Add dev-libs/nss SCM

No cleanup for now

4 files changed, 444 insertions, 0 deletions

diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest
new file mode 100644
index 0000000..cf0ed4e
--- /dev/null
+++ b/dev-libs/nss/Manifest
@@ -0,0 +1,3 @@
+AUX fixup-warnings.patch 297 RMD160 5efdb10d8d6c5794914c259d3f63875cc539ebf5 SHA1 d6041a9a124728306c607531f90192d5ef5a433c SHA256 fa10039990cbca86908027036435e5d44afcc4c5c1470594dc76a7a16726e4e9
+AUX nss-config-pkgconfig.patch 6554 RMD160 ee74932d7a6a1d574cb9cdeec644774ede0332cd SHA1 06c51d85e6380d5279014d302eec2cf8bf58ec32 SHA256 33aefad7408ec14ff517dfb77fb8698e52b1400ff4f0d355881482bd24a78c0b
+EBUILD nss-9999.ebuild 5728 RMD160 6a090f8f98d66f2d48659571837fc302da7b47c4 SHA1 26fe963c87a4fb293f2c1f7f71cd62c2c6499e13 SHA256 d533bb8fd905d9a9f36e15c95777a25e44c96d24e83caf62aae96eed8d569b32
diff --git a/dev-libs/nss/files/fixup-warnings.patch b/dev-libs/nss/files/fixup-warnings.patch
new file mode 100644
index 0000000..826124e
--- /dev/null
+++ b/dev-libs/nss/files/fixup-warnings.patch
@@ -0,0 +1,8 @@
+--- nss-3.12.6b/mozilla/security/coreconf/Linux.mk-old	2010-02-11 12:43:26.000000000 -0600
++++ nss-3.12.6b/mozilla/security/coreconf/Linux.mk	2010-02-14 09:13:53.962449644 -0600
+@@ -120,6 +120,7 @@
+ ifdef MOZ_DEBUG_SYMBOLS
+ 	OPTIMIZER  += -gstabs+
+ endif
++OPTIMIZER += -fno-strict-aliasing
+ endif
diff --git a/dev-libs/nss/files/nss-config-pkgconfig.patch b/dev-libs/nss/files/nss-config-pkgconfig.patch
new file mode 100644
index 0000000..6a4c8b0
--- /dev/null
+++ b/dev-libs/nss/files/nss-config-pkgconfig.patch
@@ -0,0 +1,243 @@
+diff -urN nss-3.12.5-orig/mozilla/security/nss/config/Makefile nss-3.12.5/mozilla/security/nss/config/Makefile
+--- nss-3.12.5-orig/mozilla/security/nss/config/Makefile	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.12.5/mozilla/security/nss/config/Makefile	2009-09-14 21:45:45.619639265 -0500
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ../..
++DEPTH      = ../..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
++PREFIX = /usr
++
++all: export libs
++
++export:
++	# Create the nss.pc file
++	mkdir -p $(DIST)/lib/pkgconfig
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@exec_prefix@,\$${prefix}," \
++	    -e "s,@libdir@,\$${prefix}/gentoo/nss," \
++	    -e "s,@includedir@,\$${prefix}/include/nss," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss.pc.in > nss.pc
++	chmod 0644 nss.pc
++	ln -sf ../../../../../security/nss/config/nss.pc $(DIST)/lib/pkgconfig
++
++	# Create the nss-config script
++	mkdir -p $(DIST)/bin
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss-config.in > nss-config
++	chmod 0755 nss-config
++	ln -sf ../../../../security/nss/config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss-config.in nss-3.12.5/mozilla/security/nss/config/nss-config.in
+--- nss-3.12.5-orig/mozilla/security/nss/config/nss-config.in	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.12.5/mozilla/security/nss/config/nss-config.in	2009-09-14 21:47:45.190638078 -0500
+@@ -0,0 +1,145 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++	cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++	[--prefix[=DIR]]
++	[--exec-prefix[=DIR]]
++	[--includedir[=DIR]]
++	[--libdir[=DIR]]
++	[--version]
++	[--libs]
++	[--cflags]
++Dynamic Libraries:
++	nss
++	ssl
++	smime
++	nssutil
++EOF
++	exit $1
++}
++
++if test $# -eq 0; then
++	usage 1 1>&2
++fi
++
++lib_ssl=yes
++lib_smime=yes
++lib_nss=yes
++lib_nssutil=yes
++
++while test $# -gt 0; do
++  case "$1" in
++  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++  *) optarg= ;;
++  esac
++
++  case $1 in
++    --prefix=*)
++      prefix=$optarg
++      ;;
++    --prefix)
++      echo_prefix=yes
++      ;;
++    --exec-prefix=*)
++      exec_prefix=$optarg
++      ;;
++    --exec-prefix)
++      echo_exec_prefix=yes
++      ;;
++    --includedir=*)
++      includedir=$optarg
++      ;;
++    --includedir)
++      echo_includedir=yes
++      ;;
++    --libdir=*)
++      libdir=$optarg
++      ;;
++    --libdir)
++      echo_libdir=yes
++      ;;
++    --version)
++      echo ${major_version}.${minor_version}.${patch_version}
++      ;;
++    --cflags)
++      echo_cflags=yes
++      ;;
++    --libs)
++      echo_libs=yes
++      ;;
++    ssl)
++      lib_ssl=yes
++      ;;
++    smime)
++      lib_smime=yes
++      ;;
++    nss)
++      lib_nss=yes
++      ;;
++    nssutil)
++      lib_nssutil=yes
++      ;;
++    *)
++      usage 1 1>&2
++      ;;
++  esac
++  shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "$exec_prefix"; then
++    exec_prefix=`pkg-config --variable=exec_prefix nss`
++fi
++if test -z "$includedir"; then
++    includedir=`pkg-config --variable=includedir nss`
++fi
++if test -z "$libdir"; then
++    libdir=`pkg-config --variable=libdir nss`
++fi
++
++if test "$echo_prefix" = "yes"; then
++    echo $prefix
++fi
++
++if test "$echo_exec_prefix" = "yes"; then
++    echo $exec_prefix
++fi
++
++if test "$echo_includedir" = "yes"; then
++    echo $includedir
++fi
++
++if test "$echo_libdir" = "yes"; then
++    echo $libdir
++fi
++
++if test "$echo_cflags" = "yes"; then
++    echo -I$includedir
++fi
++
++if test "$echo_libs" = "yes"; then
++      libdirs="-Wl,-R$libdir -L$libdir"
++      if test -n "$lib_ssl"; then
++	libdirs="$libdirs -lssl${major_version}"
++      fi
++      if test -n "$lib_smime"; then
++	libdirs="$libdirs -lsmime${major_version}"
++      fi
++      if test -n "$lib_nss"; then
++	libdirs="$libdirs -lnss${major_version}"
++      fi
++      if test -n "$lib_nssutil"; then
++       libdirs="$libdirs -lnssutil${major_version}"
++      fi
++      echo $libdirs
++fi
++
+diff -urN nss-3.12.5-orig/mozilla/security/nss/config/nss.pc.in nss-3.12.5/mozilla/security/nss/config/nss.pc.in
+--- nss-3.12.5-orig/mozilla/security/nss/config/nss.pc.in	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.12.5/mozilla/security/nss/config/nss.pc.in	2009-09-14 21:45:45.653637310 -0500
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.8
++Libs: -L${libdir} -lssl3 -lsmime3 -lnssutil3 -lnss3 -Wl,-R${libdir}
++Cflags: -I${includedir}
++
+diff -urN nss-3.12.5-orig/mozilla/security/nss/Makefile nss-3.12.5/mozilla/security/nss/Makefile
+--- nss-3.12.5-orig/mozilla/security/nss/Makefile	2008-12-02 17:24:39.000000000 -0600
++++ nss-3.12.5/mozilla/security/nss/Makefile	2009-09-14 21:45:45.678657145 -0500
+@@ -78,7 +78,7 @@
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+
+-nss_build_all: build_coreconf build_nspr build_dbm all
++nss_build_all: build_coreconf build_dbm all
+
+ nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
+
+@@ -140,12 +140,6 @@
+ 	--with-dist-prefix='$(NSPR_PREFIX)' \
+ 	--with-dist-includedir='$(NSPR_PREFIX)/include'
+
+-build_nspr: $(NSPR_CONFIG_STATUS)
+-	cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE)
+-
+-clobber_nspr: $(NSPR_CONFIG_STATUS)
+-	cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber
+-
+ build_dbm:
+ ifndef NSS_DISABLE_DBM
+ 	cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs
+diff -urN nss-3.12.5-orig/mozilla/security/nss/manifest.mn nss-3.12.5/mozilla/security/nss/manifest.mn
+--- nss-3.12.5-orig/mozilla/security/nss/manifest.mn	2008-04-04 15:36:59.000000000 -0500
++++ nss-3.12.5/mozilla/security/nss/manifest.mn	2009-09-14 21:45:45.703656167 -0500
+@@ -42,6 +42,6 @@
+
+ RELEASE = nss
+
+-DIRS = lib cmd
++DIRS = lib cmd config
diff --git a/dev-libs/nss/nss-9999.ebuild b/dev-libs/nss/nss-9999.ebuild
new file mode 100644
index 0000000..dadc8b2
--- /dev/null
+++ b/dev-libs/nss/nss-9999.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="3"
+
+inherit mozilla-scm flag-o-matic
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/"
+
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+IUSE="utils"
+
+DEPEND=""
+RDEPEND="~dev-libs/nspr-9999
+	>=dev-db/sqlite-3.5"
+
+src_prepare() {
+	# Custom changes for gentoo
+	epatch "${FILESDIR}/nss-config-pkgconfig.patch"
+	epatch "${FILESDIR}/fixup-warnings.patch"
+
+	cd "${S}"/security/coreconf
+	# hack nspr paths
+	echo 'INCLUDES += -I'"${EPREFIX}"'/usr/include/nspr -I$(DIST)/include/dbm' \
+		>> headers.mk || die "failed to append include"
+
+	# modify install path
+	sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX = $(CORE_DEPTH)/dist:' \
+		-i source.mk
+
+	# Respect LDFLAGS
+	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+	# Ensure we stay multilib aware
+	#sed -i -e "s:gentoo\/nss:$(get_libdir):" "${S}"/security/nss/config/Makefile || die "Failed to fix for multilib"
+
+	# Fix pkgconfig file for Prefix
+	#sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+		#"${S}"/security/nss/config/Makefile
+
+	# dirty hack
+	cd "${S}"/security/nss
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+		lib/ssl/config.mk || die
+	sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+		cmd/platlibs.mk || die
+}
+
+src_configure() {
+	strip-flags
+
+	use amd64 && export USE_64=1
+
+	export NSPR_INCLUDE_DIR=`nspr-config --includedir`
+	export NSPR_LIB_DIR=`nspr-config --libdir`
+	export BUILD_OPT=1
+	export NSS_USE_SYSTEM_SQLITE=1
+	export NSDISTMODE=copy
+	export NSS_ENABLE_ECC=1
+	export XCFLAGS="${CFLAGS}"
+	export FREEBL_NO_DEPEND=1
+}
+
+src_compile() {
+	cd "${S}"/security/coreconf
+	emake -j1 CC="$(tc-getCC)" || die "coreconf make failed"
+	cd "${S}"/security/dbm
+	emake -j1 CC="$(tc-getCC)" || die "dbm make failed"
+	cd "${S}"/security/nss
+	emake -j1 CC="$(tc-getCC)" || die "nss make failed"
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+#	*/${local_libdir}/libfreebl3.so*
+#	*/${local_libdir}/libnssdbm3.so*
+#	*/${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+	local shlibsign="$1"
+	local libdir="$2"
+	einfo "Resigning core NSS libraries for FIPS validation"
+	shift 2
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libname=lib${i}.so
+		local chkname=lib${i}.chk
+		"${shlibsign}" \
+			-i "${libdir}"/${libname} \
+			-o "${libdir}"/${chkname}.tmp \
+		&& mv -f \
+			"${libdir}"/${chkname}.tmp \
+			"${libdir}"/${chkname} \
+		|| die "Failed to sign ${libname}"
+	done
+}
+
+cleanup_chk() {
+	local libdir="$1"
+	shift 1
+	for i in ${NSS_CHK_SIGN_LIBS} ; do
+		local libfname="${libdir}/lib${i}.so"
+		# If the major version has changed, then we have old chk files.
+		[ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+			&& rm -f "${libfname}.chk"
+	done
+}
+
+src_install () {
+	MINOR_VERSION=$(sed -n -r -e 's|.*NSS_[0-9]+_([0-9]+)_[0-9]+.*|\1|p' "${S}"/security/nss/TAG-INFO)
+	cd "${S}"/security/dist
+
+	dodir /usr/$(get_libdir)
+	cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying shared libs failed"
+	# We generate these after stripping the libraries, else they don't match.
+	#cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files failed"
+	cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs failed"
+
+	# Install nss-config and pkgconfig file
+	dodir /usr/bin
+	cp -L */bin/nss-config "${ED}"/usr/bin
+	dodir /usr/$(get_libdir)/pkgconfig
+	cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
+
+	# all the include files
+	insinto /usr/include/nss
+	doins public/nss/*.h
+	cd "${ED}"/usr/$(get_libdir)
+	local n=
+	for file in *$(get_libname); do
+		n=${file%$(get_libname)}$(get_libname ${MINOR_VERSION})
+		mv ${file} ${n}
+		ln -s ${n} ${file}
+	done
+
+	local nssutils
+	# Always enabled because we need it for chk generation.
+	nssutils="shlibsign"
+	if use utils; then
+		# The tests we do not need to install.
+		#nssutils_test="bltest crmftest dbtest dertimetest
+		#fipstest remtest sdrtest"
+		nssutils="addbuiltin atob baddbdir btoa certcgi certutil checkcert
+		cmsutil conflict crlutil derdump digest makepqg mangle modutil multinit
+		nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify pk11mode
+		pk12util pp rsaperf selfserv shlibsign signtool signver ssltap strsclnt
+		symkeyutil tstclnt vfychain vfyserv"
+	fi
+	cd "${S}"/security/dist/*/bin/
+	for f in $nssutils; do
+		dobin ${f}
+	done
+
+	# Prelink breaks the CHK files. We don't have any reliable way to run
+	# shlibsign after prelink.
+	declare -a libs
+	for l in ${NSS_CHK_SIGN_LIBS} ; do
+		libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+	done
+	OLD_IFS="${IFS}" IFS=":" ; liblist="${libs[*]}" ; IFS="${OLD_IFS}"
+	echo -e "PRELINK_PATH_MASK=${liblist}" >"${T}/90nss"
+	unset libs liblist
+	doenvd "${T}/90nss"
+}
+
+pkg_postinst() {
+	elog "We have reverted back to using upstreams soname."
+	elog "Please run revdep-rebuild --library libnss3.so.12 , this"
+	elog "will correct most issues. If you find a binary that does"
+	elog "not run please re-emerge package to ensure it properly"
+	elog " links after upgrade."
+	elog
+	# We must re-sign the libraries AFTER they are stripped.
+	generate_chk "${EROOT}"/usr/bin/shlibsign "${EROOT}"/usr/$(get_libdir)
+}
+
+pkg_postrm() {
+	cleanup_chk "${EROOT}"/usr/$(get_libdir)
+}