# Maintainer: Jan Alexander Steffens (heftig) # Contributor: Jan de Groot # ALARM: Kevin Mihelich # - remove --target x64 from build.sh line # - add -Ddisable_arm32_neon=1 -Ddisable_arm_hw_aes=1 -Ddisable_arm_hw_sha1=1 -Ddisable_arm_hw_sha2=1 to build.sh # - remove -march=armv8-a in AArch64 CFLAGS to not conflict with -march=armv8-a+crypto being added pkgbase=nss pkgname=(nss ca-certificates-mozilla) pkgver=3.59 pkgrel=1 pkgdesc="Network Security Services" url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" arch=(x86_64) license=(MPL GPL) depends=(nspr sqlite zlib sh 'p11-kit>=0.23.19') makedepends=(perl python gyp) source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz" certdata2pem.py bundle.sh 0001-Don-t-USE_ARM_GCM.patch 0002-fix-armv8_c_lib-dependency.patch) sha256sums=('e6298174caa8527beacdc2858f77ed098d7047c1792846040e27e420fed0ce24' 'd2a1579dae05fd16175fac27ef08b54731ecefdf414085c610179afcf62b096c' '3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd' '4587713da0a82ac2a994f71c08f6b73a8fbba95e4373f39402f22f813fc4259e' '1799db595ce8d8f7672731b4ccad2bf5e10d014e9b0032432e9cf0483c252c0a') prepare() { cd nss-$pkgver/nss mkdir "$srcdir/certs" ln -srt "$srcdir/certs" lib/ckfw/builtins/{certdata.txt,nssckbi.h} patch -p1 -i "${srcdir}"/0001-Don-t-USE_ARM_GCM.patch patch -p1 -i "${srcdir}"/0002-fix-armv8_c_lib-dependency.patch } build() { [[ $CARCH == "aarch64" ]] && CFLAGS=`echo $CFLAGS | sed -e 's/-march=armv8-a//'` && CXXFLAGS="$CFLAGS" cd certs ../certdata2pem.py cd .. ./bundle.sh cd nss-$pkgver/nss ./build.sh \ --opt \ --system-sqlite \ --system-nspr \ --enable-libpkix \ --disable-tests \ -Ddisable_arm32_neon=1 \ -Ddisable_arm_hw_aes=1 \ -Ddisable_arm_hw_sha1=1 \ -Ddisable_arm_hw_sha2=1 } package_nss() { cd nss-$pkgver local libdir=/usr/lib nsprver="$(pkg-config --modversion nspr)" sed nss/pkg/pkg-config/nss.pc.in \ -e "s,%libdir%,$libdir,g" \ -e "s,%prefix%,/usr,g" \ -e "s,%exec_prefix%,/usr/bin,g" \ -e "s,%includedir%,/usr/include/nss,g" \ -e "s,%NSPR_VERSION%,$nsprver,g" \ -e "s,%NSS_VERSION%,$pkgver,g" | install -Dm644 /dev/stdin "$pkgdir$libdir/pkgconfig/nss.pc" ln -s nss.pc "$pkgdir$libdir/pkgconfig/mozilla-nss.pc" install -Dt "$pkgdir$libdir" dist/Release/lib/*.so install -Dt "$pkgdir$libdir" -m644 dist/Release/lib/*.chk local vmajor vminor vpatch { read vmajor; read vminor; read vpatch; } \ < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' nss/lib/nss/nss.h) sed nss/pkg/pkg-config/nss-config.in \ -e "s,@libdir@,$libdir,g" \ -e "s,@prefix@,/usr/bin,g" \ -e "s,@exec_prefix@,/usr/bin,g" \ -e "s,@includedir@,/usr/include/nss,g" \ -e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \ -e "s,@MOD_MINOR_VERSION@,$vminor,g" \ -e "s,@MOD_PATCH_VERSION@,$vpatch,g" | install -D /dev/stdin "$pkgdir/usr/bin/nss-config" install -Dt "$pkgdir/usr/bin" \ dist/Release/bin/{*util,shlibsign,signtool,signver,ssltap} install -Dt "$pkgdir/usr/include/nss" -m644 dist/public/nss/*.h install -Dt "$pkgdir/usr/share/man/man1" -m644 \ nss/doc/nroff/{*util,signtool,signver,ssltap}.1 # Replace built-in trust with p11-kit connection ln -s pkcs11/p11-kit-trust.so "$pkgdir$libdir/p11-kit-trust.so" ln -sf p11-kit-trust.so "$pkgdir$libdir/libnssckbi.so" } package_ca-certificates-mozilla() { pkgdesc="Mozilla's set of trusted CA certificates" depends=('ca-certificates-utils>=20181109-3') install -Dm644 ca-bundle.trust.p11-kit \ "$pkgdir/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit" } # vim:set sw=2 et: