PKGBUILDs/core/nss/PKGBUILD
2019-12-07 00:23:10 +00:00

108 lines
3.5 KiB
Bash

# Maintainer: Jan de Groot <jgc@archlinux.org>
# ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
# - remove -march=armv8-a in AArch64 CFLAGS to not conflict with -march=armv8-a+crypto being added
# this is a stupid, dirty hack that shouldn't be necessary
# - patch to remove armv8-specific code in freebl so that other architectures can build
pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
pkgver=3.48
pkgrel=1
pkgdesc="Network Security Services"
url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
arch=(x86_64)
license=(MPL GPL)
_nsprver=4.20
depends=("nspr>=${_nsprver}" sqlite zlib sh p11-kit)
makedepends=(perl python gyp)
source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
nss-3.47-certdb-temp-cert.patch
certdata2pem.py bundle.sh
0001-Remove-ARM-AES-from-freebl-gyp.patch)
sha256sums=('3f9c822a86a4e3e1bfe63e2ed0f922d8b7c2e0b7cafe36774b1c627970d0f8ac'
'bd16ba87e5ea736888f76dd54dff18b25ca6608245c0195fb85bad3d782db73c'
'0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0'
'3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd'
'8372d34fdeeebd23e1daa7ee1f67510f050cba30c884f81e067dba46f94d1dcf')
prepare() {
mkdir certs
cd nss-$pkgver
ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/
# https://bugzilla.mozilla.org/show_bug.cgi?id=1593167
patch -d nss -Np1 < ../nss-3.47-certdb-temp-cert.patch
if [[ $CARCH != "aarch64" ]]; then
patch -p1 -d nss -i $srcdir/0001-Remove-ARM-AES-from-freebl-gyp.patch
fi
}
build() {
[[ $CARCH == "aarch64" ]] && CFLAGS=`echo $CFLAGS | sed -e 's/-march=armv8-a//'` && CXXFLAGS="$CFLAGS"
cd certs
../certdata2pem.py
cd ..
./bundle.sh
cd nss-$pkgver/nss
./build.sh -v --opt --system-sqlite --system-nspr --enable-libpkix --disable-tests
}
package_nss() {
local vmajor vminor vpatch
cd nss-$pkgver
{ read vmajor; read vminor; read vpatch; } \
< <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' nss/lib/nss/nss.h)
sed nss/pkg/pkg-config/nss.pc.in \
-e "s,%libdir%,/usr/lib,g" \
-e "s,%prefix%,/usr,g" \
-e "s,%exec_prefix%,/usr/bin,g" \
-e "s,%includedir%,/usr/include/nss,g" \
-e "s,%NSPR_VERSION%,$_nsprver,g" \
-e "s,%NSS_VERSION%,$pkgver,g" |
install -Dm644 /dev/stdin "$pkgdir/usr/lib/pkgconfig/nss.pc"
ln -s nss.pc "$pkgdir/usr/lib/pkgconfig/mozilla-nss.pc"
sed nss/pkg/pkg-config/nss-config.in \
-e "s,@libdir@,/usr/lib,g" \
-e "s,@prefix@,/usr/bin,g" \
-e "s,@exec_prefix@,/usr/bin,g" \
-e "s,@includedir@,/usr/include/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \
-e "s,@MOD_MINOR_VERSION@,$vminor,g" \
-e "s,@MOD_PATCH_VERSION@,$vpatch,g" |
install -D /dev/stdin "$pkgdir/usr/bin/nss-config"
cd nss/doc/nroff
install -Dt "$pkgdir/usr/share/man/man1" -m644 *util.1 signtool.1 signver.1 ssltap.1
cd ../../../dist
install -Dt "$pkgdir/usr/include/nss" -m644 public/nss/*.h
cd Release/bin
install -Dt "$pkgdir/usr/bin" *util shlibsign signtool signver ssltap
cd ../lib
install -Dt "$pkgdir/usr/lib" *.so
install -Dt "$pkgdir/usr/lib" -m644 *.chk
# Replace built-in trust with p11-kit connection
ln -sf libnssckbi-p11-kit.so "$pkgdir/usr/lib/libnssckbi.so"
}
package_ca-certificates-mozilla() {
pkgdesc="Mozilla's set of trusted CA certificates"
depends=(ca-certificates-utils)
install -Dm644 ca-bundle.trust.p11-kit \
"$pkgdir/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit"
}