From 614e62c67d079762c82d5076287fa8ea40aec187 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 13 Aug 2020 11:29:25 +0200 Subject: [PATCH] Fix DBM backend disablement Also add scriptlet to migrate old DBM databases. --- nss-disable-legacydb.patch | 14 ++++++++++++++ nss.spec | 24 +++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 nss-disable-legacydb.patch diff --git a/nss-disable-legacydb.patch b/nss-disable-legacydb.patch new file mode 100644 index 0000000..0edb9d9 --- /dev/null +++ b/nss-disable-legacydb.patch @@ -0,0 +1,14 @@ +diff -up nss/lib/softoken/Makefile.dbm nss/lib/softoken/Makefile +diff -up nss/lib/softoken/manifest.mn.dbm nss/lib/softoken/manifest.mn +--- nss/lib/softoken/manifest.mn.dbm 2020-08-13 11:03:53.511561201 +0200 ++++ nss/lib/softoken/manifest.mn 2020-08-13 11:05:17.148194158 +0200 +@@ -5,7 +5,9 @@ + CORE_DEPTH = ../.. + + MODULE = nss ++ifndef NSS_DISABLE_DBM + DIRS = legacydb ++endif + + LIBRARY_NAME = softokn + LIBRARY_VERSION = 3 diff --git a/nss.spec b/nss.spec index 1831454..0b1b9fd 100644 --- a/nss.spec +++ b/nss.spec @@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 2%{?dist} +Release: 3%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -106,6 +106,10 @@ Patch2: nss-539183.patch # Once the buildroot aha been bootstrapped the patch may be removed # but it doesn't hurt to keep it. Patch4: iquote.patch +%if %{with dbm} +%else +Patch11: nss-disable-legacydb.patch +%endif Patch12: nss-signtool-format.patch %if 0%{?fedora} < 34 %if 0%{?rhel} < 9 @@ -631,6 +635,20 @@ install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/loc # from previous versions of nss.spec /usr/bin/setup-nsssysinit.sh on +%post +%if %{with dbm} +%else +# Upon upgrade, ensure that the existing database locations are migrated to SQL +# database. +if test $1 -eq 2; then + for dbdir in %{_sysconfdir}/pki/nssdb; do + if test ! -e ${dbdir}/pkcs11.txt; then + /usr/bin/certutil --merge -d ${dbdir} --source-dir ${dbdir} + fi + done +fi +%endif + %posttrans update-crypto-policies &> /dev/null || : @@ -887,6 +905,10 @@ update-crypto-policies &> /dev/null || : %changelog +* Thu Aug 13 2020 Daiki Ueno - 3.55.0-3 +- Fix DBM backend disablement +- Add scriptlet to auto-migrated known database locations + * Sat Aug 8 2020 Daiki Ueno - 3.55.0-2 - Disable LTO