1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# $Id$
# Maintainer: Jan de Groot <jgc@archlinux.org>
pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
pkgver=3.17
pkgrel=3
pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64)
url="http://www.mozilla.org/projects/security/pki/nss/"
license=('MPL' 'GPL')
_nsprver=4.10.7
depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh' 'p11-kit')
makedepends=('perl' 'python2')
options=('!strip' '!makeflags' 'staticlibs')
source=("ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
"certdata2pem.py::http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git/plain/mozilla/certdata2pem.py?id=15470c64b5464d273556a290b1e7b50b32a2e5a0"
nss.pc.in
nss-config.in
ssl-renegotiate-transitional.patch
certdata2pem.py-loudness.patch)
sha256sums=('3b1abcd8f89211dda2cc739bfa76552d080f7ea80482ef2727b006548a7f0c81'
'57bd6f309736825fc0edbf7d522726224764520595dfdddd0dba59158839e863'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
'12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97'
'90f8e72fbcca9ce907dcf6565bcd95ca23d2da5d87caee64c141ac54680f8703')
prepare() {
mkdir certs
patch --follow-symlinks certdata2pem.py certdata2pem.py-loudness.patch
cd nss-$pkgver
# Adds transitional SSL renegotiate support - patch from Debian
patch -Np3 -i ../ssl-renegotiate-transitional.patch
# Respect LDFLAGS
sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \
-i nss/coreconf/rules.mk
ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
}
build() {
cd certs
python2 ../certdata2pem.py
printf "mozilla/%s\n" *.crt > mozilla.conf
test -s mozilla.conf
cd ../nss-$pkgver/nss
export BUILD_OPT=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
export NSPR_INCLUDE_DIR="`nspr-config --includedir`"
export NSPR_LIB_DIR="`nspr-config --libdir`"
export XCFLAGS="${CFLAGS}"
[ "$CARCH" = "x86_64" ] && export USE_64=1
make -C coreconf
make -C lib/dbm
make
}
package_nss() {
cd nss-$pkgver
install -d "$pkgdir"/usr/{bin,include/nss,lib/pkgconfig}
NSS_VMAJOR=$(grep '#define.*NSS_VMAJOR' nss/lib/nss/nss.h | awk '{print $3}')
NSS_VMINOR=$(grep '#define.*NSS_VMINOR' nss/lib/nss/nss.h | awk '{print $3}')
NSS_VPATCH=$(grep '#define.*NSS_VPATCH' nss/lib/nss/nss.h | awk '{print $3}')
sed ../nss.pc.in \
-e "s,%libdir%,/usr/lib,g" \
-e "s,%prefix%,/usr,g" \
-e "s,%exec_prefix%,/usr/bin,g" \
-e "s,%includedir%,/usr/include/nss,g" \
-e "s,%NSPR_VERSION%,${_nsprver},g" \
-e "s,%NSS_VERSION%,${pkgver},g" \
> "$pkgdir/usr/lib/pkgconfig/nss.pc"
ln -s nss.pc "$pkgdir/usr/lib/pkgconfig/mozilla-nss.pc"
sed ../nss-config.in \
-e "s,@libdir@,/usr/lib,g" \
-e "s,@prefix@,/usr/bin,g" \
-e "s,@exec_prefix@,/usr/bin,g" \
-e "s,@includedir@,/usr/include/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
> "$pkgdir/usr/bin/nss-config"
chmod 755 "$pkgdir/usr/bin/nss-config"
cd dist/*.OBJ/bin
install -t "$pkgdir/usr/bin" *util shlibsign signtool signver ssltap
cd ../lib
install -t "$pkgdir/usr/lib" *.so
install -t "$pkgdir/usr/lib" -m644 libcrmf.a *.chk
cd ../../public/nss
install -t "$pkgdir/usr/include/nss" -m644 *.h
rm "$pkgdir/usr/lib/libnssckbi.so"
ln -s pkcs11/p11-kit-trust.so "$pkgdir/usr/lib/libnssckbi.so"
}
package_ca-certificates-mozilla() {
pkgdesc="Mozilla's set of trusted CA certificates"
depends=(ca-certificates-utils)
install=ca-certificates-mozilla.install
cd certs
local _certdir="$pkgdir/usr/share/ca-certificates/mozilla"
install -d "$_certdir"
install -t "$_certdir" -m644 *.crt
install -Dm644 mozilla.conf "$pkgdir/etc/ca-certificates/conf.d/mozilla.conf"
}
|