1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.66
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
license="MPL-2.0"
depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
nss.pc.in
nss-util.pc.in
nss-softokn.pc.in
nss-config.in
"
# FIPS mode requires a signed cryptographic module. Stripping the binaries
# invalidates the signatures generated during the build process. In reality,
# we should probably just drop FIPS support because we're not FIPS-certified,
# but we can debate that later.
options="!strip"
# secfixes:
# 3.58-r0:
# - CVE-2020-25648
# 3.55-r0:
# - CVE-2020-12400
# - CVE-2020-12401
# - CVE-2020-12403
# - CVE-2020-6829
# 3.53.1-r0:
# - CVE-2020-12402
# 3.49-r0:
# - CVE-2019-17023
# 3.47.1-r0:
# - CVE-2019-11745
# 3.41-r0:
# - CVE-2018-12404
# 3.39-r0:
# - CVE-2018-12384
prepare() {
default_prepare
# Respect LDFLAGS
sed 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
-i nss/coreconf/rules.mk
# Fix missing includes
echo 'INCLUDES += -I../include' \
>> nss/lib/dbm/src/manifest.mn
sed 's|-Ideprecated|-Ideprecated -I../util -I../softoken -I.|' \
-i nss/lib/freebl/Makefile
echo 'INCLUDES += -I../util' \
>> nss/lib/sysinit/manifest.mn
}
build() {
unset CFLAGS
unset CXXFLAGS
# Don't do a debug build
export BUILD_OPT=1
# Use -Os instead of -O2 where possible
export OPT_CODE_SIZE=1
# Explicitly link freebl lib with nspr
export FREEBL_NO_DEPEND=0
export NSS_USE_SYSTEM_SQLITE=1
export NSS_DISABLE_GTESTS=1
# Disable deprecated cipher
export NSS_DISABLE_DEPRECATED_SEED=1
export NSS_DISABLE_DEPRECATED_RC2=1
export NSPR_INCLUDE_DIR=$(pkg-config --cflags-only-I nspr | sed 's/-I//')
export NSPR_LIB_DIR=$(pkg-config --libs-only-L nspr | sed 's/-L//')
case "$CARCH" in
*64* | s390x) export USE_64=1;;
esac
make -C nss/coreconf
make -C nss/lib/util
make -C nss/lib/dbm
make -C nss/lib/sysinit
# "all" really doesn't build all targets, so we have to list the others we want above
make -C nss all
}
check() {
cd nss/tests
# other tests are failing with NSS_DISABLE_DEPRECATED_SEED=1 and NSS_DISABLE_GTESTS=1
export NSS_TESTS="cipher libpkix"
export NSS_CYCLES=standard
HOST=localhost DOMSUF=localdomain sh ./all.sh
}
package() {
replaces="nss-dev libnss"
install -m755 -d "$pkgdir"/usr/lib/pkgconfig
install -m755 -d "$pkgdir"/usr/bin
install -m755 -d "$pkgdir"/usr/include/nss/private
NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
# pkgconfig files
local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
sed "$srcdir"/$_pc.in \
-e "s,%libdir%,/usr/lib,g" \
-e "s,%prefix%,/usr,g" \
-e "s,%exec_prefix%,/usr/bin,g" \
-e "s,%includedir%,/usr/include/nss,g" \
-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
-e "s,%NSPR_VERSION%,$pkgver,g" \
-e "s,%NSS_VERSION%,$pkgver,g" \
-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
> "$pkgdir"/usr/lib/pkgconfig/$_pc
done
ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc
# nss-config
sed "$srcdir"/nss-config.in \
-e "s,@libdir@,/usr/lib,g" \
-e "s,@prefix@,/usr/bin,g" \
-e "s,@exec_prefix@,/usr/bin,g" \
-e "s,@includedir@,/usr/include/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
> "$pkgdir"/usr/bin/nss-config
chmod 755 "$pkgdir"/usr/bin/nss-config
local minor=${pkgver#*.}
minor=${minor%.*}
for file in $(find dist/*.OBJ/lib -name "*.so"); do
install -m755 $file \
"$pkgdir"/usr/lib/${file##*/}.$minor
ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
done
install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/
install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/
for file in certutil cmsutil crlutil modutil pk12util shlibsign \
signtool signver ssltap; do
install -m755 dist/*.OBJ/bin/$file "$pkgdir"/usr/bin/
done
install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/
install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/
}
static() {
default_static
# remove libssl.a which conflicts with openssl
rm "$subpkgdir"/usr/lib/libssl.a
}
dev() {
# we cannot use default_dev because we need the .so symlinks in main package
local i
pkgdesc="Development files for nss"
depends="$pkgname $depends_dev"
mkdir -p "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin
cd "$pkgdir"
for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
d="$subpkgdir/${i%/*}" # dirname $i
mkdir -p "$d"
mv "$pkgdir/$i" "$d"
rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
fi
done
}
tools() {
pkgdesc="Tools for the Network Security Services"
replaces="nss"
mkdir -p "$subpkgdir"/usr/
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
sha512sums="
327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467 nss-3.66.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in
"
|