aboutsummaryrefslogblamecommitdiffstats
path: root/community/nss/APKBUILD
blob: 7e58964a709cfb3d7e7c04feb2e54b823257a125 (plain) (tree)
1
2
3
4
5
6
7
8
9
                                                   
                                               

                                                   
           
        
                                           
                                                             
          
                 
                      
                                                                                
                   
                                                         
                                                                                                       
                 

                         
                     
         




                                                                             
 
           

                      




                      

                      

                      

                      
            
                      
            
                      
 
           
                       

                         

                                                             







                                                                        

 
         

                      
                                
                          


                                               
                                 
                                      
                                   

                                            
                                           

                                                                                 
                        
                                               
            
 



                               
                                                                                             
                       

 
         



                                                                                             
                                                       

 
           
                                 
 

                                                    
                                                          
 


                                                                              

                         
                                                                   
                                       







                                                                
                                                          
            

                                                                









                                                            

                                              
                                
                         

                                                           
                                                            
                                                                      
            

                                                             
 

                                                                         
                                                                     
            

                                                                                                            

 
          
                      
 
                                                      
                                        
 
 
       
                                                                                    
               














                                                                   

 


                                                         
                                  
                                              

 
            
                                                                                                                                                 
                                                                                                                                           

                                                                                                                                                   

                                                                                                                                               
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.70
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
license="MPL-2.0"
depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
checkdepends="bash"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
	nss.pc.in
	nss-util.pc.in
	nss-softokn.pc.in
	nss-config.in
	"
# FIPS mode requires a signed cryptographic module.  Stripping the binaries
# invalidates the signatures generated during the build process.  In reality,
# we should probably just drop FIPS support because we're not FIPS-certified,
# but we can debate that later.
options="!strip"

# secfixes:
#   3.58-r0:
#     - CVE-2020-25648
#   3.55-r0:
#     - CVE-2020-12400
#     - CVE-2020-12401
#     - CVE-2020-12403
#     - CVE-2020-6829
#   3.53.1-r0:
#     - CVE-2020-12402
#   3.49-r0:
#     - CVE-2019-17023
#   3.47.1-r0:
#     - CVE-2019-11745
#   3.41-r0:
#     - CVE-2018-12404
#   3.39-r0:
#     - CVE-2018-12384

prepare() {
	default_prepare

	# Respect LDFLAGS
	sed 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
		-i nss/coreconf/rules.mk

	# Fix missing includes
	echo 'INCLUDES += -I../include' \
		>> nss/lib/dbm/src/manifest.mn
	sed 's|-Ideprecated|-Ideprecated -I../util -I../softoken -I.|' \
		-i nss/lib/freebl/Makefile
	echo 'INCLUDES += -I../util' \
		>> nss/lib/sysinit/manifest.mn
}

build() {
	unset CFLAGS
	unset CXXFLAGS
	# Don't do a debug build
	export BUILD_OPT=1
	# Use -Os instead of -O2 where possible
	export OPT_CODE_SIZE=1
	# Explicitly link freebl lib with nspr
	export FREEBL_NO_DEPEND=0
	export NSS_USE_SYSTEM_SQLITE=1
	export NSS_DISABLE_GTESTS=1
	# Disable deprecated cipher
	export NSS_DISABLE_DEPRECATED_SEED=1
	export NSS_DISABLE_DEPRECATED_RC2=1
	export NSPR_INCLUDE_DIR=$(pkg-config --cflags-only-I nspr | sed 's/-I//')
	export NSPR_LIB_DIR=$(pkg-config --libs-only-L nspr | sed 's/-L//')
	case "$CARCH" in
		*64* | s390x) export USE_64=1;;
	esac

	make -C nss/coreconf
	make -C nss/lib/util
	make -C nss/lib/dbm
	make -C nss/lib/sysinit
	# "all" really doesn't build all targets, so we have to list the others we want above
	make -C nss all
}

check() {
	cd nss/tests
	# other tests are failing with NSS_DISABLE_DEPRECATED_SEED=1 and NSS_DISABLE_GTESTS=1
	export NSS_TESTS="cipher libpkix"
	export NSS_CYCLES=standard
	HOST=localhost DOMSUF=localdomain bash ./all.sh
}

package() {
	replaces="nss-dev libnss"

	install -m755 -d "$pkgdir"/usr/lib/pkgconfig
	install -m755 -d "$pkgdir"/usr/bin
	install -m755 -d "$pkgdir"/usr/include/nss/private

	NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
	NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
	NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)

	# pkgconfig files
	local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
		sed "$srcdir"/$_pc.in \
			-e "s,%libdir%,/usr/lib,g" \
			-e "s,%prefix%,/usr,g" \
			-e "s,%exec_prefix%,/usr/bin,g" \
			-e "s,%includedir%,/usr/include/nss,g" \
			-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
			-e "s,%NSPR_VERSION%,$pkgver,g" \
			-e "s,%NSS_VERSION%,$pkgver,g" \
			-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
			> "$pkgdir"/usr/lib/pkgconfig/$_pc
	done
	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
	chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc

	# nss-config
	sed "$srcdir"/nss-config.in \
		-e "s,@libdir@,/usr/lib,g" \
		-e "s,@prefix@,/usr/bin,g" \
		-e "s,@exec_prefix@,/usr/bin,g" \
		-e "s,@includedir@,/usr/include/nss,g" \
		-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
		-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
		-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
		> "$pkgdir"/usr/bin/nss-config
	chmod 755 "$pkgdir"/usr/bin/nss-config
	local minor=${pkgver#*.}
	minor=${minor%.*}
	for file in $(find dist/*.OBJ/lib -name "*.so"); do
		install -m755 $file \
			"$pkgdir"/usr/lib/${file##*/}.$minor
		ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
	done
	install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/
	install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/

	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
			signtool signver ssltap; do
		install -m755 dist/*.OBJ/bin/$file "$pkgdir"/usr/bin/
	done
	install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/
	install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/
}

static() {
	default_static

	# remove libssl.a which conflicts with openssl
	rm "$subpkgdir"/usr/lib/libssl.a
}

dev() {
	# we cannot use default_dev because we need the .so symlinks in main package
	local i
	pkgdesc="Development files for nss"
	depends="$pkgname $depends_dev"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin

	cd "$pkgdir"
	for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
		if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
			d="$subpkgdir/${i%/*}"  # dirname $i
			mkdir -p "$d"
			mv "$pkgdir/$i" "$d"
			rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
		fi
	done
}

tools() {
	pkgdesc="Tools for the Network Security Services"
	replaces="nss"
	mkdir -p "$subpkgdir"/usr/
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

sha512sums="
9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82  nss-3.70.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09  nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15  nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
"