Build nss without softoken or util sources in the tree

- Resolves: rhbz#689918
This commit is contained in:
Elio Maldonado 2013-06-18 17:45:38 -07:00
parent 41e94360c9
commit e36079dd45
3 changed files with 59 additions and 105 deletions

View File

@ -1,19 +0,0 @@
diff -up nss/cmd/Makefile.nosoftokentests nss/cmd/Makefile
--- nss/cmd/Makefile.nosoftokentests 2013-05-30 23:43:20.982027783 -0700
+++ nss/cmd/Makefile 2013-05-30 23:47:11.865874884 -0700
@@ -19,9 +19,15 @@ BLTEST_SRCDIR =
FIPSTEST_SRCDIR =
SHLIBSIGN_SRCDIR =
else
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+BLTEST_SRCDIR =
+FIPSTEST_SRCDIR =
+SHLIBSIGN_SRCDIR =
+else
BLTEST_SRCDIR = bltest
FIPSTEST_SRCDIR = fipstest
SHLIBSIGN_SRCDIR = shlibsign
+endif
endif
LOWHASHTEST_SRCDIR=

131
nss.spec
View File

@ -19,7 +19,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.15 Version: 3.15
Release: 3%{?dist} Release: 4%{?dist}
License: MPLv2.0 License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -89,14 +89,14 @@ Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
Patch39: nss-ssl-enforce-no-pkcs11-bypass.path Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
# TODO: Remove this patch when the ocsp test are fixed # TODO: Remove this patch when the ocsp test are fixed
Patch40: nss-3.14.0.0-disble-ocsp-test.patch Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
Patch43: no-softoken-freebl-tests.patch
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
# The ocsp stapling tests currently require access to the # The ocsp stapling tests currently require access to the
# kuix.de test server but koji forbids outbount connections # kuix.de test server but koji forbids outbount connections
Patch46: disable-ocsp-stapling-tests.patch Patch46: disable-ocsp-stapling-tests.patch
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
Patch47: utilwrap-include-templates.patch Patch47: utilwrap-include-templates.patch
# TODO submit this patch upstream
Patch48: nss-versus-softoken-tests.patch Patch48: nss-versus-softoken-tests.patch
# TODO remove when we switch to building nss without softoken # TODO remove when we switch to building nss without softoken
Patch49: nss-skip-bltest-and-fipstest.patch Patch49: nss-skip-bltest-and-fipstest.patch
@ -186,14 +186,30 @@ low level services.
#%patch29 -p0 -b .cbcrandomivoff #%patch29 -p0 -b .cbcrandomivoff
#%patch39 -p0 -b .nobypass #%patch39 -p0 -b .nobypass
%patch40 -p0 -b .noocsptest %patch40 -p0 -b .noocsptest
#%patch43 -p0 -b .nosoftokentests
%patch44 -p1 -b .syncupwithupstream %patch44 -p1 -b .syncupwithupstream
%patch45 -p0 -b .notrash %patch45 -p0 -b .notrash
%patch46 -p0 -b .skipoutbound %patch46 -p0 -b .skipoutbound
#%patch47 -p0 -b .templates %patch47 -p0 -b .templates
%patch48 -p0 -b .crypto %patch48 -p0 -b .crypto
%patch49 -p0 -b .skipthem %patch49 -p0 -b .skipthem
#########################################################
# Higher-level libraries and test tools need access to
# module-private headers from util, freebl, and softoken
# until fixed upstream we must copy some headers locally
#########################################################
pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
for file in ${pemNeedsFromSoftoken}; do
%{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
done
# Copying these header util the upstream bug is accepted
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
%build %build
NSS_NO_PKCS11_BYPASS=1 NSS_NO_PKCS11_BYPASS=1
@ -226,9 +242,25 @@ NSPR_LIB_DIR=%{_libdir}
export NSPR_INCLUDE_DIR export NSPR_INCLUDE_DIR
export NSPR_LIB_DIR export NSPR_LIB_DIR
export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
export NSSUTIL_LIB_DIR=%{_libdir}
export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'` export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
export FREEBL_LIB_DIR=%{_libdir} export FREEBL_LIB_DIR=%{_libdir}
export USE_SYSTEM_FREEBL=1 export USE_SYSTEM_FREEBL=1
# FIXME choose one or the other style and submit a patch upstream
# wtc has suggested using NSS_USE_SYSTEM_FREEBL
export NSS_USE_SYSTEM_FREEBL=1
export FREEBL_LIBS=`/usr/bin/pkg-config --libs nss-softokn`
export SOFTOKEN_LIB_DIR=%{_libdir}
# use the system ones
export USE_SYSTEM_NSSUTIL=1
export USE_SYSTEM_SOFTOKEN=1
# tell the upstream build system what we are doing
export NSS_BUILD_WITHOUT_SOFTOKEN=1
NSS_USE_SYSTEM_SQLITE=1 NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE export NSS_USE_SYSTEM_SQLITE
@ -238,24 +270,16 @@ USE_64=1
export USE_64 export USE_64
%endif %endif
##### phase 1: build freebl/softokn shared libraries ##### phase 1: remove util/freebl/softoken and low level tools
# there no ecc in freebl #
unset NSS_ENABLE_ECC ######## Remove freebl, softoken and util
# Compile softoken plus needed support %{__rm} -rf ./mozilla/security/nss/lib/freebl
%{__make} -C ./nss/coreconf %{__rm} -rf ./mozilla/security/nss/lib/softoken
%{__rm} -rf ./mozilla/security/nss/lib/util
%{__make} -C ./nss/lib/util export ######## Remove nss-softokn test tools
%{__make} -C ./nss/lib/freebl export %{__rm} -rf ./mozilla/security/nss/cmd/bltest
%{__make} -C ./nss/lib/softoken export %{__rm} -rf ./mozilla/security/nss/cmd/fipstest
%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
%{__make} -C ./nss/lib/util
%{__make} -C ./nss/lib/dbm
%{__make} -C ./nss/lib/freebl
%{__make} -C ./nss/lib/softoken
# stash away the bltest and fipstest to build them last
tar cf build_these_later.tar ./nss/cmd/bltest ./nss/cmd/fipstest
rm -rf ./nss/cmd/bltest ./nss/cmd/fipstest
##### phase 2: build the rest of nss ##### phase 2: build the rest of nss
# nss supports pluggable ecc # nss supports pluggable ecc
@ -264,23 +288,12 @@ export NSS_ENABLE_ECC
NSS_ECC_MORE_THAN_SUITE_B=1 NSS_ECC_MORE_THAN_SUITE_B=1
export NSS_ECC_MORE_THAN_SUITE_B export NSS_ECC_MORE_THAN_SUITE_B
# We only ship the nss proper libraries, no softoken nor util, yet
# we must compile with the entire source tree because nss needs
# private exports from util. The install section will ensure not
# to override nss-util and nss-softoken headers already installed.
#
export NSS_BLTEST_NOT_AVAILABLE=1 export NSS_BLTEST_NOT_AVAILABLE=1
%{__make} -C ./nss/coreconf %{__make} -C ./nss/coreconf
%{__make} -C ./nss/lib/dbm %{__make} -C ./nss/lib/dbm
%{__make} -C ./nss %{__make} -C ./nss
unset NSS_BLTEST_NOT_AVAILABLE unset NSS_BLTEST_NOT_AVAILABLE
##### phase 3: build bltest and fipstest
tar xf build_these_later.tar
unset NSS_ENABLE_ECC; %{__make} -C ./nss/cmd/bltest
unset NSS_ENABLE_ECC; %{__make} -C ./nss/cmd/fipstest
%{__rm} -f build_these_later.tar
# Set up our package file # Set up our package file
# The nspr_version and nss_{util|softokn}_version globals used # The nspr_version and nss_{util|softokn}_version globals used
# here match the ones nss has for its Requires. # here match the ones nss has for its Requires.
@ -340,6 +353,9 @@ export USE_64
export NSS_BLTEST_NOT_AVAILABLE=1 export NSS_BLTEST_NOT_AVAILABLE=1
# needed for the fips manging test
export SOFTOKEN_LIB_DIR=%{_libdir}
# End -- copied from the build section # End -- copied from the build section
# enable the following line to force a test failure # enable the following line to force a test failure
@ -477,49 +493,6 @@ done
# Copy the pkcs #11 configuration script # Copy the pkcs #11 configuration script
%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh %{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
#remove the nss-util-devel headers
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/shsign.h
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%clean %clean
%{__rm} -rf $RPM_BUILD_ROOT %{__rm} -rf $RPM_BUILD_ROOT
@ -694,6 +667,10 @@ fi
%changelog %changelog
* Tue Jun 18 2013 emaldona <emaldona@redhat.com> - 3.15-4
- Build nss without softoken or util sources in the tree
- Resolves: rhbz#689918
* Mon Jun 17 2013 emaldona <emaldona@redhat.com> - 3.15-3 * Mon Jun 17 2013 emaldona <emaldona@redhat.com> - 3.15-3
- Update ssl-cbc-random-iv-by-default.patch - Update ssl-cbc-random-iv-by-default.patch

View File

@ -1,17 +1,13 @@
Index: ./nss/lib/nss/config.mk diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk
=================================================================== --- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700
RCS file: /cvsroot/nss/lib/nss/config.mk,v +++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700
retrieving revision 1.37
diff -u -p -r1.37 config.mk
--- ./nss/lib/nss/config.mk 25 Apr 2012 14:50:03 -0000 1.37
+++ ./nss/lib/nss/config.mk 7 Feb 2013 02:22:58 -0000
@@ -3,6 +3,10 @@ @@ -3,6 +3,10 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this # License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/. # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1) +#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+INCLUDES += -I/usr/include/nss3/templates +INCLUDES += -I/usr/include/nss3/templates
+endif +#endif
+ +
# can't do this in manifest.mn because OS_TARGET isn't defined there. # can't do this in manifest.mn because OS_TARGET isn't defined there.
ifeq (,$(filter-out WIN%,$(OS_TARGET))) ifeq (,$(filter-out WIN%,$(OS_TARGET)))