dev-libs/nss: Bump to version 3.23

Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
author: Lars Wendler <polynomial-c@gentoo.org> 2016-03-15 10:26:40 +0100
committer: Lars Wendler <polynomial-c@gentoo.org> 2016-03-15 10:27:50 +0100
commit: c7189ae6b143ea47799db7cd4849e7db93d2d966 (patch)
tree: 8cc6eeed7425d3cfa125afc442454bf084a07bb4 /dev-libs/nss
parent: net-firewall/shorewall: alpha/amd64/hppa/ppc64/ppc/sparc/x86 stable, (ALLARCH... (diff)
download: gentoo-c7189ae6b143ea47799db7cd4849e7db93d2d966.tar.gz
gentoo-c7189ae6b143ea47799db7cd4849e7db93d2d966.tar.bz2
gentoo-c7189ae6b143ea47799db7cd4849e7db93d2d966.zip
8 files changed, 384 insertions, 40 deletions
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index a32331de18aa..f308b8d091e1 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38d
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142
 DIST nss-3.22.tar.gz 6992347 SHA256 30ebd121c77e725a1383618eff79a6752d6e9f0f21882ad825ddab12e7227611 SHA512 f97251a17ad4ea889878ffeba64f19560978cf82c512b84c301be248ee4fe764345838fb8a88233b0fe12abe7bf78ce521a6ac64fa8d16bd0e1283eac9c17be1 WHIRLPOOL 8e128f3c8eb411c6569bd6d4d1edb55041e214913669687a5481d16f9aff245d3fc827f9a8c96e4723b3f0ec127d4461a1cda247dc296d9dce34513c7ab7e43d
+DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62
diff --git a/dev-libs/nss/files/nss-3.21-cacert-class3.patch b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
index 565f3e61501b..fb4cf74aba9f 100644
--- a/dev-libs/nss/files/nss-3.21-cacert-class3.patch
+++ b/dev-libs/nss/files/nss-3.21-cacert-class3.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/lib/ckfw/builtins/certdata.txt b/nss/lib/ckfw/builtins/certdata.txt
---- a/nss/lib/ckfw/builtins/certdata.txt	2015-11-15 09:25:06.142786072 -0600
-+++ b/nss/lib/ckfw/builtins/certdata.txt	2015-11-15 09:36:02.976756787 -0600
+--- nss/lib/ckfw/builtins/certdata.txt
++++ nss/lib/ckfw/builtins/certdata.txt
 @@ -30351,3 +30351,200 @@
  CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
  CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
diff --git a/dev-libs/nss/files/nss-3.21-enable-pem.patch b/dev-libs/nss/files/nss-3.21-enable-pem.patch
index c60f0514fc5e..e6de275787dc 100644
--- a/dev-libs/nss/files/nss-3.21-enable-pem.patch
+++ b/dev-libs/nss/files/nss-3.21-enable-pem.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/lib/ckfw/manifest.mn b/nss/lib/ckfw/manifest.mn
---- a/nss/lib/ckfw/manifest.mn	2015-11-15 09:25:06.130786072 -0600
-+++ b/nss/lib/ckfw/manifest.mn	2015-11-15 09:31:03.372770145 -0600
+--- nss/lib/ckfw/manifest.mn
++++ nss/lib/ckfw/manifest.mn
 @@ -5,7 +5,7 @@
  
  CORE_DEPTH = ../..
diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
index ed8a0aa33bbe..14234e8d3c15 100644
--- a/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
+++ b/dev-libs/nss/files/nss-3.21-gentoo-fixup-warnings.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
---- a/nss/coreconf/Linux.mk	2015-11-15 09:25:06.672786048 -0600
-+++ b/nss/coreconf/Linux.mk	2015-11-15 09:29:26.682774456 -0600
+--- nss/coreconf/Linux.mk
++++ nss/coreconf/Linux.mk
 @@ -130,6 +130,7 @@
  		OPTIMIZER += -gdwarf-2
  	endif
@@ -8,4 +7,4 @@ diff -urN a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
 +OPTIMIZER += -fno-strict-aliasing
  endif
  
- ifndef COMPILER_TAG
-\ No newline at end of file
+ ifndef COMPILER_TAG
diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
index 33819821c193..29cda280cfde 100644
--- a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
+++ b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch
@@ -1,6 +1,5 @@
-diff -urN a/nss/config/Makefile b/nss/config/Makefile
---- a/nss/config/Makefile	1969-12-31 18:00:00.000000000 -0600
-+++ b/nss/config/Makefile	2015-11-15 10:42:46.249578304 -0600
+--- nss/config/Makefile
++++ nss/config/Makefile
 @@ -0,0 +1,40 @@
 +CORE_DEPTH = ..
 +DEPTH      = ..
@@ -42,9 +41,8 @@ diff -urN a/nss/config/Makefile b/nss/config/Makefile
 +
 +dummy: all export libs
 +
-diff -urN a/nss/config/nss-config.in b/nss/config/nss-config.in
---- a/nss/config/nss-config.in	1969-12-31 18:00:00.000000000 -0600
-+++ b/nss/config/nss-config.in	2015-11-15 10:42:46.250578304 -0600
+--- nss/config/nss-config.in
++++ nss/config/nss-config.in
 @@ -0,0 +1,145 @@
 +#!/bin/sh
 +
@@ -191,9 +189,8 @@ diff -urN a/nss/config/nss-config.in b/nss/config/nss-config.in
 +      echo $libdirs
 +fi      
 +
-diff -urN a/nss/config/nss.pc.in b/nss/config/nss.pc.in
---- a/nss/config/nss.pc.in	1969-12-31 18:00:00.000000000 -0600
-+++ b/nss/config/nss.pc.in	2015-11-15 10:42:46.251578304 -0600
+--- nss/config/nss.pc.in
++++ nss/config/nss.pc.in
 @@ -0,0 +1,12 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@@ -207,9 +204,8 @@ diff -urN a/nss/config/nss.pc.in b/nss/config/nss.pc.in
 +Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
 +Cflags: -I${includedir}
 +
-diff -urN a/nss/Makefile b/nss/Makefile
---- a/nss/Makefile	2015-11-15 09:25:06.410786060 -0600
-+++ b/nss/Makefile	2015-11-15 10:42:46.252578304 -0600
+--- nss/Makefile
++++ nss/Makefile
 @@ -46,7 +46,7 @@
  # (7) Execute "local" rules. (OPTIONAL).                              #
  #######################################################################
@@ -232,9 +228,8 @@ diff -urN a/nss/Makefile b/nss/Makefile
  build_docs:
  	$(MAKE) -C $(CORE_DEPTH)/doc
  
-diff -urN a/nss/manifest.mn b/nss/manifest.mn
---- a/nss/manifest.mn	2015-11-15 09:25:06.411786060 -0600
-+++ b/nss/manifest.mn	2015-11-15 10:43:15.633576994 -0600
+--- nss/manifest.mn
++++ nss/manifest.mn
 @@ -10,4 +10,4 @@
  
  RELEASE = nss
diff --git a/dev-libs/nss/files/nss-3.21-pem-werror.patch b/dev-libs/nss/files/nss-3.21-pem-werror.patch
index 392d74a54075..5a984ae34217 100644
--- a/dev-libs/nss/files/nss-3.21-pem-werror.patch
+++ b/dev-libs/nss/files/nss-3.21-pem-werror.patch
@@ -1,6 +1,5 @@
-diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
---- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/ckpem.h	2015-11-13 12:07:29.219887390 -0800
+--- nss/lib/ckfw/pem/ckpem.h
++++ nss/lib/ckfw/pem/ckpem.h
 @@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
  };
  typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
@@ -11,9 +10,8 @@ diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
  SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
  const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
  void pem_PopulateModulusExponent(pemInternalObject *io);
-diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
---- ./nss/lib/ckfw/pem/pinst.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/pinst.c	2015-11-13 12:07:29.219887390 -0800
+--- nss/lib/ckfw/pem/pinst.c
++++ nss/lib/ckfw/pem/pinst.c
 @@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
      char *ivstring = NULL;
      int cipher;
@@ -37,9 +35,8 @@ diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
                                  &ivstring, PR_FALSE);
              if (kobjs < 1) {
                  error = CKR_GENERAL_ERROR;
-diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
---- ./nss/lib/ckfw/pem/pobject.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/pobject.c	2015-11-13 12:07:29.220887368 -0800
+--- nss/lib/ckfw/pem/pobject.c
++++ nss/lib/ckfw/pem/pobject.c
 @@ -630,6 +630,11 @@ pem_DestroyInternalObject
          if (io->u.key.ivstring)
              free(io->u.key.ivstring);
@@ -85,9 +82,8 @@ diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.
          if (nobjs < 1)
              goto loser;
  
-diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
---- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/rsawrapr.c	2015-11-13 12:07:29.220887368 -0800
+--- nss/lib/ckfw/pem/rsawrapr.c
++++ nss/lib/ckfw/pem/rsawrapr.c
 @@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
      return 0;
  }
@@ -105,9 +101,8 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrap
  
  /*
   * Format one block of data for public/private key encryption using
-diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
---- ./nss/lib/ckfw/pem/util.c.compile_Werror	2014-01-23 06:28:18.000000000 -0800
-+++ ./nss/lib/ckfw/pem/util.c	2015-11-13 12:22:52.282196306 -0800
+--- nss/lib/ckfw/pem/util.c
++++ nss/lib/ckfw/pem/util.c
 @@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
      return SECFailure;
  }
diff --git a/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch b/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch
new file mode 100644
index 000000000000..63cfaddb808c
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.23-hppa-byte_order.patch
@@ -0,0 +1,16 @@
+--- nss/lib/dbm/include/mcom_db.h
++++ nss/lib/dbm/include/mcom_db.h
+@@ -110,11 +110,13 @@
+ #endif /* !BYTE_ORDER */
+ #endif /* __sun */
+ 
++#ifndef BYTE_ORDER
+ #if defined(__hpux) || defined(__hppa)
+ #define BYTE_ORDER BIG_ENDIAN
+ #define BIG_ENDIAN 4321
+ #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+ #endif
++#endif /* !BYTE_ORDER */
+ 
+ #if defined(AIXV3) || defined(AIX)
+ /* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild
new file mode 100644
index 000000000000..8a72adc5054f
--- /dev/null
+++ b/dev-libs/nss/nss-3.23.ebuild
@@ -0,0 +1,340 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.12"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-20140125"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	${CDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+PATCHES=(
+	# Custom changes for gentoo
+	"${FILESDIR}/${PN}-3.21-gentoo-fixups.patch"
+	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
+	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	if use nss-pem ; then
+		PATCHES+=(
+			"${FILESDIR}/${PN}-3.21-enable-pem.patch"
+			"${FILESDIR}/${PN}-3.21-pem-werror.patch"
+		)
+	fi
+
+	default
+
+	if use cacert ; then
+			eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+			eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462
+	fi
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		${DEFAULT_ABI})
+			einfo "Running compilation test to determine bit'ness"
+			mybits=$(nssbits)
+			;;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export NSS_ENABLE_WERROR=0 #567158
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fakedir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/fakedir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+	cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			# checkcert utils has been removed in nss-3.22:
+			# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
+			# https://hg.mozilla.org/projects/nss/rev/df1729d37870
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+			# install man-pages for utils (bug #516810)
+			doman doc/nroff/*.1
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	dodir /etc/prelink.conf.d
+	printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
+		> "${ED}"/etc/prelink.conf.d/nss.conf
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}
author	Lars Wendler <polynomial-c@gentoo.org>	2016-03-15 10:26:40 +0100
committer	Lars Wendler <polynomial-c@gentoo.org>	2016-03-15 10:27:50 +0100
commit	c7189ae6b143ea47799db7cd4849e7db93d2d966 (patch)
tree	8cc6eeed7425d3cfa125afc442454bf084a07bb4 /dev-libs/nss
parent	net-firewall/shorewall: alpha/amd64/hppa/ppc64/ppc/sparc/x86 stable, (ALLARCH... (diff)
download	gentoo-c7189ae6b143ea47799db7cd4849e7db93d2d966.tar.gz gentoo-c7189ae6b143ea47799db7cd4849e7db93d2d966.tar.bz2 gentoo-c7189ae6b143ea47799db7cd4849e7db93d2d966.zip