commit: 05c31f8cca591b3ce8219e4def7c26c7b1b130d6 Author: Ian Stakenvicius <axs <AT> gentoo <DOT> org> AuthorDate: Thu Jan 19 15:40:12 2017 +0000 Commit: Ian Stakenvicius <axs <AT> gentoo <DOT> org> CommitDate: Thu Jan 19 15:40:50 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05c31f8c
dev-libs/nss: clean old, security bug 604916 Package-Manager: portage-2.3.0 dev-libs/nss/Manifest | 7 - dev-libs/nss/files/nss-3.21-cacert-class3.patch | 203 ------------- dev-libs/nss/files/nss-3.21-gentoo-fixups.patch | 238 --------------- dev-libs/nss/files/nss-3.21-hppa-byte_order.patch | 16 - dev-libs/nss/files/nss-3.21-pem-werror.patch | 141 --------- dev-libs/nss/nss-3.22.2.ebuild | 331 --------------------- dev-libs/nss/nss-3.23.ebuild | 340 ---------------------- dev-libs/nss/nss-3.25-r1.ebuild | 339 --------------------- dev-libs/nss/nss-3.26.1.ebuild | 338 --------------------- dev-libs/nss/nss-3.27.2.ebuild | 339 --------------------- 10 files changed, 2292 deletions(-) diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest index 51c832c..e485949 100644 --- a/dev-libs/nss/Manifest +++ b/dev-libs/nss/Manifest @@ -1,10 +1,3 @@ -DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43 -DIST nss-3.22.2.tar.gz 6982164 SHA256 07d49287c527ac31200f02dcf8494cef19e936d8ed470802749c4dfc782d3650 SHA512 0c73ba579cb697fe295bca2ee62315bc1830b542f607c1ecfbf591fa881d2ccfb5a6d830b47cd1434bdfbac07e03848b4fe9e6bda9c6d131a2c34973dc3b337c WHIRLPOOL 37137526ffc6f583ba54615c5fadb1076a5c0830b8aef6db394fb1da02345d5b1cf394b6a3cac7b8ce5727bf23ed1053f3f0f2865f0eab7c922c8459d5768142 -DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243 -DIST nss-3.25.tar.gz 7338238 SHA256 5d1ad475da19d0c033a716350dc5f8a747999d3eba5ac07ee0368c5bad6e2359 SHA512 a33cff42d0d85eea091057648d598b7421de88f16ed357965ea08a8812de968c3f18d45452afd21afc90122f65c2c5bb2d7071357947b45e935aae55d28c4218 WHIRLPOOL 3857bffe7a58043612bbeaf0e596b3afdd4f0792441af667fb503dd2d354a535bb8523c258242b470d888ef2beff267b4480e6398a3328f0c44193b83f4a5934 -DIST nss-3.26.1.tar.gz 7387756 SHA256 abebb079288e4b0d34648a1fcdba8564ac05b29f5f1d19b53021ccb3ac37ad25 SHA512 f2a6754e4766cdf169b0abfc0ff47c469ae0e6ddc08c020ef154da7806e8ce31b49076af11b659bf19e9c4b5c6e53a0ac9e7855ee1c33b98a45cfeec446b93bd WHIRLPOOL 9152e3c7430b3362647adb494d1983cc37659b1d8691f1f1e21470aab4f496f3aecd925b8e19d83fa3735e72eeb6d6579bcc304c30e48359d05cb6e052610b0f -DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700 -DIST nss-pem-20140125.tar.bz2 28805 SHA256 62604dfc4178399a804e87ca7566d8316a0a40a535de3b2d0fa48fd80c97f768 SHA512 352faf812735e1374c534ada6dd577842603ea193dafaacfd51f201599ffe3f7a23ce1c673421e42f8b692091b58085f90843c29f70ae916949715e7baba2b39 WHIRLPOOL 3ae81410f6f4d2699e9dc55982cad03c226045fbeee25984d53d37ff78ce5c96d008d6837e1c0a10b6c96cdff17c21142e437159896d314e81afc8820867ca62 DIST nss-pem-20160329.tar.xz 27732 SHA256 6c13c342e7a9fe34b585556099beca33c3078b3df3e11b72827fb70232ac1443 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2 WHIRLPOOL 16fb714fab29e44f7a15fa1928a0f4c1a770f0847b8da97816e29a3b124dee782cffe2357648c445f4d29081f349571b6fffe48c5bc725c7c2dde491f3e0e836 diff --git a/dev-libs/nss/files/nss-3.21-cacert-class3.patch b/dev-libs/nss/files/nss-3.21-cacert-class3.patch deleted file mode 100644 index fb4cf74..00000000 --- a/dev-libs/nss/files/nss-3.21-cacert-class3.patch +++ /dev/null @@ -1,203 +0,0 @@ ---- nss/lib/ckfw/builtins/certdata.txt -+++ nss/lib/ckfw/builtins/certdata.txt -@@ -30351,3 +30351,200 @@ - CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR - CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR - CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -+ -+# -+# Certificate "CAcert Inc." -+# -+# Issuer: E=supp...@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA -+# Serial Number: 672138 (0xa418a) -+# Subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. -+# Not Valid Before: Mon May 23 17:48:02 2011 -+# Not Valid After : Thu May 20 17:48:02 2021 -+# Fingerprint (SHA-256): 4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5:BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8 -+# Fingerprint (SHA1): AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE -+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -+CKA_TOKEN CK_BBOOL CK_TRUE -+CKA_PRIVATE CK_BBOOL CK_FALSE -+CKA_MODIFIABLE CK_BBOOL CK_FALSE -+CKA_LABEL UTF8 "CAcert Inc." -+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -+CKA_SUBJECT MULTILINE_OCTAL -+\060\124\061\024\060\022\006\003\125\004\012\023\013\103\101\143 -+\145\162\164\040\111\156\143\056\061\036\060\034\006\003\125\004 -+\013\023\025\150\164\164\160\072\057\057\167\167\167\056\103\101 -+\143\145\162\164\056\157\162\147\061\034\060\032\006\003\125\004 -+\003\023\023\103\101\143\145\162\164\040\103\154\141\163\163\040 -+\063\040\122\157\157\164 -+END -+CKA_ID UTF8 "0" -+CKA_ISSUER MULTILINE_OCTAL -+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -+\100\143\141\143\145\162\164\056\157\162\147 -+END -+CKA_SERIAL_NUMBER MULTILINE_OCTAL -+\002\003\012\101\212 -+END -+CKA_VALUE MULTILINE_OCTAL -+\060\202\007\131\060\202\005\101\240\003\002\001\002\002\003\012 -+\101\212\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -+\000\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157 -+\157\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025 -+\150\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162 -+\164\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031 -+\103\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040 -+\101\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052 -+\206\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162 -+\164\100\143\141\143\145\162\164\056\157\162\147\060\036\027\015 -+\061\061\060\065\062\063\061\067\064\070\060\062\132\027\015\062 -+\061\060\065\062\060\061\067\064\070\060\062\132\060\124\061\024 -+\060\022\006\003\125\004\012\023\013\103\101\143\145\162\164\040 -+\111\156\143\056\061\036\060\034\006\003\125\004\013\023\025\150 -+\164\164\160\072\057\057\167\167\167\056\103\101\143\145\162\164 -+\056\157\162\147\061\034\060\032\006\003\125\004\003\023\023\103 -+\101\143\145\162\164\040\103\154\141\163\163\040\063\040\122\157 -+\157\164\060\202\002\042\060\015\006\011\052\206\110\206\367\015 -+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 -+\002\001\000\253\111\065\021\110\174\322\046\176\123\224\317\103 -+\251\335\050\327\102\052\213\363\207\170\031\130\174\017\236\332 -+\211\175\341\373\353\162\220\015\164\241\226\144\253\237\240\044 -+\231\163\332\342\125\166\307\027\173\365\004\254\106\270\303\276 -+\177\144\215\020\154\044\363\141\234\300\362\220\372\121\346\365 -+\151\001\143\303\017\126\342\112\102\317\342\104\214\045\050\250 -+\305\171\011\175\106\271\212\363\351\363\064\051\010\105\344\034 -+\237\313\224\004\034\201\250\024\263\230\145\304\103\354\116\202 -+\215\011\321\275\252\133\215\222\320\354\336\220\305\177\012\302 -+\343\353\346\061\132\136\164\076\227\063\131\350\303\003\075\140 -+\063\277\367\321\157\107\304\315\356\142\203\122\156\056\010\232 -+\244\331\025\030\221\246\205\222\107\260\256\110\353\155\267\041 -+\354\205\032\150\162\065\253\377\360\020\135\300\364\224\247\152 -+\325\073\222\176\114\220\005\176\223\301\054\213\244\216\142\164 -+\025\161\156\013\161\003\352\257\025\070\232\324\322\005\162\157 -+\214\371\053\353\132\162\045\371\071\106\343\162\033\076\004\303 -+\144\047\042\020\052\212\117\130\247\003\255\276\264\056\023\355 -+\135\252\110\327\325\175\324\052\173\134\372\106\004\120\344\314 -+\016\102\133\214\355\333\362\317\374\226\223\340\333\021\066\124 -+\142\064\070\217\014\140\233\073\227\126\070\255\363\322\133\213 -+\240\133\352\116\226\270\174\327\325\240\206\160\100\323\221\051 -+\267\242\074\255\365\214\273\317\032\222\212\344\064\173\300\330 -+\154\137\351\012\302\303\247\040\232\132\337\054\135\122\134\272 -+\107\325\233\357\044\050\160\070\040\057\325\177\051\300\262\101 -+\003\150\222\314\340\234\314\227\113\105\357\072\020\012\253\160 -+\072\230\225\160\255\065\261\352\205\053\244\034\200\041\061\251 -+\256\140\172\200\046\110\000\270\001\300\223\143\125\042\221\074 -+\126\347\257\333\072\045\363\217\061\124\352\046\213\201\131\371 -+\241\321\123\021\305\173\235\003\366\164\021\340\155\261\054\077 -+\054\206\221\231\161\232\246\167\213\064\140\321\024\264\054\254 -+\235\257\214\020\323\237\304\152\370\157\023\374\163\131\367\146 -+\102\164\036\212\343\370\334\322\157\230\234\313\107\230\225\100 -+\005\373\351\002\003\001\000\001\243\202\002\015\060\202\002\011 -+\060\035\006\003\125\035\016\004\026\004\024\165\250\161\140\114 -+\210\023\360\170\331\211\167\265\155\305\211\337\274\261\172\060 -+\201\243\006\003\125\035\043\004\201\233\060\201\230\200\024\026 -+\265\062\033\324\307\363\340\346\216\363\275\322\260\072\356\262 -+\071\030\321\241\175\244\173\060\171\061\020\060\016\006\003\125 -+\004\012\023\007\122\157\157\164\040\103\101\061\036\060\034\006 -+\003\125\004\013\023\025\150\164\164\160\072\057\057\167\167\167 -+\056\143\141\143\145\162\164\056\157\162\147\061\042\060\040\006 -+\003\125\004\003\023\031\103\101\040\103\145\162\164\040\123\151 -+\147\156\151\156\147\040\101\165\164\150\157\162\151\164\171\061 -+\041\060\037\006\011\052\206\110\206\367\015\001\011\001\026\022 -+\163\165\160\160\157\162\164\100\143\141\143\145\162\164\056\157 -+\162\147\202\001\000\060\017\006\003\125\035\023\001\001\377\004 -+\005\060\003\001\001\377\060\135\006\010\053\006\001\005\005\007 -+\001\001\004\121\060\117\060\043\006\010\053\006\001\005\005\007 -+\060\001\206\027\150\164\164\160\072\057\057\157\143\163\160\056 -+\103\101\143\145\162\164\056\157\162\147\057\060\050\006\010\053 -+\006\001\005\005\007\060\002\206\034\150\164\164\160\072\057\057 -+\167\167\167\056\103\101\143\145\162\164\056\157\162\147\057\143 -+\141\056\143\162\164\060\112\006\003\125\035\040\004\103\060\101 -+\060\077\006\010\053\006\001\004\001\201\220\112\060\063\060\061 -+\006\010\053\006\001\005\005\007\002\001\026\045\150\164\164\160 -+\072\057\057\167\167\167\056\103\101\143\145\162\164\056\157\162 -+\147\057\151\156\144\145\170\056\160\150\160\077\151\144\075\061 -+\060\060\064\006\011\140\206\110\001\206\370\102\001\010\004\047 -+\026\045\150\164\164\160\072\057\057\167\167\167\056\103\101\143 -+\145\162\164\056\157\162\147\057\151\156\144\145\170\056\160\150 -+\160\077\151\144\075\061\060\060\120\006\011\140\206\110\001\206 -+\370\102\001\015\004\103\026\101\124\157\040\147\145\164\040\171 -+\157\165\162\040\157\167\156\040\143\145\162\164\151\146\151\143 -+\141\164\145\040\146\157\162\040\106\122\105\105\054\040\147\157 -+\040\164\157\040\150\164\164\160\072\057\057\167\167\167\056\103 -+\101\143\145\162\164\056\157\162\147\060\015\006\011\052\206\110 -+\206\367\015\001\001\013\005\000\003\202\002\001\000\051\050\205 -+\256\104\251\271\257\244\171\023\360\250\243\053\227\140\363\134 -+\356\343\057\301\366\342\146\240\021\256\066\067\072\166\025\004 -+\123\352\102\365\371\352\300\025\330\246\202\331\344\141\256\162 -+\013\051\134\220\103\350\101\262\341\167\333\002\023\104\170\107 -+\125\257\130\374\314\230\366\105\271\321\040\370\330\041\007\376 -+\155\252\163\324\263\306\007\351\011\205\314\073\362\266\276\054 -+\034\045\325\161\214\071\265\056\352\276\030\201\272\260\223\270 -+\017\343\346\327\046\214\061\132\162\003\204\122\346\246\365\063 -+\042\105\012\310\013\015\212\270\066\157\220\011\241\253\275\327 -+\325\116\056\161\242\324\256\372\247\124\053\353\065\215\132\267 -+\124\210\057\356\164\237\355\110\026\312\015\110\320\224\323\254 -+\244\242\366\044\337\222\343\275\353\103\100\221\156\034\030\216 -+\126\264\202\022\363\251\223\237\324\274\234\255\234\165\356\132 -+\227\033\225\347\164\055\034\017\260\054\227\237\373\251\063\071 -+\172\347\003\072\222\216\042\366\214\015\344\331\176\015\166\030 -+\367\001\371\357\226\226\242\125\163\300\074\161\264\035\032\126 -+\103\267\303\012\215\162\374\342\020\011\013\101\316\214\224\240 -+\371\003\375\161\163\113\212\127\063\345\216\164\176\025\001\000 -+\346\314\112\034\347\177\225\031\055\305\245\014\213\273\265\355 -+\205\263\134\323\337\270\271\362\312\307\015\001\024\254\160\130 -+\305\214\215\063\324\235\146\243\032\120\225\043\374\110\340\006 -+\103\022\331\315\247\206\071\057\066\162\243\200\020\344\341\363 -+\321\313\133\032\300\344\200\232\174\023\163\006\117\333\243\153 -+\044\012\272\263\034\274\112\170\273\345\343\165\070\245\110\247 -+\242\036\257\166\324\136\367\070\206\126\132\211\316\326\303\247 -+\171\262\122\240\306\361\205\264\045\214\362\077\226\263\020\331 -+\215\154\127\073\237\157\206\072\030\202\042\066\310\260\221\070 -+\333\052\241\223\252\204\077\365\047\145\256\163\325\310\325\323 -+\167\352\113\235\307\101\273\307\300\343\240\077\344\175\244\215 -+\163\346\022\113\337\241\163\163\163\072\200\350\325\313\216\057 -+\313\352\023\247\326\101\213\254\372\074\211\327\044\365\116\264 -+\340\141\222\267\363\067\230\304\276\226\243\267\212 -+END -+ -+# Trust for "CAcert Inc." -+# Issuer: E=supp...@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA -+# Serial Number: 672138 (0xa418a) -+# Subject: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. -+# Not Valid Before: Mon May 23 17:48:02 2011 -+# Not Valid After : Thu May 20 17:48:02 2021 -+# Fingerprint (SHA-256): 4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5:BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8 -+# Fingerprint (SHA1): AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE -+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -+CKA_TOKEN CK_BBOOL CK_TRUE -+CKA_PRIVATE CK_BBOOL CK_FALSE -+CKA_MODIFIABLE CK_BBOOL CK_FALSE -+CKA_LABEL UTF8 "CAcert Inc." -+CKA_CERT_SHA1_HASH MULTILINE_OCTAL -+\255\174\077\144\374\104\071\376\364\351\013\350\364\174\154\372 -+\212\255\375\316 -+END -+CKA_CERT_MD5_HASH MULTILINE_OCTAL -+\367\045\022\202\116\147\265\320\215\222\267\174\013\206\172\102 -+END -+CKA_ISSUER MULTILINE_OCTAL -+\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -+\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -+\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -+\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -+\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -+\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -+\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -+\100\143\141\143\145\162\164\056\157\162\147 -+END -+CKA_SERIAL_NUMBER MULTILINE_OCTAL -+\002\003\012\101\212 -+END -+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch deleted file mode 100644 index 29cda28..00000000 --- a/dev-libs/nss/files/nss-3.21-gentoo-fixups.patch +++ /dev/null @@ -1,238 +0,0 @@ ---- nss/config/Makefile -+++ nss/config/Makefile -@@ -0,0 +1,40 @@ -+CORE_DEPTH = .. -+DEPTH = .. -+ -+include $(CORE_DEPTH)/coreconf/config.mk -+ -+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` -+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` -+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` -+PREFIX = /usr -+ -+all: export libs -+ -+export: -+ # Create the nss.pc file -+ mkdir -p $(DIST)/lib/pkgconfig -+ sed -e "s,@prefix@,$(PREFIX)," \ -+ -e "s,@exec_prefix@,\$${prefix}," \ -+ -e "s,@libdir@,\$${prefix}/lib64," \ -+ -e "s,@includedir@,\$${prefix}/include/nss," \ -+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ -+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ -+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ -+ nss.pc.in > nss.pc -+ chmod 0644 nss.pc -+ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig -+ -+ # Create the nss-config script -+ mkdir -p $(DIST)/bin -+ sed -e "s,@prefix@,$(PREFIX)," \ -+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ -+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ -+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ -+ nss-config.in > nss-config -+ chmod 0755 nss-config -+ ln -sf ../../../config/nss-config $(DIST)/bin -+ -+libs: -+ -+dummy: all export libs -+ ---- nss/config/nss-config.in -+++ nss/config/nss-config.in -@@ -0,0 +1,145 @@ -+#!/bin/sh -+ -+prefix=@prefix@ -+ -+major_version=@NSS_MAJOR_VERSION@ -+minor_version=@NSS_MINOR_VERSION@ -+patch_version=@NSS_PATCH_VERSION@ -+ -+usage() -+{ -+ cat <<EOF -+Usage: nss-config [OPTIONS] [LIBRARIES] -+Options: -+ [--prefix[=DIR]] -+ [--exec-prefix[=DIR]] -+ [--includedir[=DIR]] -+ [--libdir[=DIR]] -+ [--version] -+ [--libs] -+ [--cflags] -+Dynamic Libraries: -+ nss -+ ssl -+ smime -+ nssutil -+EOF -+ exit $1 -+} -+ -+if test $# -eq 0; then -+ usage 1 1>&2 -+fi -+ -+lib_ssl=yes -+lib_smime=yes -+lib_nss=yes -+lib_nssutil=yes -+ -+while test $# -gt 0; do -+ case "$1" in -+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; -+ *) optarg= ;; -+ esac -+ -+ case $1 in -+ --prefix=*) -+ prefix=$optarg -+ ;; -+ --prefix) -+ echo_prefix=yes -+ ;; -+ --exec-prefix=*) -+ exec_prefix=$optarg -+ ;; -+ --exec-prefix) -+ echo_exec_prefix=yes -+ ;; -+ --includedir=*) -+ includedir=$optarg -+ ;; -+ --includedir) -+ echo_includedir=yes -+ ;; -+ --libdir=*) -+ libdir=$optarg -+ ;; -+ --libdir) -+ echo_libdir=yes -+ ;; -+ --version) -+ echo ${major_version}.${minor_version}.${patch_version} -+ ;; -+ --cflags) -+ echo_cflags=yes -+ ;; -+ --libs) -+ echo_libs=yes -+ ;; -+ ssl) -+ lib_ssl=yes -+ ;; -+ smime) -+ lib_smime=yes -+ ;; -+ nss) -+ lib_nss=yes -+ ;; -+ nssutil) -+ lib_nssutil=yes -+ ;; -+ *) -+ usage 1 1>&2 -+ ;; -+ esac -+ shift -+done -+ -+# Set variables that may be dependent upon other variables -+if test -z "$exec_prefix"; then -+ exec_prefix=`pkg-config --variable=exec_prefix nss` -+fi -+if test -z "$includedir"; then -+ includedir=`pkg-config --variable=includedir nss` -+fi -+if test -z "$libdir"; then -+ libdir=`pkg-config --variable=libdir nss` -+fi -+ -+if test "$echo_prefix" = "yes"; then -+ echo $prefix -+fi -+ -+if test "$echo_exec_prefix" = "yes"; then -+ echo $exec_prefix -+fi -+ -+if test "$echo_includedir" = "yes"; then -+ echo $includedir -+fi -+ -+if test "$echo_libdir" = "yes"; then -+ echo $libdir -+fi -+ -+if test "$echo_cflags" = "yes"; then -+ echo -I$includedir -+fi -+ -+if test "$echo_libs" = "yes"; then -+ libdirs="" -+ if test -n "$lib_ssl"; then -+ libdirs="$libdirs -lssl${major_version}" -+ fi -+ if test -n "$lib_smime"; then -+ libdirs="$libdirs -lsmime${major_version}" -+ fi -+ if test -n "$lib_nss"; then -+ libdirs="$libdirs -lnss${major_version}" -+ fi -+ if test -n "$lib_nssutil"; then -+ libdirs="$libdirs -lnssutil${major_version}" -+ fi -+ echo $libdirs -+fi -+ ---- nss/config/nss.pc.in -+++ nss/config/nss.pc.in -@@ -0,0 +1,12 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+ -+Name: NSS -+Description: Network Security Services -+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ -+Requires: nspr >= 4.8 -+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 -+Cflags: -I${includedir} -+ ---- nss/Makefile -+++ nss/Makefile -@@ -46,7 +46,7 @@ - # (7) Execute "local" rules. (OPTIONAL). # - ####################################################################### - --nss_build_all: build_nspr all -+nss_build_all: all - - nss_clean_all: clobber_nspr clobber - -@@ -115,12 +115,6 @@ - --with-dist-prefix='$(NSPR_PREFIX)' \ - --with-dist-includedir='$(NSPR_PREFIX)/include' - --build_nspr: $(NSPR_CONFIG_STATUS) -- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) -- --clobber_nspr: $(NSPR_CONFIG_STATUS) -- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber -- - build_docs: - $(MAKE) -C $(CORE_DEPTH)/doc - ---- nss/manifest.mn -+++ nss/manifest.mn -@@ -10,4 +10,4 @@ - - RELEASE = nss - --DIRS = coreconf lib cmd external_tests -+DIRS = coreconf lib cmd config diff --git a/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch b/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch deleted file mode 100644 index 703df99..00000000 --- a/dev-libs/nss/files/nss-3.21-hppa-byte_order.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- a/nss/lib/dbm/include/mcom_db.h -+++ b/nss/lib/dbm/include/mcom_db.h -@@ -110,11 +110,13 @@ - #endif /* !BYTE_ORDER */ - #endif /* __sun */ - -+#ifndef BYTE_ORDER - #if defined(__hpux) || defined(__hppa) - #define BYTE_ORDER BIG_ENDIAN - #define BIG_ENDIAN 4321 - #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ - #endif -+#endif /* !BYTE_ORDER */ - - #if defined(AIXV3) || defined(AIX) - /* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */ diff --git a/dev-libs/nss/files/nss-3.21-pem-werror.patch b/dev-libs/nss/files/nss-3.21-pem-werror.patch deleted file mode 100644 index 5a984ae3..00000000 --- a/dev-libs/nss/files/nss-3.21-pem-werror.patch +++ /dev/null @@ -1,141 +0,0 @@ ---- nss/lib/ckfw/pem/ckpem.h -+++ nss/lib/ckfw/pem/ckpem.h -@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr { - }; - typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey; - -+/* NOTE: Discrepancy with the the way callers use of the return value as a count -+ * Fix this when we sync. up with the cleanup work being done at nss-pem project. -+ */ - SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly); - const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type); - void pem_PopulateModulusExponent(pemInternalObject *io); ---- nss/lib/ckfw/pem/pinst.c -+++ nss/lib/ckfw/pem/pinst.c -@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key - char *ivstring = NULL; - int cipher; - -- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); -+ /* TODO: Fix discrepancy between our usage of the return value as -+ * as an int (a count) and the declaration as a SECStatus. */ -+ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); - if (nobjs <= 0) { - nss_ZFreeIf(objs); - return CKR_GENERAL_ERROR; -@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key - if (keyfile) { /* add the private key */ - SECItem **keyobjs = NULL; - int kobjs = 0; -+ /* TODO: Fix discrepancy between our usage of the return value as -+ * as an int and the declaration as a SECStatus. */ - kobjs = -- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, -+ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, - &ivstring, PR_FALSE); - if (kobjs < 1) { - error = CKR_GENERAL_ERROR; ---- nss/lib/ckfw/pem/pobject.c -+++ nss/lib/ckfw/pem/pobject.c -@@ -630,6 +630,11 @@ pem_DestroyInternalObject - if (io->u.key.ivstring) - free(io->u.key.ivstring); - break; -+ case pemAll: -+ /* pemAll is not used, keep the compiler happy -+ * TODO: investigate a proper solution -+ */ -+ return; - } - - if (NULL != gobj) -@@ -1044,7 +1049,9 @@ pem_CreateObject - int nobjs = 0; - int i; - int objid; -+#if 0 - pemToken *token; -+#endif - int cipher; - char *ivstring = NULL; - pemInternalObject *listObj = NULL; -@@ -1073,7 +1080,9 @@ pem_CreateObject - } - slotID = nssCKFWSlot_GetSlotID(fwSlot); - -+#if 0 - token = (pemToken *) mdToken->etc; -+#endif - - /* - * only create keys and certs. -@@ -1114,7 +1123,11 @@ pem_CreateObject - } - - if (objClass == CKO_CERTIFICATE) { -- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); -+ /* TODO: Fix discrepancy between our usage of the return value as -+ * as an int and the declaration as a SECStatus. Typecasting as a -+ * temporary workaround. -+ */ -+ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); - if (nobjs < 1) - goto loser; - ---- nss/lib/ckfw/pem/rsawrapr.c -+++ nss/lib/ckfw/pem/rsawrapr.c -@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey - return 0; - } - -+/* unused functions */ -+#if 0 - static SHA1Context *SHA1_CloneContext(SHA1Context * original) - { - SHA1Context *clone = NULL; -@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un - - return SECSuccess; - } -+#endif /* unused functions */ - - /* - * Format one block of data for public/private key encryption using ---- nss/lib/ckfw/pem/util.c -+++ nss/lib/ckfw/pem/util.c -@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds - return SECFailure; - } - --int -+/* FIX: Returns a SECStatus yet callers take result as a count */ -+SECStatus - ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, - int *cipher, char **ivstring, PRBool certsonly) - { -@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha - goto loser; - } - if ((certsonly && !key) || (!certsonly && key)) { -+ error = CKR_OK; - PUT_Object(der, error); -+ if (error != CKR_OK) { -+ free(der); -+ goto loser; -+ } - } else { - free(der->data); - free(der); -@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha - } - - /* NOTE: This code path has never been tested. */ -+ error = CKR_OK; - PUT_Object(der, error); -+ if (error != CKR_OK) { -+ free(der); -+ goto loser; -+ } - } - - nss_ZFreeIf(filedata.data); diff --git a/dev-libs/nss/nss-3.22.2.ebuild b/dev-libs/nss/nss-3.22.2.ebuild deleted file mode 100644 index 3cc54a5..00000000 --- a/dev-libs/nss/nss-3.22.2.ebuild +++ /dev/null @@ -1,331 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="5" - -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.12" -RTM_NAME="NSS_${PV//./_}_RTM" -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git -PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8" -PEM_P="${PN}-pem-20140125" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch ) - nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="+cacert +nss-pem utils" -CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]" -DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND}" -RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND} - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r12 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - )" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -src_unpack() { - unpack ${A} - if use nss-pem ; then - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die - fi -} - -src_prepare() { - # Custom changes for gentoo - epatch "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch" - epatch "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - epatch "${FILESDIR}/${PN}-3.21-hppa-byte_order.patch" - - if use cacert ; then - epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - epatch "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462 - fi - use nss-pem && epatch "${FILESDIR}/${PN}-3.21-enable-pem.patch" \ - "${FILESDIR}/${PN}-3.21-pem-werror.patch" - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - aarch64*)echo "aarch64";; - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits:-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 "${makeargs[@]}" -C ${d} - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - nssutils="addbuiltin atob baddbdir btoa certcgi certutil - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils}; do - dobin ${f} - done - popd >/dev/null || die - fi - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - dodir /etc/prelink.conf.d - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ - > "${ED}"/etc/prelink.conf.d/nss.conf -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -} diff --git a/dev-libs/nss/nss-3.23.ebuild b/dev-libs/nss/nss-3.23.ebuild deleted file mode 100644 index 3087247..00000000 --- a/dev-libs/nss/nss-3.23.ebuild +++ /dev/null @@ -1,340 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.12" -RTM_NAME="NSS_${PV//./_}_RTM" -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git -PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8" -PEM_P="${PN}-pem-20140125" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - cacert? ( https://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch ) - nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="+cacert +nss-pem utils" -CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]" -DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND}" -RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND} - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r12 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - )" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -PATCHES=( - # Custom changes for gentoo - "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch" - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" -) - -src_unpack() { - unpack ${A} - if use nss-pem ; then - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die - fi -} - -src_prepare() { - if use nss-pem ; then - PATCHES+=( - "${FILESDIR}/${PN}-3.21-enable-pem.patch" - "${FILESDIR}/${PN}-3.21-pem-werror.patch" - ) - fi - - default - - if use cacert ; then - eapply -p4 "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" - eapply "${FILESDIR}/${PN}-3.21-cacert-class3.patch" #521462 - fi - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - aarch64*)echo "aarch64";; - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits:-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 "${makeargs[@]}" -C ${d} - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - nssutils="addbuiltin atob baddbdir btoa certcgi certutil - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils}; do - dobin ${f} - done - popd >/dev/null || die - fi - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - dodir /etc/prelink.conf.d - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ - > "${ED}"/etc/prelink.conf.d/nss.conf -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -} diff --git a/dev-libs/nss/nss-3.25-r1.ebuild b/dev-libs/nss/nss-3.25-r1.ebuild deleted file mode 100644 index ede1f3a..00000000 --- a/dev-libs/nss/nss-3.25-r1.ebuild +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.12" -RTM_NAME="NSS_${PV//./_}_RTM" -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git -PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8" -PEM_P="${PN}-pem-20140125" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - nss-pem? ( https://dev.gentoo.org/~anarchy/dist/${PEM_P}.tar.bz2 )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="cacert +nss-pem utils" -CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]" -DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND}" -RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND} - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r12 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - )" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -PATCHES=( - # Custom changes for gentoo - "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch" - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" -) - -src_unpack() { - unpack ${A} - if use nss-pem ; then - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die - fi -} - -src_prepare() { - if use nss-pem ; then - PATCHES+=( - "${FILESDIR}/${PN}-3.21-enable-pem.patch" - "${FILESDIR}/${PN}-3.21-pem-werror.patch" - ) - fi - if use cacert ; then #521462 - PATCHES+=( - "${FILESDIR}/${PN}-3.21-cacert-class3.patch" - ) - fi - - default - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - aarch64*)echo "aarch64";; - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits:-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 "${makeargs[@]}" -C ${d} - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - nssutils="addbuiltin atob baddbdir btoa certcgi certutil - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils}; do - dobin ${f} - done - popd >/dev/null || die - fi - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - dodir /etc/prelink.conf.d - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ - > "${ED}"/etc/prelink.conf.d/nss.conf -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -} diff --git a/dev-libs/nss/nss-3.26.1.ebuild b/dev-libs/nss/nss-3.26.1.ebuild deleted file mode 100644 index 3e9034e..00000000 --- a/dev-libs/nss/nss-3.26.1.ebuild +++ /dev/null @@ -1,338 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.12" -RTM_NAME="NSS_${PV//./_}_RTM" -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git -PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116" -PEM_P="${PN}-pem-20160329" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="cacert +nss-pem utils" -CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]" -DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND}" -RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND} - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r12 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - )" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -PATCHES=( - # Custom changes for gentoo - "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch" - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" -) - -src_unpack() { - unpack ${A} - if use nss-pem ; then - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die - fi -} - -src_prepare() { - if use nss-pem ; then - PATCHES+=( - "${FILESDIR}/${PN}-3.21-enable-pem.patch" - ) - fi - if use cacert ; then #521462 - PATCHES+=( - "${FILESDIR}/${PN}-3.21-cacert-class3.patch" - ) - fi - - default - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - aarch64*)echo "aarch64";; - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits:-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 "${makeargs[@]}" -C ${d} - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - nssutils="addbuiltin atob baddbdir btoa certcgi certutil - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils}; do - dobin ${f} - done - popd >/dev/null || die - fi - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - dodir /etc/prelink.conf.d - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ - > "${ED}"/etc/prelink.conf.d/nss.conf -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -} diff --git a/dev-libs/nss/nss-3.27.2.ebuild b/dev-libs/nss/nss-3.27.2.ebuild deleted file mode 100644 index c1ef5c7..00000000 --- a/dev-libs/nss/nss-3.27.2.ebuild +++ /dev/null @@ -1,339 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal - -NSPR_VER="4.12" -RTM_NAME="NSS_${PV//./_}_RTM" -# Rev of https://git.fedorahosted.org/cgit/nss-pem.git -PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116" -PEM_P="${PN}-pem-20160329" - -DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" -HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/" -SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz - cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch ) - nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )" - -LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" -SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="cacert +nss-pem utils" -CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}] - >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]" -DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] - >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND}" -RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}] - ${CDEPEND} - abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20140508-r12 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - )" - -RESTRICT="test" - -S="${WORKDIR}/${P}/${PN}" - -MULTILIB_CHOST_TOOLS=( - /usr/bin/nss-config -) - -PATCHES=( - # Custom changes for gentoo - "${FILESDIR}/${PN}-3.21-gentoo-fixups.patch" - "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" - "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" -) - -src_unpack() { - unpack ${A} - if use nss-pem ; then - mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die - fi -} - -src_prepare() { - if use nss-pem ; then - PATCHES+=( - "${FILESDIR}/${PN}-3.21-enable-pem.patch" - ) - fi - if use cacert ; then #521462 - PATCHES+=( - "${DISTDIR}/${PN}-cacert-class1-class3.patch" - ) - fi - - default - - pushd coreconf >/dev/null || die - # hack nspr paths - echo 'INCLUDES += -I$(DIST)/include/dbm' \ - >> headers.mk || die "failed to append include" - - # modify install path - sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ - -i source.mk || die - - # Respect LDFLAGS - sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk - popd >/dev/null || die - - # Fix pkgconfig file for Prefix - sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ - config/Makefile || die - - # use host shlibsign if need be #436216 - if tc-is-cross-compiler ; then - sed -i \ - -e 's:"${2}"/shlibsign:shlibsign:' \ - cmd/shlibsign/sign.sh || die - fi - - # dirty hack - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ - lib/ssl/config.mk || die - sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ - cmd/platlibs.mk || die - - multilib_copy_sources - - strip-flags -} - -multilib_src_configure() { - # Ensure we stay multilib aware - sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die -} - -nssarch() { - # Most of the arches are the same as $ARCH - local t=${1:-${CHOST}} - case ${t} in - aarch64*)echo "aarch64";; - hppa*) echo "parisc";; - i?86*) echo "i686";; - x86_64*) echo "x86_64";; - *) tc-arch ${t};; - esac -} - -nssbits() { - local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS" - if [[ ${1} == BUILD_ ]]; then - cc=$(tc-getBUILD_CC) - else - cc=$(tc-getCC) - fi - echo > "${T}"/test.c || die - ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die - case $(file "${T}/${1}test.o") in - *32-bit*x86-64*) echo USE_X32=1;; - *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; - *32-bit*|*ppc*|*i386*) ;; - *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";; - esac -} - -multilib_src_compile() { - # use ABI to determine bit'ness, or fallback if unset - local buildbits mybits - case "${ABI}" in - n32) mybits="USE_N32=1";; - x32) mybits="USE_X32=1";; - s390x|*64) mybits="USE_64=1";; - ${DEFAULT_ABI}) - einfo "Running compilation test to determine bit'ness" - mybits=$(nssbits) - ;; - esac - # bitness of host may differ from target - if tc-is-cross-compiler; then - buildbits=$(nssbits BUILD_) - fi - - local makeargs=( - CC="$(tc-getCC)" - AR="$(tc-getAR) rc \$@" - RANLIB="$(tc-getRANLIB)" - OPTIMIZER= - ${mybits} - ) - - # Take care of nspr settings #436216 - local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)" - unset NSPR_INCLUDE_DIR - - # Do not let `uname` be used. - if use kernel_linux ; then - makeargs+=( - OS_TARGET=Linux - OS_RELEASE=2.6 - OS_TEST="$(nssarch)" - ) - fi - - export NSS_ENABLE_WERROR=0 #567158 - export BUILD_OPT=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSDISTMODE=copy - export NSS_ENABLE_ECC=1 - export FREEBL_NO_DEPEND=1 - export ASFLAGS="" - - local d - - # Build the host tools first. - LDFLAGS="${BUILD_LDFLAGS}" \ - XCFLAGS="${BUILD_CFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 -C coreconf \ - CC="$(tc-getBUILD_CC)" \ - ${buildbits:-${mybits}} - makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) - - # Then build the target tools. - for d in . lib/dbm ; do - CPPFLAGS="${myCPPFLAGS}" \ - XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ - NSPR_LIB_DIR="${T}/fakedir" \ - emake -j1 "${makeargs[@]}" -C ${d} - done -} - -# Altering these 3 libraries breaks the CHK verification. -# All of the following cause it to break: -# - stripping -# - prelink -# - ELF signing -# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html -# Either we have to NOT strip them, or we have to forcibly resign after -# stripping. -#local_libdir="$(get_libdir)" -#export STRIP_MASK=" -# */${local_libdir}/libfreebl3.so* -# */${local_libdir}/libnssdbm3.so* -# */${local_libdir}/libsoftokn3.so*" - -export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" - -generate_chk() { - local shlibsign="$1" - local libdir="$2" - einfo "Resigning core NSS libraries for FIPS validation" - shift 2 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libname=lib${i}.so - local chkname=lib${i}.chk - "${shlibsign}" \ - -i "${libdir}"/${libname} \ - -o "${libdir}"/${chkname}.tmp \ - && mv -f \ - "${libdir}"/${chkname}.tmp \ - "${libdir}"/${chkname} \ - || die "Failed to sign ${libname}" - done -} - -cleanup_chk() { - local libdir="$1" - shift 1 - local i - for i in ${NSS_CHK_SIGN_LIBS} ; do - local libfname="${libdir}/lib${i}.so" - # If the major version has changed, then we have old chk files. - [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ - && rm -f "${libfname}.chk" - done -} - -multilib_src_install() { - pushd dist >/dev/null || die - - dodir /usr/$(get_libdir) - cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" - cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - cp -L */lib/libfreebl.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" - - # Install nss-config and pkgconfig file - dodir /usr/bin - cp -L */bin/nss-config "${ED}"/usr/bin || die - dodir /usr/$(get_libdir)/pkgconfig - cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die - - # create an nss-softokn.pc from nss.pc for libfreebl and some private headers - # bug 517266 - sed -e 's#Libs:#Libs: -lfreebl#' \ - -e 's#Cflags:#Cflags: -I${includedir}/private#' \ - */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \ - || die "could not create nss-softokn.pc" - - # all the include files - insinto /usr/include/nss - doins public/nss/*.h - insinto /usr/include/nss/private - doins private/nss/{blapi,alghmac}.h - - popd >/dev/null || die - - local f nssutils - # Always enabled because we need it for chk generation. - nssutils="shlibsign" - - if multilib_is_native_abi ; then - if use utils; then - # The tests we do not need to install. - #nssutils_test="bltest crmftest dbtest dertimetest - #fipstest remtest sdrtest" - # checkcert utils has been removed in nss-3.22: - # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545 - # https://hg.mozilla.org/projects/nss/rev/df1729d37870 - nssutils="addbuiltin atob baddbdir btoa certcgi certutil - cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit - nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode - pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt - symkeyutil tstclnt vfychain vfyserv" - # install man-pages for utils (bug #516810) - doman doc/nroff/*.1 - fi - pushd dist/*/bin >/dev/null || die - for f in ${nssutils}; do - dobin ${f} - done - popd >/dev/null || die - fi - - # Prelink breaks the CHK files. We don't have any reliable way to run - # shlibsign after prelink. - dodir /etc/prelink.conf.d - printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \ - > "${ED}"/etc/prelink.conf.d/nss.conf -} - -pkg_postinst() { - multilib_pkg_postinst() { - # We must re-sign the libraries AFTER they are stripped. - local shlibsign="${EROOT}/usr/bin/shlibsign" - # See if we can execute it (cross-compiling & such). #436216 - "${shlibsign}" -h >&/dev/null - if [[ $? -gt 1 ]] ; then - shlibsign="shlibsign" - fi - generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postinst -} - -pkg_postrm() { - multilib_pkg_postrm() { - cleanup_chk "${EROOT}"/usr/$(get_libdir) - } - - multilib_foreach_abi multilib_pkg_postrm -}