blob: c606403fb85e86be8cdf5a4c90f275eca965ea13 [file] [log] [blame] [edit]
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit flag-o-matic multilib toolchain-funcs multilib-minimal
NSPR_VER="4.32"
RTM_NAME="NSS_${PV//./_}_RTM"
DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
HOMEPAGE="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
SRC_URI="https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
cacert? ( https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch )"
LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
SLOT="0"
KEYWORDS="*"
IUSE="cacert utils cpu_flags_ppc_altivec cpu_flags_ppc_vsx"
# pkg-config called by nss-config -> virtual/pkgconfig in RDEPEND
RDEPEND="
>=dev-libs/nspr-${NSPR_VER}[${MULTILIB_USEDEP}]
>=dev-db/sqlite-3.8.2[${MULTILIB_USEDEP}]
>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
virtual/pkgconfig
>=dev-libs/nss-${PV}[${MULTILIB_USEDEP}]
"
DEPEND="${RDEPEND}"
BDEPEND="dev-lang/perl"
RESTRICT="test"
S="${WORKDIR}/${P}/${PN}"
PATCHES=(
# Custom changes for gentoo
"${FILESDIR}/${PN}-3.53-gentoo-fixups.patch"
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
# CrOS specific fix crbug.com/1132030
"${FILESDIR}/${PN}-3.44-prefer-writable-tokens-for-trust.patch"
# local fix for https://bugs.gentoo.org/834846
"${FILESDIR}/${PN}-3.68.2-nss-ld-fixup.patch"
)
src_prepare() {
# use host shlibsign if need be crbug.com/884946
if tc-is-cross-compiler ; then
PATCHES+=(
"${FILESDIR}/${PN}-3.38-shlibsign-path-pollution.patch"
)
fi
default
if use cacert ; then
eapply -p2 "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
fi
pushd coreconf >/dev/null || die
# hack nspr paths
echo 'INCLUDES += -I$(DIST)/include/dbm' \
>> headers.mk || die "failed to append include"
# modify install path
sed -e '/CORE_DEPTH/s:SOURCE_PREFIX.*$:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
-i source.mk || die
# Respect LDFLAGS
sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
popd >/dev/null || die
# Fix pkgconfig file for Prefix
sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
config/Makefile || die
# use host shlibsign if need be #436216
if tc-is-cross-compiler ; then
sed -i \
-e 's:"${2}"/shlibsign:shlibsign:' \
cmd/shlibsign/sign.sh || die
fi
# dirty hack
sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
lib/ssl/config.mk || die
sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
cmd/platlibs.mk || die
multilib_copy_sources
strip-flags
}
multilib_src_configure() {
# Ensure we stay multilib aware
sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" config/Makefile || die
}
nssarch() {
# Most of the arches are the same as $ARCH
local t=${1:-${CHOST}}
case ${t} in
*86*-pc-solaris2*) echo "i86pc" ;;
aarch64*) echo "aarch64" ;;
hppa*) echo "parisc" ;;
i?86*) echo "i686" ;;
x86_64*) echo "x86_64" ;;
*) tc-arch ${t} ;;
esac
}
nssbits() {
local cc cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
if [[ ${1} == BUILD_ ]]; then
cc=$(tc-getBUILD_CC)
else
cc=$(tc-getCC)
fi
echo > "${T}"/test.c || die
${cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}/${1}test.o" || die
case $(file "${T}/${1}test.o") in
*32-bit*x86-64*) echo USE_X32=1;;
*64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
*32-bit*|*ppc*|*i386*) ;;
*) die "Failed to detect whether ${cc} builds 64bits or 32bits, disable distcc if you're using it, please";;
esac
}
multilib_src_compile() {
# use ABI to determine bit'ness, or fallback if unset
local buildbits mybits
case "${ABI}" in
n32) mybits="USE_N32=1";;
x32) mybits="USE_X32=1";;
s390x|*64) mybits="USE_64=1";;
${DEFAULT_ABI})
einfo "Running compilation test to determine bit'ness"
mybits=$(nssbits)
;;
esac
# bitness of host may differ from target
if tc-is-cross-compiler; then
buildbits=$(nssbits BUILD_)
fi
local makeargs=(
CC="$(tc-getCC)"
CCC="$(tc-getCXX)"
AR="$(tc-getAR) rc \$@"
RANLIB="$(tc-getRANLIB)"
OPTIMIZER=
${mybits}
)
# Take care of nspr settings #436216
local myCPPFLAGS="${CPPFLAGS} $($(tc-getPKG_CONFIG) nspr --cflags)"
unset NSPR_INCLUDE_DIR
export NSS_ALLOW_SSLKEYLOGFILE=1
export NSS_ENABLE_WERROR=0 #567158
export BUILD_OPT=1
export NSS_USE_SYSTEM_SQLITE=1
export NSDISTMODE=copy
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSS_SEED_ONLY_DEV_URANDOM=1
export USE_SYSTEM_ZLIB=1
export ZLIB_LIBS=-lz
export ASFLAGS=""
# Fix build failure on arm64
export NS_USE_GCC=1
# Detect compiler type and set proper environment value
if tc-is-gcc; then
export CC_IS_GCC=1
elif tc-is-clang; then
export CC_IS_CLANG=1
fi
# explicitly disable altivec/vsx if not requested
# https://bugs.gentoo.org/789114
case ${ARCH} in
ppc*)
use cpu_flags_ppc_altivec || export NSS_DISABLE_ALTIVEC=1
use cpu_flags_ppc_vsx || export NSS_DISABLE_CRYPTO_VSX=1
;;
esac
local d
# Build the host tools first.
LDFLAGS="${BUILD_LDFLAGS}" \
XCFLAGS="${BUILD_CFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 -C coreconf \
CC="$(tc-getBUILD_CC)" \
${buildbits-${mybits}}
makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
# Then build the target tools.
for d in . lib/dbm ; do
CPPFLAGS="${myCPPFLAGS}" \
XCFLAGS="${CFLAGS} ${CPPFLAGS}" \
NSPR_LIB_DIR="${T}/fakedir" \
emake -j1 "${makeargs[@]}" -C ${d} OS_TEST="$(nssarch)"
done
}
multilib_src_install() {
local f nssutils
# The tests we do not need to install.
#nssutils_test="bltest crmftest dbtest dertimetest
#fipstest remtest sdrtest"
# checkcert utils has been removed in nss-3.22:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1187545
# https://hg.mozilla.org/projects/nss/rev/df1729d37870
# certcgi has been removed in nss-3.36:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1426602
nssutils=(
addbuiltin
atob
baddbdir
btoa
certutil
cmsutil
conflict
crlutil
derdump
digest
makepqg
mangle
modutil
multinit
nonspr10
ocspclnt
oidcalc
p7content
p7env
p7sign
p7verify
pk11mode
pk12util
pp
rsaperf
selfserv
signtool
signver
ssltap
strsclnt
symkeyutil
tstclnt
vfychain
vfyserv
)
pushd dist/*/bin >/dev/null || die
into /usr/local
for f in "${nssutils[@]}"; do
dobin "${f}"
done
popd >/dev/null || die
}