aboutsummaryrefslogtreecommitdiffstats
path: root/main/nss/APKBUILD
blob: 5ce35a2116956d66c792c7c146b98c5281023cb1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.47.1
_ver=${pkgver//./_}
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
license="MPL GPL"
options="!check" # failing tests
depends=
depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${pkgver//./_}_RTM/src/$pkgname-$pkgver.tar.gz
	nss.pc.in
	nss-util.pc.in
	nss-softokn.pc.in
	nss-config.in
	add_spi+cacert_ca_certs.patch
	"
builddir="$srcdir/$pkgname-$pkgver"

# secfixes:
#   3.47.1-r0:
#     - CVE-2019-11745
#   3.41-r0:
#     - CVE-2018-12404
#   3.39-r0:
#     - CVE-2018-12384

prepare() {
	default_prepare

	# Respect LDFLAGS
	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
		"$builddir"/nss/coreconf/rules.mk
}

build() {
	cd "$builddir"
	unset CFLAGS
	unset CXXFLAGS
	export BUILD_OPT=1
	export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
	export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
	export FREEBL_NO_DEPEND=0
	export NSS_USE_SYSTEM_SQLITE=1
	export NSS_ENABLE_WERROR=0
	export NSPR_INCLUDE_DIR=`pkg-config --cflags-only-I nspr | sed 's/-I//'`
	export NSPR_LIB_DIR=`pkg-config --libs-only-L nspr | sed 's/-L.//'`
	case "$CARCH" in
		*64* | s390x) export USE_64=1;;
	esac
	make -j 1 -C nss/coreconf
	make -j 1 -C nss/lib/dbm
	make -j 1 -C nss
}

check() {
	HOST=localhost DOMSUF=localdomain sh "$builddir/nss/tests/all.sh"
}

package() {
	replaces="nss-dev libnss"

	cd "$builddir"

	install -m755 -d "$pkgdir"/usr/lib/pkgconfig
	install -m755 -d "$pkgdir"/usr/bin
	install -m755 -d "$pkgdir"/usr/include/nss/private

	NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h `
	msg "DEBUG: $NSS_VMAJOR"
	NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h`
	NSS_VPATCH=`awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h`

	# pkgconfig files
	local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
		sed "$srcdir"/${_pc}.in \
			-e "s,%libdir%,/usr/lib,g" \
			-e "s,%prefix%,/usr,g" \
			-e "s,%exec_prefix%,/usr/bin,g" \
			-e "s,%includedir%,/usr/include/nss,g" \
			-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
			-e "s,%NSPR_VERSION%,$pkgver,g" \
			-e "s,%NSS_VERSION%,$pkgver,g" \
			-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
			> "$pkgdir"/usr/lib/pkgconfig/${_pc}
	done
	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
	chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc

	# nss-config
	sed "$srcdir"/nss-config.in \
		-e "s,@libdir@,/usr/lib,g" \
		-e "s,@prefix@,/usr/bin,g" \
		-e "s,@exec_prefix@,/usr/bin,g" \
		-e "s,@includedir@,/usr/include/nss,g" \
		-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
		-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
		-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
		> "$pkgdir"/usr/bin/nss-config
	chmod 755 "$pkgdir"/usr/bin/nss-config
	local minor=${pkgver#*.}
	minor=${minor%.*}
	for file in $(find dist/*.OBJ/lib -name "*.so"); do
		install -m755 $file \
			"$pkgdir"/usr/lib/${file##*/}.$minor
		ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
	done
	install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/
	install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/

	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
			signtool signver ssltap; do
		install -m755 dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/
	done
	install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/
	install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/
}

static() {
	pkgdesc="Static libraries for nss"
	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/

	# remove libssl.a which conflicts with libressl
	rm "$subpkgdir"/usr/lib/libssl.a
}

dev() {
	# we cannot use default_dev because we need the .so symlinks in main package
	local i= j=
	pkgdesc="Development files for nss"
	depends="$pkgname $depends_dev"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin

	cd "$pkgdir"
	for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
		if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
			d="$subpkgdir/${i%/*}"  # dirname $i
			mkdir -p "$d"
			mv "$pkgdir/$i" "$d"
			rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
		fi
	done
	mv "$pkgdir"/usr/lib/libgtest1.* "$pkgdir"/usr/lib/libnsssysinit.* \
		"$subpkgdir"/usr/lib
}

tools() {
	pkgdesc="Tools for the Network Security Services"
	replaces="nss"
	mkdir -p "$subpkgdir"/usr/
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

sha512sums="ddee53f58929e5f3849c9f88a3a6735453a258c3c32a7e3e73cc949e0b7ad2dff81b21db31c9c5e1ef3eb79d63c31660e38ce76c06ca54a5681dd611dc2e2ae9  nss-3.47.1.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09  nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15  nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch"