11-15 09:25:06.142786072 -0600
-+++ b/nss/lib/ckfw/builtins/certdata.txt 2015-11-15 09:36:02.976756787 -0600
+--- nss/lib/ckfw/builtins/certdata.txt
++++ nss/lib/ckfw/builtins/certdata.txt
@@ -30351,3 +30351,200 @@
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
diff --git a/dev-libs/nss/files/nss-3.21-enable-pem.patch b/dev-libs/nss/files/nss-3.21-enable-pem.patch
index c60f051..e6de275 100644
--- a/dev-libs/nss/files/nss-3.21-enable-pem.patch
+++ b/dev-libs/nss/files/nss-3.21-enable-pem.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/lib/ckfw/manifest.mn b/nss/lib/ckfw/manifest.mn
---- a/nss/lib/ckfw/manifest.mn 2015-11-15 09:25:06.130786072 -0600
-+++ b/nss/lib/ckfw/manifest.mn 2015-11-15 09:31:03.372770145 -0600
+--- nss/lib/ckfw/manifest.mn
++++ nss/lib/ckfw/manifest.mn
@@ -5,7 +5,7 @@
CORE_DEPTH = ../..
diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
index ed8a0aa..14234e8 100644
--- a/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
+++ b/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
---- a/nss/coreconf/Linux.mk 2015-11-15 09:25:06.672786048 -0600
-+++ b/nss/coreconf/Linux.mk 2015-11-15 09:29:26.682774456 -0600
+--- nss/coreconf/Linux.mk
++++ nss/coreconf/Linux.mk
@@ -130,6 +130,7 @@
OPTIMIZER += -gdwarf-2
endif
@@ -8,4 +7,4 @@ diff -urN a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
+OPTIMIZER += -fno-strict-aliasing
endif
- ifndef COMPILER_TAG
\ No newline at end of file
+ ifndef COMPILER_TAG
diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
index 3381982..29cda28 100644
--- a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
+++ b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/config/Makefile b/nss/config/Makefile
---- a/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600
-+++ b/nss/config/Makefile 2015-11-15 10:42:46.249578304 -0600
+--- nss/config/Makefile
++++ nss/config/Makefile
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
@@ -42,9 +41,8 @@ diff -urN a/nss/config/Makefile b/nss/config/Makefile
+
+dummy: all export libs
+
-diff -urN a/nss/config/nss-config.in b/nss/config/nss-config.in
---- a/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600
-+++ b/nss/config/nss-config.in 2015-11-15 10:42:46.250578304 -0600
+--- nss/config/nss-config.in
++++ nss/config/nss-config.in
@@ -0,0 +1,145 @@
+#!/bin/sh
+
@@ -191,9 +189,8 @@ diff -urN a/nss/config/nss-config.in b/nss/config/nss-config.in
+ echo $libdirs
+fi
+
-diff -urN a/nss/config/nss.pc.in b/nss/config/nss.pc.in
---- a/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600
-+++ b/nss/config/nss.pc.in 2015-11-15 10:42:46.251578304 -0600
+--- nss/config/nss.pc.in
++++ nss/config/nss.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
@@ -207,9 +204,8 @@ diff -urN a/nss/config/nss.pc.in b/nss/config/nss.pc.in
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
+
-diff -urN a/nss/Makefile b/nss/Makefile
---- a/nss/Makefile 2015-11-15 09:25:06.410786060 -0600
-+++ b/nss/Makefile 2015-11-15 10:42:46.252578304 -0600
+--- nss/Makefile
++++ nss/Makefile
@@ -46,7 +46,7 @@
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
@@ -232,9 +228,8 @@ diff -urN a/nss/Makefile b/nss/Makefile
build_docs:
$(MAKE) -C $(CORE_DEPTH)/doc
-diff -urN a/nss/manifest.mn b/nss/manifest.mn
---- a/nss/manifest.mn 2015-11-15 09:25:06.411786060 -0600
-+++ b/nss/manifest.mn 2015-11-15 10:43:15.633576994 -0600
+--- nss/manifest.mn
++++ nss/manifest.mn
@@ -10,4 +10,4 @@
RELEASE = nss
diff --git a/dev-libs/nss/files/nss-3.21-pem-werror.patch b/dev-libs/nss/files/nss-3.21-pem-werror.patch
index 392d74a..5a984ae 100644
--- a/dev-libs/nss/files/nss-3.21-pem-werror.patch
+++ b/dev-libs/nss/files/nss-3.21-pem-werror.patch
@@ -1,6 +1,5 @@
-diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
---- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800
+--- nss/lib/ckfw/pem/ckpem.h
++++ nss/lib/ckfw/pem/ckpem.h
@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
};
typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
@@ -11,9 +10,8 @@ diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
void pem_PopulateModulusExponent(pemInternalObject *io);
-diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
---- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800
+--- nss/lib/ckfw/pem/pinst.c
++++ nss/lib/ckfw/pem/pinst.c
@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
char *ivstring = NULL;
int cipher;
@@ -37,9 +35,8 @@ diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
&ivstring, PR_FALSE);
if (kobjs < 1) {
error = CKR_GENERAL_ERROR;
-diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
---- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800
+--- nss/lib/ckfw/pem/pobject.c
++++ nss/lib/ckfw/pem/pobject.c
@@ -630,6 +630,11 @@ pem_DestroyInternalObject
if (io->u.key.ivstring)
free(io->u.key.ivstring);
@@ -85,9 +82,8 @@ diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.
if (nobjs < 1)
goto loser;
-diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
---- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800
+--- nss/lib/ckfw/pem/rsawrapr.c
++++ nss/lib/ckfw/pem/rsawrapr.c
@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
return 0;
}
@@ -105,9 +101,8 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrap
/*
* Format one block of data for public/private key encryption using
-diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
---- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800
+--- nss/lib/ckfw/pem/util.c
++++ nss/lib/ckfw/pem/util.c
@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
return SECFailure;
}
diff --git a/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch b/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch
new file mode 100644
index 0000000..63cfadd
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch
@@ -0,0 +1,16 @@
+--- nss/lib/dbm/include/mcom_db.h
++++ nss/lib/dbm/include/mcom_db.h
+@@ -110,11 +110,13 @@
+ #endif /* !BYTE_ORDER */
+ #endif /* __sun */
+
++#ifndef BYTE_ORDER
+ #if defined(__hpux) || defined(__hppa)
+ #define BYTE_ORDER BIG_ENDIAN
+ #define BIG_ENDIAN 4321
+ #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+ #endif
++#endif /* !BYTE_ORDER */
+
+ #if defined(AIXV3) || defined(AIX)
+ /* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
new file mode 100644
index 0000000..8a72adc
--- /dev/null
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+ nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+ ${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+ ${CDEPEND}
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/nss-config
+)
+
+PATCHES=(
+ # Custom changes for gentoo
+ "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+ unpack ${A}
+ if use nss-pem ; then
+ mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+ fi
+}
+
+src_prepare() {
+ if use nss-pem ; then
+ PATCHES+=(
+ "${FILESDIR}/${PN}-3.21-enable-pem.patch"
+ "${FILESDIR}/${PN}-3.21-pem-werror.patch"
+ )
+ fi
+
+ default
+
+ if use cacert ; then
+ eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+ eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+ fi
+
+ pushd coreconf >/dev/null || die
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+ -i source.mk || die
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+ popd >/dev/null || die
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ config/Makefile || die
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ cmd/shlibsign/sign.sh || die
+ fi
+
+ # dirty hack
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk || die
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk || die
+
+ multilib_copy_sources
+
+ strip-flags
+}
+
+multilib_src_configure() {
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ aarch64*)echo "aarch64";;
+ hppa*) echo "parisc";;
+ i?86*) echo "i686";;
+ x86_64*) echo "x86_64";;
+ *) tc-arch ${t};;
+ esac
+}
+
+nssbits() {
+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ if [[ ${1} == BUILD_ ]]; then
+ cc=$(tc-getBUILD_CC)
+ else
+ cc=$(tc-getCC)
+ fi
+ echo > "${T}"/test.c || die
+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+ case $(file "${T}/${1}test.o") in
+ *32-bit*x86-64*) echo USE_X32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+ esac
+}
+
+multilib_src_compile() {
+ # use ABI to determine bit'ness, or fallback if unset
+ local buildbits mybits
+ case "${ABI}" in
+ n32) mybits="USE_N32=1";;
+ x32) mybits="USE_X32=1";;
+ s390x|*64) mybits="USE_64=1";;
+ ${DEFAULT_ABI})
+ einfo "Running compilation test to determine bit'ness"
+ mybits=$(nssbits)
+ ;;
+ esac
+ # bitness of host may differ from target
+ if tc-is-cross-compiler; then
+ buildbits=$(nssbits BUILD_)
+ fi
+
+ local makeargs=(
+ CC="$(tc-getCC)"
+ AR="$(tc-getAR) rc \$@"
+ RANLIB="$(tc-getRANLIB)"
+ OPTIMIZER=
+ ${mybits}
+ )
+
+ # Take care of nspr settings #436216
+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+ unset NSPR_INCLUDE_DIR
+
+ # Do not let `uname` be used.
+ if use kernel_linux ; then
+ makeargs+=(
+ OS_TARGET=Linux
+ OS_RELEASE=2.6
+ OS_TEST="$(nssarch)"
+ )
+ fi
+
+ export NSS_ENABLE_WERROR=0 #567158
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export NSS_ENABLE_ECC=1
+ export FREEBL_NO_DEPEND=1
+ export ASFLAGS=""
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 -C coreconf \
+ CC="$(tc-getBUILD_CC)" \
+ ${buildbits:-${mybits}}
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ CPPFLAGS="${myCPPFLAGS}" \
+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 "${makeargs[@]}" -C ${d}
+ done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+multilib_src_install() {
+ pushd dist >/dev/null || die
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+ cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin || die
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+ # bug 517266
+ sed -e 's#Libs:#Libs: -lfreebl#' \
+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+ || die "could not create nss-softokn.pc"
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.h
+ insinto /usr/include/nss/private
+ doins private/nss/{blapi,alghmac}.h
+
+ popd >/dev/null || die
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils="shlibsign"
+
+ if multilib_is_native_abi ; then
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ # checkcert utils has been removed in nss-3.22:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+ symkeyutil tstclnt vfychain vfyserv"
+ # install man-pages for utils (bug #516810)
+ doman doc/nroff/*.1
+ fi
+ pushd dist/*/bin >/dev/null || die
+ for f in ${nssutils}; do
+ dobin ${f}
+ done
+ popd >/dev/null || die
+ fi
+
+ # Prelink breaks the CHK files. We don't have any reliable way to run
+ # shlibsign after prelink.
+ dodir /etc/prelink.conf.d
+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+ > "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+ multilib_pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+ multilib_pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postrm
+}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2018-05-23 20:06 Ian Stakenvicius
0 siblings, 0 replies; 17+ messages in thread
From: Ian Stakenvicius @ 2018-05-23 20:06 UTC (permalink / raw
To: gentoo-commits
commit: 16e4471e4327d02cd19dd5001f5a76e71fec3686
Author: stefson <herrtimson <AT> yahoo <DOT> de>
AuthorDate: Wed May 23 17:13:05 2018 +0000
Commit: Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Wed May 23 20:06:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16e4471e
dev-lang/nss: fix compile on arm and hppa
Upstream has not accepted this patch yet, but it is reported to fix the same
issue on other platforms and is otherwise benign.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1459739
Bug: http://bugs.gentoo.org/655602
Bug: http://bugs.gentoo.org/655636
Closes: https://github.com/gentoo/gentoo/pull/8533
.../files/nss-3.37-fix-fstar-missing-symbols.patch | 34 ++++++++++++++++++++++
dev-libs/nss/nss-3.37.ebuild | 1 +
2 files changed, 35 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.37-fix-fstar-missing-symbols.patch b/dev-libs/nss/files/nss-3.37-fix-fstar-missing-symbols.patch
new file mode 100644
index 00000000000..4a6be4e90cd
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.37-fix-fstar-missing-symbols.patch
@@ -0,0 +1,34 @@
+# HG changeset patch
+# User Jan Beich <jbeich@FreeBSD.org>
+# Date 1525728934 0
+# Node ID 259444458a1a7f2ce1813ebe88d924173d5daf0c
+# Parent 5db9e969c74a2a02c4b1d918792827014d1a9d5e
+Bug 1459739 - Build FStar.o on 32-bit ARM even with make. r=fkiefer
+
+
+diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
+--- a/lib/freebl/Makefile
++++ b/lib/freebl/Makefile
+@@ -534,16 +534,19 @@ endif # NSS_DISABLE_CHACHAPOLY
+ ifeq (,$(filter-out i386 x386 x86 x86_64 aarch64,$(CPU_ARCH)))
+ # All intel architectures get the 64 bit version
+ # With custom uint128 if necessary (faster than generic 32 bit version).
+ ECL_SRCS += curve25519_64.c
+ VERIFIED_SRCS += Hacl_Curve25519.c FStar.c
+ else
+ # All non intel architectures get the generic 32 bit implementation (slow!)
+ ECL_SRCS += curve25519_32.c
++ifndef NSS_DISABLE_CHACHAPOLY
++ VERIFIED_SRCS += FStar.c
++endif
+ endif
+
+ #######################################################################
+ # (5) Execute "global" rules. (OPTIONAL) #
+ #######################################################################
+
+ include $(CORE_DEPTH)/coreconf/rules.mk
+
+
+
+
diff --git a/dev-libs/nss/nss-3.37.ebuild b/dev-libs/nss/nss-3.37.ebuild
index 3a343d29931..0a8ca3ede49 100644
--- a/dev-libs/nss/nss-3.37.ebuild
+++ b/dev-libs/nss/nss-3.37.ebuild
@@ -43,6 +43,7 @@ PATCHES=(
"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+ "${FILESDIR}/${P}-fix-fstar-missing-symbols.patch"
)
src_unpack() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2018-06-06 16:12 Jory Pratt
0 siblings, 0 replies; 17+ messages in thread
From: Jory Pratt @ 2018-06-06 16:12 UTC (permalink / raw
To: gentoo-commits
commit: 716955bbcab32623d9e073b5d8f46fd32c51c854
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 6 16:11:09 2018 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Jun 6 16:11:35 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=716955bb
dev-libs/nss: Version bump, includes upstream fix for bug #655636
Package-Manager: Portage-2.3.40, Repoman-2.3.9
dev-libs/nss/Manifest | 3 +-
.../files/nss-3.37-fix-fstar-missing-symbols.patch | 34 --
dev-libs/nss/nss-3.37.1.ebuild | 372 ---------------------
.../nss/{nss-3.37.ebuild => nss-3.37.3.ebuild} | 1 -
4 files changed, 1 insertion(+), 409 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index addd7ebcbe6..c5dd321dc02 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,6 +1,5 @@
DIST nss-3.29.5.tar.gz 7480246 BLAKE2B 9ab16cbbd95aa31358b5b686bee64cd81c8343524dad8aac084f7c86883f1eaead78912dc1021b0461d027b0085356c4b7156f1d80010c3a0ece29d542deef50 SHA512 ce18bc7e793d2b3698db412b2e5fcabbfd9862eca3def120d5e44bc67276526bff6b33ffa84b8128f8af6d35101000e6f7bb24194f63a55461b3c245fac11faa
DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
-DIST nss-3.37.1.tar.gz 23034142 BLAKE2B dd196606bf922a58c2d1f7443c6b8c570d5c5c5437f51b8c6c4ddfe84aad7d576cff46f2eba23e4d32f41984fb6ea8aaa29a63b2f010b6807df74ee71144b11d SHA512 61b8186f45afa5fade6f45737d60a86f519c8b5535963f4cc6f13fa6694be0723cdd8b0ed48bbc2eae621dfbfd80ccc249998eeb89ed565797ac4553895a01a1
-DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
+DIST nss-3.37.3.tar.gz 23034239 BLAKE2B 3e30b0fe14501ca0e6b9d14322af73f191164989e6857b9ba46572b7363cdc65c88b672285982f2764ed44fcaf615cb249eea2f45b98050dfc6675003dc74a3b SHA512 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2
diff --git a/dev-libs/nss/files/nss-3.37-fix-fstar-missing-symbols.patch b/dev-libs/nss/files/nss-3.37-fix-fstar-missing-symbols.patch
deleted file mode 100644
index 4a6be4e90cd..00000000000
--- a/dev-libs/nss/files/nss-3.37-fix-fstar-missing-symbols.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-# HG changeset patch
-# User Jan Beich <jbeich@FreeBSD.org>
-# Date 1525728934 0
-# Node ID 259444458a1a7f2ce1813ebe88d924173d5daf0c
-# Parent 5db9e969c74a2a02c4b1d918792827014d1a9d5e
-Bug 1459739 - Build FStar.o on 32-bit ARM even with make. r=fkiefer
-
-
-diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
---- a/lib/freebl/Makefile
-+++ b/lib/freebl/Makefile
-@@ -534,16 +534,19 @@ endif # NSS_DISABLE_CHACHAPOLY
- ifeq (,$(filter-out i386 x386 x86 x86_64 aarch64,$(CPU_ARCH)))
- # All intel architectures get the 64 bit version
- # With custom uint128 if necessary (faster than generic 32 bit version).
- ECL_SRCS += curve25519_64.c
- VERIFIED_SRCS += Hacl_Curve25519.c FStar.c
- else
- # All non intel architectures get the generic 32 bit implementation (slow!)
- ECL_SRCS += curve25519_32.c
-+ifndef NSS_DISABLE_CHACHAPOLY
-+ VERIFIED_SRCS += FStar.c
-+endif
- endif
-
- #######################################################################
- # (5) Execute "global" rules. (OPTIONAL) #
- #######################################################################
-
- include $(CORE_DEPTH)/coreconf/rules.mk
-
-
-
-
diff --git a/dev-libs/nss/nss-3.37.1.ebuild b/dev-libs/nss/nss-3.37.1.ebuild
deleted file mode 100644
index 15bc70a21c9..00000000000
--- a/dev-libs/nss/nss-3.37.1.ebuild
+++ /dev/null
@@ -1,372 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.16"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
-"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
- "${FILESDIR}/${PN}-3.37-fix-fstar-missing-symbols.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-enable-pem.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED%/}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED%/}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.37.ebuild b/dev-libs/nss/nss-3.37.3.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.37.ebuild
rename to dev-libs/nss/nss-3.37.3.ebuild
index 0a8ca3ede49..3a343d29931 100644
--- a/dev-libs/nss/nss-3.37.ebuild
+++ b/dev-libs/nss/nss-3.37.3.ebuild
@@ -43,7 +43,6 @@ PATCHES=(
"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
- "${FILESDIR}/${P}-fix-fstar-missing-symbols.patch"
)
src_unpack() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2020-03-31 17:50 Thomas Deutschmann
0 siblings, 0 replies; 17+ messages in thread
From: Thomas Deutschmann @ 2020-03-31 17:50 UTC (permalink / raw
To: gentoo-commits
commit: e0cb2ef179d11014b83d4f5547949fcc057b4951
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 31 17:48:42 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Mar 31 17:50:38 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0cb2ef1
dev-libs/nss: security cleanup (#627534)
Bug: https://bugs.gentoo.org/627534
Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
dev-libs/nss/Manifest | 5 -
dev-libs/nss/files/nss-3.47-enable-pem.patch | 11 -
dev-libs/nss/metadata.xml | 1 -
dev-libs/nss/nss-3.47.1-r1.ebuild | 375 ---------------------------
dev-libs/nss/nss-3.48-r1.ebuild | 375 ---------------------------
dev-libs/nss/nss-3.49.2.ebuild | 375 ---------------------------
dev-libs/nss/nss-3.50-r1.ebuild | 359 -------------------------
7 files changed, 1501 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 96974b35f57..663b875e316 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,7 +1,2 @@
-DIST nss-3.47.1.tar.gz 76462846 BLAKE2B a26e858e06c494adb4059f8cc73993b0f3cff90a0785ed7eed3760931aa6b4ae5706cf7994c6c1421d9ed8bc36d1a4c199988bd9c59c06bb95fd03521c20f141 SHA512 ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9
-DIST nss-3.48.tar.gz 76481237 BLAKE2B aded12d9f917d87e6fe32bc6c57b19e478507919c7d87b3f95e86ba10717d30da25632e60753b5cf7a24fbfef8fab6529ae373eea25d633d8164164bac97357c SHA512 71aefe323501dd8d750ed36606554f2e67ecb2bca85b55bc798d5dfc3a47f3d454348ca950971aaaafb16f6d847c098d2b1c40d40b50380e0c2540ed1b9a9e9a
-DIST nss-3.49.2.tar.gz 76489641 BLAKE2B 844a88984fde45142093ee6df2934d89cb4911d3e716019c0d1620254064af51b56249bc4348816e546c5dcab66d7fc9d4def32021661f4f3d868e09c342abec SHA512 fe0fe032db15853384a50b145dd6f3187a855109f0b81f1846312d33f8c628aededcbca4d199f974ae52530aec3f2312f80afbca3e5b97ed1ff96fcffafd2881
-DIST nss-3.50.tar.gz 78041630 BLAKE2B 4d21a1cac475936e153b22829f8b4b2f6f6a57c41e14d091b287aba633a8d4c80c045882ce6f1cb7a2f9ce760d616b13389f90e59f60250c41080ed1f5a4900a SHA512 d6bcaf8ad65b5a97c42cd6cbbc68add5c4b49db74b2debcedb2a007f72511ac0e9bd21fd2dec041bc1975cfc8af26a48450aa0d1b962f755931ab2ac45c795b1
DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
-DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2
diff --git a/dev-libs/nss/files/nss-3.47-enable-pem.patch b/dev-libs/nss/files/nss-3.47-enable-pem.patch
deleted file mode 100644
index 47a01c322bb..00000000000
--- a/dev-libs/nss/files/nss-3.47-enable-pem.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/lib/ckfw/manifest.mn
-+++ b/lib/ckfw/manifest.mn
-@@ -5,7 +5,7 @@
-
- CORE_DEPTH = ../..
-
--DIRS = builtins
-+DIRS = builtins pem
-
- PRIVATE_EXPORTS = \
- ck.h \
diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
index 009a09732ad..c76b165099c 100644
--- a/dev-libs/nss/metadata.xml
+++ b/dev-libs/nss/metadata.xml
@@ -9,7 +9,6 @@
<flag name="cacert">
Include root/class3 certs from CAcert (http://www.cacert.org/)
</flag>
- <flag name="nss-pem">Add support for libnsspem</flag>
<flag name="utils">Install utilities included with the library</flag>
</use>
<upstream>
diff --git a/dev-libs/nss/nss-3.47.1-r1.ebuild b/dev-libs/nss/nss-3.47.1-r1.ebuild
deleted file mode 100644
index 8c5fc05e76c..00000000000
--- a/dev-libs/nss/nss-3.47.1-r1.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.22"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-BDEPEND="
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.47-enable-pem.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.48-r1.ebuild b/dev-libs/nss/nss-3.48-r1.ebuild
deleted file mode 100644
index 5767fbe73c3..00000000000
--- a/dev-libs/nss/nss-3.48-r1.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.24"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-BDEPEND="
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.47-enable-pem.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.49.2.ebuild b/dev-libs/nss/nss-3.49.2.ebuild
deleted file mode 100644
index 5767fbe73c3..00000000000
--- a/dev-libs/nss/nss-3.49.2.ebuild
+++ /dev/null
@@ -1,375 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.24"
-RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert +nss-pem utils"
-BDEPEND="
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
-src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.47-enable-pem.patch"
- )
- fi
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.50-r1.ebuild b/dev-libs/nss/nss-3.50-r1.ebuild
deleted file mode 100644
index b1c3b3f782f..00000000000
--- a/dev-libs/nss/nss-3.50-r1.ebuild
+++ /dev/null
@@ -1,359 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.25"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="cacert utils"
-BDEPEND="
- >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
-"
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
-"
-DEPEND="${RDEPEND}"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
-)
-
-src_prepare() {
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
-
- default
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export ASFLAGS=""
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac,cmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-
- # Prelink breaks the CHK files. We don't have any reliable way to run
- # shlibsign after prelink.
- dodir /etc/prelink.conf.d
- printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED}"/etc/prelink.conf.d/nss.conf
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2020-06-19 7:36 Lars Wendler
0 siblings, 0 replies; 17+ messages in thread
From: Lars Wendler @ 2020-06-19 7:36 UTC (permalink / raw
To: gentoo-commits
commit: f877d1f885be1dfbf0ec3d9f84d2092f95ed11cf
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 19 07:35:53 2020 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Jun 19 07:36:42 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f877d1f8
dev-libs/nss: Bump to version 3.53.1
Package-Manager: Portage-2.3.101, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
dev-libs/nss/Manifest | 1 +
dev-libs/nss/files/nss-3.53-gentoo-fixups.patch | 290 ++++++++++++++++++++
dev-libs/nss/nss-3.53.1.ebuild | 350 ++++++++++++++++++++++++
3 files changed, 641 insertions(+)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a54e9bfb1ed..809bdb00ebb 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -2,4 +2,5 @@ DIST nss-3.51.1.tar.gz 78310874 BLAKE2B c295b5fdf6e1d24cc79474f2c5a9e91fccf77721
DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
DIST nss-3.52.1.tar.gz 81222116 BLAKE2B e7a1a24c0a4765fb13a4c13a93187a26df6df68b3e8d623514928cf505215e67f5f22387b6a6b0680117b1c2af13752cb981c173bb50424784d05b459704d528 SHA512 be8746984e3028e5ed49f2132ca08687f6ac75e50208d8cfd6ffbcfd5db1ab8dcaf1f2a0a6c6c1920573de80490301b21c022759c7e2309a22d29698bb169dd6
DIST nss-3.52.tar.gz 81220587 BLAKE2B 0208c9047c61233ed36f02d57fdc64fa1734ef69d17fa499707f4a3b14a2e880b1dcf4b19b17a38e9b41d2e46b4a9488613d82989be747ad82aebc35b8e491af SHA512 a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
+DIST nss-3.53.1.tar.gz 81297900 BLAKE2B 7a053aa8322cb55b787730c87f1a6e8a799265574114d63257699348f4921007457d19e5fdc4684a512a91478d1912db45ce066daa8b9d9cde5130ff506aed9e SHA512 5d7572999a007c513df4cbdf74769c1a4eb53eb8680da27a89fea770763d88b6bea80cd9ab20426a905396745129276cffb6dd9e8e1e6377fa98c0a103b522d0
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
diff --git a/dev-libs/nss/files/nss-3.53-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.53-gentoo-fixups.patch
new file mode 100644
index 00000000000..2d8bdb6f5a3
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.53-gentoo-fixups.patch
@@ -0,0 +1,290 @@
+From 1b3c48499abb000d708abe5f05413c1f4155e086 Mon Sep 17 00:00:00 2001
+From: Jory Pratt <anarchy@gentoo.org>
+Date: Mon, 8 Jun 2020 12:22:29 -0500
+Subject: [PATCH] Add pkg-config and nss-config for Gentoo
+
+---
+ Makefile | 15 +----
+ config/Makefile | 40 ++++++++++++
+ config/nss-config.in | 145 +++++++++++++++++++++++++++++++++++++++++++
+ config/nss.pc.in | 12 ++++
+ manifest.mn | 2 +-
+ 5 files changed, 200 insertions(+), 14 deletions(-)
+ create mode 100644 config/Makefile
+ create mode 100644 config/nss-config.in
+ create mode 100644 config/nss.pc.in
+
+diff --git a/Makefile b/Makefile
+index eb4ed1a..f979d90 100644
+--- a/Makefile
++++ b/Makefile
+@@ -4,6 +4,8 @@
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
++default: nss_build_all
++
+ #######################################################################
+ # (1) Include initial platform-independent assignments (MANDATORY). #
+ #######################################################################
+@@ -48,12 +50,9 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ #######################################################################
+
+ nss_build_all:
+- $(MAKE) build_nspr
+ $(MAKE) all
+- $(MAKE) latest
+
+ nss_clean_all:
+- $(MAKE) clobber_nspr
+ $(MAKE) clobber
+
+ NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status
+@@ -138,16 +137,6 @@ $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
+ --prefix='$(NSS_GYP_PREFIX)'
+ endif
+
+-build_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
+-
+-install_nspr: build_nspr
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
+-
+-clobber_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
+-
+ build_docs:
+ $(MAKE) -C $(CORE_DEPTH)/doc
+
+diff --git a/config/Makefile b/config/Makefile
+new file mode 100644
+index 0000000..aaf1991
+--- /dev/null
++++ b/config/Makefile
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = $(shell grep -F "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}')
++NSS_MINOR_VERSION = $(shell grep -F "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}')
++NSS_PATCH_VERSION = $(shell grep -F "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}')
++PREFIX = /usr
++
++all: export libs
++
++export:
++ # Create the nss.pc file
++ mkdir -p $(DIST)/lib/pkgconfig
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@exec_prefix@,\$${prefix}," \
++ -e "s,@libdir@,\$${prefix}/lib64," \
++ -e "s,@includedir@,\$${prefix}/include/nss," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss.pc.in > nss.pc
++ chmod 0644 nss.pc
++ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
++
++ # Create the nss-config script
++ mkdir -p $(DIST)/bin
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss-config.in > nss-config
++ chmod 0755 nss-config
++ ln -sf ../../../config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+diff --git a/config/nss-config.in b/config/nss-config.in
+new file mode 100644
+index 0000000..3a957b8
+--- /dev/null
++++ b/config/nss-config.in
+@@ -0,0 +1,145 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++ cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++ [--prefix[=DIR]]
++ [--exec-prefix[=DIR]]
++ [--includedir[=DIR]]
++ [--libdir[=DIR]]
++ [--version]
++ [--libs]
++ [--cflags]
++Dynamic Libraries:
++ nss
++ ssl
++ smime
++ nssutil
++EOF
++ exit $1
++}
++
++if test $# -eq 0; then
++ usage 1 1>&2
++fi
++
++lib_ssl=yes
++lib_smime=yes
++lib_nss=yes
++lib_nssutil=yes
++
++while test $# -gt 0; do
++ case "$1" in
++ -*=*) optarg=$(echo "$1" | sed 's/[-_a-zA-Z0-9]*=//') ;;
++ *) optarg= ;;
++ esac
++
++ case $1 in
++ --prefix=*)
++ prefix=${optarg}
++ ;;
++ --prefix)
++ echo_prefix=yes
++ ;;
++ --exec-prefix=*)
++ exec_prefix=${optarg}
++ ;;
++ --exec-prefix)
++ echo_exec_prefix=yes
++ ;;
++ --includedir=*)
++ includedir=${optarg}
++ ;;
++ --includedir)
++ echo_includedir=yes
++ ;;
++ --libdir=*)
++ libdir=${optarg}
++ ;;
++ --libdir)
++ echo_libdir=yes
++ ;;
++ --version)
++ echo ${major_version}.${minor_version}.${patch_version}
++ ;;
++ --cflags)
++ echo_cflags=yes
++ ;;
++ --libs)
++ echo_libs=yes
++ ;;
++ ssl)
++ lib_ssl=yes
++ ;;
++ smime)
++ lib_smime=yes
++ ;;
++ nss)
++ lib_nss=yes
++ ;;
++ nssutil)
++ lib_nssutil=yes
++ ;;
++ *)
++ usage 1 1>&2
++ ;;
++ esac
++ shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "${exec_prefix}"; then
++ exec_prefix=$(pkg-config --variable=exec_prefix nss)
++fi
++if test -z "${includedir}"; then
++ includedir=$(pkg-config --variable=includedir nss)
++fi
++if test -z "${libdir}"; then
++ libdir=$(pkg-config --variable=libdir nss)
++fi
++
++if test "${echo_prefix}" = "yes"; then
++ echo ${prefix}
++fi
++
++if test "${echo_exec_prefix}" = "yes"; then
++ echo ${exec_prefix}
++fi
++
++if test "${echo_includedir}" = "yes"; then
++ echo ${includedir}
++fi
++
++if test "${echo_libdir}" = "yes"; then
++ echo ${libdir}
++fi
++
++if test "${echo_cflags}" = "yes"; then
++ echo -I${includedir}
++fi
++
++if test "${echo_libs}" = "yes"; then
++ libdirs=""
++ if test -n "${lib_ssl}"; then
++ libdirs="${libdirs} -lssl${major_version}"
++ fi
++ if test -n "${lib_smime}"; then
++ libdirs="${libdirs} -lsmime${major_version}"
++ fi
++ if test -n "${lib_nss}"; then
++ libdirs="${libdirs} -lnss${major_version}"
++ fi
++ if test -n "${lib_nssutil}"; then
++ libdirs="${libdirs} -lnssutil${major_version}"
++ fi
++ echo ${libdirs}
++fi
++
+diff --git a/config/nss.pc.in b/config/nss.pc.in
+new file mode 100644
+index 0000000..03f1e39
+--- /dev/null
++++ b/config/nss.pc.in
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.25
++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
++Cflags: -I${includedir}
++
+diff --git a/manifest.mn b/manifest.mn
+index dada8ab..72dc9b3 100644
+--- a/manifest.mn
++++ b/manifest.mn
+@@ -10,7 +10,7 @@ IMPORTS = nspr20/v4.8 \
+
+ RELEASE = nss
+
+-DIRS = coreconf lib cmd cpputil gtests
++DIRS = coreconf lib cmd cpputil config
+
+ lib: coreconf
+ cmd: lib
+--
+2.26.2
+
diff --git a/dev-libs/nss/nss-3.53.1.ebuild b/dev-libs/nss/nss-3.53.1.ebuild
new file mode 100644
index 00000000000..83d65eeb386
--- /dev/null
+++ b/dev-libs/nss/nss-3.53.1.ebuild
@@ -0,0 +1,350 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.25"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="cacert utils"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+ virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/nss-config
+)
+
+PATCHES=(
+ # Custom changes for gentoo
+ "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_prepare() {
+ if use cacert ; then #521462
+ PATCHES+=(
+ "${DISTDIR}/${PN}-cacert-class1-class3.patch"
+ )
+ fi
+
+ default
+
+ pushd coreconf >/dev/null || die
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+ -i source.mk || die
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+ popd >/dev/null || die
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ config/Makefile || die
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ cmd/shlibsign/sign.sh || die
+ fi
+
+ # dirty hack
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk || die
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk || die
+
+ multilib_copy_sources
+
+ strip-flags
+}
+
+multilib_src_configure() {
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ aarch64*)echo "aarch64";;
+ hppa*) echo "parisc";;
+ i?86*) echo "i686";;
+ x86_64*) echo "x86_64";;
+ *) tc-arch ${t};;
+ esac
+}
+
+nssbits() {
+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ if [[ ${1} == BUILD_ ]]; then
+ cc=$(tc-getBUILD_CC)
+ else
+ cc=$(tc-getCC)
+ fi
+ echo > "${T}"/test.c || die
+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+ case $(file "${T}/${1}test.o") in
+ *32-bit*x86-64*) echo USE_X32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+ esac
+}
+
+multilib_src_compile() {
+ # use ABI to determine bit'ness, or fallback if unset
+ local buildbits mybits
+ case "${ABI}" in
+ n32) mybits="USE_N32=1";;
+ x32) mybits="USE_X32=1";;
+ s390x|*64) mybits="USE_64=1";;
+ ${DEFAULT_ABI})
+ einfo "Running compilation test to determine bit'ness"
+ mybits=$(nssbits)
+ ;;
+ esac
+ # bitness of host may differ from target
+ if tc-is-cross-compiler; then
+ buildbits=$(nssbits BUILD_)
+ fi
+
+ local makeargs=(
+ CC="$(tc-getCC)"
+ CCC="$(tc-getCXX)"
+ AR="$(tc-getAR) rc \$@"
+ RANLIB="$(tc-getRANLIB)"
+ OPTIMIZER=
+ ${mybits}
+ )
+
+ # Take care of nspr settings #436216
+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+ unset NSPR_INCLUDE_DIR
+
+ export NSS_ALLOW_SSLKEYLOGFILE=1
+ export NSS_ENABLE_WERROR=0 #567158
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export FREEBL_NO_DEPEND=1
+ export FREEBL_LOWHASH=1
+ export NSS_SEED_ONLY_DEV_URANDOM=1
+ export USE_SYSTEM_ZLIB=1
+ export ZLIB_LIBS=-lz
+ export ASFLAGS=""
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 -C coreconf \
+ CC="$(tc-getBUILD_CC)" \
+ ${buildbits:-${mybits}}
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ CPPFLAGS="${myCPPFLAGS}" \
+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 "${makeargs[@]}" -C ${d}
+ done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+multilib_src_install() {
+ pushd dist >/dev/null || die
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+ local i
+ for i in crmf freebl nssb nssckfw ; do
+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+ done
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin || die
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+ # bug 517266
+ sed -e 's#Libs:#Libs: -lfreebl#' \
+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+ || die "could not create nss-softokn.pc"
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.{h,api}
+ insinto /usr/include/nss/private
+ doins private/nss/{blapi,alghmac,cmac}.h
+
+ popd >/dev/null || die
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils=( shlibsign )
+
+ if multilib_is_native_abi ; then
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ # checkcert utils has been removed in nss-3.22:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
+ # certcgi has been removed in nss-3.36:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+ nssutils+=(
+ addbuiltin
+ atob
+ baddbdir
+ btoa
+ certutil
+ cmsutil
+ conflict
+ crlutil
+ derdump
+ digest
+ makepqg
+ mangle
+ modutil
+ multinit
+ nonspr10
+ ocspclnt
+ oidcalc
+ p7content
+ p7env
+ p7sign
+ p7verify
+ pk11mode
+ pk12util
+ pp
+ rsaperf
+ selfserv
+ signtool
+ signver
+ ssltap
+ strsclnt
+ symkeyutil
+ tstclnt
+ vfychain
+ vfyserv
+ )
+ # install man-pages for utils (bug #516810)
+ doman doc/nroff/*.1
+ fi
+ pushd dist/*/bin >/dev/null || die
+ for f in ${nssutils[@]}; do
+ dobin ${f}
+ done
+ popd >/dev/null || die
+ fi
+
+ # Prelink breaks the CHK files. We don't have any reliable way to run
+ # shlibsign after prelink.
+ dodir /etc/prelink.conf.d
+ printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+ > "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+ multilib_pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+ multilib_pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postrm
+}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2020-10-23 16:19 Thomas Deutschmann
0 siblings, 0 replies; 17+ messages in thread
From: Thomas Deutschmann @ 2020-10-23 16:19 UTC (permalink / raw
To: gentoo-commits
commit: 0b684bfbdff41cbaab1a6c1969c931a1670395d7
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 23 16:19:06 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Oct 23 16:19:06 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b684bfb
dev-libs/nss: always tolerate the first CCS in TLS 1.3
Bug: https://bugs.gentoo.org/750746
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
...8-always-tolerate-the-first-CCS-in-TLS1.3.patch | 111 +++++++++++++++++++++
.../nss/{nss-3.58.ebuild => nss-3.58-r1.ebuild} | 1 +
2 files changed, 112 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
new file mode 100644
index 00000000000..f68b65c119c
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
@@ -0,0 +1,111 @@
+https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
+
+--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
++++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
+@@ -348,8 +348,8 @@
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+ }
+
+-// The server rejects a ChangeCipherSpec if the client advertises an
+-// empty session ID.
++// The server accepts a ChangeCipherSpec even if the client advertises
++// an empty session ID.
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
+ EnsureTlsSetup();
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+@@ -358,9 +358,8 @@
+ client_->Handshake(); // Send ClientHello
+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
+
+- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+- server_->Handshake(); // Consume ClientHello and CCS
+- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++ Handshake();
++ CheckConnected();
+ }
+
+ // The server rejects multiple ChangeCipherSpec even if the client
+@@ -381,7 +380,7 @@
+ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+ }
+
+-// The client rejects a ChangeCipherSpec if it advertises an empty
++// The client accepts a ChangeCipherSpec even if it advertises an empty
+ // session ID.
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
+ EnsureTlsSetup();
+@@ -398,9 +397,10 @@
+ // send ServerHello..CertificateVerify
+ // Send CCS
+ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+- client_->Handshake(); // Consume ClientHello and CCS
+- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++
++ // No alert is sent from the client. As Finished is dropped, we
++ // can't use Handshake() and CheckConnected().
++ client_->Handshake();
+ }
+
+ // The client rejects multiple ChangeCipherSpec in a row even if the
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -6645,11 +6645,7 @@
+
+ /* TLS 1.3: We sent a session ID. The server's should match. */
+ if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
+- if (sidMatch) {
+- ss->ssl3.hs.allowCcs = PR_TRUE;
+- return PR_TRUE;
+- }
+- return PR_FALSE;
++ return sidMatch;
+ }
+
+ /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
+@@ -8696,7 +8692,6 @@
+ errCode = PORT_GetError();
+ goto alert_loser;
+ }
+- ss->ssl3.hs.allowCcs = PR_TRUE;
+ }
+
+ /* TLS 1.3 requires that compression include only null. */
+@@ -13066,15 +13061,14 @@
+ ss->ssl3.hs.ws != idle_handshake &&
+ cText->buf->len == 1 &&
+ cText->buf->buf[0] == change_cipher_spec_choice) {
+- if (ss->ssl3.hs.allowCcs) {
+- /* Ignore the first CCS. */
+- ss->ssl3.hs.allowCcs = PR_FALSE;
++ if (!ss->ssl3.hs.rejectCcs) {
++ /* Allow only the first CCS. */
++ ss->ssl3.hs.rejectCcs = PR_TRUE;
+ return SECSuccess;
+- }
+-
+- /* Compatibility mode is not negotiated. */
+- alert = unexpected_message;
+- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++ } else {
++ alert = unexpected_message;
++ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++ }
+ }
+
+ if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -710,10 +710,7 @@
+ * or received. */
+ PRBool receivedCcs; /* A server received ChangeCipherSpec
+ * before the handshake started. */
+- PRBool allowCcs; /* A server allows ChangeCipherSpec
+- * as the middlebox compatibility mode
+- * is explicitly indicarted by
+- * legacy_session_id in TLS 1.3 ClientHello. */
++ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */
+ PRBool clientCertRequested; /* True if CertificateRequest received. */
+ PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */
+ ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
+
diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58-r1.ebuild
similarity index 99%
rename from dev-libs/nss/nss-3.58.ebuild
rename to dev-libs/nss/nss-3.58-r1.ebuild
index 37ab7c58696..9fd66130955 100644
--- a/dev-libs/nss/nss-3.58.ebuild
+++ b/dev-libs/nss/nss-3.58-r1.ebuild
@@ -40,6 +40,7 @@ PATCHES=(
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
+ "${FILESDIR}/${PN}-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch"
)
src_prepare() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2020-10-26 15:06 Thomas Deutschmann
0 siblings, 0 replies; 17+ messages in thread
From: Thomas Deutschmann @ 2020-10-26 15:06 UTC (permalink / raw
To: gentoo-commits
commit: 2ea1657afa9edafc6f25a30e79dc76e377ab2d4c
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 15:02:52 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 15:02:52 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ea1657a
dev-libs/nss: update patch to what upstream merged
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
...8-always-tolerate-the-first-CCS-in-TLS1.3.patch | 107 +++++++++++++++++++--
.../nss/{nss-3.58-r1.ebuild => nss-3.58-r2.ebuild} | 0
2 files changed, 98 insertions(+), 9 deletions(-)
diff --git a/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
index f68b65c119c..a92c0389936 100644
--- a/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
+++ b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
@@ -1,8 +1,32 @@
-https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
+
+# HG changeset patch
+# User Daiki Ueno <dueno@redhat.com>
+# Date 1603691171 -3600
+# Node ID b03a4fc5b902498414b02640dcb2717dfef9682f
+# Parent 6f79a76958129dc09c353c288f115fd9a51ab7d4
+Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
+
+Summary:
+This flips the meaning of the flag for checking excessive CCS
+messages, so it only rejects multiple CCS messages while the first CCS
+message is always accepted.
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 1672703
+
+Differential Revision: https://phabricator.services.mozilla.com/D94603
--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
+++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-@@ -348,8 +348,8 @@
+@@ -343,29 +343,28 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph
+ // Client sends CCS before starting the handshake.
+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+ ConnectExpectAlert(server_, kTlsAlertUnexpectedMessage);
+ server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
}
@@ -13,7 +37,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
EnsureTlsSetup();
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-@@ -358,9 +358,8 @@
+
+ StartConnect();
client_->Handshake(); // Send ClientHello
client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
@@ -25,7 +50,17 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
}
// The server rejects multiple ChangeCipherSpec even if the client
-@@ -381,7 +380,7 @@
+ // indicates compatibility mode with non-empty session ID.
+ TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) {
+ EnsureTlsSetup();
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ EnableCompatMode();
+@@ -376,36 +375,37 @@ TEST_F(Tls13CompatTest, ChangeCipherSpec
+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+
+ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+ server_->Handshake(); // Consume ClientHello and CCS.
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
}
@@ -34,7 +69,16 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
// session ID.
TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
EnsureTlsSetup();
-@@ -398,9 +397,10 @@
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+
+ // To replace Finished with a CCS below
+ auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
+ filter->SetHandshakeTypes({kTlsHandshakeFinished});
+ filter->EnableDecryption();
+
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+ server_->Handshake(); // Consume ClientHello, and
// send ServerHello..CertificateVerify
// Send CCS
server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
@@ -48,9 +92,19 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
}
// The client rejects multiple ChangeCipherSpec in a row even if the
+ // client indicates compatibility mode with non-empty session ID.
+ TEST_F(Tls13CompatTest, ChangeCipherSpecAfterServerHelloTwice) {
+ EnsureTlsSetup();
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ EnableCompatMode();
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
-@@ -6645,11 +6645,7 @@
+@@ -6640,21 +6640,17 @@ ssl_CheckServerSessionIdCorrectness(sslS
+ if (sentFakeSid) {
+ return !sidMatch;
+ }
+ return PR_TRUE;
+ }
/* TLS 1.3: We sent a session ID. The server's should match. */
if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
@@ -63,7 +117,17 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
}
/* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
-@@ -8696,7 +8692,6 @@
+ return sidBytes->len == 0;
+ }
+
+ static SECStatus
+ ssl_CheckServerRandom(sslSocket *ss)
+@@ -8691,17 +8687,16 @@ ssl3_HandleClientHello(sslSocket *ss, PR
+ if (sidBytes.len > 0 && !IS_DTLS(ss)) {
+ SECITEM_FreeItem(&ss->ssl3.hs.fakeSid, PR_FALSE);
+ rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.fakeSid, &sidBytes);
+ if (rv != SECSuccess) {
+ desc = internal_error;
errCode = PORT_GetError();
goto alert_loser;
}
@@ -71,7 +135,17 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
}
/* TLS 1.3 requires that compression include only null. */
-@@ -13066,15 +13061,14 @@
+ if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
+ goto alert_loser;
+ }
+
+ /* If there is a cookie, then this is a second ClientHello (TLS 1.3). */
+@@ -13061,25 +13056,24 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip
+ * will fail if the server fails to negotiate compatibility mode in a
+ * 0-RTT session that is resumed from a session that did negotiate it.
+ * We don't care about that corner case right now. */
+ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+ cText->hdr[0] == ssl_ct_change_cipher_spec &&
ss->ssl3.hs.ws != idle_handshake &&
cText->buf->len == 1 &&
cText->buf->buf[0] == change_cipher_spec_choice) {
@@ -94,9 +168,19 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
}
if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
+ (!IS_DTLS(ss) && ss->sec.isServer &&
+ ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_trial)) {
+ /* Silently drop the packet unless we sent a fatal alert. */
+ if (ss->ssl3.fatalAlertSent) {
+ return SECFailure;
--- a/lib/ssl/sslimpl.h
+++ b/lib/ssl/sslimpl.h
-@@ -710,10 +710,7 @@
+@@ -705,20 +705,17 @@ typedef struct SSL3HandshakeStateStr {
+ sslZeroRttIgnore zeroRttIgnore; /* Are we ignoring 0-RTT? */
+ ssl3CipherSuite zeroRttSuite; /* The cipher suite we used for 0-RTT. */
+ PRCList bufferedEarlyData; /* Buffered TLS 1.3 early data
+ * on server.*/
+ PRBool helloRetry; /* True if HelloRetryRequest has been sent
* or received. */
PRBool receivedCcs; /* A server received ChangeCipherSpec
* before the handshake started. */
@@ -108,4 +192,9 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
PRBool clientCertRequested; /* True if CertificateRequest received. */
PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */
ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
+ * we use for TLS 1.3 */
+ PRUint16 ticketNonce; /* A counter we use for tickets. */
+ SECItem fakeSid; /* ... (server) the SID the client used. */
+
+ /* rttEstimate is used to guess the round trip time between server and client.
diff --git a/dev-libs/nss/nss-3.58-r1.ebuild b/dev-libs/nss/nss-3.58-r2.ebuild
similarity index 100%
rename from dev-libs/nss/nss-3.58-r1.ebuild
rename to dev-libs/nss/nss-3.58-r2.ebuild
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2022-03-29 7:20 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2022-03-29 7:20 UTC (permalink / raw
To: gentoo-commits
commit: d74294e90fea6298740a2833fcbfa285647b25b6
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 29 06:55:20 2022 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Mar 29 07:20:39 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d74294e9
dev-libs/nss: add 3.76.1
- respect LD.
Bug: https://bugs.gentoo.org/834846
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
dev-libs/nss/Manifest | 1 +
dev-libs/nss/files/nss-3.68-ld-fix.patch | 29 +++
dev-libs/nss/nss-3.76.1.ebuild | 363 +++++++++++++++++++++++++++++++
3 files changed, 393 insertions(+)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 023b5b2f2dfc..c8bbe5f9d24b 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,5 @@
DIST nss-3.68.2.tar.gz 82406396 BLAKE2B 0542278f63770e9d4f3ce51516d7786680f2a869907ec91b2c4160f9fcad60703dd0e2a77bae91306349ff56908af0020e9479815e2b15392da7b14b27f8c7bc SHA512 31fe62f9e6f1695546bf8b087ae35ac2d3f39fde6be6ab3fcbc81ef66cf6290fc34b799e3809fcba4e913d0e305c476ee8ee1f22d0f957ec6978025920bdb9de
DIST nss-3.75.tar.gz 84738291 BLAKE2B 35e8b1c3a6e2817d30e16b04288a5382332fa37d07f934de139dfb664c6a0ddd6a0e585902bd402cf45be5f9f9ae799c055a51cc4ec4a82c8dd12a454832e141 SHA512 0ad42f663b48649d7d16dc8b8956d2971a9566c0f7f655dd0609b94877f400977e5ad693f2eb44e1e277e55d1669294f07b3ba7a32573d3d72837b3944adf86d
+DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
DIST nss-3.76.tar.gz 84623743 BLAKE2B 4e7ce8cfbfccae4d92357a86a0170427a50594387a73bd101e7400c85945de6104247900b4a0d5c0571370f718dc01b40749eba460b87ff339e097c07769412d SHA512 ffbdd8a27f60b796e1204912cde2fa62ac99747ce550258ccdd6fe96d60a46c6ac3f82758a7aba3c7ee58da4e7bf09f1bf817fb9f0fa4e62faaea08a6301b8bd
DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/dev-libs/nss/files/nss-3.68-ld-fix.patch b/dev-libs/nss/files/nss-3.68-ld-fix.patch
new file mode 100644
index 000000000000..ecdbdeebd4cf
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.68-ld-fix.patch
@@ -0,0 +1,29 @@
+From 3cba2869869c8480605f7ffcc41d2e4bae1b31c8 Mon Sep 17 00:00:00 2001
+From: Zi Lin <lziest@google.com>
+Date: Wed, 9 Mar 2022 19:14:16 +0000
+Subject: [PATCH] Use $(LD) instead of 'ld' for cross-platform compilation
+
+---
+ coreconf/Linux.mk | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff -Naur a/coreconf/Linux.mk b/coreconf/Linux.mk
+--- a/coreconf/Linux.mk 2022-03-03 12:18:53.000000000 +0200
++++ b/coreconf/Linux.mk 2022-03-29 08:59:10.157349449 +0300
+@@ -6,6 +6,7 @@
+ CC ?= gcc
+ CCC ?= g++
+ RANLIB ?= ranlib
++LD ?= ld
+
+ include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+@@ -157,7 +158,7 @@
+ # Also, -z defs conflicts with Address Sanitizer, which emits relocations
+ # against the libsanitizer runtime built into the main executable.
+ ZDEFS_FLAG = -Wl,-z,defs
+-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG))
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
+
+ # On Maemo, we need to use the -rpath-link flag for even the standard system
diff --git a/dev-libs/nss/nss-3.76.1.ebuild b/dev-libs/nss/nss-3.76.1.ebuild
new file mode 100644
index 000000000000..f927277815f9
--- /dev/null
+++ b/dev-libs/nss/nss-3.76.1.ebuild
@@ -0,0 +1,363 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.32"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+ virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/nss-config
+)
+
+PATCHES=(
+ # Custom changes for gentoo
+ "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+ "${FILESDIR}/nss-3.68-ld-fix.patch"
+)
+
+src_prepare() {
+ default
+
+ if use cacert ; then
+ eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+ fi
+
+ pushd coreconf >/dev/null || die
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+ -i source.mk || die
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+ popd >/dev/null || die
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ config/Makefile || die
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ cmd/shlibsign/sign.sh || die
+ fi
+
+ # dirty hack
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk || die
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk || die
+
+ multilib_copy_sources
+
+ strip-flags
+}
+
+multilib_src_configure() {
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ *86*-pc-solaris2*) echo "i86pc" ;;
+ aarch64*) echo "aarch64" ;;
+ hppa*) echo "parisc" ;;
+ i?86*) echo "i686" ;;
+ x86_64*) echo "x86_64" ;;
+ *) tc-arch ${t} ;;
+ esac
+}
+
+nssbits() {
+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ if [[ ${1} == BUILD_ ]]; then
+ cc=$(tc-getBUILD_CC)
+ else
+ cc=$(tc-getCC)
+ fi
+ echo > "${T}"/test.c || die
+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+ case $(file "${T}/${1}test.o") in
+ *32-bit*x86-64*) echo USE_X32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+ esac
+}
+
+multilib_src_compile() {
+ # use ABI to determine bit'ness, or fallback if unset
+ local buildbits mybits
+ case "${ABI}" in
+ n32) mybits="USE_N32=1";;
+ x32) mybits="USE_X32=1";;
+ s390x|*64) mybits="USE_64=1";;
+ ${DEFAULT_ABI})
+ einfo "Running compilation test to determine bit'ness"
+ mybits=$(nssbits)
+ ;;
+ esac
+ # bitness of host may differ from target
+ if tc-is-cross-compiler; then
+ buildbits=$(nssbits BUILD_)
+ fi
+
+ local makeargs=(
+ CC="$(tc-getCC)"
+ CCC="$(tc-getCXX)"
+ AR="$(tc-getAR) rc \$@"
+ RANLIB="$(tc-getRANLIB)"
+ LD="$(tc-getLD)"
+ OPTIMIZER=
+ ${mybits}
+ )
+
+ # Take care of nspr settings #436216
+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+ unset NSPR_INCLUDE_DIR
+
+ export NSS_ALLOW_SSLKEYLOGFILE=1
+ export NSS_ENABLE_WERROR=0 #567158
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export FREEBL_NO_DEPEND=1
+ export FREEBL_LOWHASH=1
+ export NSS_SEED_ONLY_DEV_URANDOM=1
+ export USE_SYSTEM_ZLIB=1
+ export ZLIB_LIBS=-lz
+ export ASFLAGS=""
+ # Fix build failure on arm64
+ export NS_USE_GCC=1
+ # Detect compiler type and set proper environment value
+ if tc-is-gcc; then
+ export CC_IS_GCC=1
+ elif tc-is-clang; then
+ export CC_IS_CLANG=1
+ fi
+
+ # explicitly disable altivec/vsx if not requested
+ # https://bugs.gentoo.org/789114
+ case ${ARCH} in
+ ppc*)
+ use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+ use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+ ;;
+ esac
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 -C coreconf \
+ CC="$(tc-getBUILD_CC)" \
+ ${buildbits-${mybits}}
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ CPPFLAGS="${myCPPFLAGS}" \
+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+ done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+multilib_src_install() {
+ pushd dist >/dev/null || die
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+ local i
+ for i in crmf freebl nssb nssckfw ; do
+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+ done
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin || die
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+ # bug 517266
+ sed -e 's#Libs:#Libs: -lfreebl#' \
+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+ || die "could not create nss-softokn.pc"
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.{h,api}
+ insinto /usr/include/nss/private
+ doins private/nss/{blapi,alghmac,cmac}.h
+
+ popd >/dev/null || die
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils=( shlibsign )
+
+ if multilib_is_native_abi ; then
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ # checkcert utils has been removed in nss-3.22:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
+ # certcgi has been removed in nss-3.36:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+ nssutils+=(
+ addbuiltin
+ atob
+ baddbdir
+ btoa
+ certutil
+ cmsutil
+ conflict
+ crlutil
+ derdump
+ digest
+ makepqg
+ mangle
+ modutil
+ multinit
+ nonspr10
+ ocspclnt
+ oidcalc
+ p7content
+ p7env
+ p7sign
+ p7verify
+ pk11mode
+ pk12util
+ pp
+ rsaperf
+ selfserv
+ signtool
+ signver
+ ssltap
+ strsclnt
+ symkeyutil
+ tstclnt
+ vfychain
+ vfyserv
+ )
+ # install man-pages for utils (bug #516810)
+ doman doc/nroff/*.1
+ fi
+ pushd dist/*/bin >/dev/null || die
+ for f in ${nssutils[@]}; do
+ dobin ${f}
+ done
+ popd >/dev/null || die
+ fi
+}
+
+pkg_postinst() {
+ multilib_pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+ multilib_pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postrm
+}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2022-06-01 19:17 Sam James
0 siblings, 0 replies; 17+ messages in thread
From: Sam James @ 2022-06-01 19:17 UTC (permalink / raw
To: gentoo-commits
commit: 1309e3bab51ba812641509a623ab288235ea64f9
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 1 19:16:45 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 1 19:17:01 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1309e3ba
dev-libs/nss: fix build with GCC 13
Closes: https://bugs.gentoo.org/849005
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/nss/files/nss-3.79-gcc-13.patch | 33 ++++++++++++++++++++++++++++++++
dev-libs/nss/nss-3.79-r1.ebuild | 1 +
2 files changed, 34 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.79-gcc-13.patch b/dev-libs/nss/files/nss-3.79-gcc-13.patch
new file mode 100644
index 000000000000..04bd977f3020
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.79-gcc-13.patch
@@ -0,0 +1,33 @@
+https://github.com/nss-dev/nss/commit/edf5cb12af8a4668997b7edb65c7add4a1390b09
+https://bugs.gentoo.org/849005
+
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Thu, 26 May 2022 08:08:39 +0000
+Subject: [PATCH] Bug 1771273 - cpputil/databuffer.h: add missing <cstdint>
+ include r=nss-reviewers,mt
+
+Without the change build fails on this week's gcc-13 snapshot as:
+
+ ../../cpputil/databuffer.h:20:20: error: 'uint8_t' does not name a type
+ 20 | DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
+ | ^~~~~~~
+ ../../cpputil/databuffer.h:14:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
+ 13 | #include <iostream>
+ +++ |+#include <cstdint>
+ 14 |
+
+Differential Revision: https://phabricator.services.mozilla.com/D147404
+
+--HG--
+extra : moz-landing-system : lando
+--- a/cpputil/databuffer.h
++++ b/cpputil/databuffer.h
+@@ -11,6 +11,7 @@
+ #include <cstring>
+ #include <iomanip>
+ #include <iostream>
++#include <cstdint>
+
+ namespace nss_test {
+
+
diff --git a/dev-libs/nss/nss-3.79-r1.ebuild b/dev-libs/nss/nss-3.79-r1.ebuild
index 0d91f55e8bd4..f0a86b80c6b6 100644
--- a/dev-libs/nss/nss-3.79-r1.ebuild
+++ b/dev-libs/nss/nss-3.79-r1.ebuild
@@ -40,6 +40,7 @@ PATCHES=(
"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+ "${FILESDIR}/${PN}-3.79-gcc-13.patch"
)
src_prepare() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2022-10-25 15:15 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2022-10-25 15:15 UTC (permalink / raw
To: gentoo-commits
commit: b09ce6fcdb32290a983c33796effaa896bf7eee7
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 25 14:53:26 2022 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Oct 25 15:15:51 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b09ce6fc
dev-libs/nss: drop 3.68.4
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
dev-libs/nss/Manifest | 1 -
dev-libs/nss/files/nss-3.68-ld-fix.patch | 29 ---
dev-libs/nss/nss-3.68.4.ebuild | 362 -------------------------------
3 files changed, 392 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index cfba94d405f5..a0b5d5d0b745 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,4 +1,3 @@
-DIST nss-3.68.4.tar.gz 82409303 BLAKE2B a3cf572e82ce29dbc77e9356e0db425170f7294f1468755843746539663fe486089660e1c1b379d0184003d9ccf57db6cf0b2c161d7038301c1cb5028175b16d SHA512 f97b63a9f8218f8fbd7b5d48c084b8166366d02cd50aac69a22d56324d2fea01c49d074e51430bd128f510c733085f3f43c9739ce4073a07a5666675e0ef3b15
DIST nss-3.79.1.tar.gz 84694831 BLAKE2B 209a502ba4b808bb4cb9b8775328fa26e36c55147ee5da7b8f661349129250f09685dd69919e24d7ff72cc55a2e9cbbbc9c059e543cf1b0a6a08e809be262d4c SHA512 e841efe9d0300d99b50e54c159c75df76c09c34c74bbc9b6ca007ad017b2cb91a8d33f6f4195e52bd8f3ed7be5d53f3ce7ce10825fa21abbf5dbba3db109e037
DIST nss-3.84.tar.gz 84851235 BLAKE2B 5dead5ae336998db97acc6dc2a59b387aac9baeba0f2fad6eaf921bdc894867f6177179545378091d9b50b295b71409781b5ef5044222afe7a1cd2f920a7d15f SHA512 b4ed4b2e44d9f896a4a4c33f92813a84825dc4502f4e14e047f3583666c453138515e6edbcd71144c4b02a8ee16b3443803f1ff12458fd82c338ee1dd911b175
DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/dev-libs/nss/files/nss-3.68-ld-fix.patch b/dev-libs/nss/files/nss-3.68-ld-fix.patch
deleted file mode 100644
index ecdbdeebd4cf..000000000000
--- a/dev-libs/nss/files/nss-3.68-ld-fix.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 3cba2869869c8480605f7ffcc41d2e4bae1b31c8 Mon Sep 17 00:00:00 2001
-From: Zi Lin <lziest@google.com>
-Date: Wed, 9 Mar 2022 19:14:16 +0000
-Subject: [PATCH] Use $(LD) instead of 'ld' for cross-platform compilation
-
----
- coreconf/Linux.mk | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff -Naur a/coreconf/Linux.mk b/coreconf/Linux.mk
---- a/coreconf/Linux.mk 2022-03-03 12:18:53.000000000 +0200
-+++ b/coreconf/Linux.mk 2022-03-29 08:59:10.157349449 +0300
-@@ -6,6 +6,7 @@
- CC ?= gcc
- CCC ?= g++
- RANLIB ?= ranlib
-+LD ?= ld
-
- include $(CORE_DEPTH)/coreconf/UNIX.mk
-
-@@ -157,7 +158,7 @@
- # Also, -z defs conflicts with Address Sanitizer, which emits relocations
- # against the libsanitizer runtime built into the main executable.
- ZDEFS_FLAG = -Wl,-z,defs
--DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
-+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG))
- LDFLAGS += $(ARCHFLAG) -z noexecstack
-
- # On Maemo, we need to use the -rpath-link flag for even the standard system
diff --git a/dev-libs/nss/nss-3.68.4.ebuild b/dev-libs/nss/nss-3.68.4.ebuild
deleted file mode 100644
index a3ff3dba2827..000000000000
--- a/dev-libs/nss/nss-3.68.4.ebuild
+++ /dev/null
@@ -1,362 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.32"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
- virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-RESTRICT="test"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
- "${FILESDIR}/nss-3.68-ld-fix.patch"
-)
-
-src_prepare() {
- default
-
- if use cacert ; then
- eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
- fi
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- *86*-pc-solaris2*) echo "i86pc" ;;
- aarch64*) echo "aarch64" ;;
- hppa*) echo "parisc" ;;
- i?86*) echo "i686" ;;
- x86_64*) echo "x86_64" ;;
- *) tc-arch ${t} ;;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export USE_SYSTEM_ZLIB=1
- export ZLIB_LIBS=-lz
- export ASFLAGS=""
- # Fix build failure on arm64
- export NS_USE_GCC=1
- # Detect compiler type and set proper environment value
- if tc-is-gcc; then
- export CC_IS_GCC=1
- elif tc-is-clang; then
- export CC_IS_CLANG=1
- fi
-
- # explicitly disable altivec/vsx if not requested
- # https://bugs.gentoo.org/789114
- case ${ARCH} in
- ppc*)
- use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
- use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
- ;;
- esac
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
- done
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac,cmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2022-12-10 8:20 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2022-12-10 8:20 UTC (permalink / raw
To: gentoo-commits
commit: 6079757cf15ff7a64abe0a5ad902ffc85ec5febc
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 08:20:16 2022 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 08:20:16 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6079757c
dev-libs/nss: add 3.86
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
dev-libs/nss/Manifest | 1 +
.../nss/files/nss-3.87-fix-client-cert-crash.patch | 38 ++
dev-libs/nss/nss-3.86.ebuild | 395 +++++++++++++++++++++
3 files changed, 434 insertions(+)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index e951ed774910..e3c6b85c4e96 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,4 @@
DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
+DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/dev-libs/nss/files/nss-3.87-fix-client-cert-crash.patch b/dev-libs/nss/files/nss-3.87-fix-client-cert-crash.patch
new file mode 100644
index 000000000000..2f8c3b37219b
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.87-fix-client-cert-crash.patch
@@ -0,0 +1,38 @@
+diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
+--- a/lib/ssl/authcert.c
++++ b/lib/ssl/authcert.c
+@@ -204,10 +204,13 @@
+ if (certList == NULL) {
+ certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
+ certUsageSSLClient,
+ PR_FALSE, chosenNickName == NULL,
+ pw_arg);
++ if (certList == NULL) {
++ return SECFailure;
++ }
+ /* filter only the certs that meet the nickname requirements */
+ if (chosenNickName) {
+ rv = CERT_FilterCertListByNickname(certList, chosenNickName,
+ pw_arg);
+ } else {
+@@ -217,17 +220,14 @@
+ certUsageSSLClient);
+ ssl_FreeDistNamesStrings(names, nnames);
+ }
+ if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
+ CERT_DestroyCertList(certList);
+- certList = NULL;
++ return SECFailure;
+ }
+ }
+- if (certList == NULL) {
+- /* no user certs meeting the nickname/usage requirements found */
+- return SECFailure;
+- }
++
+ /* now remove any certs that can't meet the connection requirements */
+ rv = ssl_FilterClientCertListBySSLSocket(ss, certList);
+ if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
+ // no certs left.
+ CERT_DestroyCertList(certList);
+
diff --git a/dev-libs/nss/nss-3.86.ebuild b/dev-libs/nss/nss-3.86.ebuild
new file mode 100644
index 000000000000..c817a9a7e558
--- /dev/null
+++ b/dev-libs/nss/nss-3.86.ebuild
@@ -0,0 +1,395 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.35"
+RTM_NAME="NSS_${PV//./_}_RTM"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+RESTRICT="!test? ( test )"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+ virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/nss-config
+)
+
+PATCHES=(
+ # Custom changes for gentoo
+ "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
+ "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+ "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+ "${FILESDIR}/${PN}-3.87-fix-client-cert-crash.patch"
+)
+
+QA_PKGCONFIG_VERSION="${PV}.0"
+
+src_prepare() {
+ default
+
+ if use cacert ; then
+ eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+ fi
+
+ pushd coreconf >/dev/null || die
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+ -i source.mk || die
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+ # Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
+ sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
+
+ popd >/dev/null || die
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ config/Makefile || die
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ cmd/shlibsign/sign.sh || die
+ fi
+
+ # dirty hack
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk || die
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk || die
+
+ multilib_copy_sources
+
+ strip-flags
+}
+
+multilib_src_configure() {
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ *86*-pc-solaris2*) echo "i86pc" ;;
+ aarch64*) echo "aarch64" ;;
+ hppa*) echo "parisc" ;;
+ i?86*) echo "i686" ;;
+ x86_64*) echo "x86_64" ;;
+ *) tc-arch ${t} ;;
+ esac
+}
+
+nssbits() {
+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ if [[ ${1} == BUILD_ ]]; then
+ cc=$(tc-getBUILD_CC)
+ else
+ cc=$(tc-getCC)
+ fi
+ echo > "${T}"/test.c || die
+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+ case $(file "${T}/${1}test.o") in
+ *32-bit*x86-64*) echo USE_X32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+ esac
+}
+
+multilib_src_compile() {
+ # use ABI to determine bit'ness, or fallback if unset
+ local buildbits mybits
+ case "${ABI}" in
+ n32) mybits="USE_N32=1";;
+ x32) mybits="USE_X32=1";;
+ s390x|*64) mybits="USE_64=1";;
+ ${DEFAULT_ABI})
+ einfo "Running compilation test to determine bit'ness"
+ mybits=$(nssbits)
+ ;;
+ esac
+ # bitness of host may differ from target
+ if tc-is-cross-compiler; then
+ buildbits=$(nssbits BUILD_)
+ fi
+
+ local makeargs=(
+ CC="$(tc-getCC)"
+ CCC="$(tc-getCXX)"
+ AR="$(tc-getAR) rc \$@"
+ RANLIB="$(tc-getRANLIB)"
+ OPTIMIZER=
+ ${mybits}
+ disable_ckbi=0
+ )
+
+ # Take care of nspr settings #436216
+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+ unset NSPR_INCLUDE_DIR
+
+ export NSS_ALLOW_SSLKEYLOGFILE=1
+ export NSS_ENABLE_WERROR=0 #567158
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export FREEBL_NO_DEPEND=1
+ export FREEBL_LOWHASH=1
+ export NSS_SEED_ONLY_DEV_URANDOM=1
+ export USE_SYSTEM_ZLIB=1
+ export ZLIB_LIBS=-lz
+ export ASFLAGS=""
+ # Fix build failure on arm64
+ export NS_USE_GCC=1
+ # Detect compiler type and set proper environment value
+ if tc-is-gcc; then
+ export CC_IS_GCC=1
+ elif tc-is-clang; then
+ export CC_IS_CLANG=1
+ fi
+
+ export NSS_DISABLE_GTESTS=$(usex !test 1 0)
+
+ # explicitly disable altivec/vsx if not requested
+ # https://bugs.gentoo.org/789114
+ case ${ARCH} in
+ ppc*)
+ use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+ use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+ ;;
+ esac
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -C coreconf \
+ CC="$(tc-getBUILD_CC)" \
+ ${buildbits-${mybits}}
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ CPPFLAGS="${myCPPFLAGS}" \
+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
+ done
+}
+
+multilib_src_test() {
+ einfo "Tests can take a *long* time, especially on a multilib system."
+ einfo "30-45+ minutes per lib configuration. Bug #852755"
+
+ # https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
+ # https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
+ # https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
+ export BUILD_OPT=1
+ export HOST="localhost"
+ export DOMSUF="localdomain"
+ export USE_IP=TRUE
+ export IP_ADDRESS="127.0.0.1"
+
+ NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
+
+ cd "${BUILD_DIR}"/tests || die
+ # Hack to get current objdir (prefixed dir where built binaries are)
+ # Without this, at least multilib tests go wrong when building the amd64 variant
+ # after x86.
+ local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
+
+ # Can tweak to a subset of tests in future if we need to, but would prefer not
+ OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+multilib_src_install() {
+ pushd dist >/dev/null || die
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+ local i
+ for i in crmf freebl nssb nssckfw ; do
+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+ done
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin || die
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+ # bug 517266
+ sed -e 's#Libs:#Libs: -lfreebl#' \
+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+ || die "could not create nss-softokn.pc"
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.{h,api}
+ insinto /usr/include/nss/private
+ doins private/nss/{blapi,alghmac,cmac}.h
+
+ popd >/dev/null || die
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils=( shlibsign )
+
+ if multilib_is_native_abi ; then
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ # checkcert utils has been removed in nss-3.22:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+ # https://hg.mozilla.org/projects/nss/rev/df1729d37870
+ # certcgi has been removed in nss-3.36:
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
+ nssutils+=(
+ addbuiltin
+ atob
+ baddbdir
+ btoa
+ certutil
+ cmsutil
+ conflict
+ crlutil
+ derdump
+ digest
+ makepqg
+ mangle
+ modutil
+ multinit
+ nonspr10
+ ocspclnt
+ oidcalc
+ p7content
+ p7env
+ p7sign
+ p7verify
+ pk11mode
+ pk12util
+ pp
+ rsaperf
+ selfserv
+ signtool
+ signver
+ ssltap
+ strsclnt
+ symkeyutil
+ tstclnt
+ vfychain
+ vfyserv
+ )
+ # install man-pages for utils (bug #516810)
+ doman doc/nroff/*.1
+ fi
+ pushd dist/*/bin >/dev/null || die
+ for f in ${nssutils[@]}; do
+ dobin ${f}
+ done
+ popd >/dev/null || die
+ fi
+}
+
+pkg_postinst() {
+ multilib_pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+ multilib_pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postrm
+}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2023-01-06 8:36 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2023-01-06 8:36 UTC (permalink / raw
To: gentoo-commits
commit: 47d1c61d365dcf06974850a54a11968476d7bda1
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 6 08:35:44 2023 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jan 6 08:35:44 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47d1c61d
dev-libs/nss: drop 3.85, 3.86
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
dev-libs/nss/Manifest | 2 -
.../nss/files/nss-3.87-fix-client-cert-crash.patch | 38 --
dev-libs/nss/nss-3.85.ebuild | 395 ---------------------
dev-libs/nss/nss-3.86.ebuild | 395 ---------------------
4 files changed, 830 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 9c4c2b05e7d1..7dea4ccdf2ed 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,3 @@
DIST nss-3.79.2.tar.gz 84825187 BLAKE2B 9589095a0f3af5201662fe96ba4dac73c661db3abde534941ea61d597dce1016dc06f8559e26fafc940f2b123987381e1faa22ff6a995ef3cc0a9dc4ebe7a4ad SHA512 52ca7574d2bb6e2fd874ac40f3e75d58135b103d8bd4b964a9262b5c302b4668ff7c8f5dabbef46e413fd72faeddc44057bc7b489946813331cc9a481d078181
-DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
-DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/dev-libs/nss/files/nss-3.87-fix-client-cert-crash.patch b/dev-libs/nss/files/nss-3.87-fix-client-cert-crash.patch
deleted file mode 100644
index 2f8c3b37219b..000000000000
--- a/dev-libs/nss/files/nss-3.87-fix-client-cert-crash.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
---- a/lib/ssl/authcert.c
-+++ b/lib/ssl/authcert.c
-@@ -204,10 +204,13 @@
- if (certList == NULL) {
- certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
- certUsageSSLClient,
- PR_FALSE, chosenNickName == NULL,
- pw_arg);
-+ if (certList == NULL) {
-+ return SECFailure;
-+ }
- /* filter only the certs that meet the nickname requirements */
- if (chosenNickName) {
- rv = CERT_FilterCertListByNickname(certList, chosenNickName,
- pw_arg);
- } else {
-@@ -217,17 +220,14 @@
- certUsageSSLClient);
- ssl_FreeDistNamesStrings(names, nnames);
- }
- if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
- CERT_DestroyCertList(certList);
-- certList = NULL;
-+ return SECFailure;
- }
- }
-- if (certList == NULL) {
-- /* no user certs meeting the nickname/usage requirements found */
-- return SECFailure;
-- }
-+
- /* now remove any certs that can't meet the connection requirements */
- rv = ssl_FilterClientCertListBySSLSocket(ss, certList);
- if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
- // no certs left.
- CERT_DestroyCertList(certList);
-
diff --git a/dev-libs/nss/nss-3.85.ebuild b/dev-libs/nss/nss-3.85.ebuild
deleted file mode 100644
index 4e55e80c37cf..000000000000
--- a/dev-libs/nss/nss-3.85.ebuild
+++ /dev/null
@@ -1,395 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
- virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
- "${FILESDIR}/${PN}-3.79-fix-client-cert-crash.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
- default
-
- if use cacert ; then
- eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
- fi
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
- # Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
- sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- *86*-pc-solaris2*) echo "i86pc" ;;
- aarch64*) echo "aarch64" ;;
- hppa*) echo "parisc" ;;
- i?86*) echo "i686" ;;
- x86_64*) echo "x86_64" ;;
- *) tc-arch ${t} ;;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- disable_ckbi=0
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export USE_SYSTEM_ZLIB=1
- export ZLIB_LIBS=-lz
- export ASFLAGS=""
- # Fix build failure on arm64
- export NS_USE_GCC=1
- # Detect compiler type and set proper environment value
- if tc-is-gcc; then
- export CC_IS_GCC=1
- elif tc-is-clang; then
- export CC_IS_CLANG=1
- fi
-
- export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
- # explicitly disable altivec/vsx if not requested
- # https://bugs.gentoo.org/789114
- case ${ARCH} in
- ppc*)
- use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
- use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
- ;;
- esac
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
- done
-}
-
-multilib_src_test() {
- einfo "Tests can take a *long* time, especially on a multilib system."
- einfo "30-45+ minutes per lib configuration. Bug #852755"
-
- # https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
- # https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
- # https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
- export BUILD_OPT=1
- export HOST="localhost"
- export DOMSUF="localdomain"
- export USE_IP=TRUE
- export IP_ADDRESS="127.0.0.1"
-
- NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
- cd "${BUILD_DIR}"/tests || die
- # Hack to get current objdir (prefixed dir where built binaries are)
- # Without this, at least multilib tests go wrong when building the amd64 variant
- # after x86.
- local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
- # Can tweak to a subset of tests in future if we need to, but would prefer not
- OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac,cmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
diff --git a/dev-libs/nss/nss-3.86.ebuild b/dev-libs/nss/nss-3.86.ebuild
deleted file mode 100644
index c817a9a7e558..000000000000
--- a/dev-libs/nss/nss-3.86.ebuild
+++ /dev/null
@@ -1,395 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
- virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- # Custom changes for gentoo
- "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
- "${FILESDIR}/${PN}-3.87-fix-client-cert-crash.patch"
-)
-
-QA_PKGCONFIG_VERSION="${PV}.0"
-
-src_prepare() {
- default
-
- if use cacert ; then
- eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
- fi
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
- # Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
- sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- *86*-pc-solaris2*) echo "i86pc" ;;
- aarch64*) echo "aarch64" ;;
- hppa*) echo "parisc" ;;
- i?86*) echo "i686" ;;
- x86_64*) echo "x86_64" ;;
- *) tc-arch ${t} ;;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- disable_ckbi=0
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export USE_SYSTEM_ZLIB=1
- export ZLIB_LIBS=-lz
- export ASFLAGS=""
- # Fix build failure on arm64
- export NS_USE_GCC=1
- # Detect compiler type and set proper environment value
- if tc-is-gcc; then
- export CC_IS_GCC=1
- elif tc-is-clang; then
- export CC_IS_CLANG=1
- fi
-
- export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
- # explicitly disable altivec/vsx if not requested
- # https://bugs.gentoo.org/789114
- case ${ARCH} in
- ppc*)
- use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
- use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
- ;;
- esac
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
- done
-}
-
-multilib_src_test() {
- einfo "Tests can take a *long* time, especially on a multilib system."
- einfo "30-45+ minutes per lib configuration. Bug #852755"
-
- # https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
- # https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
- # https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
- export BUILD_OPT=1
- export HOST="localhost"
- export DOMSUF="localdomain"
- export USE_IP=TRUE
- export IP_ADDRESS="127.0.0.1"
-
- NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
- cd "${BUILD_DIR}"/tests || die
- # Hack to get current objdir (prefixed dir where built binaries are)
- # Without this, at least multilib tests go wrong when building the amd64 variant
- # after x86.
- local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
- # Can tweak to a subset of tests in future if we need to, but would prefer not
- OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac,cmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2023-06-06 9:26 Sam James
0 siblings, 0 replies; 17+ messages in thread
From: Sam James @ 2023-06-06 9:26 UTC (permalink / raw
To: gentoo-commits
commit: 271ee4b749ee8393d8b2894710e0ea4ec540b5ac
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 6 09:25:37 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun 6 09:25:58 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=271ee4b7
dev-libs/nss: fix 3.90 build on arm64
This patch is a prereq for the fix for the SIGILL issue (or workaround rather).
Closes: https://bugs.gentoo.org/907901
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/nss/files/nss-3.90-arm64-simd.patch | 27 +++++++++++++++++++++++++++
dev-libs/nss/nss-3.90.ebuild | 1 +
2 files changed, 28 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.90-arm64-simd.patch b/dev-libs/nss/files/nss-3.90-arm64-simd.patch
new file mode 100644
index 000000000000..994fd9a47a6c
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.90-arm64-simd.patch
@@ -0,0 +1,27 @@
+https://bugs.gentoo.org/907901
+https://bugzilla.mozilla.org/show_bug.cgi?id=1836781
+https://github.com/nss-dev/nss/commit/c07c4e073d95a25343cbf56b4a830a71e432869e
+
+From c07c4e073d95a25343cbf56b4a830a71e432869e Mon Sep 17 00:00:00 2001
+From: Natalia Kulatova <nkulatova@mozilla.com>
+Date: Mon, 5 Jun 2023 16:09:58 +0000
+Subject: [PATCH] Bug 1836781 - Disabling ASM C25519 for A but X86_64
+ r=bbeurdouche,nss-reviewers
+
+Differential Revision: https://phabricator.services.mozilla.com/D179969
+
+--HG--
+extra : moz-landing-system : lando
+--- a/lib/freebl/Makefile
++++ b/lib/freebl/Makefile
+@@ -568,7 +568,9 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc)
+ HAVE_INT128_SUPPORT = 1
+ DEFINES += -DHAVE_INT128_SUPPORT
+ else ifeq (1,$(CC_IS_GCC))
+- SUPPORTS_VALE_CURVE25519 = 1
++ ifeq ($(CPU_ARCH),x86_64)
++ SUPPORTS_VALE_CURVE25519 = 1
++ endif
+ ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+ HAVE_INT128_SUPPORT = 1
+ DEFINES += -DHAVE_INT128_SUPPORT
diff --git a/dev-libs/nss/nss-3.90.ebuild b/dev-libs/nss/nss-3.90.ebuild
index 463187e5c65a..59e8dd7fd601 100644
--- a/dev-libs/nss/nss-3.90.ebuild
+++ b/dev-libs/nss/nss-3.90.ebuild
@@ -39,6 +39,7 @@ PATCHES=(
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+ "${FILESDIR}"/nss-3.90-arm64-simd.patch
)
src_prepare() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2023-07-02 16:47 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2023-07-02 16:47 UTC (permalink / raw
To: gentoo-commits
commit: 6f6026d391be3ee7cb4749a01cbb5835cb38f9c9
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 2 16:45:13 2023 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Jul 2 16:45:38 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f6026d3
dev-libs/nss: drop 3.90
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
dev-libs/nss/Manifest | 1 -
dev-libs/nss/files/nss-3.90-arm64-simd.patch | 27 --
dev-libs/nss/nss-3.90.ebuild | 415 ---------------------------
3 files changed, 443 deletions(-)
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 8c81212f947c..89119092fa02 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,5 +1,4 @@
DIST nss-3.79.4.tar.gz 84826326 BLAKE2B c34b1ba2c24891bd316af27828dbcc6b193b7298fe6a965cfd42d6a37aa3c25ecb80c9b8c2195ba89d2ea395739def47ff5269f7964235c2883e5b33d67889e9 SHA512 194c7595871ada65c03dcea8f2ec75ea9d6da3ce270c956e8abb2d72b6465e14c7be7892532548b9ca6f319f557353b98facb6f3d620a3a3825d889170b02fa2
DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
-DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
DIST nss-3.91.tar.gz 72267945 BLAKE2B 7dcd680311a5503007c0bb738ec24b50e40841470592c2d8dd542b3bdf085a6e4816f1fab4cb6b86220ff3e39a828f57a0a9172e3d1c2c82537eab6558a50226 SHA512 65258a4ea0b8c06ec49dd411eabe860ad5d7c3873beb27f8f43e10ef6be020b1522112df9deaeed27f23fd72f13cc7554e9c1854cd97e4716de419f722aff020
DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/dev-libs/nss/files/nss-3.90-arm64-simd.patch b/dev-libs/nss/files/nss-3.90-arm64-simd.patch
deleted file mode 100644
index 994fd9a47a6c..000000000000
--- a/dev-libs/nss/files/nss-3.90-arm64-simd.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-https://bugs.gentoo.org/907901
-https://bugzilla.mozilla.org/show_bug.cgi?id=1836781
-https://github.com/nss-dev/nss/commit/c07c4e073d95a25343cbf56b4a830a71e432869e
-
-From c07c4e073d95a25343cbf56b4a830a71e432869e Mon Sep 17 00:00:00 2001
-From: Natalia Kulatova <nkulatova@mozilla.com>
-Date: Mon, 5 Jun 2023 16:09:58 +0000
-Subject: [PATCH] Bug 1836781 - Disabling ASM C25519 for A but X86_64
- r=bbeurdouche,nss-reviewers
-
-Differential Revision: https://phabricator.services.mozilla.com/D179969
-
---HG--
-extra : moz-landing-system : lando
---- a/lib/freebl/Makefile
-+++ b/lib/freebl/Makefile
-@@ -568,7 +568,9 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc)
- HAVE_INT128_SUPPORT = 1
- DEFINES += -DHAVE_INT128_SUPPORT
- else ifeq (1,$(CC_IS_GCC))
-- SUPPORTS_VALE_CURVE25519 = 1
-+ ifeq ($(CPU_ARCH),x86_64)
-+ SUPPORTS_VALE_CURVE25519 = 1
-+ endif
- ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
- HAVE_INT128_SUPPORT = 1
- DEFINES += -DHAVE_INT128_SUPPORT
diff --git a/dev-libs/nss/nss-3.90.ebuild b/dev-libs/nss/nss-3.90.ebuild
deleted file mode 100644
index 59e8dd7fd601..000000000000
--- a/dev-libs/nss/nss-3.90.ebuild
+++ /dev/null
@@ -1,415 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-
-NSPR_VER="4.35"
-RTM_NAME="NSS_${PV//./_}_RTM"
-
-DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
-
-LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-solaris"
-IUSE="cacert test +utils cpu_flags_ppc_altivec cpu_flags_x86_avx2 cpu_flags_x86_sse3 cpu_flags_ppc_vsx"
-RESTRICT="!test? ( test )"
-# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
-RDEPEND="
- >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
- virtual/pkgconfig
-"
-DEPEND="${RDEPEND}"
-BDEPEND="dev-lang/perl"
-
-S="${WORKDIR}/${P}/${PN}"
-
-MULTILIB_CHOST_TOOLS=(
- /usr/bin/nss-config
-)
-
-PATCHES=(
- "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
- "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
- "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
- "${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
- "${FILESDIR}"/nss-3.90-arm64-simd.patch
-)
-
-src_prepare() {
- default
-
- if use cacert ; then
- eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
- fi
-
- pushd coreconf >/dev/null || die
- # hack nspr paths
- echo 'INCLUDES += -I$(DIST)/include/dbm' \
- >> headers.mk || die "failed to append include"
-
- # modify install path
- sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
- -i source.mk || die
-
- # Respect LDFLAGS
- sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
-
- # Workaround make-4.4's change to sub-make, bmo#1800237, bgo#882069
- sed -i -e "s/^CPU_TAG = _.*/CPU_TAG = _$(nssarch)/" Linux.mk || die
-
- popd >/dev/null || die
-
- # Fix pkgconfig file for Prefix
- sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
- config/Makefile || die
-
- # use host shlibsign if need be #436216
- if tc-is-cross-compiler ; then
- sed -i \
- -e 's:"${2}"/shlibsign:shlibsign:' \
- cmd/shlibsign/sign.sh || die
- fi
-
- # dirty hack
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
- lib/ssl/config.mk || die
- sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
- cmd/platlibs.mk || die
-
- multilib_copy_sources
-
- strip-flags
-}
-
-multilib_src_configure() {
- # Ensure we stay multilib aware
- sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
-}
-
-nssarch() {
- # Most of the arches are the same as $ARCH
- local t=${1:-${CHOST}}
- case ${t} in
- *86*-pc-solaris2*) echo "i86pc" ;;
- aarch64*) echo "aarch64" ;;
- hppa*) echo "parisc" ;;
- i?86*) echo "i686" ;;
- x86_64*) echo "x86_64" ;;
- *) tc-arch ${t} ;;
- esac
-}
-
-nssbits() {
- local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
- if [[ ${1} == BUILD_ ]]; then
- cc=$(tc-getBUILD_CC)
- else
- cc=$(tc-getCC)
- fi
- echo > "${T}"/test.c || die
- ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
- case $(file "${T}/${1}test.o") in
- *32-bit*x86-64*) echo USE_X32=1;;
- *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
- *32-bit*|*ppc*|*i386*) ;;
- *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
- esac
-}
-
-multilib_src_compile() {
- # use ABI to determine bit'ness, or fallback if unset
- local buildbits mybits
- case "${ABI}" in
- n32) mybits="USE_N32=1";;
- x32) mybits="USE_X32=1";;
- s390x|*64) mybits="USE_64=1";;
- ${DEFAULT_ABI})
- einfo "Running compilation test to determine bit'ness"
- mybits=$(nssbits)
- ;;
- esac
- # bitness of host may differ from target
- if tc-is-cross-compiler; then
- buildbits=$(nssbits BUILD_)
- fi
-
- local makeargs=(
- CC="$(tc-getCC)"
- CCC="$(tc-getCXX)"
- AR="$(tc-getAR) rc \$@"
- RANLIB="$(tc-getRANLIB)"
- OPTIMIZER=
- ${mybits}
- disable_ckbi=0
- )
-
- # Take care of nspr settings #436216
- local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
- unset NSPR_INCLUDE_DIR
-
- export NSS_ALLOW_SSLKEYLOGFILE=1
- export NSS_ENABLE_WERROR=0 #567158
- export BUILD_OPT=1
- export NSS_USE_SYSTEM_SQLITE=1
- export NSDISTMODE=copy
- export FREEBL_NO_DEPEND=1
- export FREEBL_LOWHASH=1
- export NSS_SEED_ONLY_DEV_URANDOM=1
- export USE_SYSTEM_ZLIB=1
- export ZLIB_LIBS=-lz
- export ASFLAGS=""
- # Fix build failure on arm64
- export NS_USE_GCC=1
- # Detect compiler type and set proper environment value
- if tc-is-gcc; then
- export CC_IS_GCC=1
- elif tc-is-clang; then
- export CC_IS_CLANG=1
- fi
-
- export NSS_DISABLE_GTESTS=$(usex !test 1 0)
-
- # Include exportable custom settings defined by users, #900915
- # Two examples uses:
- # EXTRA_NSSCONF="MYONESWITCH=1"
- # EXTRA_NSSCONF="MYVALUE=0 MYOTHERVALUE=1 MYTHIRDVALUE=1"
- # e.g.
- # EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0"
- # or
- # EXTRA_NSSCONF="NSS_ALLOW_SSLKEYLOGFILE=0 NSS_ENABLE_WERROR=1"
- # etc.
- if [[ -n "${EXTRA_NSSCONF}" ]]; then
- ewarn "EXTRA_NSSCONF applied, please disable custom settings before reporting bugs."
- read -a myextranssconf <<< "${EXTRA_NSSCONF}"
-
- for (( i=0; i<${#myextranssconf[@]}; i++ )); do
- export "${myextranssconf[$i]}"
- echo "exported ${myextranssconf[$i]}"
- done
- fi
-
- # explicitly disable altivec/vsx if not requested
- # https://bugs.gentoo.org/789114
- case ${ARCH} in
- ppc*)
- use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
- use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
- ;;
- esac
-
- use cpu_flags_x86_avx2 || export NSS_DISABLE_AVX2=1
- use cpu_flags_x86_sse3 || export NSS_DISABLE_SSE3=1
-
- local d
-
- # Build the host tools first.
- LDFLAGS="${BUILD_LDFLAGS}" \
- XCFLAGS="${BUILD_CFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake -C coreconf \
- CC="$(tc-getBUILD_CC)" \
- ${buildbits-${mybits}}
- makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
-
- # Then build the target tools.
- for d in . lib/dbm ; do
- CPPFLAGS="${myCPPFLAGS}" \
- XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
- NSPR_LIB_DIR="${T}/fakedir" \
- emake "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
- done
-}
-
-multilib_src_test() {
- einfo "Tests can take a *long* time, especially on a multilib system."
- einfo "30-45+ minutes per lib configuration. Bug #852755"
-
- # https://www.linuxfromscratch.org/blfs/view/svn/postlfs/nss.html
- # https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_sources_building_testing/index.html#running_the_nss_test_suite
- # https://www-archive.mozilla.org/projects/security/pki/nss/testnss_32.html (older)
- export BUILD_OPT=1
- export HOST="localhost"
- export DOMSUF="localdomain"
- export USE_IP=TRUE
- export IP_ADDRESS="127.0.0.1"
-
- NSINSTALL="${PWD}/$(find -type f -name nsinstall)"
-
- cd "${BUILD_DIR}"/tests || die
- # Hack to get current objdir (prefixed dir where built binaries are)
- # Without this, at least multilib tests go wrong when building the amd64 variant
- # after x86.
- local objdir=$(find "${BUILD_DIR}"/dist -maxdepth 1 -iname Linux* | rev | cut -d/ -f1 | rev)
-
- # Can tweak to a subset of tests in future if we need to, but would prefer not
- OBJDIR="${objdir}" DIST="${BUILD_DIR}/dist" MOZILLA_ROOT="${BUILD_DIR}" ./all.sh || die
-}
-
-# Altering these 3 libraries breaks the CHK verification.
-# All of the following cause it to break:
-# - stripping
-# - prelink
-# - ELF signing
-# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
-# Either we have to NOT strip them, or we have to forcibly resign after
-# stripping.
-#local_libdir="$(get_libdir)"
-#export STRIP_MASK="
-# */${local_libdir}/libfreebl3.so*
-# */${local_libdir}/libnssdbm3.so*
-# */${local_libdir}/libsoftokn3.so*"
-
-export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
-
-generate_chk() {
- local shlibsign="$1"
- local libdir="$2"
- einfo "Resigning core NSS libraries for FIPS validation"
- shift 2
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libname=lib${i}.so
- local chkname=lib${i}.chk
- "${shlibsign}" \
- -i "${libdir}"/${libname} \
- -o "${libdir}"/${chkname}.tmp \
- && mv -f \
- "${libdir}"/${chkname}.tmp \
- "${libdir}"/${chkname} \
- || die "Failed to sign ${libname}"
- done
-}
-
-cleanup_chk() {
- local libdir="$1"
- shift 1
- local i
- for i in ${NSS_CHK_SIGN_LIBS} ; do
- local libfname="${libdir}/lib${i}.so"
- # If the major version has changed, then we have old chk files.
- [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
- && rm -f "${libfname}.chk"
- done
-}
-
-multilib_src_install() {
- pushd dist >/dev/null || die
-
- dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
- local i
- for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
- done
-
- # Install nss-config and pkgconfig file
- dodir /usr/bin
- cp -L */bin/nss-config "${ED}"/usr/bin || die
- dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
-
- # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
- # bug 517266
- sed -e 's#Libs:#Libs: -lfreebl#' \
- -e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
- || die "could not create nss-softokn.pc"
-
- # all the include files
- insinto /usr/include/nss
- doins public/nss/*.{h,api}
- insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac,cmac}.h
-
- popd >/dev/null || die
-
- local f nssutils
- # Always enabled because we need it for chk generation.
- nssutils=( shlibsign )
-
- if multilib_is_native_abi ; then
- if use utils; then
- # The tests we do not need to install.
- #nssutils_test="bltest crmftest dbtest dertimetest
- #fipstest remtest sdrtest"
- # checkcert utils has been removed in nss-3.22:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
- # https://hg.mozilla.org/projects/nss/rev/df1729d37870
- # certcgi has been removed in nss-3.36:
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
- nssutils+=(
- addbuiltin
- atob
- baddbdir
- btoa
- certutil
- cmsutil
- conflict
- crlutil
- derdump
- digest
- makepqg
- mangle
- modutil
- multinit
- nonspr10
- ocspclnt
- oidcalc
- p7content
- p7env
- p7sign
- p7verify
- pk11mode
- pk12util
- pp
- rsaperf
- selfserv
- signtool
- signver
- ssltap
- strsclnt
- symkeyutil
- tstclnt
- vfychain
- vfyserv
- )
- # install man-pages for utils (bug #516810)
- doman doc/nroff/*.1
- fi
- pushd dist/*/bin >/dev/null || die
- for f in ${nssutils[@]}; do
- dobin ${f}
- done
- popd >/dev/null || die
- fi
-}
-
-pkg_postinst() {
- multilib_pkg_postinst() {
- # We must re-sign the libraries AFTER they are stripped.
- local shlibsign="${EROOT}/usr/bin/shlibsign"
- # See if we can execute it (cross-compiling & such). #436216
- "${shlibsign}" -h >&/dev/null
- if [[ $? -gt 1 ]] ; then
- shlibsign="shlibsign"
- fi
- generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postinst
-}
-
-pkg_postrm() {
- multilib_pkg_postrm() {
- cleanup_chk "${EROOT}"/usr/$(get_libdir)
- }
-
- multilib_foreach_abi multilib_pkg_postrm
-}
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2024-10-27 18:12 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2024-10-27 18:12 UTC (permalink / raw
To: gentoo-commits
commit: 90f73c85f0d0df446375da0182c11e7f4f232464
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 27 18:10:27 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Oct 27 18:11:58 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90f73c85
dev-libs/nss: disable known broken tests in 3.106
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
.../nss/files/nss-3.106-disable-broken-tests.patch | 30 ++++++++++++++++++++++
dev-libs/nss/nss-3.106.ebuild | 1 +
2 files changed, 31 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.106-disable-broken-tests.patch b/dev-libs/nss/files/nss-3.106-disable-broken-tests.patch
new file mode 100644
index 000000000000..2e711070344e
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.106-disable-broken-tests.patch
@@ -0,0 +1,30 @@
+diff '--color=auto' -Naur a/tests/tools/tools.sh b/tests/tools/tools.sh
+--- a/tests/tools/tools.sh 2024-10-27 18:25:18.489626868 +0200
++++ b/tests/tools/tools.sh 2024-10-27 18:29:33.732940327 +0200
+@@ -540,26 +540,6 @@
+ ret=$?
+ html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file"
+ check_tmpfile
+-
+- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+- ret=$?
+- html_msg $ret 19 "Fail to list private key with bad iterator"
+- check_tmpfile
+-
+- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+- ret=$?
+- echo "Fail to list private key with bad salt val=$ret"
+- html_msg $ret 19 "Fail to import private key with bad salt"
+- check_tmpfile
+-
+- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+- ret=$?
+- echo "Fail to import private key with no length val=$ret"
+- html_msg $ret 19 "Fail to import private key with no length"
+- check_tmpfile
+ }
+
+ ############################## tools_p12 ###############################
diff --git a/dev-libs/nss/nss-3.106.ebuild b/dev-libs/nss/nss-3.106.ebuild
index 3be838138e78..0f041f606425 100644
--- a/dev-libs/nss/nss-3.106.ebuild
+++ b/dev-libs/nss/nss-3.106.ebuild
@@ -41,6 +41,7 @@ PATCHES=(
"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
+ "${FILESDIR}"/nss-3.106-disable-broken-tests.patch
)
src_prepare() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
@ 2024-11-05 13:58 Joonas Niilola
0 siblings, 0 replies; 17+ messages in thread
From: Joonas Niilola @ 2024-11-05 13:58 UTC (permalink / raw
To: gentoo-commits
commit: 8e4c015ebf4a0b5e74cf1a1f866181af2d5b892c
Author: Joonas Niilola <juippis <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 5 13:56:43 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Tue Nov 5 13:56:43 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e4c015e
dev-libs/nss: add an upstream patch file to fix tests on 3.106
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
...s-3.106-bmo-1927096-fix-broken-test-files.patch | 33 ++++++++++++++++++++++
dev-libs/nss/nss-3.106.ebuild | 2 +-
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/dev-libs/nss/files/nss-3.106-bmo-1927096-fix-broken-test-files.patch b/dev-libs/nss/files/nss-3.106-bmo-1927096-fix-broken-test-files.patch
new file mode 100644
index 000000000000..069e97e6aacf
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.106-bmo-1927096-fix-broken-test-files.patch
@@ -0,0 +1,33 @@
+diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
+--- a/tests/tools/tools.sh
++++ b/tests/tools/tools.sh
+@@ -542,25 +542,25 @@
+ check_tmpfile
+
+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+ ret=$?
+- html_msg $ret 19 "Fail to list private key with bad iterator"
++ html_msg $ret 17 "Fail to list private key with bad iterator"
+ check_tmpfile
+
+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+ ret=$?
+ echo "Fail to list private key with bad salt val=$ret"
+- html_msg $ret 19 "Fail to import private key with bad salt"
++ html_msg $ret 17 "Fail to import private key with bad salt"
+ check_tmpfile
+
+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+ ret=$?
+ echo "Fail to import private key with no length val=$ret"
+- html_msg $ret 19 "Fail to import private key with no length"
++ html_msg $ret 17 "Fail to import private key with no length"
+ check_tmpfile
+ }
+
+ ############################## tools_p12 ###############################
+ # local shell function to test basic functionality of pk12util
+
diff --git a/dev-libs/nss/nss-3.106.ebuild b/dev-libs/nss/nss-3.106.ebuild
index 0f041f606425..3c45869cb295 100644
--- a/dev-libs/nss/nss-3.106.ebuild
+++ b/dev-libs/nss/nss-3.106.ebuild
@@ -41,7 +41,7 @@ PATCHES=(
"${FILESDIR}"/nss-3.103-gentoo-fixes-add-pkgconfig-files.patch
"${FILESDIR}"/nss-3.21-gentoo-fixup-warnings.patch
"${FILESDIR}"/nss-3.87-use-clang-as-bgo892686.patch
- "${FILESDIR}"/nss-3.106-disable-broken-tests.patch
+ "${FILESDIR}"/nss-3.106-bmo-1927096-fix-broken-test-files.patch
)
src_prepare() {
^ permalink raw reply related [flat|nested] 17+ messages in thread
end of thread, other threads:[~2024-11-05 13:58 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-06 9:26 [gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-11-05 13:58 Joonas Niilola
2024-10-27 18:12 Joonas Niilola
2023-07-02 16:47 Joonas Niilola
2023-01-06 8:36 Joonas Niilola
2022-12-10 8:20 Joonas Niilola
2022-10-25 15:15 Joonas Niilola
2022-06-01 19:17 Sam James
2022-03-29 7:20 Joonas Niilola
2020-10-26 15:06 Thomas Deutschmann
2020-10-23 16:19 Thomas Deutschmann
2020-06-19 7:36 Lars Wendler
2020-03-31 17:50 Thomas Deutschmann
2018-06-06 16:12 Jory Pratt
2018-05-23 20:06 Ian Stakenvicius
2016-03-15 9:27 Lars Wendler
2015-12-25 15:39 Jeroen Roovers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox