summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-04-16 17:17:50 -0400
committerAnthony G. Basile <blueness@gentoo.org>2015-04-16 17:17:50 -0400
commit6790a0bb99e4611fe207e8ac87921f0e86bcd52e (patch)
treed1f7ca314d293b08652d04cdc70f26ceec0dfd1a
parentbbd671043a9d7b666e3cc750b771f6b5105d5064 (diff)
downloadhardened-dev-6790a0bb99e4611fe207e8ac87921f0e86bcd52e.tar.gz
hardened-dev-6790a0bb99e4611fe207e8ac87921f0e86bcd52e.tar.bz2
hardened-dev-6790a0bb99e4611fe207e8ac87921f0e86bcd52e.tar.xz
hardened-dev-6790a0bb99e4611fe207e8ac87921f0e86bcd52e.zip
dev-libs/nss: version bump.
Package-Manager: portage-2.2.14 RepoMan-Options: --force Manifest-Sign-Key: 0xF52D4BBA
-rw-r--r--dev-libs/nss/Manifest4
-rw-r--r--dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch241
-rw-r--r--dev-libs/nss/nss-3.17.4-r99.ebuild322
3 files changed, 567 insertions, 0 deletions
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 1776f71..5816e33 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -3,8 +3,12 @@ AUX nss-3.15-gentoo-fixup-warnings.patch 177 SHA256 3bb300d8448f769beb97b110a0fe
AUX nss-3.15-gentoo-fixups.patch 5255 SHA256 eba46da3424640a0f16c7b07e526c373f3739dbfe6fb1e5a2af4d7b7fb83e4e2 SHA512 a1968a1e77a34a9ec4718b48435190c698cb960fb138a23a2f136b08ca50e221b2d5a729d69210eafcc7aafe12f3e02b329c7a878c1e9e308c3e737c2e7a1b71 WHIRLPOOL 54ff1716c8b016d38b83aa82c8473bea468710ed72d237ca0ea1d6201c39e141b7f32938c8a9f870c4693421f42751ce6f6c4bafd1d80a53e3bd17170ccf5f7a
AUX nss-3.15.4-enable-pem.patch 243 SHA256 eec796bbc845b123f97bcf1f351495ec1645a2d015e6f6bcdb1e088d02f5d1e6 SHA512 b8f942ced3ff6cea1d54934e0e68ad589585f3fd42934046d0b57563fd4e24b50ad550db391346768abdd9848c3457a532fe3b7495862454f9a52a4603e92f9c WHIRLPOOL 0cd2428516e8a63d64c20b94153f079c4cefd96c05155fa27ecb4cba68419e5efebd32d6ab4820b072fea173e66b5816d8cc238f2a328616f5b7752c60e3998e
AUX nss-3.16-musl.patch 352 SHA256 8e04dbf5088adaf121379350f58510b52a594c9a3725cd62fd4282c0069dac76 SHA512 4a8d53c5ff847bb32b0e0c79d072fe45525110773e1e36299ac5ba0d0a046e73360681208f0b64c0a36a9ec3da8a2776ca659b8a5446fe0abf17cd7da131d594 WHIRLPOOL 5e9bb130b9aa7c1fb939e1953a6a5aa38fec2cd80953e33efd2333e7e242dc7a7a575309fa3b3e067d97acb0eca41bb954beb5cab1fba1b1d1d23c576fbaea1b
+AUX nss-3.17.1-gentoo-fixups.patch 5415 SHA256 b28efbafe7be3adec9fba08fa79e28052982ae8ec8ffd8d0850be22ff1def134 SHA512 f3e64aee5b5c3c3135caa414baa76bded87737c807e69525b2214b8b44e53cf9a837275b39892ef8ecfe05ff26fd06f199c2e8b192479716ae2e80ff34b52f10 WHIRLPOOL 3c9bf7c872a72955a6e83901f3a20febcba80e14a924fc83e4845882225027bdb17263bc9824f87535937dab48c2d49bbc44e114dd13b8c32d4bd222dc5fa6fd
DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e
+DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf
+DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
DIST nss-pem-3ade37c5c4ca5a6094e3f4b2e4591405db1867dd.tar.bz2 28849 SHA256 0388cb01d6158fad92b6ee13241531c7dba66a4be64e85160ded212c3febadc4 SHA512 6994bd7435ad0cff9f5aed509c5f7ea438a6829188bea94d57020e8df6d75631b289363b6f68c3c96da67c958af967c624147d3604b734d8f0b57688f74e7c95 WHIRLPOOL a168e137981f4bc4cc6735bcc234b3fe14ea0cc91768926cdaae3f124ba1dfcd06be029c3805ded20df600c8655bb2d97beb69a0c6b7f2441e7ee4c651cd7868
EBUILD nss-3.16-r99.ebuild 7627 SHA256 c0418d057c241578340af4ff8f5b0258767a1af28f2361b092da74ccb7bde6b7 SHA512 1b1088b3c1cb60132c8e8299bf731cf57f9d396d14dbd936e66135440058c207ee9024de50fe14d913c6a322e3114c8cc0549804225a70a950f815bd1853158e WHIRLPOOL aed12b2a5bd0a9659df07ae4b3ba9b12b30c126829a4f18d4eb742c40f76d53751cf21a6ef90ebc8428dcd7529e7f9f671346bd17cbf4b0ca6e730a65dd84c08
+EBUILD nss-3.17.4-r99.ebuild 9064 SHA256 1b981c03c85a47231f4542ced6356995458a36949b1c04eeb9143010d3625f31 SHA512 ccd1cc9a70b27435e4403786d1734a2d14c9512bfda2611d359e6b960c8b44c38ebcbaaea17856e9c995b55e138099961ecdb41595877a83069a48e7bff5941d WHIRLPOOL accf33d921a4f875534ca093c499b20f41429b76d5af3a4fe50d975e6082e100247048080386ebc6d48a42f2b40bda75bd1a89bc9f41b4a2836b33ce80cb768c
MISC metadata.xml 545 SHA256 d3a7dfb4b9f063b343b42b3002d3722ee44aea8a47154fa2158533aa94a5a258 SHA512 4da88948d5b637093646300bab0105c642968b2c9693939be6b75b5d24f02bd9b2cc5f13ae18594b9b00fa8dfe02e5d6959c13021124cd027007649787aec750 WHIRLPOOL 0879625ef92b2db563e5a1b434176bab08846e815fbf0c963a23b3ca228b3525dc80f6e7940a303fc1dd47403416c67811ed09d00f29a431abc4979865b67ff9
diff --git a/dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch
new file mode 100644
index 0000000..26b488a
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.17.1-gentoo-fixups.patch
@@ -0,0 +1,241 @@
+--- nss-3.17.1/nss/config/Makefile
++++ nss-3.17.1/nss/config/Makefile
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
++PREFIX = /usr
++
++all: export libs
++
++export:
++ # Create the nss.pc file
++ mkdir -p $(DIST)/lib/pkgconfig
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@exec_prefix@,\$${prefix}," \
++ -e "s,@libdir@,\$${prefix}/lib64," \
++ -e "s,@includedir@,\$${prefix}/include/nss," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss.pc.in > nss.pc
++ chmod 0644 nss.pc
++ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
++
++ # Create the nss-config script
++ mkdir -p $(DIST)/bin
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss-config.in > nss-config
++ chmod 0755 nss-config
++ ln -sf ../../../config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+--- nss-3.17.1/nss/config/nss-config.in
++++ nss-3.17.1/nss/config/nss-config.in
+@@ -0,0 +1,145 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++ cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++ [--prefix[=DIR]]
++ [--exec-prefix[=DIR]]
++ [--includedir[=DIR]]
++ [--libdir[=DIR]]
++ [--version]
++ [--libs]
++ [--cflags]
++Dynamic Libraries:
++ nss
++ ssl
++ smime
++ nssutil
++EOF
++ exit $1
++}
++
++if test $# -eq 0; then
++ usage 1 1>&2
++fi
++
++lib_ssl=yes
++lib_smime=yes
++lib_nss=yes
++lib_nssutil=yes
++
++while test $# -gt 0; do
++ case "$1" in
++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++ *) optarg= ;;
++ esac
++
++ case $1 in
++ --prefix=*)
++ prefix=$optarg
++ ;;
++ --prefix)
++ echo_prefix=yes
++ ;;
++ --exec-prefix=*)
++ exec_prefix=$optarg
++ ;;
++ --exec-prefix)
++ echo_exec_prefix=yes
++ ;;
++ --includedir=*)
++ includedir=$optarg
++ ;;
++ --includedir)
++ echo_includedir=yes
++ ;;
++ --libdir=*)
++ libdir=$optarg
++ ;;
++ --libdir)
++ echo_libdir=yes
++ ;;
++ --version)
++ echo ${major_version}.${minor_version}.${patch_version}
++ ;;
++ --cflags)
++ echo_cflags=yes
++ ;;
++ --libs)
++ echo_libs=yes
++ ;;
++ ssl)
++ lib_ssl=yes
++ ;;
++ smime)
++ lib_smime=yes
++ ;;
++ nss)
++ lib_nss=yes
++ ;;
++ nssutil)
++ lib_nssutil=yes
++ ;;
++ *)
++ usage 1 1>&2
++ ;;
++ esac
++ shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "$exec_prefix"; then
++ exec_prefix=`pkg-config --variable=exec_prefix nss`
++fi
++if test -z "$includedir"; then
++ includedir=`pkg-config --variable=includedir nss`
++fi
++if test -z "$libdir"; then
++ libdir=`pkg-config --variable=libdir nss`
++fi
++
++if test "$echo_prefix" = "yes"; then
++ echo $prefix
++fi
++
++if test "$echo_exec_prefix" = "yes"; then
++ echo $exec_prefix
++fi
++
++if test "$echo_includedir" = "yes"; then
++ echo $includedir
++fi
++
++if test "$echo_libdir" = "yes"; then
++ echo $libdir
++fi
++
++if test "$echo_cflags" = "yes"; then
++ echo -I$includedir
++fi
++
++if test "$echo_libs" = "yes"; then
++ libdirs=""
++ if test -n "$lib_ssl"; then
++ libdirs="$libdirs -lssl${major_version}"
++ fi
++ if test -n "$lib_smime"; then
++ libdirs="$libdirs -lsmime${major_version}"
++ fi
++ if test -n "$lib_nss"; then
++ libdirs="$libdirs -lnss${major_version}"
++ fi
++ if test -n "$lib_nssutil"; then
++ libdirs="$libdirs -lnssutil${major_version}"
++ fi
++ echo $libdirs
++fi
++
+--- nss-3.17.1/nss/config/nss.pc.in
++++ nss-3.17.1/nss/config/nss.pc.in
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.8
++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
++Cflags: -I${includedir}
++
+--- nss-3.17.1/nss/Makefile
++++ nss-3.17.1/nss/Makefile
+@@ -44,7 +44,7 @@
+ # (7) Execute "local" rules. (OPTIONAL). #
+ #######################################################################
+
+-nss_build_all: build_nspr all
++nss_build_all: all
+
+ nss_clean_all: clobber_nspr clobber
+
+@@ -109,12 +109,6 @@
+ --with-dist-prefix='$(NSPR_PREFIX)' \
+ --with-dist-includedir='$(NSPR_PREFIX)/include'
+
+-build_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+-
+-clobber_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
+-
+ build_docs:
+ $(MAKE) -C $(CORE_DEPTH)/doc
+
+--- nss-3.17.1/nss/manifest.mn
++++ nss-3.17.1/nss/manifest.mn
+@@ -10,7 +10,7 @@
+
+ RELEASE = nss
+
+-DIRS = coreconf lib cmd
++DIRS = coreconf lib cmd config
+
+ ifdef NSS_BUILD_GTESTS
+ DIRS += external_tests
diff --git a/dev-libs/nss/nss-3.17.4-r99.ebuild b/dev-libs/nss/nss-3.17.4-r99.ebuild
new file mode 100644
index 0000000..7b76db2
--- /dev/null
+++ b/dev-libs/nss/nss-3.17.4-r99.ebuild
@@ -0,0 +1,322 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.17.4.ebuild,v 1.3 2015/03/26 11:36:48 ago Exp $
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.6-r1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-${PEM_GIT_REV}"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+ nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="amd64 arm ~mips ppc x86"
+IUSE="+cacert +nss-pem utils"
+
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/nss-config
+)
+
+src_unpack() {
+ unpack ${A}
+ if use nss-pem ; then
+ mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+ fi
+}
+
+src_prepare() {
+ # Custom changes for gentoo
+ epatch "${FILESDIR}/${PN}-3.17.1-gentoo-fixups.patch"
+ epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+ use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+ use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
+ epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+ epatch "${FILESDIR}/nss-3.16-musl.patch"
+
+ pushd coreconf >/dev/null || die
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+ -i source.mk || die
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+ popd >/dev/null || die
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ config/Makefile || die
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ cmd/shlibsign/sign.sh || die
+ fi
+
+ # dirty hack
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk || die
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk || die
+
+ multilib_copy_sources
+
+ strip-flags
+}
+
+multilib_src_configure() {
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ aarch64*)echo "aarch64";;
+ hppa*) echo "parisc";;
+ i?86*) echo "i686";;
+ x86_64*) echo "x86_64";;
+ *) tc-arch ${t};;
+ esac
+}
+
+nssbits() {
+ local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ if [[ ${1} == BUILD_ ]]; then
+ cc=$(tc-getBUILD_CC)
+ else
+ cc=$(tc-getCC)
+ fi
+ echo > "${T}"/test.c || die
+ ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+ case $(file "${T}/${1}test.o") in
+ *32-bit*x86-64*) echo USE_X32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+ esac
+}
+
+multilib_src_compile() {
+ # use ABI to determine bit'ness, or fallback if unset
+ local buildbits mybits
+ case "${ABI}" in
+ n32) mybits="USE_N32=1";;
+ x32) mybits="USE_X32=1";;
+ s390x|*64) mybits="USE_64=1";;
+ ${DEFAULT_ABI})
+ einfo "Running compilation test to determine bit'ness"
+ mybits=$(nssbits)
+ ;;
+ esac
+ # bitness of host may differ from target
+ if tc-is-cross-compiler; then
+ buildbits=$(nssbits BUILD_)
+ fi
+
+ local makeargs=(
+ CC="$(tc-getCC)"
+ AR="$(tc-getAR) rc \$@"
+ RANLIB="$(tc-getRANLIB)"
+ OPTIMIZER=
+ ${mybits}
+ )
+
+ # Take care of nspr settings #436216
+ local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+ unset NSPR_INCLUDE_DIR
+
+ # Do not let `uname` be used.
+ if use kernel_linux ; then
+ makeargs+=(
+ OS_TARGET=Linux
+ OS_RELEASE=2.6
+ OS_TEST="$(nssarch)"
+ )
+ fi
+
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export NSS_ENABLE_ECC=1
+ export FREEBL_NO_DEPEND=1
+ export ASFLAGS=""
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 -C coreconf \
+ CC="$(tc-getBUILD_CC)" \
+ ${buildbits:-${mybits}}
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ CPPFLAGS="${myCPPFLAGS}" \
+ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+ NSPR_LIB_DIR="${T}/fakedir" \
+ emake -j1 "${makeargs[@]}" -C ${d}
+ done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+multilib_src_install() {
+ pushd dist >/dev/null || die
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+ cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin || die
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+ # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+ # bug 517266
+ sed -e 's#Libs:#Libs: -lfreebl#' \
+ -e 's#Cflags:#Cflags: -I${includedir}/private#' \
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+ || die "could not create nss-softokn.pc"
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.h
+ insinto /usr/include/nss/private
+ doins private/nss/{blapi,alghmac}.h
+
+ popd >/dev/null || die
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils="shlibsign"
+
+ if multilib_is_native_abi ; then
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+ cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+ symkeyutil tstclnt vfychain vfyserv"
+ fi
+ pushd dist/*/bin >/dev/null || die
+ for f in ${nssutils}; do
+ dobin ${f}
+ done
+ popd >/dev/null || die
+ fi
+
+ # Prelink breaks the CHK files. We don't have any reliable way to run
+ # shlibsign after prelink.
+ local l libs=() liblist
+ for l in ${NSS_CHK_SIGN_LIBS} ; do
+ libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+ done
+ liblist=$(printf '%s:' "${libs[@]}")
+ echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
+ doenvd "${T}/90nss-${ABI}"
+}
+
+pkg_postinst() {
+ multilib_pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+ multilib_pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+ }
+
+ multilib_foreach_abi multilib_pkg_postrm
+}