aboutsummaryrefslogtreecommitdiffstats
path: root/main/nss/APKBUILD
blob: d26d36a891aafcfbdc2a77d8d84d57414937eeba (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.99
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
license="MPL-2.0"
depends_dev="nspr-dev"
makedepends="
	$depends_dev
	bash
	bsd-compat-headers
	linux-headers
	gyp
	perl
	sqlite-dev
	zlib-dev
	"
subpackages="$pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
	gyp-config.patch
	no-werror.patch
	nss.pc.in
	nss-util.pc.in
	nss-softokn.pc.in
	nss-config.in
	"

# secfixes:
#   3.98-r0:
#     - CVE-2023-5388
#   3.76.1-r0:
#     - CVE-2022-1097
#   3.73-r0:
#     - CVE-2021-43527
#   3.58-r0:
#     - CVE-2020-25648
#   3.55-r0:
#     - CVE-2020-12400
#     - CVE-2020-12401
#     - CVE-2020-12403
#     - CVE-2020-6829
#   3.53.1-r0:
#     - CVE-2020-12402
#   3.49-r0:
#     - CVE-2019-17023
#   3.47.1-r0:
#     - CVE-2019-11745
#   3.41-r0:
#     - CVE-2018-12404
#   3.39-r0:
#     - CVE-2018-12384

build() {
	cd nss
	CFLAGS="$CFLAGS -O2 -flto=auto" \
	CXXFLAGS="$CXXFLAGS -O2 -flto=auto" \
	./build.sh \
		--opt \
		--system-nspr \
		--system-sqlite \
		--enable-libpkix
}

check() {
	cd nss/tests
	# other tests are failing for some reason and prompt an interactive password
	export NSS_TESTS="cipher lowhash libpkix"
	export NSS_CYCLES=standard
	HOST=localhost DOMSUF=localdomain bash ./all.sh
}

package() {
	replaces="nss-dev libnss"

	local nss_vmajor=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
	local nss_vminor=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
	local nss_vpatch=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
	local nspr_version="$(pkg-config --modversion nspr)"

	# pkgconfig files
	mkdir -p "$pkgdir"/usr/lib/pkgconfig
	local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
		sed "$srcdir"/$_pc.in \
			-e "s,%libdir%,/usr/lib,g" \
			-e "s,%prefix%,/usr,g" \
			-e "s,%exec_prefix%,/usr/bin,g" \
			-e "s,%includedir%,/usr/include/nss,g" \
			-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
			-e "s,%NSPR_VERSION%,$nspr_version,g" \
			-e "s,%NSS_VERSION%,$pkgver,g" \
			-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
			> "$pkgdir"/usr/lib/pkgconfig/$_pc
	done
	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
	chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc

	# nss-config
	mkdir -p "$pkgdir"/usr/bin
	sed "$srcdir"/nss-config.in \
		-e "s,@libdir@,/usr/lib,g" \
		-e "s,@prefix@,/usr/bin,g" \
		-e "s,@exec_prefix@,/usr/bin,g" \
		-e "s,@includedir@,/usr/include/nss,g" \
		-e "s,@MOD_MAJOR_VERSION@,${nss_vmajor},g" \
		-e "s,@MOD_MINOR_VERSION@,${nss_vminor},g" \
		-e "s,@MOD_PATCH_VERSION@,${nss_vpatch},g" \
		> "$pkgdir"/usr/bin/nss-config
	chmod 755 "$pkgdir"/usr/bin/nss-config

	local minor=${pkgver#*.}
	minor=${minor%.*}
	find dist/Release/lib -name "*.so" | while IFS= read -r file; do
		install -Dm755 $file \
			"$pkgdir"/usr/lib/${file##*/}.$minor
		ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
	done

	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
			signtool signver ssltap; do
		install -Dm755 dist/Release/bin/$file -t "$pkgdir"/usr/bin/
	done

	install -Dm644 dist/public/nss/*.h -t "$pkgdir"/usr/include/nss/
	install -Dm644 dist/private/nss/blapi.h dist/private/nss/alghmac.h -t "$pkgdir"/usr/include/nss/private/
}

dev() {
	# we cannot use default_dev because we need the .so symlinks in main package
	local i
	pkgdesc="Development files for nss"
	depends="$pkgname=$pkgver-r$pkgrel $depends_dev"

	amove usr/bin/nss-config

	cd "$pkgdir"
	for i in usr/include usr/lib/pkgconfig; do
		if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
			d="$subpkgdir/${i%/*}"  # dirname $i
			mkdir -p "$d"
			mv "$pkgdir/$i" "$d"
			rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
		fi
	done
}

tools() {
	pkgdesc="Tools for the Network Security Services"
	replaces="nss"

	amove usr/bin
}

sha512sums="
8ae032f3cb8eadfe524505d20e430b90ed25af2b4732b2cf286c435b0fcd5701d2f5c48bd2cfb3f9aa0bfdf503c1f3d5394cf34f860f51a1141cc4a7586bba32  nss-3.99.tar.gz
fba19cc35986dde6e5994ce67ab29fb4417814e12d6ae82c406600832eb8db79a0fdea4fd5eb6c5e77d565bfebb9e154e190796f67c06097ddae1539084243bb  gyp-config.patch
20046e6adf3d1cfcd8ddf2b92fe3f79678d569c653d26126dde6a967ab6c90a798b9a6bb6351f82d49dbd751d0637c5e46aa98dbe7342c8cd604c7e3dc8ce48a  no-werror.patch
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09  nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15  nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
"
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-20 01:32:46 +0000