Version bump (bug #522044)

Package-Manager: portage-2.2.12/cvs/Linux x86_64 Manifest-Sign-Key: 0x981CA6FC
author: Lars Wendler <polynomial-c@gentoo.org> 2014-09-03 16:10:41 +0000
committer: Lars Wendler <polynomial-c@gentoo.org> 2014-09-03 16:10:41 +0000
commit: ad13c905db6207555b5a7cf67381c907c785a73b (patch)
tree: 27ace4d0a6119f37fe7886b91a0f459c2d82b4fe /dev-libs/nss
parent: Version bump (bug #522044). Removed old. (diff)
download: historical-ad13c905db6207555b5a7cf67381c907c785a73b.tar.gz
historical-ad13c905db6207555b5a7cf67381c907c785a73b.tar.bz2
historical-ad13c905db6207555b5a7cf67381c907c785a73b.zip
3 files changed, 343 insertions, 15 deletions
diff --git a/dev-libs/nss/ChangeLog b/dev-libs/nss/ChangeLog
index 59a4506e62b6..65c4c10e39a9 100644
--- a/dev-libs/nss/ChangeLog
+++ b/dev-libs/nss/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for dev-libs/nss
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.379 2014/08/12 21:13:10 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/ChangeLog,v 1.380 2014/09/03 16:10:40 polynomial-c Exp $
+
+*nss-3.17 (03 Sep 2014)
+
+  03 Sep 2014; Lars Wendler <polynomial-c@gentoo.org> +nss-3.17.ebuild:
+  Version bump (bug #522044).
 
 *nss-3.16.4 (12 Aug 2014)
 
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 2e9928409a00..6abfbae06e67 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -13,28 +13,31 @@ DIST nss-3.15.5.tar.gz 6367893 SHA256 1442c85624b7de74c7745132a65aa0de47d280c4f0
 DIST nss-3.16.3.tar.gz 6426732 SHA256 657711ff7a4058043b69019a66f44101d0234eae2b6b80ab900439dbf02add60 SHA512 2e829b021319a9d8c0cedec742f84c54815eed8e3b1042b5045f08746e5768286001e9517d2b69c2a5d705cd632c98f3a9227e651a492bae3ef638cc706fe31f WHIRLPOOL bd8fe296baf79b4cad2224a921bf6d0a6b6a1f13df5b64131f59964541d2ec1ae506a79a5a3b8dc08a47c8fcdfa5eafb866727fcf26c37d4e5e91a7ebb7886b3
 DIST nss-3.16.4.tar.gz 6428795 SHA256 adcd1e655fd9508e7f13847452fd5887a835eff882e3f0d3c42dfcd651650b77 SHA512 4c600595c9f9b338d4c3c09d2db12472503d44e15e595f185eae5070003fe0cf53935b526d6bb56f5a5d0cd5c28cc6c39bfb4f6447ae35efe6ce939dce645117 WHIRLPOOL 4ac8b268650683aa5b57b33b956225b4d42fbc8c1c7e92ebae5454a31089e8eca317d26aa6b4e1c023872f6930b864e59d6b1c5ac33a846a9a75ed2f3f67641c
 DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e
+DIST nss-3.17.tar.gz 6429534 SHA256 3b1abcd8f89211dda2cc739bfa76552d080f7ea80482ef2727b006548a7f0c81 SHA512 43e622782c5fee313433b564e426162e78a92da3c0218bc6bea7f6e438318661c00aeb2c188d58072e734a01d0cf74d8e6fb1dddf22d8fe7a812aab7e458a9ba WHIRLPOOL c59bf497a51db0e21adfef8f87e3dfa4e0e19279d479013fd595cbb09f6c4890ce2e98aed5c91c0f5bbd51f1f5ef5345b81bc6211c9f9fd07ac2c704476e3590
+DIST nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 27506 SHA256 50d9ec26a75835e900302f631456e278e13d4b435b8f98aa69f79dd439ddc6ab SHA512 0158a140f112a905f7db5a4f4d04f49f6742db1d2665ddf6c32913c367f0b93a57f86ba13b9883a42a528aff44c48196941d7c0fd7a27005db6adaf07802e501 WHIRLPOOL 279ef11d2d6f0cb7c192189d64bc6971cdada7417b93a65a3ff0ba4548b736b53b9812803024c2349114e94e0864f2b58c23812687ed3f75cf28334b0f6e11ac
 DIST nss-pem-3ade37c5c4ca5a6094e3f4b2e4591405db1867dd.tar.bz2 28849 SHA256 0388cb01d6158fad92b6ee13241531c7dba66a4be64e85160ded212c3febadc4 SHA512 6994bd7435ad0cff9f5aed509c5f7ea438a6829188bea94d57020e8df6d75631b289363b6f68c3c96da67c958af967c624147d3604b734d8f0b57688f74e7c95 WHIRLPOOL a168e137981f4bc4cc6735bcc234b3fe14ea0cc91768926cdaae3f124ba1dfcd06be029c3805ded20df600c8655bb2d97beb69a0c6b7f2441e7ee4c651cd7868
 EBUILD nss-3.15.4.ebuild 7497 SHA256 9e9f714c0dad52e14b147d272ceff71376d8b45725e7563b1af84afb49768209 SHA512 0b95499c659774c86ea9ad66ead30d942b8c656339b0cc4cb52aae12f6826b3996d33b9424b0a5e7bc54c08af776151dfb5f8e5ddcb4be934eb8245cb679b7dc WHIRLPOOL df8a3c6f7fd45f92e5430ec27ed2ff240e59113d52ea1125689f9eee9d75b7fbdbb50a41f3e65ad0cd6c459aea109764a5465a0aa5612ca3be08bd6ddf1b1c65
 EBUILD nss-3.15.5.ebuild 7822 SHA256 d8714ec8b486583c7aae0c5605cc6e89f96a1e014343668ae2fcd2a2374695a3 SHA512 1aa2aecacf610920fbb0315ea307d6cb2e907949e6771922d5ddc04857a3e7fca9c5c052d74283b83a13f077d5f640c0527801ac0a704d107a8386f4ab31af02 WHIRLPOOL 9c36b00cf81e4994984e55a21f686848d8808ddbfa3fc2f7d8c766c185472895525b83eed63a1337169398b88dc8ec8e074420872649a96de27923ea1175ba0b
 EBUILD nss-3.16.3.ebuild 9209 SHA256 96458cd5533b167c2e33f51772710e63e33f22e9f8e049219d7403bcd0bccb03 SHA512 3451e08e0ab19b2081d19ae878c518782f8d0421c1f0f8e0e9c154ce6c2e72a74bedd61db4d0f489d5e9b3a0fa6c3c514b446099de8cf8933da5a74f7a27d4b0 WHIRLPOOL 0a8e627dcb579db0bb18a1eab8f592888327852805c6cb46c1572a4f1c11fcc50391c5fcb2b48bcb10ae255c06ff4fc2942169f358be5310f0cba3e50f94cd2e
 EBUILD nss-3.16.4.ebuild 9223 SHA256 d6b6afd355f1f675a8595eb0cd485e7df6257835c473002aff380317bc3a5f68 SHA512 5d6b0449204f8e1bb3d71fe07e2c1432e99b53477496b17df3d66949fbbcc781b416bdd7ff2e1644d36c8629d0cbf51e4eb4df69f83511b2229dca18cd25810f WHIRLPOOL c38c5043ec27f6998dc903423d29a3f4bb0f0aec055ea19945c4b48b8e4492ad299d37ea0c13d2f37415b053b95d2536e4dcb7ff0293af73e609d6a36ed3b7de
 EBUILD nss-3.16.ebuild 7732 SHA256 63f6fd9148ca01e1aa518c2470a2bb00672553f879601456c8ceff7881579db1 SHA512 a0300601a5d71bce6882dccc4527397d6ebcdee34bf1805d15c064b582e2dade90752b4cfba2818d61dd02ec36ae0e97bd441736ecb5dfdc71561e456e259cc2 WHIRLPOOL 1b9046fc91a69005d65a7624bf2bda682618d52ef69ec98a8e7f0641ac17b5356f8ba931a5e84ae6a85c0a2245649c0c30e75c6ef599db4c741adcad98e5d910
-MISC ChangeLog 48382 SHA256 eea55f74df0ac0bded694b448da68574049e9c97ab17df0def4fb23dbb12a80e SHA512 ef5f84e036f077948f99cf9f3af27e496eb78fa481031980e53caa40d906b5de6d268e5140cb13e806a94c1b5b2f11fe4e364afcb97fdaaab18fd9a526d39e21 WHIRLPOOL 365346e10b94ca2f5080097823ca60cbea68a86e35547b5e796a04a4c3405e33791126169d96e1b6f4e73487c6c559d80cbefb8c37ee74d087bd75f18742a65a
+EBUILD nss-3.17.ebuild 9221 SHA256 23f447774832a49d584a89233de186398305d6e6dfac19ff589d659d68e526ce SHA512 4dff1c22c0965f47d32404872ff8bc057ebb74c515fd965d89a5b08fce1afa81248505a6f21cbef3c86bf449edefe898920a2a4f29f259487ebf4dbd57ba7300 WHIRLPOOL 70e97f9471ae415c4aef1cb6dd0d99eb81c25eec36a68e7a64608aa2b4f99ee0b86120b76b2234e72c53d02ec37246f568e99be980253ad02c29af6acd0f2e9a
+MISC ChangeLog 48510 SHA256 acb4d256a0193f9479a8483eb41f09b8788ea90e47e57e766b16f4da1cc6f3ad SHA512 ecb9c66c1c4afbca7c25235901ae7414f39f7e9b153015be4ecfcfc8b861e8ed59cdcdc72915f01dd6a81dd4a43f59e0302132bf191611241cfa726d3b6ac1c9 WHIRLPOOL ac257efe8070543bc2d926856edde99f335086bf05d60dd903abdc837b3807856b6f056891794d56e9b6f7c957b5b6751b268b8a2cd0f9f15332bd66864914e7
 MISC metadata.xml 545 SHA256 d3a7dfb4b9f063b343b42b3002d3722ee44aea8a47154fa2158533aa94a5a258 SHA512 4da88948d5b637093646300bab0105c642968b2c9693939be6b75b5d24f02bd9b2cc5f13ae18594b9b00fa8dfe02e5d6959c13021124cd027007649787aec750 WHIRLPOOL 0879625ef92b2db563e5a1b434176bab08846e815fbf0c963a23b3ca228b3525dc80f6e7940a303fc1dd47403416c67811ed09d00f29a431abc4979865b67ff9
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJT6oNnAAoJEPiazRVxLXTFtKEQAJoPn797XnYc+fi/iNmykzpH
-gwJmirwfpsEe1VFNyCIZsVUC4z621mQVhBW1mLti3jBMQefQrLbMm2r1oW2xbfZm
-/vu8nSJNKqJQKnUi8YDppAbZzFq89b2OACkP4aAHsZ3e6JbYuEAIaL7QZ4tOLKUJ
-C5Wi6jRxbiCJ1OojVrd0bTOFyKoJTU0yzaLvUCUwltKsaO33URvvw5TfTbFGvbhn
-pEucV5Gn0t6ST2IvNnPON7sPokytJwfH2z/jwcA5nnv67AIf/P27EDCIBluVqCne
-M1R7LiViuR6umih7c0LG2XnN3t79+grIOAxEnYMuHGwMkjmgMscAro89RNaj7jjJ
-ahV+syiEvtgtk8KJ03NubW+U7xXHwmzsquyCdb33y7Jt76Nissgt+2DtQ/zZdxL2
-Hw2WHqHG5NU5D5aQPd+ODrB+Zx+lP6bAEzo5puE9ojYjan6nNh1BNVVMg1/Mf3Y6
-QOYEhksseJovwkkBvDY6i8B7sH2fmOEDFotk/GQA0COfonBNkTR6s+t0m8iGRlBY
-VU97ieEvbVSLnhbBgDuo6RCmUttl0CWkO4JOcw4GCzclB5EbHteLboY5J7Fhi+VC
-1tMP13F9cc4q1xBJH8FrBIW8c9sQAMzQ/OqgTVA4QfLbDVJM1m+Q3NzzQ0GSqeca
-vnfsliOx7xX+cA99ftjf
-=EGtS
+iQIcBAEBCAAGBQJUBz2BAAoJEPiazRVxLXTF7awQAN/bnlFnXIFzpqVkKeAPND2i
+wIUIWBtQa7aezHqj7KBlqzjlg2mJ9M7oNqN5D3g5MRlJUWFY1FlmmzL+djRSwoGD
+RtQzwzDD4m+amBbeG/hevFPUScShMsPilo29fp60ecdSnwsRfO1sfMjuLyEoaH9n
+PmTLQbjKnL+03lrCf3Kh42fGZTray4OneA1Usrk3nHG0IDcW+dJ00jiFnSpHBPCZ
+YpDhEDj1Hv84AG9+H4jrgGLhaq58QP0j4+9ZefNdfo55hCiGJolqRyp85DetjPlV
+Jf6peOum4K1UQZ69SbbudL5ARawIKFRSPEJ6EVIgxqJNTGKOc/QAahP+UXGWrK83
+SsCNaDkcsXA292RsyKDjqLPM/wpUjGRZoSPFGQxcAW5zbke0ihozC12D0tyxKwqD
+emU1jj99E7joSv9ZXV4Z86xftjMYbhTDnv7O08B9MnQqqL5RnCRLE9tCSvBOTy29
+bjH5dvMCFQEINUgXFe0n74mTzDUKCMltT3fs3Joi9LcpVg3Re9ahBBOItwlJRGmn
+A4JVeu8GGmLaF1IL1qBlXlVqEbOWLAF7UC1FGzTkh+iftku7D72d8HToe7ZVdING
+JfX+C/mXP+D+/NzKNjNRVjGQSphK9EqktyPZLfJhrMKXWvUHAVH9K1cEj0cmUKfz
+jqWFCRZ2gBYXwAvtdIrM
+=/UO4
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/nss/nss-3.17.ebuild b/dev-libs/nss/nss-3.17.ebuild
new file mode 100644
index 000000000000..f748bc2d13f1
--- /dev/null
+++ b/dev-libs/nss/nss-3.17.ebuild
@@ -0,0 +1,320 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.17.ebuild,v 1.1 2014/09/03 16:10:40 polynomial-c Exp $
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+
+NSPR_VER="4.10.6-r1"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="015ae754dd9f6fbcd7e52030ec9732eb27fc06a8"
+PEM_P="${PN}-pem-${PEM_GIT_REV}"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+	cacert? ( http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch )
+	nss-pem? ( https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cacert +nss-pem utils"
+
+DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
+	>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r12
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/nss-config
+)
+
+src_unpack() {
+	unpack ${A}
+	if use nss-pem ; then
+		mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+	fi
+}
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
+	epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+	use cacert && epatch "${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+	use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
+	epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+
+	pushd coreconf >/dev/null || die
+	# hack nspr paths
+	echo 'INCLUDES += -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk || die
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+	popd >/dev/null || die
+
+	# Fix pkgconfig file for Prefix
+	sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		config/Makefile || die
+
+	# use host shlibsign if need be #436216
+	if tc-is-cross-compiler ; then
+		sed -i \
+			-e 's:"${2}"/shlibsign:shlibsign:' \
+			cmd/shlibsign/sign.sh || die
+	fi
+
+	# dirty hack
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+
+	multilib_copy_sources
+
+	strip-flags
+}
+
+multilib_src_configure() {
+	# Ensure we stay multilib aware
+	sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
+}
+
+nssarch() {
+	# Most of the arches are the same as $ARCH
+	local t=${1:-${CHOST}}
+	case ${t} in
+		aarch64*)echo "aarch64";;
+		hppa*)   echo "parisc";;
+		i?86*)   echo "i686";;
+		x86_64*) echo "x86_64";;
+		*)       tc-arch ${t};;
+	esac
+}
+
+nssbits() {
+	local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+	if [[ ${1} == BUILD_ ]]; then
+		cc=$(tc-getBUILD_CC)
+	else
+		cc=$(tc-getCC)
+	fi
+	echo > "${T}"/test.c || die
+	${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
+	case $(file "${T}/${1}test.o") in
+		*32-bit*x86-64*) echo USE_X32=1;;
+		*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+		*32-bit*|*ppc*|*i386*) ;;
+		*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
+	esac
+}
+
+multilib_src_compile() {
+	# use ABI to determine bit'ness, or fallback if unset
+	local buildbits mybits
+	case "${ABI}" in
+		n32) mybits="USE_N32=1";;
+		x32) mybits="USE_X32=1";;
+		s390x|*64) mybits="USE_64=1";;
+		default) mybits=$(nssbits);;
+	esac
+	# bitness of host may differ from target
+	if tc-is-cross-compiler; then
+		buildbits=$(nssbits BUILD_)
+	fi
+
+	local makeargs=(
+		CC="$(tc-getCC)"
+		AR="$(tc-getAR) rc \$@"
+		RANLIB="$(tc-getRANLIB)"
+		OPTIMIZER=
+		${mybits}
+	)
+
+	# Take care of nspr settings #436216
+	local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
+	local myLDFLAGS="${LDFLAGS} $($(tc-getPKG_CONFIG) nspr --libs-only-L)"
+	unset NSPR_INCLUDE_DIR
+
+	# Do not let `uname` be used.
+	if use kernel_linux ; then
+		makeargs+=(
+			OS_TARGET=Linux
+			OS_RELEASE=2.6
+			OS_TEST="$(nssarch)"
+		)
+	fi
+
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export FREEBL_NO_DEPEND=1
+	export ASFLAGS=""
+
+	local d
+
+	# Build the host tools first.
+	LDFLAGS="${BUILD_LDFLAGS}" \
+	XCFLAGS="${BUILD_CFLAGS}" \
+	NSPR_LIB_DIR="${T}/fake-dir" \
+	emake -j1 -C coreconf \
+		CC="$(tc-getBUILD_CC)" \
+		${buildbits:-${mybits}}
+	makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+	# Then build the target tools.
+	for d in . lib/dbm ; do
+		CPPFLAGS="${myCPPFLAGS}" \
+		LDFLAGS="${myLDFLAGS}" \
+		XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
+		NSPR_LIB_DIR="${T}/${ABI}-fake-dir" \
+		emake -j1 "${makeargs[@]}" -C ${d}
+	done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	local i
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+multilib_src_install() {
+	pushd dist >/dev/null || die
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	cp -L -t "${ED}"/usr/$(get_libdir) */lib/{libcrmf,libfreebl}.a || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin || die
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
+
+	# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
+	# bug 517266
+	sed 	-e 's#Libs:#Libs: -lfreebl#' \
+		-e 's#Cflags:#Cflags: -I${includedir}/private#' \
+		*/lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+		|| die "could not create nss-softokn.pc"
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	insinto /usr/include/nss/private
+	doins private/nss/{blapi,alghmac}.h
+
+	popd >/dev/null || die
+
+	local f nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+
+	if multilib_is_native_abi ; then
+		if use utils; then
+			# The tests we do not need to install.
+			#nssutils_test="bltest crmftest dbtest dertimetest
+			#fipstest remtest sdrtest"
+			nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+			cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+			nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+			pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+			symkeyutil tstclnt vfychain vfyserv"
+		fi
+		pushd dist/*/bin >/dev/null || die
+		for f in ${nssutils}; do
+			dobin ${f}
+		done
+		popd >/dev/null || die
+	fi
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	local l libs=() liblist
+	for l in ${NSS_CHK_SIGN_LIBS} ; do
+		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+	done
+	liblist=$(printf '%s:' "${libs[@]}")
+	echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss-${ABI}"
+	doenvd "${T}/90nss-${ABI}"
+}
+
+pkg_postinst() {
+	multilib_pkg_postinst() {
+		# We must re-sign the libraries AFTER they are stripped.
+		local shlibsign="${EROOT}/usr/bin/shlibsign"
+		# See if we can execute it (cross-compiling & such). #436216
+		"${shlibsign}" -h >&/dev/null
+		if [[ $? -gt 1 ]] ; then
+			shlibsign="shlibsign"
+		fi
+		generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postinst
+}
+
+pkg_postrm() {
+	multilib_pkg_postrm() {
+		cleanup_chk "${EROOT}"/usr/$(get_libdir)
+	}
+
+	multilib_foreach_abi multilib_pkg_postrm
+}
author	Lars Wendler <polynomial-c@gentoo.org>	2014-09-03 16:10:41 +0000
committer	Lars Wendler <polynomial-c@gentoo.org>	2014-09-03 16:10:41 +0000
commit	ad13c905db6207555b5a7cf67381c907c785a73b (patch)
tree	27ace4d0a6119f37fe7886b91a0f459c2d82b4fe /dev-libs/nss
parent	Version bump (bug #522044). Removed old. (diff)
download	historical-ad13c905db6207555b5a7cf67381c907c785a73b.tar.gz historical-ad13c905db6207555b5a7cf67381c907c785a73b.tar.bz2 historical-ad13c905db6207555b5a7cf67381c907c785a73b.zip