commit: 4cf8f770e9572c1ce2653c81e90c1e0fa254d965
Author: Felix Janda <felix.janda <AT> posteo <DOT> de>
AuthorDate: Sun Aug 3 07:24:48 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Oct 10 18:20:30 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=4cf8f770
dev-libs/nss: musl does not have <sys/cdefs.h>
---
dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch | 24 ++
.../nss/files/nss-3.15-gentoo-fixup-warnings.patch | 10 +
dev-libs/nss/files/nss-3.15-gentoo-fixups.patch | 238 ++++++++++++++++++
dev-libs/nss/files/nss-3.15.4-enable-pem.patch | 13 +
dev-libs/nss/files/nss-3.16-musl.patch | 13 +
dev-libs/nss/metadata.xml | 16 ++
dev-libs/nss/nss-3.16-r99.ebuild | 271 +++++++++++++++++++++
7 files changed, 585 insertions(+)
diff --git a/dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch
b/dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch
new file mode 100644
index 0000000..a23725d
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.14.2-solaris-gcc.patch
@@ -0,0 +1,24 @@
+--- nss-3.14.2/mozilla/security/coreconf/SunOS5.mk
++++ nss-3.14.2/mozilla/security/coreconf/SunOS5.mk
+@@ -5,6 +5,9 @@
+
+ include $(CORE_DEPTH)/coreconf/UNIX.mk
+
++NS_USE_GCC = 1
++GCC_USE_GNU_LD = 1
++
+ # Sun's WorkShop defines v8, v8plus and v9 architectures.
+ # gcc on Solaris defines v8 and v9 "cpus".
+ # gcc's v9 is equivalent to Workshop's v8plus.
+@@ -71,11 +74,6 @@
+ NOMD_OS_CFLAGS += $(DSO_CFLAGS) $(OS_DEFINES) $(SOL_CFLAGS)
+
+ MKSHLIB = $(CC) $(DSO_LDOPTS) $(RPATH)
+-ifdef NS_USE_GCC
+-ifeq (GNU,$(findstring GNU,$(shell `$(CC) -print-prog-name=ld` -v 2>&1)))
+- GCC_USE_GNU_LD = 1
+-endif
+-endif
+ ifdef MAPFILE
+ ifdef NS_USE_GCC
+ ifdef GCC_USE_GNU_LD
diff --git a/dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch
b/dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch
new file mode 100644
index 0000000..3ce2c0e
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.15-gentoo-fixup-warnings.patch
@@ -0,0 +1,10 @@
+--- nss-3.15/nss/coreconf/Linux.mk
++++ nss-3.15/nss/coreconf/Linux.mk
+@@ -116,6 +116,7 @@
+ OPTIMIZER += -gdwarf-2
+ endif
+ endif
++OPTIMIZER += -fno-strict-aliasing
+ endif
+
+
diff --git a/dev-libs/nss/files/nss-3.15-gentoo-fixups.patch
b/dev-libs/nss/files/nss-3.15-gentoo-fixups.patch
new file mode 100644
index 0000000..9314d5f
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.15-gentoo-fixups.patch
@@ -0,0 +1,238 @@
+--- nss/config/Makefile
++++ nss/config/Makefile
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
++PREFIX = /usr
++
++all: export libs
++
++export:
++ # Create the nss.pc file
++ mkdir -p $(DIST)/lib/pkgconfig
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@exec_prefix@,\$${prefix}," \
++ -e "s,@libdir@,\$${prefix}/lib64," \
++ -e "s,@includedir@,\$${prefix}/include/nss," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss.pc.in > nss.pc
++ chmod 0644 nss.pc
++ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
++
++ # Create the nss-config script
++ mkdir -p $(DIST)/bin
++ sed -e "s,@prefix@,$(PREFIX)," \
++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++ nss-config.in > nss-config
++ chmod 0755 nss-config
++ ln -sf ../../../config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+--- nss/config/nss-config.in
++++ nss/config/nss-config.in
+@@ -0,0 +1,145 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++ cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++ [--prefix[=DIR]]
++ [--exec-prefix[=DIR]]
++ [--includedir[=DIR]]
++ [--libdir[=DIR]]
++ [--version]
++ [--libs]
++ [--cflags]
++Dynamic Libraries:
++ nss
++ ssl
++ smime
++ nssutil
++EOF
++ exit $1
++}
++
++if test $# -eq 0; then
++ usage 1 1>&2
++fi
++
++lib_ssl=yes
++lib_smime=yes
++lib_nss=yes
++lib_nssutil=yes
++
++while test $# -gt 0; do
++ case "$1" in
++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++ *) optarg= ;;
++ esac
++
++ case $1 in
++ --prefix=*)
++ prefix=$optarg
++ ;;
++ --prefix)
++ echo_prefix=yes
++ ;;
++ --exec-prefix=*)
++ exec_prefix=$optarg
++ ;;
++ --exec-prefix)
++ echo_exec_prefix=yes
++ ;;
++ --includedir=*)
++ includedir=$optarg
++ ;;
++ --includedir)
++ echo_includedir=yes
++ ;;
++ --libdir=*)
++ libdir=$optarg
++ ;;
++ --libdir)
++ echo_libdir=yes
++ ;;
++ --version)
++ echo ${major_version}.${minor_version}.${patch_version}
++ ;;
++ --cflags)
++ echo_cflags=yes
++ ;;
++ --libs)
++ echo_libs=yes
++ ;;
++ ssl)
++ lib_ssl=yes
++ ;;
++ smime)
++ lib_smime=yes
++ ;;
++ nss)
++ lib_nss=yes
++ ;;
++ nssutil)
++ lib_nssutil=yes
++ ;;
++ *)
++ usage 1 1>&2
++ ;;
++ esac
++ shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "$exec_prefix"; then
++ exec_prefix=`pkg-config --variable=exec_prefix nss`
++fi
++if test -z "$includedir"; then
++ includedir=`pkg-config --variable=includedir nss`
++fi
++if test -z "$libdir"; then
++ libdir=`pkg-config --variable=libdir nss`
++fi
++
++if test "$echo_prefix" = "yes"; then
++ echo $prefix
++fi
++
++if test "$echo_exec_prefix" = "yes"; then
++ echo $exec_prefix
++fi
++
++if test "$echo_includedir" = "yes"; then
++ echo $includedir
++fi
++
++if test "$echo_libdir" = "yes"; then
++ echo $libdir
++fi
++
++if test "$echo_cflags" = "yes"; then
++ echo -I$includedir
++fi
++
++if test "$echo_libs" = "yes"; then
++ libdirs=""
++ if test -n "$lib_ssl"; then
++ libdirs="$libdirs -lssl${major_version}"
++ fi
++ if test -n "$lib_smime"; then
++ libdirs="$libdirs -lsmime${major_version}"
++ fi
++ if test -n "$lib_nss"; then
++ libdirs="$libdirs -lnss${major_version}"
++ fi
++ if test -n "$lib_nssutil"; then
++ libdirs="$libdirs -lnssutil${major_version}"
++ fi
++ echo $libdirs
++fi
++
+--- nss/config/nss.pc.in
++++ nss/config/nss.pc.in
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.8
++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
++Cflags: -I${includedir}
++
+--- nss/Makefile
++++ nss/Makefile
+@@ -44,7 +44,7 @@
+ # (7) Execute "local" rules. (OPTIONAL). #
+ #######################################################################
+
+-nss_build_all: build_nspr all
++nss_build_all: all
+
+ nss_clean_all: clobber_nspr clobber
+
+@@ -103,12 +103,6 @@
+ --with-dist-prefix='$(NSPR_PREFIX)' \
+ --with-dist-includedir='$(NSPR_PREFIX)/include'
+
+-build_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+-
+-clobber_nspr: $(NSPR_CONFIG_STATUS)
+- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
+-
+ build_docs:
+ $(MAKE) -C $(CORE_DEPTH)/doc
+
+--- nss/manifest.mn
++++ nss/manifest.mn
+@@ -10,4 +10,4 @@
+
+ RELEASE = nss
+
+-DIRS = coreconf lib cmd
++DIRS = coreconf lib cmd config
diff --git a/dev-libs/nss/files/nss-3.15.4-enable-pem.patch
b/dev-libs/nss/files/nss-3.15.4-enable-pem.patch
new file mode 100644
index 0000000..8e61024
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.15.4-enable-pem.patch
@@ -0,0 +1,13 @@
+Patches taken from http://pkgs.fedoraproject.org/cgit/nss.git/
+
+--- nss/lib/ckfw/manifest.mn.libpem
++++ nss/lib/ckfw/manifest.mn
+@@ -5,7 +5,7 @@
+
+ CORE_DEPTH = ../..
+
+-DIRS = builtins
++DIRS = builtins pem
+
+ PRIVATE_EXPORTS = \
+ ck.h \
diff --git a/dev-libs/nss/files/nss-3.16-musl.patch
b/dev-libs/nss/files/nss-3.16-musl.patch
new file mode 100644
index 0000000..4dde4ae
--- /dev/null
+++ b/dev-libs/nss/files/nss-3.16-musl.patch
@@ -0,0 +1,13 @@
+--- a/nss-3.16/nss/lib/dbm/config/config.mk
++++ b/nss-3.16/nss/lib/dbm/config/config.mk
+@@ -25,10 +25,6 @@
+ DEFINES += -DHAVE_SNPRINTF
+ endif
+
+-ifeq (,$(filter-out IRIX Linux,$(OS_TARGET)))
+-DEFINES += -DHAVE_SYS_CDEFS_H
+-endif
+-
+ ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET)))
+ DEFINES += -DHAVE_SYS_BYTEORDER_H
+ endif
diff --git a/dev-libs/nss/metadata.xml b/dev-libs/nss/metadata.xml
new file mode 100644
index 0000000..36dc831
--- /dev/null
+++ b/dev-libs/nss/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+<herd>mozilla</herd>
+<use>
+ <flag name='cacert'>
+ Include root certs from CAcert (http://http://www.cacert.org/) and
+ Software in the Public Interest (http://www.spi-inc.org/)
+ </flag>
+ <flag name='nss-pem'>Add support for libnsspem</flag>
+ <flag name='utils'>Install utilities included with the library</flag>
+</use>
+<upstream>
+ <remote-id type="cpe">cpe:/a:mozilla:nss</remote-id>
+</upstream>
+</pkgmetadata>
diff --git a/dev-libs/nss/nss-3.16-r99.ebuild b/dev-libs/nss/nss-3.16-r99.ebuild
new file mode 100644
index 0000000..4461275
--- /dev/null
+++ b/dev-libs/nss/nss-3.16-r99.ebuild
@@ -0,0 +1,271 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/nss/nss-3.16.ebuild,v 1.13
2014/07/24 10:58:18 polynomial-c Exp $
+
+EAPI=5
+inherit eutils flag-o-matic multilib toolchain-funcs
+
+NSPR_VER="4.10"
+RTM_NAME="NSS_${PV//./_}_RTM"
+# Rev of https://git.fedorahosted.org/cgit/nss-pem.git
+PEM_GIT_REV="3ade37c5c4ca5a6094e3f4b2e4591405db1867dd"
+PEM_P="${PN}-pem-${PEM_GIT_REV}"
+
+DESCRIPTION="Mozilla's Network Security Services library that implements PKI
support"
+HOMEPAGE="http://www.mozilla.org/projects/security/pki/nss/";
+SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/${P}.tar.gz
+ cacert? (
http://dev.gentoo.org/~anarchy/patches/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch
)
+ nss-pem? (
https://git.fedorahosted.org/cgit/nss-pem.git/snapshot/${PEM_P}.tar.bz2 )"
+
+LICENSE="|| ( MPL-2.0 GPL-2 LGPL-2.1 )"
+SLOT="0"
+KEYWORDS="amd64 arm ~mips x86"
+IUSE="+cacert +nss-pem utils"
+
+DEPEND="virtual/pkgconfig
+ >=dev-libs/nspr-${NSPR_VER}"
+RDEPEND=">=dev-libs/nspr-${NSPR_VER}
+ >=dev-db/sqlite-3.5
+ sys-libs/zlib"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${P}/${PN}"
+
+src_setup() {
+ export LC_ALL="C"
+}
+
+src_unpack() {
+ unpack ${A}
+ if use nss-pem ; then
+ mv "${PEM_P}"/nss/lib/ckfw/pem/ "${S}"/lib/ckfw/ || die
+ fi
+}
+
+src_prepare() {
+ # Custom changes for gentoo
+ epatch "${FILESDIR}/${PN}-3.15-gentoo-fixups.patch"
+ epatch "${FILESDIR}/${PN}-3.15-gentoo-fixup-warnings.patch"
+ epatch "${FILESDIR}/${PN}-3.16-musl.patch"
+ use cacert && epatch
"${DISTDIR}/${PN}-3.14.1-add_spi+cacerts_ca_certs.patch"
+ use nss-pem && epatch "${FILESDIR}/${PN}-3.15.4-enable-pem.patch"
+ epatch "${FILESDIR}/nss-3.14.2-solaris-gcc.patch"
+ cd coreconf
+ # hack nspr paths
+ echo 'INCLUDES += -I$(DIST)/include/dbm' \
+ >> headers.mk || die "failed to append include"
+
+ # modify install path
+ sed -e 's:SOURCE_PREFIX = $(CORE_DEPTH)/\.\./dist:SOURCE_PREFIX =
$(CORE_DEPTH)/dist:' \
+ -i source.mk
+
+ # Respect LDFLAGS
+ sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' rules.mk
+
+ # Ensure we stay multilib aware
+ sed -i -e "/@libdir@/ s:lib64:$(get_libdir):" "${S}"/config/Makefile
+
+ # Fix pkgconfig file for Prefix
+ sed -i -e "/^PREFIX =/s:= /usr:= ${EPREFIX}/usr:" \
+ "${S}"/config/Makefile
+
+ # use host shlibsign if need be #436216
+ if tc-is-cross-compiler ; then
+ sed -i \
+ -e 's:"${2}"/shlibsign:shlibsign:' \
+ "${S}"/cmd/shlibsign/sign.sh
+ fi
+
+ # dirty hack
+ cd "${S}"
+ sed -i -e "/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../freebl/\$(OBJDIR):" \
+ lib/ssl/config.mk
+ sed -i -e
"/CRYPTOLIB/s:\$(SOFTOKEN_LIB_DIR):../../lib/freebl/\$(OBJDIR):" \
+ cmd/platlibs.mk
+}
+
+nssarch() {
+ # Most of the arches are the same as $ARCH
+ local t=${1:-${CHOST}}
+ case ${t} in
+ aarch64*)echo "aarch64";;
+ hppa*) echo "parisc";;
+ i?86*) echo "i686";;
+ x86_64*) echo "x86_64";;
+ *) tc-arch ${t};;
+ esac
+}
+
+nssbits() {
+ local cc="${1}CC" cppflags="${1}CPPFLAGS" cflags="${1}CFLAGS"
+ echo > "${T}"/test.c || die
+ ${!cc} ${!cppflags} ${!cflags} -c "${T}"/test.c -o "${T}"/test.o || die
+ case $(file "${T}"/test.o) in
+ *32-bit*x86-64*) echo USE_X32=1;;
+ *64-bit*|*ppc64*|*x86_64*) echo USE_64=1;;
+ *32-bit*|*ppc*|*i386*) ;;
+ *) die "Failed to detect whether your arch is 64bits or 32bits, disable
distcc if you're using it, please";;
+ esac
+}
+
+src_compile() {
+ strip-flags
+
+ tc-export AR RANLIB {BUILD_,}{CC,PKG_CONFIG}
+ local makeargs=(
+ CC="${CC}"
+ AR="${AR} rc \$@"
+ RANLIB="${RANLIB}"
+ OPTIMIZER=
+ $(nssbits)
+ )
+
+ # Take care of nspr settings #436216
+ append-cppflags $(${PKG_CONFIG} nspr --cflags)
+ append-ldflags $(${PKG_CONFIG} nspr --libs-only-L)
+ unset NSPR_INCLUDE_DIR
+ export NSPR_LIB_DIR=${T}/fake-dir
+
+ # Do not let `uname` be used.
+ if use kernel_linux ; then
+ makeargs+=(
+ OS_TARGET=Linux
+ OS_RELEASE=2.6
+ OS_TEST="$(nssarch)"
+ )
+ fi
+
+ export BUILD_OPT=1
+ export NSS_USE_SYSTEM_SQLITE=1
+ export NSDISTMODE=copy
+ export NSS_ENABLE_ECC=1
+ export XCFLAGS="${CFLAGS} ${CPPFLAGS}"
+ export FREEBL_NO_DEPEND=1
+ export ASFLAGS=""
+
+ local d
+
+ # Build the host tools first.
+ LDFLAGS="${BUILD_LDFLAGS}" \
+ XCFLAGS="${BUILD_CFLAGS}" \
+ emake -j1 -C coreconf \
+ CC="${BUILD_CC}" \
+ $(nssbits BUILD_)
+ makeargs+=( NSINSTALL="${PWD}/$(find -type f -name nsinstall)" )
+
+ # Then build the target tools.
+ for d in . lib/dbm ; do
+ emake -j1 "${makeargs[@]}" -C ${d}
+ done
+}
+
+# Altering these 3 libraries breaks the CHK verification.
+# All of the following cause it to break:
+# - stripping
+# - prelink
+# - ELF signing
+# http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
+# Either we have to NOT strip them, or we have to forcibly resign after
+# stripping.
+#local_libdir="$(get_libdir)"
+#export STRIP_MASK="
+# */${local_libdir}/libfreebl3.so*
+# */${local_libdir}/libnssdbm3.so*
+# */${local_libdir}/libsoftokn3.so*"
+
+export NSS_CHK_SIGN_LIBS="freebl3 nssdbm3 softokn3"
+
+generate_chk() {
+ local shlibsign="$1"
+ local libdir="$2"
+ einfo "Resigning core NSS libraries for FIPS validation"
+ shift 2
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libname=lib${i}.so
+ local chkname=lib${i}.chk
+ "${shlibsign}" \
+ -i "${libdir}"/${libname} \
+ -o "${libdir}"/${chkname}.tmp \
+ && mv -f \
+ "${libdir}"/${chkname}.tmp \
+ "${libdir}"/${chkname} \
+ || die "Failed to sign ${libname}"
+ done
+}
+
+cleanup_chk() {
+ local libdir="$1"
+ shift 1
+ local i
+ for i in ${NSS_CHK_SIGN_LIBS} ; do
+ local libfname="${libdir}/lib${i}.so"
+ # If the major version has changed, then we have old chk files.
+ [ ! -f "${libfname}" -a -f "${libfname}.chk" ] \
+ && rm -f "${libfname}.chk"
+ done
+}
+
+src_install() {
+ cd "${S}"/dist
+
+ dodir /usr/$(get_libdir)
+ cp -L */lib/*$(get_libname) "${ED}"/usr/$(get_libdir) || die "copying
shared libs failed"
+ # We generate these after stripping the libraries, else they don't
match.
+ #cp -L */lib/*.chk "${ED}"/usr/$(get_libdir) || die "copying chk files
failed"
+ cp -L */lib/libcrmf.a "${ED}"/usr/$(get_libdir) || die "copying libs
failed"
+
+ # Install nss-config and pkgconfig file
+ dodir /usr/bin
+ cp -L */bin/nss-config "${ED}"/usr/bin
+ dodir /usr/$(get_libdir)/pkgconfig
+ cp -L */lib/pkgconfig/nss.pc "${ED}"/usr/$(get_libdir)/pkgconfig
+
+ # all the include files
+ insinto /usr/include/nss
+ doins public/nss/*.h
+
+ local f nssutils
+ # Always enabled because we need it for chk generation.
+ nssutils="shlibsign"
+ if use utils; then
+ # The tests we do not need to install.
+ #nssutils_test="bltest crmftest dbtest dertimetest
+ #fipstest remtest sdrtest"
+ nssutils="addbuiltin atob baddbdir btoa certcgi certutil
checkcert
+ cmsutil conflict crlutil derdump digest makepqg mangle modutil
multinit
+ nonspr10 ocspclnt oidcalc p7content p7env p7sign p7verify
pk11mode
+ pk12util pp rsaperf selfserv shlibsign signtool signver ssltap
strsclnt
+ symkeyutil tstclnt vfychain vfyserv"
+ fi
+ cd "${S}"/dist/*/bin/
+ for f in ${nssutils}; do
+ dobin ${f}
+ done
+
+ # Prelink breaks the CHK files. We don't have any reliable way to run
+ # shlibsign after prelink.
+ local l libs=() liblist
+ for l in ${NSS_CHK_SIGN_LIBS} ; do
+ libs+=("${EPREFIX}/usr/$(get_libdir)/lib${l}.so")
+ done
+ liblist=$(printf '%s:' "${libs[@]}")
+ echo -e "PRELINK_PATH_MASK=${liblist%:}" > "${T}/90nss"
+ doenvd "${T}/90nss"
+}
+
+pkg_postinst() {
+ # We must re-sign the libraries AFTER they are stripped.
+ local shlibsign="${EROOT}/usr/bin/shlibsign"
+ # See if we can execute it (cross-compiling & such). #436216
+ "${shlibsign}" -h >&/dev/null
+ if [[ $? -gt 1 ]] ; then
+ shlibsign="shlibsign"
+ fi
+ generate_chk "${shlibsign}" "${EROOT}"/usr/$(get_libdir)
+}
+
+pkg_postrm() {
+ cleanup_chk "${EROOT}"/usr/$(get_libdir)
+}
