diff options
author | Jory Pratt <anarchy@gentoo.org> | 2012-10-28 01:15:40 +0000 |
---|---|---|
committer | Jory Pratt <anarchy@gentoo.org> | 2012-10-28 01:15:40 +0000 |
commit | f96911badb24adbc8ab6f2f0d19a68659800a2b7 (patch) | |
tree | 79a0cd1132adee41b12c799d1ec1f8f68ba7de71 /dev-libs/nss | |
parent | Security bump fx-16, bugs #439818, 439348, #433960 (diff) | |
download | gentoo-2-f96911badb24adbc8ab6f2f0d19a68659800a2b7.tar.gz gentoo-2-f96911badb24adbc8ab6f2f0d19a68659800a2b7.tar.bz2 gentoo-2-f96911badb24adbc8ab6f2f0d19a68659800a2b7.zip |
version bump
(Portage version: 2.1.11.31/cvs/Linux x86_64, signed Manifest commit with key 0x9019241D)
Diffstat (limited to 'dev-libs/nss')
-rw-r--r-- | dev-libs/nss/ChangeLog | 7 | ||||
-rw-r--r-- | dev-libs/nss/nss-3.14.ebuild | 212 |
2 files changed, 218 insertions, 1 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog index 681d0daea229..731fea2eecdc 100644 --- a/dev-libs/nss/ChangeLog +++ b/dev-libs/nss/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for dev-libs/nss # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.262 2012/09/15 12:12:45 nativemad Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.263 2012/10/28 01:15:40 anarchy Exp $ + +*nss-3.14 (28 Oct 2012) + + 28 Oct 2012; <anarchy@gentoo.org> +nss-3.14.ebuild: + Version bump 15 Sep 2012; Andreas Schuerch <nativemad@gentoo.org> nss-3.13.6.ebuild: x86 stable, see bug 433383 diff --git a/dev-libs/nss/nss-3.14.ebuild b/dev-libs/nss/nss-3.14.ebuild new file mode 100644 index 000000000000..a5c847494f55 --- /dev/null +++ b/dev-libs/nss/nss-3.14.ebuild @@ -0,0 +1,212 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.14.ebuild,v 1.1 2012/10/28 01:15:40 anarchy Exp $ + +EAPI=3 +inherit eutils flag-o-matic multilib toolchain-funcs + +NSPR_VER="4.9.2" +RTM_NAME="NSS_${PV//./_}_RTM" + +DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" +HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" +SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz + http://dev.gentoo.org/~anarchy/patches/${PN}-3.14-add_spi+cacerts_ca_certs.patch + http://dev.gentoo.org/~anarchy/patches/${PN}-3.13.3_pem.support" + +LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="utils" + +DEPEND="virtual/pkgconfig + >=dev-libs/nspr-${NSPR_VER}" + +RDEPEND=">=dev-libs/nspr-${NSPR_VER} + >=dev-db/sqlite-3.5 + sys-libs/zlib" + +src_setup() { + export LC_ALL="C" +} + +src_prepare() { + # Custom changes for gentoo + epatch "${FILESDIR}/${PN}-3.13-gentoo-fixup.patch" + epatch "${FILESDIR}/${PN}-3.12.6-gentoo-fixup-warnings.patch" + epatch "${DISTDIR}/${PN}-3.14-add_spi+cacerts_ca_certs.patch" + epatch "${DISTDIR}/${PN}-3.13.3_pem.support" + epatch "${FILESDIR}/${PN}-3.13.5-x32.patch" + + cd "${S}"/mozilla/security/coreconf || die + # hack nspr paths + echo 'INCLUDES += -I'"${EPREFIX}"'/usr/include/nspr -I$(DIST)/include/dbm' \ + >> headers.mk || die "failed to append include" + + # modify install path + sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ + -i source.mk || die + + # Respect LDFLAGS + sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk || die + + # Ensure we stay multilib aware + sed -i -e "s:gentoo\/nss:$(get_libdir):" "${S}"/mozilla/security/nss/config/Makefile || die "Failed to fix for multilib" + + # Fix pkgconfig file for Prefix + sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ + "${S}"/mozilla/security/nss/config/Makefile || die + + epatch "${FILESDIR}/nss-3.13.1-solaris-gcc.patch" + + # dirty hack + cd "${S}"/mozilla/security/nss || die + sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ + lib/ssl/config.mk || die + sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ + cmd/platlibs.mk || die +} + +src_compile() { + strip-flags + + echo > "${T}"/test.c || die + $(tc-getCC) ${CFLAGS} -c "${T}"/test.c -o "${T}"/test.o || die + case $(file "${T}"/test.o) in + *32-bit*x86-64*) export USE_x32=1;; + *64-bit*|*ppc64*|*x86_64*) export USE_64=1;; + *32-bit*|*ppc*|*i386*) ;; + *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; + esac + + export NSPR_INCLUDE_DIR=`nspr-config --includedir` + export NSPR_LIB_DIR=`nspr-config --libdir` + export BUILD_OPT=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSDISTMODE=copy + export NSS_ENABLE_ECC=1 + export XCFLAGS="${CFLAGS}" + export FREEBL_NO_DEPEND=1 + export ASFLAGS="" + + cd "${S}"/mozilla/security/coreconf || die + emake -j1 CC="$(tc-getCC)" || die "coreconf make failed" + cd "${S}"/mozilla/security/dbm || die + emake -j1 CC="$(tc-getCC)" || die "dbm make failed" + cd "${S}"/mozilla/security/nss || die + emake -j1 CC="$(tc-getCC)" || die "nss make failed" +} + +# Altering these 3 libraries breaks the CHK verification. +# All of the following cause it to break: +# - stripping +# - prelink +# - ELF signing +# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html +# Either we have to NOT strip them, or we have to forcibly resign after +# stripping. +#local_libdir="$(get_libdir)" +#export STRIP_MASK=" +# */${local_libdir}/libfreebl3.so* +# */${local_libdir}/libnssdbm3.so* +# */${local_libdir}/libsoftokn3.so*" + +export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" + +generate_chk() { + local shlibsign="$1" + local libdir="$2" + einfo "Resigning core NSS libraries for FIPS validation" + shift 2 + for i in ${NSS_CHK_SIGN_LIBS} ; do + local libname=lib${i}.so + local chkname=lib${i}.chk + "${shlibsign}" \ + -i "${libdir}"/${libname} \ + -o "${libdir}"/${chkname}.tmp \ + && mv -f \ + "${libdir}"/${chkname}.tmp \ + "${libdir}"/${chkname} \ + || die "Failed to sign ${libname}" + done +} + +cleanup_chk() { + local libdir="$1" + shift 1 + for i in ${NSS_CHK_SIGN_LIBS} ; do + local libfname="${libdir}/lib${i}.so" + # If the major version has changed, then we have old chk files. + [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ + && rm -f "${libfname}.chk" + done +} + +src_install () { + MINOR_VERSION=12 + cd "${S}"/mozilla/security/dist || die + + dodir /usr/$(get_libdir) || die + cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" + # We generate these after stripping the libraries, else they don't match. + #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" + cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" + + # Install nss-config and pkgconfig file + dodir /usr/bin || die + cp -L */bin/nss-config "${ED}"/usr/bin || die + dodir /usr/$(get_libdir)/pkgconfig || die + cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die + + # all the include files + insinto /usr/include/nss + doins public/nss/*.h || die + cd "${ED}"/usr/$(get_libdir) || die + local n= + for file in *$(get_libname); do + n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION}) + mv ${file} ${n} || die + ln -s ${n} ${file} || die + if [[ ${CHOST} == *-darwin* ]]; then + install_name_tool -id "${EPREFIX}/usr/$(get_libdir)/${n}" ${n} || die + fi + done + + local nssutils + # Always enabled because we need it for chk generation. + nssutils="shlibsign" + if use utils; then + # The tests we do not need to install. + #nssutils_test="bltest crmftest dbtest dertimetest + #fipstest remtest sdrtest" + nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert + cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit + nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode + pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt + symkeyutil tstclnt vfychain vfyserv" + fi + cd "${S}"/mozilla/security/dist/*/bin/ || die + for f in $nssutils; do + dobin ${f} || die + done + + # Prelink breaks the CHK files. We don't have any reliable way to run + # shlibsign after prelink. + declare -a libs + for l in ${NSS_CHK_SIGN_LIBS} ; do + libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") + done + OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}" + echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss" || die + unset libs liblist + doenvd "${T}/90nss" || die +} + +pkg_postinst() { + # We must re-sign the libraries AFTER they are stripped. + generate_chk "${EROOT}"/usr/bin/shlibsign "${EROOT}"/usr/$(get_libdir) +} + +pkg_postrm() { + cleanup_chk "${EROOT}"/usr/$(get_libdir) +} |