Import the multilib support from ::mozilla. Clean up a bit and copy the simplified bit-ness check from dev-libs/nspr.

Package-Manager: portage-2.2.10/cvs/Linux x86_64 Manifest-Sign-Key: 0xEFB4464E!
author: Michał Górny <mgorny@gentoo.org> 2014-06-14 08:27:40 +0000
committer: Michał Górny <mgorny@gentoo.org> 2014-06-14 08:27:40 +0000
commit: caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e (patch)
tree: 856c983bf54d6741e90f57eb0925a990e8e5719e /dev-libs/nss
parent: Copy the x32 fallback check from dev-libs/nss::mozilla. (diff)
download: historical-caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e.tar.gz
historical-caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e.tar.bz2
historical-caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e.zip
3 files changed, 331 insertions, 6 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog
index 76b49ea0228e..3b467274b9d3 100644
--- a/dev-libs/nss/ChangeLog
+++ b/dev-libs/nss/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-libs/nss
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.361 2014/03/31 17:11:39 axs Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.362 2014/06/14 08:27:39 mgorny Exp $
+
+*nss-3.16-r1 (14 Jun 2014)
+
+  14 Jun 2014; Michał Górny <mgorny@gentoo.org> +nss-3.16-r1.ebuild:
+  Import the multilib support from ::mozilla. Clean up a bit and copy the
+  simplified bit-ness check from dev-libs/nspr.
 
   31 Mar 2014; Ian Stakenvicius (_AxS_) <axs@gentoo.org> nss-3.16.ebuild:
   upstream integration of x32 patch changed case on variable, fixed ebuild to
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 3c04e1169a09..d7add063d0d6 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -14,13 +14,26 @@ DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c
 DIST nss-pem-3ade37c5c4ca5a6094e3f4b2e4591405db1867dd.tar.bz2 28849 SHA256 0388cb01d6158fad92b6ee13241531c7dba66a4be64e85160ded212c3febadc4 SHA512 6994bd7435ad0cff9f5aed509c5f7ea438a6829188bea94d57020e8df6d75631b289363b6f68c3c96da67c958af967c624147d3604b734d8f0b57688f74e7c95 WHIRLPOOL a168e137981f4bc4cc6735bcc234b3fe14ea0cc91768926cdaae3f124ba1dfcd06be029c3805ded20df600c8655bb2d97beb69a0c6b7f2441e7ee4c651cd7868
 EBUILD nss-3.15.4.ebuild 7497 SHA256 9e9f714c0dad52e14b147d272ceff71376d8b45725e7563b1af84afb49768209 SHA512 0b95499c659774c86ea9ad66ead30d942b8c656339b0cc4cb52aae12f6826b3996d33b9424b0a5e7bc54c08af776151dfb5f8e5ddcb4be934eb8245cb679b7dc WHIRLPOOL df8a3c6f7fd45f92e5430ec27ed2ff240e59113d52ea1125689f9eee9d75b7fbdbb50a41f3e65ad0cd6c459aea109764a5465a0aa5612ca3be08bd6ddf1b1c65
 EBUILD nss-3.15.5.ebuild 7822 SHA256 d8714ec8b486583c7aae0c5605cc6e89f96a1e014343668ae2fcd2a2374695a3 SHA512 1aa2aecacf610920fbb0315ea307d6cb2e907949e6771922d5ddc04857a3e7fca9c5c052d74283b83a13f077d5f640c0527801ac0a704d107a8386f4ab31af02 WHIRLPOOL 9c36b00cf81e4994984e55a21f686848d8808ddbfa3fc2f7d8c766c185472895525b83eed63a1337169398b88dc8ec8e074420872649a96de27923ea1175ba0b
+EBUILD nss-3.16-r1.ebuild 8855 SHA256 c2675d75f88ccdbae0a07c140b087859c3ec6fd2467b30c713737c3bfe813d38 SHA512 72ddb6d8dbbd23476eab06dd9f308f11c87d9e09e550661d09b6e24b269229f1afaf10806130d3268c88d1dd8c99326eba11503f12aa5efcf7de3685725d5c45 WHIRLPOOL 65434be32a52482b41f63294878585a66ba0760fd20fdeaae321e3ddd323a446820e8f8037d5d2eebb875933d12413b5ec7e8943e4031366b6368914e2c15f1b
 EBUILD nss-3.16.ebuild 7724 SHA256 2fa141917343fc9732c6c4e4bfb2d90be9dad5aefa5440cb2b40ac65277b1eeb SHA512 74aedaace555127952715669d110428b07da9d8deafe14982196b9e25554c9141da1e750124e3c682c36134ac6a4f9437f91335c851bd8523c38b58bd80823b7 WHIRLPOOL 1a8a12598682c55b5b9b3a3e5667c17b9333b1ab3820e8934c1736f56cc8a9a2607ffcce5ec58dcd2b88335ffc5afe601161628af42ad788ef5d33324520ea33
-MISC ChangeLog 45802 SHA256 72c359ecaa78cfcfa4a1e8eb4e51efec349d8995f0ba040eb85108e19cc5475f SHA512 c5cf76a5f2e3a827bf06864633d1ddf94f7820b9433c917dff03609df461c6f4eec985841e876abfc247cee682c1dcb27cbad6ee1803ef50337f31bff8347aec WHIRLPOOL e3c98543dc542b47bedcfd5673c0fed215232a3c463e5fbb61879809fd478822e95717d6afa7b788a7f2f37645ab458e2b94f4c6da3360638e79420617bcfa68
+MISC ChangeLog 46027 SHA256 f7e22ac8f9b342e55402b78a172beb3a7b9ed135a4405dcb82a6b67ed5cc51eb SHA512 ea9bf86faa8f90e6b0a78ad06a0c2e1c87817e5c465a5a2ce8ff0ba348d738a5f3c1f5b8fbb98b3bc8eb380dfc5ef8f94fc25346208ad318d3838e980460a741 WHIRLPOOL 599f040577e84110945bd0dac1fbc19747f617b918204bf0c641c6bf632e0a6fe08682fd9593b53a6e30ac1504289c87489d8986648450cb2a703dc8126bdeb2
 MISC metadata.xml 545 SHA256 d3a7dfb4b9f063b343b42b3002d3722ee44aea8a47154fa2158533aa94a5a258 SHA512 4da88948d5b637093646300bab0105c642968b2c9693939be6b75b5d24f02bd9b2cc5f13ae18594b9b00fa8dfe02e5d6959c13021124cd027007649787aec750 WHIRLPOOL 0879625ef92b2db563e5a1b434176bab08846e815fbf0c963a23b3ca228b3525dc80f6e7940a303fc1dd47403416c67811ed09d00f29a431abc4979865b67ff9
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
+Version: GnuPG v2
 
-iF4EAREIAAYFAlM5oeEACgkQ2ugaI38ACPByKgD/YsAQ6PPBLjHra51uW21W5bPO
-aUUUwS5PbLK9drpYX2ABAK3+JPxbL0em/YZNyGBmMXBUbfPtpl9ZOKNZiBq4v2Nt
-=3rwr
+iQJ8BAEBCABmBQJTnAd8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2REJCMDdDQzRGMERBRDA2RUEwQUZFNDFC
+MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZOKuIP/0H4dBp3nXbVlQOn6WAcArg4
+U5FSIo810We2dk2fJU9hfhIRH0cG8+RJ3xwpoZzQ+iOn1sxFsOVs2kNNA+j1+zqX
+BFjO2tthWdZj2bpelX886zYYvHvKeDFyHdHxiuqMp584o2m/Y+rCGCbKgljLUkQh
+/eA0SdsUseVNFK57dKpD1wvUPgiuIT8SwGjFmvSPNdyXhvHo9JKH3MyhMgdBNLXM
+KFSbZd5Pg35iAhLVf2x3qwfVLfiwPmTzXCac0OP7GmHSGOTWOZEfmN4MqjwFOe+h
+xDddf4yVs9nmToSkbtx6h/I1i+cdjWrP5JIweHEVInnF49Zh5/RsR7EdWOcSHWcS
+AhSQNpfZ2RUDV/sq+5VWahw45xi135U1/9pyfROsp8pKFWz/aCg8Dmsnl4+UyUf2
+1vO3BwSvbyy7eISJLbDY1ABO328Gx0D8qOVSS32DTyZekHMYGlLmW99MVLPABrq0
+o+doPGW4xMmHBcBBtwETOdZ0yAKAHhDBcEl0gYG/7x6Vx7EpPYePrVyRXxrVyVXM
+PZcrIqbAbUVhJori2k4iejtgi8bzwKEySsBaPf+79z8ao9AGSt3R+B+YCRUK5wYg
+zAkBHfEB6/yTdE/qJOfdsOCczCnKlKCRzuI7omtTHAh9b1dbp9WPkdvsOz1UaO/V
+JRCXYA70RNat4QeR1UPd
+=bgOb
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/nss/nss-3.16-r1.ebuild b/dev-libs/nss/nss-3.16-r1.ebuild
new file mode 100644
index 000000000000..50e7104693d9
--- /dev/null
+++ b/dev-libs/nss/nss-3.16-r1.ebuild
@@ -0,0 +1,306 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.16-r1.ebuild,v 1.1 2014/06/14 08:27:39 mgorny Exp $
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="3ade37c5c4ca5a6094e3f4b2e4591405db1867dd"
+PEM_P="${PN}-pem-${PEM_GIT_REV}"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+
+DEPEND="virtual/pkgconfig[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}
+	>=dev-db/sqlite-3.5[${MULTILIB_USEDEP}]
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
+	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	# use ABI first, this will work for most cases
+	case "${ABI}" in
+		alpha|arm|hppa|m68k|o32|ppc|s390|sh|sparc|x86) ;;
+		n32) echo USE_N32=1;;
+		x32) echo USE_X32=1;;
+		s390x|*64) echo USE_64=1;;
+		default) # no abi actually set, fall back to old check
+			einfo "Running a short build test to determine 64bit'ness"
+			echo > "${T}"/test.c || die
+			${CC} ${CFLAGS} ${CPPFLAGS} -c "${T}"/test.c -o "${T}"/test.o || die
+			case $(file "${T}"/test.o) in
+				*32-bit*x86-64*) echo USE_X32=1;;
+				*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+				*32-bit*|*ppc*|*i386*) ;;
+				*) die "Failed to detect whether your arch is 64bits or 32bits, disable distcc if you're using it, please";;
+			esac ;;
+		*) ;;
+	esac
+}
+
+multilib_src_compile() {
+	tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG}
+	local makeargs=(
+		CC="${CC}"
+		AR="${AR} rc \$@"
+		RANLIB="${RANLIB}"
+		OPTIMIZER=
+		$(nssbits)
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $(${PKG_CONFIG} nspr --cflags)"
+	local myLDFLAGS="${LDFLAGS} $(${PKG_CONFIG} nspr --libs-only-L)"
+	unset NSPR_INCLUDE_DIR
+	#export NSPR_LIB_DIR=${T}/fake-dir-${ABI} - do this further down now
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \
+	emake -j1 -C coreconf \
+		CC="${BUILD_CC}" \
+		$(nssbits BUILD_)
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		LDFLAGS="${myLDFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	# We generate these after stripping the libraries, else they don't match.
+	#cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	local l libs=() liblist
+	for l in ${NSS_CHK_SIGN_LIBS} ; do
+		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+	done
+	liblist=$(printf '%s:' "${libs[@]}")
+	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
+	doenvd "${T}/90nss-${ABI}"
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}
author	Michał Górny <mgorny@gentoo.org>	2014-06-14 08:27:40 +0000
committer	Michał Górny <mgorny@gentoo.org>	2014-06-14 08:27:40 +0000
commit	caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e (patch)
tree	856c983bf54d6741e90f57eb0925a990e8e5719e /dev-libs/nss
parent	Copy the x32 fallback check from dev-libs/nss::mozilla. (diff)
download	historical-caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e.tar.gz historical-caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e.tar.bz2 historical-caf9e1bb74cd20b9d8ef7ce2ebfd1097e470ed7e.zip