dev-libs/nss: upgrade to 3.73
Upgrade the dev-libs part of nss package to 3.73 to
get the fix for CVE-2021-43527.
BUG=b/211098383
TEST=presubmit
RELEASE_NOTE=Fixes CVE-2021-43527.
cos-patch: security-high
Change-Id: Ie234ba1bbda598c1ad92b3cb234e8ec9966887c4
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/chromiumos-overlay/+/26807
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Meena Shanmugam <meenashanmugam@google.com>
diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
index 41bc2ef..7901893 100644
--- a/dev-libs/nss/Manifest
+++ b/dev-libs/nss/Manifest
@@ -1,3 +1,2 @@
-DIST nss-3.44.tar.gz 23474704 BLAKE2B 8e3b49c7dd4ca1795eff0af55bcf8c8586a5658f0d671306d166dd8d758cc056858dbaf028d5e4ea4bba40e473aa246251f07ed7108bc2f40990b53aea40a1a6 SHA512 c4d7343a66f91c5888a121e266d1f1471da798a21d608a29caf598a828725e4bf9ea7411a105b23335f20bd7c12788dad567922ceeaebeb0c98fbf9bbe4006f7
-DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
-DIST nss-pem-20160329.tar.xz 27732 BLAKE2B 7c23133a7bfb969d8eac98fb6311e76ab60c5d6601c7329f3c492da30c017e66d64a1f8bc827dd36e52e65c1a1ec02b58816442aaf410345c5ed759a02264b84 SHA512 5834b06e4c64205447573d4f4c8989e20986ae67ee00eebce3817eb73794a6355a404143ba1c676ec302ceefaf9df103cb879b1d4ff14ba4e3790dbee3e40eb2
+DIST nss-3.73.tar.gz 83928905 BLAKE2B 64c95a04c366dc3d57c42ddb105b3afe5b4b579b3fdb554ffa684f74f5c203b136213a1a67a554756be605722ac03c15cee766afba6edf2c7c0b2162a8181ec5 SHA512 84b6e4ce8838f77674a5587cd227fa103c80f1b36c8bfb9b60a175157f131e59153c79ee77b29feffa57f49b217a90a8a091ee368eb0bc03312894e386a4c01b
+DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/dev-libs/nss/files/nss-3.21-enable-pem.patch b/dev-libs/nss/files/nss-3.21-enable-pem.patch
deleted file mode 100644
index e6de275..0000000
--- a/dev-libs/nss/files/nss-3.21-enable-pem.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- nss/lib/ckfw/manifest.mn
-+++ nss/lib/ckfw/manifest.mn
-@@ -5,7 +5,7 @@
-
- CORE_DEPTH = ../..
-
--DIRS = builtins
-+DIRS = builtins pem
-
- PRIVATE_EXPORTS = \
- ck.h \
diff --git a/dev-libs/nss/files/nss-3.53-gentoo-fixups.patch b/dev-libs/nss/files/nss-3.53-gentoo-fixups.patch
new file mode 100644
index 0000000..2d8bdb6
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.53-gentoo-fixups.patch
@@ -0,0 +1,290 @@
+From 1b3c48499abb000d708abe5f05413c1f4155e086 Mon Sep 17 00:00:00 2001
+From: Jory Pratt <anarchy@gentoo.org>
+Date: Mon, 8 Jun 2020 12:22:29 -0500
+Subject: [PATCH] Add pkg-config and nss-config for Gentoo
+
+---
+ Makefile | 15 +----
+ config/Makefile | 40 ++++++++++++
+ config/nss-config.in | 145 +++++++++++++++++++++++++++++++++++++++++++
+ config/nss.pc.in | 12 ++++
+ manifest.mn | 2 +-
+ 5 files changed, 200 insertions(+), 14 deletions(-)
+ create mode 100644 config/Makefile
+ create mode 100644 config/nss-config.in
+ create mode 100644 config/nss.pc.in
+
+diff --git a/Makefile b/Makefile
+index eb4ed1a..f979d90 100644
+--- a/Makefile
++++ b/Makefile
+@@ -4,6 +4,8 @@
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
++default: nss_build_all
++
+ #######################################################################
+ # (1) Include initial platform-independent assignments (MANDATORY). #
+ #######################################################################
+@@ -48,12 +50,9 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ #######################################################################
+
+ nss_build_all:
+- $(MAKE) build_nspr
+ $(MAKE) all
+- $(MAKE) latest
+
+ nss_clean_all:
+- $(MAKE) clobber_nspr
+ $(MAKE) clobber
+
+ NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status
+@@ -138,16 +137,6 @@ $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
+ --prefix='$(NSS_GYP_PREFIX)'
+ endif
+
+-build_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests
+-
+-install_nspr: build_nspr
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
+-
+-clobber_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
+-
+ build_docs:
+ $(MAKE) -C $(CORE_DEPTH)/doc
+
+diff --git a/config/Makefile b/config/Makefile
+new file mode 100644
+index 0000000..aaf1991
+--- /dev/null
++++ b/config/Makefile
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = $(shell grep -F "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}')
++NSS_MINOR_VERSION = $(shell grep -F "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}')
++NSS_PATCH_VERSION = $(shell grep -F "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}')
++PREFIX = /usr
++
++all: export libs
++
++export:
++ # Create the nss.pc file
++ mkdir -p $(DIST)/lib/pkgconfig
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@exec_prefix@,\$${prefix}," \
++ -e "s,@libdir@,\$${prefix}/lib64," \
++ -e "s,@includedir@,\$${prefix}/include/nss," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss.pc.in > nss.pc
++ chmod 0644 nss.pc
++ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
++
++ # Create the nss-config script
++ mkdir -p $(DIST)/bin
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss-config.in > nss-config
++ chmod 0755 nss-config
++ ln -sf ../../../config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+diff --git a/config/nss-config.in b/config/nss-config.in
+new file mode 100644
+index 0000000..3a957b8
+--- /dev/null
++++ b/config/nss-config.in
+@@ -0,0 +1,145 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++ cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++ [--prefix[=DIR]]
++ [--exec-prefix[=DIR]]
++ [--includedir[=DIR]]
++ [--libdir[=DIR]]
++ [--version]
++ [--libs]
++ [--cflags]
++Dynamic Libraries:
++ nss
++ ssl
++ smime
++ nssutil
++EOF
++ exit $1
++}
++
++if test $# -eq 0; then
++ usage 1 1>&2
++fi
++
++lib_ssl=yes
++lib_smime=yes
++lib_nss=yes
++lib_nssutil=yes
++
++while test $# -gt 0; do
++ case "$1" in
++ -*=*) optarg=$(echo "$1" | sed 's/[-_a-zA-Z0-9]*=//') ;;
++ *) optarg= ;;
++ esac
++
++ case $1 in
++ --prefix=*)
++ prefix=${optarg}
++ ;;
++ --prefix)
++ echo_prefix=yes
++ ;;
++ --exec-prefix=*)
++ exec_prefix=${optarg}
++ ;;
++ --exec-prefix)
++ echo_exec_prefix=yes
++ ;;
++ --includedir=*)
++ includedir=${optarg}
++ ;;
++ --includedir)
++ echo_includedir=yes
++ ;;
++ --libdir=*)
++ libdir=${optarg}
++ ;;
++ --libdir)
++ echo_libdir=yes
++ ;;
++ --version)
++ echo ${major_version}.${minor_version}.${patch_version}
++ ;;
++ --cflags)
++ echo_cflags=yes
++ ;;
++ --libs)
++ echo_libs=yes
++ ;;
++ ssl)
++ lib_ssl=yes
++ ;;
++ smime)
++ lib_smime=yes
++ ;;
++ nss)
++ lib_nss=yes
++ ;;
++ nssutil)
++ lib_nssutil=yes
++ ;;
++ *)
++ usage 1 1>&2
++ ;;
++ esac
++ shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "${exec_prefix}"; then
++ exec_prefix=$(pkg-config --variable=exec_prefix nss)
++fi
++if test -z "${includedir}"; then
++ includedir=$(pkg-config --variable=includedir nss)
++fi
++if test -z "${libdir}"; then
++ libdir=$(pkg-config --variable=libdir nss)
++fi
++
++if test "${echo_prefix}" = "yes"; then
++ echo ${prefix}
++fi
++
++if test "${echo_exec_prefix}" = "yes"; then
++ echo ${exec_prefix}
++fi
++
++if test "${echo_includedir}" = "yes"; then
++ echo ${includedir}
++fi
++
++if test "${echo_libdir}" = "yes"; then
++ echo ${libdir}
++fi
++
++if test "${echo_cflags}" = "yes"; then
++ echo -I${includedir}
++fi
++
++if test "${echo_libs}" = "yes"; then
++ libdirs=""
++ if test -n "${lib_ssl}"; then
++ libdirs="${libdirs} -lssl${major_version}"
++ fi
++ if test -n "${lib_smime}"; then
++ libdirs="${libdirs} -lsmime${major_version}"
++ fi
++ if test -n "${lib_nss}"; then
++ libdirs="${libdirs} -lnss${major_version}"
++ fi
++ if test -n "${lib_nssutil}"; then
++ libdirs="${libdirs} -lnssutil${major_version}"
++ fi
++ echo ${libdirs}
++fi
++
+diff --git a/config/nss.pc.in b/config/nss.pc.in
+new file mode 100644
+index 0000000..03f1e39
+--- /dev/null
++++ b/config/nss.pc.in
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.25
++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
++Cflags: -I${includedir}
++
+diff --git a/manifest.mn b/manifest.mn
+index dada8ab..72dc9b3 100644
+--- a/manifest.mn
++++ b/manifest.mn
+@@ -10,7 +10,7 @@ IMPORTS = nspr20/v4.8 \
+
+ RELEASE = nss
+
+-DIRS = coreconf lib cmd cpputil gtests
++DIRS = coreconf lib cmd cpputil config
+
+ lib: coreconf
+ cmd: lib
+--
+2.26.2
+
diff --git a/dev-libs/nss/nss-3.44-r6.ebuild b/dev-libs/nss/nss-3.44-r6.ebuild
deleted file mode 120000
index c39d1a0..0000000
--- a/dev-libs/nss/nss-3.44-r6.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-nss-3.44-r2.ebuild
\ No newline at end of file
diff --git a/dev-libs/nss/nss-3.73-r1.ebuild b/dev-libs/nss/nss-3.73-r1.ebuild
new file mode 120000
index 0000000..84f63b0
--- /dev/null
+++ b/dev-libs/nss/nss-3.73-r1.ebuild
@@ -0,0 +1 @@
+nss-3.73.ebuild
\ No newline at end of file
diff --git a/dev-libs/nss/nss-3.44-r2.ebuild b/dev-libs/nss/nss-3.73.ebuild
similarity index 76%
rename from dev-libs/nss/nss-3.44-r2.ebuild
rename to dev-libs/nss/nss-3.73.ebuild
index 27489d5..34c8539 100644
--- a/dev-libs/nss/nss-3.44-r2.ebuild
+++ b/dev-libs/nss/nss-3.73.ebuild
@@ -1,34 +1,31 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
-inherit eutils flag-o-matic multilib toolchain-funcs multilib-minimal
+inherit flag-o-matic multilib toolchain-funcs multilib-minimal
-NSPR_VER="4.16"
+NSPR_VER="4.32"
RTM_NAME="NSS_${PV//./_}_RTM"
-# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
-PEM_GIT_REV="429b0222759d8ad8e6dcd29e62875ae3efd69116"
-PEM_P="${PN}-pem-20160329"
DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
-HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
- cacert? ( https://dev.gentoo.org/~axs/distfiles/${PN}-cacert-class1-class3.patch )
- nss-pem? ( https://dev.gentoo.org/~polynomial-c/${PEM_P}.tar.xz )"
+ cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
SLOT="0"
KEYWORDS="*"
-IUSE="cacert cros_host +nss-pem utils"
-CDEPEND=">=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
- >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]"
-DEPEND=">=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
+# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
+RDEPEND="
>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}"
-RDEPEND=">=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
- ${CDEPEND}
- !<app-crypt/nss-${PV}[${MULTILIB_USEDEP}]"
+ >=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
+ >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+ virtual/pkgconfig
+"
+DEPEND="${RDEPEND}"
+BDEPEND="dev-lang/perl"
RESTRICT="test"
@@ -40,39 +37,25 @@
PATCHES=(
# Custom changes for gentoo
- "${FILESDIR}/${PN}-3.32-gentoo-fixups.patch"
+ "${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
"${FILESDIR}/${PN}-3.44-prefer-writable-tokens-for-trust.patch"
)
-src_unpack() {
- unpack ${A}
- if use nss-pem ; then
- mv "${PN}"/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
- fi
-}
-
src_prepare() {
- if use nss-pem ; then
- PATCHES+=(
- "${FILESDIR}/${PN}-3.21-enable-pem.patch"
- )
+ default
+
+ if use cacert ; then
+ eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
fi
- if use cacert ; then #521462
- PATCHES+=(
- "${DISTDIR}/${PN}-cacert-class1-class3.patch"
- )
- fi
- # use host shlibsign if need be crbug.com/884946
+
if tc-is-cross-compiler ; then
PATCHES+=(
"${FILESDIR}/${PN}-3.38-shlibsign-path-pollution.patch"
)
fi
- default
-
pushd coreconf >/dev/null || die
# hack nspr paths
echo 'INCLUDES += -I$(DIST)/include/dbm' \
@@ -104,11 +87,11 @@
cmd/platlibs.mk || die
multilib_copy_sources
+
+ strip-flags
}
multilib_src_configure() {
- cros_optimize_package_for_speed
-
# Ensure we stay multilib aware
sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
}
@@ -117,11 +100,12 @@
# Most of the arches are the same as $ARCH
local t=${1:-${CHOST}}
case ${t} in
- aarch64*)echo "aarch64";;
- hppa*) echo "parisc";;
- i?86*) echo "i686";;
- x86_64*) echo "x86_64";;
- *) tc-arch ${t};;
+ *86*-pc-solaris2*) echo "i86pc" ;;
+ aarch64*) echo "aarch64" ;;
+ hppa*) echo "parisc" ;;
+ i?86*) echo "i686" ;;
+ x86_64*) echo "x86_64" ;;
+ *) tc-arch ${t} ;;
esac
}
@@ -172,24 +156,34 @@
local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
unset NSPR_INCLUDE_DIR
- # Do not let `uname` be used.
- if use kernel_linux ; then
- makeargs+=(
- OS_TARGET=Linux
- OS_RELEASE=2.6
- OS_TEST="$(nssarch)"
- )
- fi
-
+ export NSS_ALLOW_SSLKEYLOGFILE=1
export NSS_ENABLE_WERROR=0 #567158
export BUILD_OPT=1
export NSS_USE_SYSTEM_SQLITE=1
export NSDISTMODE=copy
- export NSS_ENABLE_ECC=1
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSS_SEED_ONLY_DEV_URANDOM=1
+ export USE_SYSTEM_ZLIB=1
+ export ZLIB_LIBS=-lz
export ASFLAGS=""
+ # Fix build failure on arm64
+ export NS_USE_GCC=1
+ # Detect compiler type and set proper environment value
+ if tc-is-gcc; then
+ export CC_IS_GCC=1
+ elif tc-is-clang; then
+ export CC_IS_CLANG=1
+ fi
+
+ # explicitly disable altivec/vsx if not requested
+ # https://bugs.gentoo.org/789114
+ case ${ARCH} in
+ ppc*)
+ use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
+ use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
+ ;;
+ esac
local d
@@ -199,7 +193,7 @@
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 -C coreconf \
CC="$(tc-getBUILD_CC)" \
- ${buildbits:-${mybits}}
+ ${buildbits-${mybits}}
makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
# Then build the target tools.
@@ -207,7 +201,7 @@
CPPFLAGS="${myCPPFLAGS}" \
XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
- emake -j1 "${makeargs[@]}" -C ${d}
+ emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
done
}
@@ -262,30 +256,30 @@
pushd dist >/dev/null || die
dodir /usr/$(get_libdir)
- cp -L */lib/*$(get_libname) "${ED%/}"/usr/$(get_libdir) || die "copying shared libs failed"
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
local i
for i in crmf freebl nssb nssckfw ; do
- cp -L */lib/lib${i}.a "${ED%/}"/usr/$(get_libdir) || die "copying libs failed"
+ cp -L */lib/lib${i}.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
done
# Install nss-config and pkgconfig file
dodir /usr/bin
- cp -L */bin/nss-config "${ED%/}"/usr/bin || die
+ cp -L */bin/nss-config "${ED}"/usr/bin || die
dodir /usr/$(get_libdir)/pkgconfig
- cp -L */lib/pkgconfig/nss.pc "${ED%/}"/usr/$(get_libdir)/pkgconfig || die
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig || die
# create an nss-softokn.pc from nss.pc for libfreebl and some private headers
# bug 517266
sed -e 's#Libs:#Libs: -lfreebl#' \
-e 's#Cflags:#Cflags: -I${includedir}/private#' \
- */lib/pkgconfig/nss.pc >"${ED%/}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
+ */lib/pkgconfig/nss.pc >"${ED}"/usr/$(get_libdir)/pkgconfig/nss-softokn.pc \
|| die "could not create nss-softokn.pc"
# all the include files
insinto /usr/include/nss
doins public/nss/*.{h,api}
insinto /usr/include/nss/private
- doins private/nss/{blapi,alghmac}.h
+ doins private/nss/{blapi,alghmac,cmac}.h
popd >/dev/null || die
@@ -353,13 +347,19 @@
# shlibsign after prelink.
dodir /etc/prelink.conf.d
printf -- "-b ${EPREFIX}/usr/$(get_libdir)/lib%s.so\n" ${NSS_CHK_SIGN_LIBS} \
- > "${ED%/}"/etc/prelink.conf.d/nss.conf
+ > "${ED}"/etc/prelink.conf.d/nss.conf
}
pkg_postinst() {
multilib_pkg_postinst() {
# We must re-sign the libraries AFTER they are stripped.
- generate_chk shlibsign "${EROOT}/usr/$(get_libdir)"
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
}
multilib_foreach_abi multilib_pkg_postinst