projects / gentoo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
dev-libs/nss: Bump to version 3.51.1
[gentoo.git] / dev-libs / nss / nss-3.51.1.ebuild
1 # Copyright 1999-2020 Gentoo Authors
2 # Distributed under the terms of the GNU General Public License v2
3
4 EAPI=7
5
6 inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
7
8 NSPR_VER="4.25"
9 RTM_NAME="NSS_${PV//./_}_RTM"
10
11 DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
12 HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
13 SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
14         cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )"
15
16 LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
17 SLOT="0"
18 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
19 IUSE="cacert utils"
20 BDEPEND="
21         >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
22 "
23 RDEPEND="
24         >=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
25         >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
26         >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
27 "
28 DEPEND="${RDEPEND}"
29
30 RESTRICT="test"
31
32 S="${WORKDIR}/${P}/${PN}"
33
34 MULTILIB_CHOST_TOOLS=(
35         /usr/bin/nss-config
36 )
37
38 PATCHES=(
39         # Custom changes for gentoo
40         "${FILESDIR}/${PN}-3.47-gentoo-fixups.patch"
41         "${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
42         "${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
43 )
44
45 src_prepare() {
46         if use cacert ; then #521462
47                 PATCHES+=(
48                         "${DISTDIR}/${PN}-cacert-class1-class3.patch"
49                 )
50         fi
51
52         default
53
54         pushd coreconf >/dev/null || die
55         # hack nspr paths
56         echo 'INCLUDES += -I$(DIST)/include/dbm' \
57                 >> headers.mk || die "failed to append include"
58
59         # modify install path
60         sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
61                 -i source.mk || die
62
63         # Respect LDFLAGS
64         sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
65         popd >/dev/null || die
66
67         # Fix pkgconfig file for Prefix
68         sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
69                 config/Makefile || die
70
71         # use host shlibsign if need be #436216
72         if tc-is-cross-compiler ; then
73                 sed -i \
74                         -e 's:"${2}"/shlibsign:shlibsign:' \
75                         cmd/shlibsign/sign.sh || die
76         fi
77
78         # dirty hack
79         sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
80                 lib/ssl/config.mk || die
81         sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
82                 cmd/platlibs.mk || die
83
84         multilib_copy_sources
85
86         strip-flags
87 }
88
89 multilib_src_configure() {
90         # Ensure we stay multilib aware
91         sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
92 }
93
94 nssarch() {
95         # Most of the arches are the same as $ARCH
96         local t=${1:-${CHOST}}
97         case ${t} in
98                 aarch64*)echo "aarch64";;
99                 hppa*)   echo "parisc";;
100                 i?86*)   echo "i686";;
101                 x86_64*) echo "x86_64";;
102                 *)       tc-arch ${t};;
103         esac
104 }
105
106 nssbits() {
107         local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
108         if [[ ${1} == BUILD_ ]]; then
109                 cc=$(tc-getBUILD_CC)
110         else
111                 cc=$(tc-getCC)
112         fi
113         echo > "${T}"/test.c || die
114         ${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
115         case $(file "${T}/${1}test.o") in
116                 *32-bit*x86-64*) echo USE_X32=1;;
117                 *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
118                 *32-bit*|*ppc*|*i386*) ;;
119                 *) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
120         esac
121 }
122
123 multilib_src_compile() {
124         # use ABI to determine bit'ness, or fallback if unset
125         local buildbits mybits
126         case "${ABI}" in
127                 n32) mybits="USE_N32=1";;
128                 x32) mybits="USE_X32=1";;
129                 s390x|*64) mybits="USE_64=1";;
130                 ${DEFAULT_ABI})
131                         einfo "Running compilation test to determine bit'ness"
132                         mybits=$(nssbits)
133                         ;;
134         esac
135         # bitness of host may differ from target
136         if tc-is-cross-compiler; then
137                 buildbits=$(nssbits BUILD_)
138         fi
139
140         local makeargs=(
141                 CC="$(tc-getCC)"
142                 CCC="$(tc-getCXX)"
143                 AR="$(tc-getAR) rc \$@"
144                 RANLIB="$(tc-getRANLIB)"
145                 OPTIMIZER=
146                 ${mybits}
147         )
148
149         # Take care of nspr settings #436216
150         local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
151         unset NSPR_INCLUDE_DIR
152
153         # Do not let `uname` be used.
154         if use kernel_linux ; then
155                 makeargs+=(
156                         OS_TARGET=Linux
157                         OS_RELEASE=2.6
158                         OS_TEST="$(nssarch)"
159                 )
160         fi
161
162         export NSS_ALLOW_SSLKEYLOGFILE=1
163         export NSS_ENABLE_WERROR=0 #567158
164         export BUILD_OPT=1
165         export NSS_USE_SYSTEM_SQLITE=1
166         export NSDISTMODE=copy
167         export NSS_ENABLE_ECC=1
168         export FREEBL_NO_DEPEND=1
169         export FREEBL_LOWHASH=1
170         export NSS_SEED_ONLY_DEV_URANDOM=1
171         export ASFLAGS=""
172
173         local d
174
175         # Build the host tools first.
176         LDFLAGS="${BUILD_LDFLAGS}" \
177         XCFLAGS="${BUILD_CFLAGS}" \
178         NSPR_LIB_DIR="${T}/fakedir" \
179         emake -j1 -C coreconf \
180                 CC="$(tc-getBUILD_CC)" \
181                 ${buildbits:-${mybits}}
182         makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
183
184         # Then build the target tools.
185         for d in . lib/dbm ; do
186                 CPPFLAGS="${myCPPFLAGS}" \
187                 XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
188                 NSPR_LIB_DIR="${T}/fakedir" \
189                 emake -j1 "${makeargs[@]}" -C ${d}
190         done
191 }
192
193 # Altering these 3 libraries breaks the CHK verification.
194 # All of the following cause it to break:
195 # - stripping
196 # - prelink
197 # - ELF signing
198 # http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
199 # Either we have to NOT strip them, or we have to forcibly resign after
200 # stripping.
201 #local_libdir="$(get_libdir)"
202 #export STRIP_MASK="
203 #       */${local_libdir}/libfreebl3.so*
204 #       */${local_libdir}/libnssdbm3.so*
205 #       */${local_libdir}/libsoftokn3.so*"
206
207 export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
208
209 generate_chk() {
210         local shlibsign="$1"
211         local libdir="$2"
212         einfo "Resigning core NSS libraries for FIPS validation"
213         shift 2
214         local i
215         for i in ${NSS_CHK_SIGN_LIBS} ; do
216                 local libname=lib${i}.so
217                 local chkname=lib${i}.chk
218                 "${shlibsign}" \
219                         -i "${libdir}"/${libname} \
220                         -o "${libdir}"/${chkname}.tmp \
221                 && mv -f \
222                         "${libdir}"/${chkname}.tmp \
223                         "${libdir}"/${chkname} \
224                 || die "Failed to sign ${libname}"
225         done
226 }
227
228 cleanup_chk() {
229         local libdir="$1"
230         shift 1
231         local i
232         for i in ${NSS_CHK_SIGN_LIBS} ; do
233                 local libfname="${libdir}/lib${i}.so"
234                 # If the major version has changed, then we have old chk files.
235                 [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
236                         && rm -f "${libfname}.chk"
237         done
238 }
239
240 multilib_src_install() {
241         pushd dist >/dev/null || die
242
243         dodir /usr/$(get_libdir)
244         cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
245         local i
246         for i in crmf freebl nssb nssckfw ; do
247                 cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
248         done
249
250         # Install nss-config and pkgconfig file
251         dodir /usr/bin
252         cp -L */bin/nss-config "${ED}"/usr/bin || die
253         dodir /usr/$(get_libdir)/pkgconfig
254         cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
255
256         # create an nss-softokn.pc from nss.pc for libfreebl and some private headers
257         # bug 517266
258         sed     -e 's#Libs:#Libs: -lfreebl#' \
259                 -e 's#Cflags:#Cflags: -I${includedir}/private#' \
260                 */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
261                 || die "could not create nss-softokn.pc"
262
263         # all the include files
264         insinto /usr/include/nss
265         doins public/nss/*.{h,api}
266         insinto /usr/include/nss/private
267         doins private/nss/{blapi,alghmac,cmac}.h
268
269         popd >/dev/null || die
270
271         local f nssutils
272         # Always enabled because we need it for chk generation.
273         nssutils=( shlibsign )
274
275         if multilib_is_native_abi ; then
276                 if use utils; then
277                         # The tests we do not need to install.
278                         #nssutils_test="bltest crmftest dbtest dertimetest
279                         #fipstest remtest sdrtest"
280                         # checkcert utils has been removed in nss-3.22:
281                         # https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
282                         # https://hg.mozilla.org/projects/nss/rev/df1729d37870
283                         # certcgi has been removed in nss-3.36:
284                         # https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
285                         nssutils+=(
286                                 addbuiltin
287                                 atob
288                                 baddbdir
289                                 btoa
290                                 certutil
291                                 cmsutil
292                                 conflict
293                                 crlutil
294                                 derdump
295                                 digest
296                                 makepqg
297                                 mangle
298                                 modutil
299                                 multinit
300                                 nonspr10
301                                 ocspclnt
302                                 oidcalc
303                                 p7content
304                                 p7env
305                                 p7sign
306                                 p7verify
307                                 pk11mode
308                                 pk12util
309                                 pp
310                                 rsaperf
311                                 selfserv
312                                 signtool
313                                 signver
314                                 ssltap
315                                 strsclnt
316                                 symkeyutil
317                                 tstclnt
318                                 vfychain
319                                 vfyserv
320                         )
321                         # install man-pages for utils (bug #516810)
322                         doman doc/nroff/*.1
323                 fi
324                 pushd dist/*/bin >/dev/null || die
325                 for f in ${nssutils[@]}; do
326                         dobin ${f}
327                 done
328                 popd >/dev/null || die
329         fi
330
331         # Prelink breaks the CHK files. We don't have any reliable way to run
332         # shlibsign after prelink.
333         dodir /etc/prelink.conf.d
334         printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
335                 > "${ED}"/etc/prelink.conf.d/nss.conf
336 }
337
338 pkg_postinst() {
339         multilib_pkg_postinst() {
340                 # We must re-sign the libraries AFTER they are stripped.
341                 local shlibsign="${EROOT}/usr/bin/shlibsign"
342                 # See if we can execute it (cross-compiling & such). #436216
343                 "${shlibsign}" -h >&/dev/null
344                 if [[ $? -gt 1 ]] ; then
345                         shlibsign="shlibsign"
346                 fi
347                 generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
348         }
349
350         multilib_foreach_abi multilib_pkg_postinst
351 }
352
353 pkg_postrm() {
354         multilib_pkg_postrm() {
355                 cleanup_chk "${EROOT}"/usr/$(get_libdir)
356         }
357
358         multilib_foreach_abi multilib_pkg_postrm
359 }
Unnamed repository; edit this file 'description' to name the repository.