mirror of
https://gitdl.cn/https://github.com/chakralinux/core.git
synced 2025-02-10 14:24:36 +08:00
128 lines
4.2 KiB
Bash
128 lines
4.2 KiB
Bash
# TODO: Always remember to build lib32-nss when bumping pkgver
|
|
|
|
pkgbase=nss
|
|
pkgname=(nss ca-certificates-mozilla)
|
|
pkgver=3.21
|
|
pkgrel=1
|
|
pkgdesc="Mozilla Network Security Services"
|
|
arch=('x86_64')
|
|
url="http://www.mozilla.org/projects/security/pki/nss/"
|
|
license=('MPL' 'GPL')
|
|
_nsprver=4.10.10
|
|
depends=("nspr>=${_nsprver}" 'sqlite3' 'zlib' 'sh' 'p11-kit')
|
|
makedepends=('perl' 'python2')
|
|
options=('!strip' '!makeflags' 'staticlibs')
|
|
source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
|
|
certdata2pem.py
|
|
bundle.sh
|
|
nss.pc.in
|
|
nss-config.in
|
|
ssl-renegotiate-transitional.patch
|
|
legacy-certs.patch)
|
|
sha256sums=('3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239'
|
|
'880b10445a9472826698fd186ca870a6492c1bbd264bbeed95cbedc6ee6041b2'
|
|
'045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180'
|
|
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
|
|
'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
|
|
'12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97'
|
|
'704a9608a58d129d8afac787a12f3c46e9fef3025ff3ab9ecacbc35d1f663a8c')
|
|
|
|
prepare() {
|
|
mkdir certs
|
|
|
|
cd nss-$pkgver
|
|
|
|
# Adds transitional SSL renegotiate support - patch from Debian
|
|
patch -Np3 -i ../ssl-renegotiate-transitional.patch
|
|
|
|
# Temporarily reenable several weak certificates until OpenSSL
|
|
# and GnuTLS manage to handle multiple intermediates
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1144808
|
|
# https://gist.github.com/grawity/15eabf67191e17080241
|
|
# Altered again to readd trust removed in 3.17.3
|
|
patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch
|
|
|
|
# Respect LDFLAGS
|
|
sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \
|
|
-i nss/coreconf/rules.mk
|
|
|
|
ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
|
|
ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/
|
|
}
|
|
|
|
|
|
build() {
|
|
cd certs
|
|
python2 ../certdata2pem.py
|
|
|
|
cd ..
|
|
sh bundle.sh
|
|
|
|
cd nss-$pkgver/nss
|
|
export BUILD_OPT=1
|
|
export NSS_USE_SYSTEM_SQLITE=1
|
|
export NSS_ENABLE_ECC=1
|
|
export NSPR_INCLUDE_DIR="`nspr-config --includedir`"
|
|
export NSPR_LIB_DIR="`nspr-config --libdir`"
|
|
export XCFLAGS="${CFLAGS}"
|
|
export USE_64=1
|
|
|
|
make -C coreconf
|
|
make -C lib/dbm
|
|
make
|
|
}
|
|
|
|
package_nss() {
|
|
cd nss-$pkgver
|
|
install -d "$pkgdir"/usr/{bin,include/nss,lib/pkgconfig}
|
|
|
|
NSS_VMAJOR=$(grep '#define.*NSS_VMAJOR' nss/lib/nss/nss.h | awk '{print $3}')
|
|
NSS_VMINOR=$(grep '#define.*NSS_VMINOR' nss/lib/nss/nss.h | awk '{print $3}')
|
|
NSS_VPATCH=$(grep '#define.*NSS_VPATCH' nss/lib/nss/nss.h | awk '{print $3}')
|
|
|
|
sed ../nss.pc.in \
|
|
-e "s,%libdir%,/usr/lib,g" \
|
|
-e "s,%prefix%,/usr,g" \
|
|
-e "s,%exec_prefix%,/usr/bin,g" \
|
|
-e "s,%includedir%,/usr/include/nss,g" \
|
|
-e "s,%NSPR_VERSION%,${_nsprver},g" \
|
|
-e "s,%NSS_VERSION%,${pkgver},g" \
|
|
> "$pkgdir/usr/lib/pkgconfig/nss.pc"
|
|
ln -s nss.pc "$pkgdir/usr/lib/pkgconfig/mozilla-nss.pc"
|
|
|
|
sed ../nss-config.in \
|
|
-e "s,@libdir@,/usr/lib,g" \
|
|
-e "s,@prefix@,/usr/bin,g" \
|
|
-e "s,@exec_prefix@,/usr/bin,g" \
|
|
-e "s,@includedir@,/usr/include/nss,g" \
|
|
-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
|
|
-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
|
|
-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
|
|
> "$pkgdir/usr/bin/nss-config"
|
|
chmod 755 "$pkgdir/usr/bin/nss-config"
|
|
|
|
cd dist/*.OBJ/bin
|
|
install -t "$pkgdir/usr/bin" *util shlibsign signtool signver ssltap
|
|
|
|
cd ../lib
|
|
install -t "$pkgdir/usr/lib" *.so
|
|
install -t "$pkgdir/usr/lib" -m644 libcrmf.a *.chk
|
|
|
|
cd ../../public/nss
|
|
install -t "$pkgdir/usr/include/nss" -m644 *.h
|
|
|
|
rm "$pkgdir/usr/lib/libnssckbi.so"
|
|
ln -s pkcs11/p11-kit-trust.so "$pkgdir/usr/lib/libnssckbi.so"
|
|
}
|
|
|
|
package_ca-certificates-mozilla() {
|
|
pkgdesc="Mozilla's set of trusted CA certificates"
|
|
depends=("ca-certificates-utils>=20140923-1")
|
|
install=ca-certificates-mozilla.install
|
|
|
|
local _certdir="$pkgdir/usr/share/ca-certificates/trust-source"
|
|
install -Dm644 ca-bundle.trust.crt "$_certdir/mozilla.trust.crt"
|
|
install -Dm644 ca-bundle.neutral-trust.crt "$_certdir/mozilla.neutral-trust.crt"
|
|
install -Dm644 ca-bundle.supplement.p11-kit "$_certdir/mozilla.supplement.p11-kit"
|
|
}
|