- Indicate the provenance of stripped source tarball (#688015)

- Add the code stripping script to the sources
2011-07-23 20:16:38 -07:00 · 2011-07-23 20:16:38 -07:00 · a7fb38e80b
parent e2ce6e022c
commit a7fb38e80b
2 changed files with 144 additions and 2 deletions
--- a/mozilla-crypto-strip.sh
+++ b/mozilla-crypto-strip.sh
@ -0,0 +1,128 @@
+#!/bin/sh
+set -e
+
+if test -z $1
+then
+  echo "usage: $0 <input-tarball>"
+  exit
+fi
+
+ORIGDIR=`pwd`
+WORKDIR=nss_ecc_strip_working_dir
+EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'`
+BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'`
+COMPRESS=""
+
+if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2"
+then
+  COMPRESS="j"
+fi
+
+if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz"
+then
+  COMPRESS="z"
+fi
+
+if test "x$COMPRESS" = "x"
+then
+  echo "unable to process, input file $1 has unsupported extension"
+  exit
+fi
+
+echo "== extension is $EXTENSION - ok"
+echo "== new extension will be $JEXTENSION"
+echo "== cleaning old workdir $WORKDIR"
+
+rm -rf $WORKDIR
+mkdir $WORKDIR
+
+echo "== extracting input archive $1"
+tar -x -$COMPRESS -C $WORKDIR -f $1
+
+echo "changing into $WORKDIR"
+pushd $WORKDIR
+
+DIRCOUNT=`ls -1 | wc -l`
+if test $DIRCOUNT -ne 1
+then
+  echo "unable to process, $1 contains more than one toplevel directory"
+  exit
+fi
+
+TOPDIR=`ls -1`
+if test "x$TOPDIR" != "xmozilla"
+then
+  # try to deal with a single additional subdirectory above "mozilla"
+  echo "== skipping toplevel directory $TOPDIR"
+  cd $TOPDIR
+fi
+
+DIRCOUNT=`ls -1 | wc -l`
+if test $DIRCOUNT -ne 1
+then
+  echo "unable to process, $1 contains more than one second level directory"
+  exit
+fi
+
+SINGLEDIR=`ls -1`
+if test "x$SINGLEDIR" != "xmozilla"
+then
+  echo "unable to process, first or second level directory is not mozilla"
+  exit
+fi
+
+echo "== input archive accepted, now processing"
+
+REALFREEBLDIR=mozilla/security/nss/lib/freebl
+FREEBLDIR=./$REALFREEBLDIR
+
+rm -rf ./mozilla/security/nss/cmd/ecperf
+
+mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save
+rm -rf ${FREEBLDIR}/ecl/tests
+rm -rf ${FREEBLDIR}/ecl/CVS
+for i in ${FREEBLDIR}/ecl/* ; do
+echo clobbering $i
+ > $i
+done
+mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h
+
+for j in ${FREEBLDIR}/ec.*; do
+        echo unifdef $j
+        cat $j | \
+        awk    'BEGIN {ech=1; prt=0;} \
+                /^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \
+                /^#[ \t]*if/ {if(ech < 1) ech--;} \
+                {if(ech>0) {;print $0};} \
+                /^#[ \t]*endif/ {if(ech < 1) ech++;} \
+                {if (prt && (ech<=0)) {;print $0}; } \
+                {if (ech>0) {prt=0;} } \
+                /^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \
+        mv $j.hobbled $j
+done
+
+echo "== returning to original directory"
+popd
+
+JCOMPRESS=j
+JEXTENSION=.tar.bz2
+NEWARCHIVE=$BASE-stripped$JEXTENSION
+echo "== finally producing new archive $NEWARCHIVE"
+tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR
+
+echo "== all done, listing of old and new archive:"
+ls -l $1
+ls -l $NEWARCHIVE
+
+LISTING_DIR=""
+if test "x$TOPDIR" != "xmozilla"
+then
+  LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl"
+else
+  LISTING_DIR="$REALFREEBLDIR/ecl"
+fi
+
+echo "== FYI, producing listing of stripped dir in new archive"
+tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR
+
+
--- a/nss.spec
+++ b/nss.spec
@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.10
-Release:          5%{?dist}
+Release:          6%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -26,6 +26,17 @@ BuildRequires:    psmisc
 BuildRequires:    perl

 Source0:          %{name}-%{version}-stripped.tar.bz2
+# The stripped tar ball is a subset of the upstream sources with
+# patent-encumbered cryptographic algorithms removed.
+# Use this script to remove them and create the stripped archive.
+# 1. Download the sources nss-{version}.tar.gz found within 
+# http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
+# in a subdirectory named NSS_${major}_${minor}_${maint}_RTM/src
+# 2. In the download directory execute
+# ./mozilla-crypto-strip.sh ${name}-${version}.tar.gz
+# to produce ${name}-${version}-stripped.tar.bz2
+# for uploading to the lookaside cache.
+Source100:        mozilla-crypto-strip.sh

 Source1:          nss.pc.in
 Source2:          nss-config.in
@ -297,7 +308,7 @@ cd ../../../../
 killall $RANDSERV || :

 TEST_FAILURES=`grep -c FAILED ./mozilla/tests_results/security/localhost.1/output.log` || :
-# test suite is failing on arm and has for awhile lets run the test suite but make it non fatal on arm
+# test suite is failing on arm and has for awhile let's run the test suite but make it non fatal on arm
 %ifnarch %{arm}
 if [ $TEST_FAILURES -ne 0 ]; then
  echo "error: test suite returned failure(s)"
@ -533,6 +544,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Sat Jul 23 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-6
+- Indicate the provenance of stripped source tarball (#688015)
+
 * Mon Jun 27 2011 Michael Schwendt <mschwendt@fedoraproject.org> - 3.12.10-5
 - Provide virtual -static package to meet guidelines (#609612).