mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 17:36:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

dev-libs/nss: delete nss

Browse Source 
As `dev-libs/nss` is not used anywhere, let's simply remove nss.
The only ebuild that pulls in is `net-misc/curl`, but only if the USE
flag `nss` is enabled. As the `nss` flag is disabled for curl, we do
not need to keep `dev-libs/nss` at all.
This commit is contained in:
Dongsu Park 2021-01-22 16:52:52 +01:00
parent 7f89d06380
commit b759beaea8
7 changed files with 0 additions and 1006 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/portage-stable/dev-libs/nss/Manifest vendored
View File

@ -1,3 +0,0 @@
DIST nss-3.51.1.tar.gz 78310874 BLAKE2B c295b5fdf6e1d24cc79474f2c5a9e91fccf777212fbb072e8a64576ed1b060fea6ecbde1fa59bb07c998b9aa92bb7d450e722a8f34a72eaa35aef6cbd693420a SHA512 1878780886cc330489a14a60ee5cb67b174f3167d020db256eacdce079652ef8af65813914cd0fb5684457053fa27acc9bff72d0713fbea28795613ca45a6d46
DIST nss-3.51.tar.gz 78305125 BLAKE2B 2c7b90d4cc9fe283bf81e21d0dceefff503e5a31f0053828b140b2b927ddab8c8881b23c7d4c003f3e2d0dcd22efbe699baee63443cab6e72d33a552fd430e3c SHA512 9c894b1ea41449b000750a7b3a89fcb43dfc3d0d4d6dcc0dc288bc73996f76f1ee1ede927a8aecae6d4a07f9f3d3e3a042c6a60cf06e27e0cdc004fce2e510fd
DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

10
sdk_container/src/third_party/portage-stable/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch vendored
View File

@ -1,10 +0,0 @@
--- nss/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -130,6 +130,7 @@
OPTIMIZER += -gdwarf-2
endif
endif
+OPTIMIZER += -fno-strict-aliasing
endif
ifndef COMPILER_TAG

16
sdk_container/src/third_party/portage-stable/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch vendored
View File

@ -1,16 +0,0 @@
--- nss/lib/dbm/include/mcom_db.h
+++ nss/lib/dbm/include/mcom_db.h
@@ -110,11 +110,13 @@
#endif /* !BYTE_ORDER */
#endif /* __sun */
+#ifndef BYTE_ORDER
#if defined(__hpux) || defined(__hppa)
#define BYTE_ORDER BIG_ENDIAN
#define BIG_ENDIAN 4321
#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
#endif
+#endif /* !BYTE_ORDER */
#if defined(AIXV3) || defined(AIX)
/* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */

242
sdk_container/src/third_party/portage-stable/dev-libs/nss/files/nss-3.47-gentoo-fixups.patch vendored
View File

@ -1,242 +0,0 @@
--- a/config/Makefile
+++ b/config/Makefile
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
+PREFIX = /usr
+
+all: export libs
+
+export:
+ # Create the nss.pc file
+ mkdir -p $(DIST)/lib/pkgconfig
+ sed -e "s,@prefix@,$(PREFIX)," \
+ -e "s,@exec_prefix@,\$${prefix}," \
+ -e "s,@libdir@,\$${prefix}/lib64," \
+ -e "s,@includedir@,\$${prefix}/include/nss," \
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+ nss.pc.in > nss.pc
+ chmod 0644 nss.pc
+ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
+
+ # Create the nss-config script
+ mkdir -p $(DIST)/bin
+ sed -e "s,@prefix@,$(PREFIX)," \
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+ nss-config.in > nss-config
+ chmod 0755 nss-config
+ ln -sf ../../../config/nss-config $(DIST)/bin
+
+libs:
+
+dummy: all export libs
+
--- a/config/nss-config.in
+++ b/config/nss-config.in
@@ -0,0 +1,145 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@NSS_MAJOR_VERSION@
+minor_version=@NSS_MINOR_VERSION@
+patch_version=@NSS_PATCH_VERSION@
+
+usage()
+{
+ cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+ [--prefix[=DIR]]
+ [--exec-prefix[=DIR]]
+ [--includedir[=DIR]]
+ [--libdir[=DIR]]
+ [--version]
+ [--libs]
+ [--cflags]
+Dynamic Libraries:
+ nss
+ ssl
+ smime
+ nssutil
+EOF
+ exit $1
+}
+
+if test $# -eq 0; then
+ usage 1 1>&2
+fi
+
+lib_ssl=yes
+lib_smime=yes
+lib_nss=yes
+lib_nssutil=yes
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ ssl)
+ lib_ssl=yes
+ ;;
+ smime)
+ lib_smime=yes
+ ;;
+ nss)
+ lib_nss=yes
+ ;;
+ nssutil)
+ lib_nssutil=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+ includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+ libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs=""
+ if test -n "$lib_ssl"; then
+ libdirs="$libdirs -lssl${major_version}"
+ fi
+ if test -n "$lib_smime"; then
+ libdirs="$libdirs -lsmime${major_version}"
+ fi
+ if test -n "$lib_nss"; then
+ libdirs="$libdirs -lnss${major_version}"
+ fi
+ if test -n "$lib_nssutil"; then
+ libdirs="$libdirs -lnssutil${major_version}"
+ fi
+ echo $libdirs
+fi
+
--- a/config/nss.pc.in
+++ b/config/nss.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: NSS
+Description: Network Security Services
+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
+Requires: nspr >= 4.8
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
+
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-nss_build_all: build_nspr all latest
+nss_build_all: all latest
nss_clean_all: clobber_nspr clobber
@@ -133,16 +133,6 @@
--prefix='$(NSS_GYP_PREFIX)'
endif
-build_nspr: $(NSPR_CONFIG_STATUS)
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
-
-install_nspr: build_nspr
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
-
-clobber_nspr: $(NSPR_CONFIG_STATUS)
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
-
build_docs:
$(MAKE) -C $(CORE_DEPTH)/doc
--- a/manifest.mn
+++ b/manifest.mn
@@ -10,4 +10,4 @@
RELEASE = nss
-DIRS = coreconf lib cmd cpputil gtests
+DIRS = coreconf lib cmd cpputil config

17
sdk_container/src/third_party/portage-stable/dev-libs/nss/metadata.xml vendored
View File

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>mozilla@gentoo.org</email>
<name>Gentoo Mozilla Team</name>
</maintainer>
<use>
<flag name="cacert">
Include root/class3 certs from CAcert (http://www.cacert.org/)
</flag>
<flag name="utils">Install utilities included with the library</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:mozilla:nss</remote-id>
</upstream>
</pkgmetadata>

359
sdk_container/src/third_party/portage-stable/dev-libs/nss/nss-3.51.1.ebuild vendored
View File

@ -1,359 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
NSPR_VER="4.25"
RTM_NAME="NSS_${PV//./_}_RTM"
DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
IUSE="cacert utils"
BDEPEND="
>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
"
RDEPEND="
>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
"
DEPEND="${RDEPEND}"
RESTRICT="test"
S="${WORKDIR}/${P}/${PN}"
MULTILIB_CHOST_TOOLS=(
/usr/bin/nss-config
)
PATCHES=(
# Custom changes for gentoo
"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
)
src_prepare() {
if use cacert ; then #521462
PATCHES+=(
"${DISTDIR}/${PN}-cacert-class1-class3.patch"
)
fi
default
pushd coreconf >/dev/null || die
# hack nspr paths
echo 'INCLUDES += -I$(DIST)/include/dbm' \
>> headers.mk || die "failed to append include"
# modify install path
sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-i source.mk || die
# Respect LDFLAGS
sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
popd >/dev/null || die
# Fix pkgconfig file for Prefix
sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
config/Makefile || die
# use host shlibsign if need be #436216
if tc-is-cross-compiler ; then
sed -i \
-e 's:"${2}"/shlibsign:shlibsign:' \
cmd/shlibsign/sign.sh || die
fi
# dirty hack
sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
lib/ssl/config.mk || die
sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
cmd/platlibs.mk || die
multilib_copy_sources
strip-flags
}
multilib_src_configure() {
# Ensure we stay multilib aware
sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
}
nssarch() {
# Most of the arches are the same as $ARCH
local t=${1:-${CHOST}}
case ${t} in
aarch64*)echo "aarch64";;
hppa*) echo "parisc";;
i?86*) echo "i686";;
x86_64*) echo "x86_64";;
*) tc-arch ${t};;
esac
}
nssbits() {
local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
if [[ ${1} == BUILD_ ]]; then
cc=$(tc-getBUILD_CC)
else
cc=$(tc-getCC)
fi
echo > "${T}"/test.c || die
${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
case $(file "${T}/${1}test.o") in
*32-bit*x86-64*) echo USE_X32=1;;
*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
*32-bit*|*ppc*|*i386*) ;;
*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
esac
}
multilib_src_compile() {
# use ABI to determine bit'ness, or fallback if unset
local buildbits mybits
case "${ABI}" in
n32) mybits="USE_N32=1";;
x32) mybits="USE_X32=1";;
s390x|*64) mybits="USE_64=1";;
${DEFAULT_ABI})
einfo "Running compilation test to determine bit'ness"
mybits=$(nssbits)
;;
esac
# bitness of host may differ from target
if tc-is-cross-compiler; then
buildbits=$(nssbits BUILD_)
fi
local makeargs=(
CC="$(tc-getCC)"
CCC="$(tc-getCXX)"
AR="$(tc-getAR) rc \$@"
RANLIB="$(tc-getRANLIB)"
OPTIMIZER=
${mybits}
)
# Take care of nspr settings #436216
local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
unset NSPR_INCLUDE_DIR
# Do not let `uname` be used.
if use kernel_linux ; then
makeargs+=(
OS_TARGET=Linux
OS_RELEASE=2.6
OS_TEST="$(nssarch)"
)
fi
export NSS_ALLOW_SSLKEYLOGFILE=1
export NSS_ENABLE_WERROR=0 #567158
export BUILD_OPT=1
export NSS_USE_SYSTEM_SQLITE=1
export NSDISTMODE=copy
export NSS_ENABLE_ECC=1
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSS_SEED_ONLY_DEV_URANDOM=1
export ASFLAGS=""
local d
# Build the host tools first.
LDFLAGS="${BUILD_LDFLAGS}" \
XCFLAGS="${BUILD_CFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 -C coreconf \
CC="$(tc-getBUILD_CC)" \
${buildbits:-${mybits}}
makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
# Then build the target tools.
for d in . lib/dbm ; do
CPPFLAGS="${myCPPFLAGS}" \
XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 "${makeargs[@]}" -C ${d}
done
}
# Altering these 3 libraries breaks the CHK verification.
# All of the following cause it to break:
# - stripping
# - prelink
# - ELF signing
# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
# Either we have to NOT strip them, or we have to forcibly resign after
# stripping.
#local_libdir="$(get_libdir)"
#export STRIP_MASK="
# */${local_libdir}/libfreebl3.so*
# */${local_libdir}/libnssdbm3.so*
# */${local_libdir}/libsoftokn3.so*"
export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
generate_chk() {
local shlibsign="$1"
local libdir="$2"
einfo "Resigning core NSS libraries for FIPS validation"
shift 2
local i
for i in ${NSS_CHK_SIGN_LIBS} ; do
local libname=lib${i}.so
local chkname=lib${i}.chk
"${shlibsign}" \
-i "${libdir}"/${libname} \
-o "${libdir}"/${chkname}.tmp \
&& mv -f \
"${libdir}"/${chkname}.tmp \
"${libdir}"/${chkname} \
|| die "Failed to sign ${libname}"
done
}
cleanup_chk() {
local libdir="$1"
shift 1
local i
for i in ${NSS_CHK_SIGN_LIBS} ; do
local libfname="${libdir}/lib${i}.so"
# If the major version has changed, then we have old chk files.
[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
&& rm -f "${libfname}.chk"
done
}
multilib_src_install() {
pushd dist >/dev/null || die
dodir /usr/$(get_libdir)
cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
local i
for i in crmf freebl nssb nssckfw ; do
cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
done
# Install nss-config and pkgconfig file
dodir /usr/bin
cp -L */bin/nss-config "${ED}"/usr/bin || die
dodir /usr/$(get_libdir)/pkgconfig
cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
# bug 517266
sed -e 's#Libs:#Libs: -lfreebl#' \
-e 's#Cflags:#Cflags: -I${includedir}/private#' \
*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
|| die "could not create nss-softokn.pc"
# all the include files
insinto /usr/include/nss
doins public/nss/*.{h,api}
insinto /usr/include/nss/private
doins private/nss/{blapi,alghmac,cmac}.h
popd >/dev/null || die
local f nssutils
# Always enabled because we need it for chk generation.
nssutils=( shlibsign )
if multilib_is_native_abi ; then
if use utils; then
# The tests we do not need to install.
#nssutils_test="bltest crmftest dbtest dertimetest
#fipstest remtest sdrtest"
# checkcert utils has been removed in nss-3.22:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
# https://hg.mozilla.org/projects/nss/rev/df1729d37870
# certcgi has been removed in nss-3.36:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
nssutils+=(
addbuiltin
atob
baddbdir
btoa
certutil
cmsutil
conflict
crlutil
derdump
digest
makepqg
mangle
modutil
multinit
nonspr10
ocspclnt
oidcalc
p7content
p7env
p7sign
p7verify
pk11mode
pk12util
pp
rsaperf
selfserv
signtool
signver
ssltap
strsclnt
symkeyutil
tstclnt
vfychain
vfyserv
)
# install man-pages for utils (bug #516810)
doman doc/nroff/*.1
fi
pushd dist/*/bin >/dev/null || die
for f in ${nssutils[@]}; do
dobin ${f}
done
popd >/dev/null || die
fi
# Prelink breaks the CHK files. We don't have any reliable way to run
# shlibsign after prelink.
dodir /etc/prelink.conf.d
printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
> "${ED}"/etc/prelink.conf.d/nss.conf
}
pkg_postinst() {
multilib_pkg_postinst() {
# We must re-sign the libraries AFTER they are stripped.
local shlibsign="${EROOT}/usr/bin/shlibsign"
# See if we can execute it (cross-compiling & such). #436216
"${shlibsign}" -h >&/dev/null
if [[ $? -gt 1 ]] ; then
shlibsign="shlibsign"
fi
generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
}
multilib_foreach_abi multilib_pkg_postinst
}
pkg_postrm() {
multilib_pkg_postrm() {
cleanup_chk "${EROOT}"/usr/$(get_libdir)
}
multilib_foreach_abi multilib_pkg_postrm
}

359
sdk_container/src/third_party/portage-stable/dev-libs/nss/nss-3.51.ebuild vendored
View File

@ -1,359 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
NSPR_VER="4.25"
RTM_NAME="NSS_${PV//./_}_RTM"
DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
IUSE="cacert utils"
BDEPEND="
>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
"
RDEPEND="
>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
"
DEPEND="${RDEPEND}"
RESTRICT="test"
S="${WORKDIR}/${P}/${PN}"
MULTILIB_CHOST_TOOLS=(
/usr/bin/nss-config
)
PATCHES=(
# Custom changes for gentoo
"${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
)
src_prepare() {
if use cacert ; then #521462
PATCHES+=(
"${DISTDIR}/${PN}-cacert-class1-class3.patch"
)
fi
default
pushd coreconf >/dev/null || die
# hack nspr paths
echo 'INCLUDES += -I$(DIST)/include/dbm' \
>> headers.mk || die "failed to append include"
# modify install path
sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-i source.mk || die
# Respect LDFLAGS
sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
popd >/dev/null || die
# Fix pkgconfig file for Prefix
sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
config/Makefile || die
# use host shlibsign if need be #436216
if tc-is-cross-compiler ; then
sed -i \
-e 's:"${2}"/shlibsign:shlibsign:' \
cmd/shlibsign/sign.sh || die
fi
# dirty hack
sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
lib/ssl/config.mk || die
sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
cmd/platlibs.mk || die
multilib_copy_sources
strip-flags
}
multilib_src_configure() {
# Ensure we stay multilib aware
sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
}
nssarch() {
# Most of the arches are the same as $ARCH
local t=${1:-${CHOST}}
case ${t} in
aarch64*)echo "aarch64";;
hppa*) echo "parisc";;
i?86*) echo "i686";;
x86_64*) echo "x86_64";;
*) tc-arch ${t};;
esac
}
nssbits() {
local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
if [[ ${1} == BUILD_ ]]; then
cc=$(tc-getBUILD_CC)
else
cc=$(tc-getCC)
fi
echo > "${T}"/test.c || die
${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
case $(file "${T}/${1}test.o") in
*32-bit*x86-64*) echo USE_X32=1;;
*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
*32-bit*|*ppc*|*i386*) ;;
*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
esac
}
multilib_src_compile() {
# use ABI to determine bit'ness, or fallback if unset
local buildbits mybits
case "${ABI}" in
n32) mybits="USE_N32=1";;
x32) mybits="USE_X32=1";;
s390x|*64) mybits="USE_64=1";;
${DEFAULT_ABI})
einfo "Running compilation test to determine bit'ness"
mybits=$(nssbits)
;;
esac
# bitness of host may differ from target
if tc-is-cross-compiler; then
buildbits=$(nssbits BUILD_)
fi
local makeargs=(
CC="$(tc-getCC)"
CCC="$(tc-getCXX)"
AR="$(tc-getAR) rc \$@"
RANLIB="$(tc-getRANLIB)"
OPTIMIZER=
${mybits}
)
# Take care of nspr settings #436216
local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
unset NSPR_INCLUDE_DIR
# Do not let `uname` be used.
if use kernel_linux ; then
makeargs+=(
OS_TARGET=Linux
OS_RELEASE=2.6
OS_TEST="$(nssarch)"
)
fi
export NSS_ALLOW_SSLKEYLOGFILE=1
export NSS_ENABLE_WERROR=0 #567158
export BUILD_OPT=1
export NSS_USE_SYSTEM_SQLITE=1
export NSDISTMODE=copy
export NSS_ENABLE_ECC=1
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSS_SEED_ONLY_DEV_URANDOM=1
export ASFLAGS=""
local d
# Build the host tools first.
LDFLAGS="${BUILD_LDFLAGS}" \
XCFLAGS="${BUILD_CFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 -C coreconf \
CC="$(tc-getBUILD_CC)" \
${buildbits:-${mybits}}
makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
# Then build the target tools.
for d in . lib/dbm ; do
CPPFLAGS="${myCPPFLAGS}" \
XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 "${makeargs[@]}" -C ${d}
done
}
# Altering these 3 libraries breaks the CHK verification.
# All of the following cause it to break:
# - stripping
# - prelink
# - ELF signing
# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
# Either we have to NOT strip them, or we have to forcibly resign after
# stripping.
#local_libdir="$(get_libdir)"
#export STRIP_MASK="
# */${local_libdir}/libfreebl3.so*
# */${local_libdir}/libnssdbm3.so*
# */${local_libdir}/libsoftokn3.so*"
export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
generate_chk() {
local shlibsign="$1"
local libdir="$2"
einfo "Resigning core NSS libraries for FIPS validation"
shift 2
local i
for i in ${NSS_CHK_SIGN_LIBS} ; do
local libname=lib${i}.so
local chkname=lib${i}.chk
"${shlibsign}" \
-i "${libdir}"/${libname} \
-o "${libdir}"/${chkname}.tmp \
&& mv -f \
"${libdir}"/${chkname}.tmp \
"${libdir}"/${chkname} \
|| die "Failed to sign ${libname}"
done
}
cleanup_chk() {
local libdir="$1"
shift 1
local i
for i in ${NSS_CHK_SIGN_LIBS} ; do
local libfname="${libdir}/lib${i}.so"
# If the major version has changed, then we have old chk files.
[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
&& rm -f "${libfname}.chk"
done
}
multilib_src_install() {
pushd dist >/dev/null || die
dodir /usr/$(get_libdir)
cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
local i
for i in crmf freebl nssb nssckfw ; do
cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
done
# Install nss-config and pkgconfig file
dodir /usr/bin
cp -L */bin/nss-config "${ED}"/usr/bin || die
dodir /usr/$(get_libdir)/pkgconfig
cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
# bug 517266
sed -e 's#Libs:#Libs: -lfreebl#' \
-e 's#Cflags:#Cflags: -I${includedir}/private#' \
*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
|| die "could not create nss-softokn.pc"
# all the include files
insinto /usr/include/nss
doins public/nss/*.{h,api}
insinto /usr/include/nss/private
doins private/nss/{blapi,alghmac,cmac}.h
popd >/dev/null || die
local f nssutils
# Always enabled because we need it for chk generation.
nssutils=( shlibsign )
if multilib_is_native_abi ; then
if use utils; then
# The tests we do not need to install.
#nssutils_test="bltest crmftest dbtest dertimetest
#fipstest remtest sdrtest"
# checkcert utils has been removed in nss-3.22:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
# https://hg.mozilla.org/projects/nss/rev/df1729d37870
# certcgi has been removed in nss-3.36:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
nssutils+=(
addbuiltin
atob
baddbdir
btoa
certutil
cmsutil
conflict
crlutil
derdump
digest
makepqg
mangle
modutil
multinit
nonspr10
ocspclnt
oidcalc
p7content
p7env
p7sign
p7verify
pk11mode
pk12util
pp
rsaperf
selfserv
signtool
signver
ssltap
strsclnt
symkeyutil
tstclnt
vfychain
vfyserv
)
# install man-pages for utils (bug #516810)
doman doc/nroff/*.1
fi
pushd dist/*/bin >/dev/null || die
for f in ${nssutils[@]}; do
dobin ${f}
done
popd >/dev/null || die
fi
# Prelink breaks the CHK files. We don't have any reliable way to run
# shlibsign after prelink.
dodir /etc/prelink.conf.d
printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
> "${ED}"/etc/prelink.conf.d/nss.conf
}
pkg_postinst() {
multilib_pkg_postinst() {
# We must re-sign the libraries AFTER they are stripped.
local shlibsign="${EROOT}/usr/bin/shlibsign"
# See if we can execute it (cross-compiling & such). #436216
"${shlibsign}" -h >&/dev/null
if [[ $? -gt 1 ]] ; then
shlibsign="shlibsign"
fi
generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
}
multilib_foreach_abi multilib_pkg_postinst
}
pkg_postrm() {
multilib_pkg_postrm() {
cleanup_chk "${EROOT}"/usr/$(get_libdir)
}
multilib_foreach_abi multilib_pkg_postrm
}