The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
This update involves a bunch of fixes on our side:
Update the Gentoo patch to 3.14.1 from http://bit.ly/ZG8OK5 and drop the older
one from http://bit.ly/15mN0X1 (for 3.12.5).
While checking the old patch from Gentoo, I discovered, that the patch added in
revision 06c543b11d wasn't the original one in the
Gentoo repository.
Instead of doing the same again, we now patch up our specific modifications
using sed within the postPatch hook.
In addition to that, we now have another patch from RedHat/Fedora which syncs
the NSS PEM support repository with the latest upstream changes. Patch is coming
from the SRPM at http://koji.fedoraproject.org/koji/rpminfo?rpmID=3772072 and I
just stripped the "0001-" prefix from the filename.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We now provide an additional URL from the Debian Git repository as well, just to
be sure that the URL is available.
And, well, of course fix the URL that has gone invalid.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Before, the entire directory was deleted and recreated, which fails if we want
to sign libraries (shlibsign is obviously deleted in that step as well), so we
delete everything but "nss-config" on postFixup.
This adds a patch from Debian, as they're already have security modules from NSS
in it's own library directory rather than /usr/lib{,64}/ and patch in loading of
libsoftokn as well.
The patch and our own fix of the patch (well, they hardcode Debian specific
stuff in there) ensures that SECMOD_AddNewModule() will find the right module
from the derivation's output path, so the built-in CA root certificates are
recognized and verified correctly.
Running NSS in FIPS mode is only possible if the libraries are signed correctly,
so we're doing this in the postFixup hook, to insure nothing gets altered after
that phase.
For more information about FIPS mode, please see:
https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation
