mgorny 14/06/14 08:27:39 Modified: ChangeLog Added: nss-3.16-r1.ebuild Log: Import the multilib support from ::mozilla. Clean up a bit and copy the simplified bit-ness check from dev-libs/nspr. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)
Revision Changes Path 1.362 dev-libs/nss/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.362&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?rev=1.362&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/ChangeLog?r1=1.361&r2=1.362 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v retrieving revision 1.361 retrieving revision 1.362 diff -u -r1.361 -r1.362 --- ChangeLog 31 Mar 2014 17:11:39 -0000 1.361 +++ ChangeLog 14 Jun 2014 08:27:39 -0000 1.362 @@ -1,6 +1,12 @@ # ChangeLog for dev-libs/nss # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.361 2014/03/31 17:11:39 axs Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.362 2014/06/14 08:27:39 mgorny Exp $ + +*nss-3.16-r1 (14 Jun 2014) + + 14 Jun 2014; Michał Górny <mgo...@gentoo.org> +nss-3.16-r1.ebuild: + Import the multilib support from ::mozilla. Clean up a bit and copy the + simplified bit-ness check from dev-libs/nspr. 31 Mar 2014; Ian Stakenvicius (_AxS_) <a...@gentoo.org> nss-3.16.ebuild: upstream integration of x32 patch changed case on variable, fixed ebuild to 1.1 dev-libs/nss/nss-3.16-r1.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.16-r1.ebuild?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/nss/nss-3.16-r1.ebuild?rev=1.1&content-type=text/plain Index: nss-3.16-r1.ebuild =================================================================== # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.16-r1.ebuild,v 1.1 2014/06/14 08:27:39 mgorny Exp $ EAPI=5 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal NSPR_VER="4.10" RTM_NAME="NSS_${PV//./_}_RTM" # Rev of https://git.fedorahosted.org/cgit/nss-pem.git PEM_GIT_REV="3ade37c5c4ca5a6094e3f4b2e4591405db1867dd" PEM_P="${PN}-pem-${PEM_GIT_REV}" DESCRIPTION="Mozilla's Network Security Services library that implements PKI support" HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"; SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch ) nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )" LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" IUSE="+cacert +nss-pem utils" DEPEND="virtual/pkgconfig[${MULTILIB_USEDEP}] >=dev-libs/nspr-${NSPR_VER}" RDEPEND=">=dev-libs/nspr-${NSPR_VER} >=dev-db/sqlite-3.5[${MULTILIB_USEDEP}] sys-libs/zlib[${MULTILIB_USEDEP}] abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r9 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" RESTRICT="test" S="${WORKDIR}/${P}/${PN}" MULTILIB_CHOST_TOOLS=( /usr/bin/nss-config ) src_unpack() { unpack ${A} if use nss-pem ; then mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die fi } src_prepare() { # Custom changes for gentoo epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch" epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch" use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch" use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch" epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch" pushd coreconf >/dev/null || die # hack nspr paths echo 'INCLUDES += -I$(DIST)/include/dbm' \ >> headers.mk || die "failed to append include" # modify install path sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \ -i source.mk || die # Respect LDFLAGS sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk popd >/dev/null || die # Fix pkgconfig file for Prefix sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \ config/Makefile || die # use host shlibsign if need be #436216 if tc-is-cross-compiler ; then sed -i \ -e 's:"${2}"/shlibsign:shlibsign:' \ cmd/shlibsign/sign.sh || die fi # dirty hack sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \ lib/ssl/config.mk || die sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \ cmd/platlibs.mk || die multilib_copy_sources strip-flags } multilib_src_configure() { # Ensure we stay multilib aware sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die } nssarch() { # Most of the arches are the same as $ARCH local t=${1:-${CHOST}} case ${t} in aarch64*)echo "aarch64";; hppa*) echo "parisc";; i?86*) echo "i686";; x86_64*) echo "x86_64";; *) tc-arch ${t};; esac } nssbits() { # use ABI first, this will work for most cases case "${ABI}" in alpha|arm|hppa|m68k|o32|ppc|s390|sh|sparc|x86) ;; n32) echo USE_N32=1;; x32) echo USE_X32=1;; s390x|*64) echo USE_64=1;; default) # no abi actually set, fall back to old check einfo "Running a short build test to determine 64bit'ness" echo > "${T}"/test.c || die ${CC} ${CFLAGS} ${CPPFLAGS} -c "${T}"/test.c -o "${T}"/test.o || die case $(file "${T}"/test.o) in *32-bit*x86-64*) echo USE_X32=1;; *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;; *32-bit*|*ppc*|*i386*) ;; *) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";; esac ;; *) ;; esac } multilib_src_compile() { tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG} local makeargs=( CC="${CC}" AR="${AR} rc \$@" RANLIB="${RANLIB}" OPTIMIZER= $(nssbits) ) # Take care of nspr settings #436216 local myCPPFLAGS="${CPPFLAGS} $(${PKG_CONFIG} nspr --cflags)" local myLDFLAGS="${LDFLAGS} $(${PKG_CONFIG} nspr --libs-only-L)" unset NSPR_INCLUDE_DIR #export NSPR_LIB_DIR=${T}/fake-dir-${ABI} - do this further down now # Do not let `uname` be used. if use kernel_linux ; then makeargs+=( OS_TARGET=Linux OS_RELEASE=2.6 OS_TEST="$(nssarch)" ) fi export BUILD_OPT=1 export NSS_USE_SYSTEM_SQLITE=1 export NSDISTMODE=copy export NSS_ENABLE_ECC=1 export FREEBL_NO_DEPEND=1 export ASFLAGS="" local d # Build the host tools first. LDFLAGS="${BUILD_LDFLAGS}" \ XCFLAGS="${BUILD_CFLAGS}" \ NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \ emake -j1 -C coreconf \ CC="${BUILD_CC}" \ $(nssbits BUILD_) makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" ) # Then build the target tools. for d in . lib/dbm ; do CPPFLAGS="${myCPPFLAGS}" \ LDFLAGS="${myLDFLAGS}" \ XCFLAGS="${CFLAGS} ${CPPFLAGS}" \ NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \ emake -j1 "${makeargs[@]}" -C ${d} done } # Altering these 3 libraries breaks the CHK verification. # All of the following cause it to break: # - stripping # - prelink # - ELF signing # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html # Either we have to NOT strip them, or we have to forcibly resign after # stripping. #local_libdir="$(get_libdir)" #export STRIP_MASK=" # */${local_libdir}/libfreebl3.so* # */${local_libdir}/libnssdbm3.so* # */${local_libdir}/libsoftokn3.so*" export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3" generate_chk() { local shlibsign="$1" local libdir="$2" einfo "Resigning core NSS libraries for FIPS validation" shift 2 local i for i in ${NSS_CHK_SIGN_LIBS} ; do local libname=lib${i}.so local chkname=lib${i}.chk "${shlibsign}" \ -i "${libdir}"/${libname} \ -o "${libdir}"/${chkname}.tmp \ && mv -f \ "${libdir}"/${chkname}.tmp \ "${libdir}"/${chkname} \ || die "Failed to sign ${libname}" done } cleanup_chk() { local libdir="$1" shift 1 local i for i in ${NSS_CHK_SIGN_LIBS} ; do local libfname="${libdir}/lib${i}.so" # If the major version has changed, then we have old chk files. [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \ && rm -f "${libfname}.chk" done } multilib_src_install() { pushd dist >/dev/null || die dodir /usr/$(get_libdir) cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed" # We generate these after stripping the libraries, else they don't match. #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed" cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed" # Install nss-config and pkgconfig file dodir /usr/bin cp -L */bin/nss-config "${ED}"/usr/bin dodir /usr/$(get_libdir)/pkgconfig cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig # all the include files insinto /usr/include/nss doins public/nss/*.h popd >/dev/null || die local f nssutils # Always enabled because we need it for chk generation. nssutils="shlibsign" if multilib_is_native_abi ; then if use utils; then # The tests we do not need to install. #nssutils_test="bltest crmftest dbtest dertimetest #fipstest remtest sdrtest" nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt symkeyutil tstclnt vfychain vfyserv" fi pushd dist/*/bin >/dev/null || die for f in ${nssutils}; do dobin ${f} done popd >/dev/null || die fi # Prelink breaks the CHK files. We don't have any reliable way to run # shlibsign after prelink. local l libs=() liblist for l in ${NSS_CHK_SIGN_LIBS} ; do libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so") done liblist=$(printf '%s:' "${libs[@]}") echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}" doenvd "${T}/90nss-${ABI}" } pkg_postinst() { multilib_pkg_postinst() { # We must re-sign the libraries AFTER they are stripped. local shlibsign="${EROOT}/usr/bin/shlibsign" # See if we can execute it (cross-compiling & such). #436216 "${shlibsign}" -h >&/dev/null if [[ $? -gt 1 ]] ; then shlibsign="shlibsign" fi generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir) } multilib_foreach_abi multilib_pkg_postinst } pkg_postrm() { multilib_pkg_postrm() { cleanup_chk "${EROOT}"/usr/$(get_libdir) } multilib_foreach_abi multilib_pkg_postrm }
