Resolves: #1347336 - decouple nss-pem from the nss package

2016-07-20 13:03:08 +02:00 · 2016-07-20 13:03:08 +02:00 · 277c53ec53
parent 6d945e783b
commit 277c53ec53
6 changed files with 11 additions and 131 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,7 +7,6 @@ PayPalEE.cert
 TestCA.ca.cert
 TestUser50.cert
 TestUser51.cert
-/nss-pem-20160308.tar.bz2
 /PayPalRootCA.cert
 /PayPalICA.cert
 /nss-3.25.0.tar.gz
--- a/nss-enable-pem.patch
+++ b/nss-enable-pem.patch
@ -1,12 +0,0 @@
-diff -up nss/lib/ckfw/manifest.mn.libpem nss/lib/ckfw/manifest.mn
--- nss/lib/ckfw/manifest.mn.libpem	2013-05-28 14:43:24.000000000 -0700
-+++ nss/lib/ckfw/manifest.mn	2013-05-30 22:14:49.247459672 -0700
-@@ -5,7 +5,7 @@
- 
- CORE_DEPTH = ../..
- 
-DIRS = builtins 
-+DIRS = builtins pem
- 
- PRIVATE_EXPORTS = \
- 	ck.h		  \
--- a/nss-pem-unitialized-vars.path
+++ b/nss-pem-unitialized-vars.path
@ -1,15 +0,0 @@
-diff -up ./lib/ckfw/pem/pinst.c.unitialized_vars ./lib/ckfw/pem/pinst.c
--- ./lib/ckfw/pem/pinst.c.unitialized_var	2016-05-21 19:04:24.471221863 -0700
-+++ ./lib/ckfw/pem/pinst.c	2016-05-21 19:31:07.124298651 -0700
-@@ -534,9 +534,9 @@ CK_RV
- AddCertificate(char *certfile, char *keyfile, PRBool cacert,
-                CK_SLOT_ID slotID)
- {
-    pemInternalObject *o;
-+    pemInternalObject *o = NULL;
-     CK_RV error = 0;
-    int objid, i;
-+    int objid, i = 0;
-     int nobjs = 0;
-     SECItem **objs = NULL;
-     char *ivstring = NULL;
--- a/nss.spec
+++ b/nss.spec
@ -21,7 +21,7 @@ Name:             nss
 Version:          3.25.0
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release:          1.1%{?dist}
+Release:          1.2%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -45,6 +45,12 @@ BuildRequires:    gawk
 BuildRequires:    psmisc
 BuildRequires:    perl

+# nss-pem used to be bundled with the nss package on Fedora -- make sure that
+# programs relying on that continue to work until they are fixed to require
+# nss-pem instead.  Once all of them are fixed, the following line can be
+# removed.  See https://bugzilla.redhat.com/1346806 for details.
+Requires:         nss-pem
+
 %{!?nss_ckbi_suffix:%define full_nss_version %{version}}
 %{?nss_ckbi_suffix:%define full_nss_version %{version}%{nss_ckbi_suffix}}

@ -58,7 +64,6 @@ Source6:          blank-cert9.db
 Source7:          blank-key4.db
 Source8:          system-pkcs11.txt
 Source9:          setup-nsssysinit.sh
-Source12:         %{name}-pem-20160308.tar.bz2
 Source20:         nss-config.xml
 Source21:         setup-nsssysinit.xml
 Source22:         pkcs11.txt.xml
@ -70,14 +75,8 @@ Source27:         secmod.db.xml

 Patch2:           add-relro-linker-option.patch
 Patch3:           renegotiate-transitional.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=402712
-Patch6:           nss-enable-pem.patch
-# Below reference applies to most pem module related patches
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
 Patch16:          nss-539183.patch
-# must statically link pem against the freebl in the buildroot
-# Needed only when freebl on tree has new APIS
-Patch25:          nsspem-use-system-freebl.patch
 # TODO: Remove this patch when the ocsp test are fixed
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
@ -93,7 +92,6 @@ Patch49:          nss-skip-bltest-and-fipstest.patch
 Patch50:          iquote.patch
 # Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
 Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
-Patch60: nss-pem-unitialized-vars.path
 Patch61: nss-skip-util-gtest.patch
 # TODO: file a bug upstream similar to the one for rsaperf
 Patch70: nss-skip-ecperf.patch
@ -167,21 +165,16 @@ low level services.

 %prep
 %setup -q
-%setup -q -T -D -n %{name}-%{version} -a 12

 %patch2 -p0 -b .relro
 %patch3 -p0 -b .transitional
-%patch6 -p0 -b .libpem
 %patch16 -p0 -b .539183
-# link pem against buildroot's freebl, essential when mixing and matching
-%patch25 -p0 -b .systemfreebl
 %patch40 -p0 -b .noocsptest
 %patch47 -p0 -b .templates
 %patch49 -p0 -b .skipthem
 %patch50 -p0 -b .iquote
 %patch58 -p0 -b .1185708_3des
 pushd nss
-%patch60 -p1 -b .unitialized_vars
 %patch61 -p1 -b .skip_util_gtest
 %patch70 -p1 -b .skip_ecperf
 popd
@ -192,11 +185,6 @@ popd
 # until fixed upstream we must copy some headers locally
 #########################################################

-pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
-for file in ${pemNeedsFromSoftoken}; do
-    %{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
-done
-
 # Copying these header until the upstream bug is accepted
 # Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
 %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
@ -526,7 +514,7 @@ touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so
 %{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so

 # Copy the binary libraries we want
-for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
+for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so
 do
  %{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
 done
@ -652,7 +640,6 @@ fi
 %{_libdir}/libsmime3.so
 %ghost %{_libdir}/libnssckbi.so
 %{_libdir}/nss/libnssckbi.so
-%{_libdir}/libnsspem.so
 %dir %{_sysconfdir}/pki/nssdb
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
@ -748,7 +735,6 @@ fi
 %{_includedir}/nss3/keythi.h
 %{_includedir}/nss3/nss.h
 %{_includedir}/nss3/nssckbi.h
-%{_includedir}/nss3/nsspem.h
 %{_includedir}/nss3/ocsp.h
 %{_includedir}/nss3/ocspt.h
 %{_includedir}/nss3/p12.h
@ -793,6 +779,9 @@ fi


 %changelog
+* Wed Jul 20 2016 Kamil Dudka <kdudka@redhat.com> - 3.25.0-1.2
+- decouple nss-pem from the nss package (#1347336)
+
 * Fri Jul 08 2016 Elio Maldonado <emaldona@redhat.com> - 3.25.0-1.1
 - Tidy up the spec file

--- a/nsspem-use-system-freebl.patch
+++ b/nsspem-use-system-freebl.patch
@ -1,80 +0,0 @@
-diff -up nss/lib/ckfw/pem/config.mk.systemfreebl nss/lib/ckfw/pem/config.mk
--- nss/lib/ckfw/pem/config.mk.systemfreebl	2012-08-11 09:06:59.000000000 -0700
-+++ nss/lib/ckfw/pem/config.mk	2013-04-04 16:02:33.805744145 -0700
-@@ -41,6 +41,11 @@ CONFIG_CVS_ID = "@(#) $RCSfile: config.m
- #  are specifed as dependencies within rules.mk.
- #
- 
-+
-+EXTRA_LIBS += \
-+	$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
-+	$(NULL)
-+
- TARGETS        = $(SHARED_LIBRARY)
- LIBRARY        =
- IMPORT_LIBRARY =
-@@ -69,3 +74,22 @@ ifeq ($(OS_TARGET),SunOS)
- MKSHLIB += -R '$$ORIGIN'
- endif
- 
-+# If a platform has a system nssutil, set USE_SYSTEM_NSSUTIL to 1 and
-+# NSSUTIL_LIBS to the linker command-line arguments for the system nssutil
-+# (for example, -lnssutil3 on fedora) in the platform's config file in coreconf.
-+ifdef USE_SYSTEM_NSSUTIL
-+OS_LIBS += $(NSSUTIL_LIBS)
-+else
-+NSSUTIL_LIBS = $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX)
-+EXTRA_LIBS += $(NSSUTIL_LIBS)
-+endif
-+# If a platform has a system freebl, set USE_SYSTEM_FREEBL to 1 and
-+# FREEBL_LIBS to the linker command-line arguments for the system nssutil
-+# (for example, -lfreebl3 on fedora) in the platform's config file in coreconf.
-+ifdef USE_SYSTEM_FREEBL
-+OS_LIBS += $(FREEBL_LIBS)
-+else
-+FREEBL_LIBS = $(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX)
-+EXTRA_LIBS += $(FREEBL_LIBS)
-+endif
-+
-diff -up nss/lib/ckfw/pem/Makefile.systemfreebl nss/lib/ckfw/pem/Makefile
--- nss/lib/ckfw/pem/Makefile.systemfreebl	2012-08-11 09:06:59.000000000 -0700
-+++ nss/lib/ckfw/pem/Makefile	2013-04-04 16:02:33.806744154 -0700
-@@ -43,8 +43,7 @@ include config.mk
- EXTRA_LIBS = \
- 	$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
- 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
-+	$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \
- 	$(NULL)
- 
- # can't do this in manifest.mn because OS_TARGET isn't defined there.
-@@ -56,6 +55,9 @@ EXTRA_LIBS += \
- 	-lplc4 \
- 	-lplds4 \
- 	-lnspr4 \
-+	-L$(NSSUTIL_LIB_DIR) \
-+	-lnssutil3 \
-+	-lfreebl3
- 	$(NULL)
- else 
- EXTRA_SHARED_LIBS += \
-@@ -74,6 +76,9 @@ EXTRA_LIBS += \
- 	-lplc4 \
- 	-lplds4 \
- 	-lnspr4 \
-+	-L$(NSSUTIL_LIB_DIR) \
-+	-lnssutil3 \
-+	-lfreebl3 \
- 	$(NULL)
- endif
- 
-diff -up nss/lib/ckfw/pem/manifest.mn.systemfreebl nss/lib/ckfw/pem/manifest.mn
--- nss/lib/ckfw/pem/manifest.mn.systemfreebl	2012-08-11 09:06:59.000000000 -0700
-+++ nss/lib/ckfw/pem/manifest.mn	2013-04-04 16:02:33.807744163 -0700
-@@ -65,4 +65,4 @@ REQUIRES = nspr
- 
- LIBRARY_NAME = nsspem
- 
-#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
-+EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 -L$(NSS_LIB_DIR) -lnssutil3 -lfreebl3 -lsoftokn3
--- a/1
+++ b/1
@ -3,5 +3,4 @@ a5ae49867124ac75f029a9a33af31bad  blank-cert8.db
 73bc040a0542bba387e6dd7fb9fd7d23  blank-secmod.db
 691e663ccc07b7a1eaa6f088e03bf8e2  blank-cert9.db
 2ec9e0606ba40fe65196545564b7cc2a  blank-key4.db
-4d8e770b105483e365f3327d883dd229  nss-pem-20160308.tar.bz2
 950263d15d1f055605bfb6e634a1a019  nss-3.25.0.tar.gz