|
|
|
@ -1,33 +1,13 @@
|
|
|
|
|
%global nspr_version 4.25.0
|
|
|
|
|
%global nss_version 3.52.0
|
|
|
|
|
%global nspr_version 4.20.0
|
|
|
|
|
%global nss_version 3.39.0
|
|
|
|
|
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
|
|
|
|
%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
|
|
|
|
|
%global saved_files_dir %{_libdir}/nss/saved
|
|
|
|
|
%global dracutlibdir %{_prefix}/lib/dracut
|
|
|
|
|
%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/
|
|
|
|
|
%define dracutlibdir %{_prefix}/lib/dracut
|
|
|
|
|
%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/
|
|
|
|
|
%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d
|
|
|
|
|
|
|
|
|
|
%bcond_without tests
|
|
|
|
|
%bcond_without dbm
|
|
|
|
|
|
|
|
|
|
# Produce .chk files for the final stripped binaries
|
|
|
|
|
#
|
|
|
|
|
# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
|
|
|
|
|
# against the freebl that we just built. This is necessary
|
|
|
|
|
# because the signing algorithm changed on 3.14 to DSA2 with SHA256
|
|
|
|
|
# whereas we previously signed with DSA and SHA1. We must Keep this line
|
|
|
|
|
# until all mock platforms have been updated.
|
|
|
|
|
# After %%{__os_install_post} we would add
|
|
|
|
|
# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
|
|
|
|
|
%define __spec_install_post \
|
|
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
|
|
%{__arch_install_post} \
|
|
|
|
|
%{__os_install_post} \
|
|
|
|
|
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
|
|
|
|
|
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \
|
|
|
|
|
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
|
|
|
|
|
%{?with_dbm:$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so} \
|
|
|
|
|
%{nil}
|
|
|
|
|
|
|
|
|
|
# The upstream omits the trailing ".0", while we need it for
|
|
|
|
|
# consistency with the pkg-config version:
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
|
|
|
|
@ -36,17 +16,15 @@ rpm.define(string.format("nss_archive_version %s",
|
|
|
|
|
string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
%{lua:
|
|
|
|
|
rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|
|
|
|
string.gsub(rpm.expand("%nss_archive_version"), "%.", "_")))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Summary: Network Security Services
|
|
|
|
|
Name: nss
|
|
|
|
|
Version: %{nss_version}
|
|
|
|
|
Release: 2%{?dist}
|
|
|
|
|
# for Rawhide, please always use release >= 2
|
|
|
|
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
|
|
|
|
Release: 3%{?dist}
|
|
|
|
|
License: MPLv2.0
|
|
|
|
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
|
|
|
|
Group: System Environment/Libraries
|
|
|
|
|
Requires: nspr >= %{nspr_version}
|
|
|
|
|
Requires: nss-util >= %{nss_version}
|
|
|
|
|
# TODO: revert to same version as nss once we are done with the merge
|
|
|
|
@ -55,8 +33,6 @@ Requires: nss-system-init
|
|
|
|
|
Requires: p11-kit-trust
|
|
|
|
|
Requires: crypto-policies
|
|
|
|
|
BuildRequires: nspr-devel >= %{nspr_version}
|
|
|
|
|
# for shlibsign
|
|
|
|
|
BuildRequires: nss-softokn
|
|
|
|
|
BuildRequires: sqlite-devel
|
|
|
|
|
BuildRequires: zlib-devel
|
|
|
|
|
BuildRequires: pkgconfig
|
|
|
|
@ -64,13 +40,13 @@ BuildRequires: gawk
|
|
|
|
|
BuildRequires: psmisc
|
|
|
|
|
BuildRequires: perl-interpreter
|
|
|
|
|
BuildRequires: gcc-c++
|
|
|
|
|
BuildRequires: quilt
|
|
|
|
|
|
|
|
|
|
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
|
|
|
|
|
Source0: %{name}-%{nss_archive_version}.tar.gz
|
|
|
|
|
Source1: nss-util.pc.in
|
|
|
|
|
Source2: nss-util-config.in
|
|
|
|
|
Source3: nss-softokn.pc.in
|
|
|
|
|
Source4: nss-softokn-config.in
|
|
|
|
|
Source5: nss-softokn-prelink.conf
|
|
|
|
|
Source6: nss-softokn-dracut-module-setup.sh
|
|
|
|
|
Source7: nss-softokn-dracut.conf
|
|
|
|
|
Source8: nss.pc.in
|
|
|
|
@ -92,8 +68,11 @@ Source26: key4.db.xml
|
|
|
|
|
Source27: secmod.db.xml
|
|
|
|
|
Source28: nss-p11-kit.config
|
|
|
|
|
|
|
|
|
|
Patch3: renegotiate-transitional.patch
|
|
|
|
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
|
|
|
|
Patch2: nss-539183.patch
|
|
|
|
|
Patch16: nss-539183.patch
|
|
|
|
|
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
|
|
|
|
|
Patch47: utilwrap-include-templates.patch
|
|
|
|
|
# This patch uses the GCC -iquote option documented at
|
|
|
|
|
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
|
|
|
|
|
# to give the in-tree headers a higher priority over the system headers,
|
|
|
|
@ -105,15 +84,9 @@ Patch2: nss-539183.patch
|
|
|
|
|
#
|
|
|
|
|
# Once the buildroot aha been bootstrapped the patch may be removed
|
|
|
|
|
# but it doesn't hurt to keep it.
|
|
|
|
|
Patch4: iquote.patch
|
|
|
|
|
Patch12: nss-signtool-format.patch
|
|
|
|
|
# https://github.com/FStarLang/kremlin/issues/166
|
|
|
|
|
Patch13: nss-kremlin-ppc64le.patch
|
|
|
|
|
%if 0%{?fedora} < 34
|
|
|
|
|
%if 0%{?rhel} < 9
|
|
|
|
|
Patch20: nss-gcm-param-default-pkcs11v2.patch
|
|
|
|
|
%endif
|
|
|
|
|
%endif
|
|
|
|
|
Patch50: iquote.patch
|
|
|
|
|
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
|
|
|
|
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
@ -124,6 +97,7 @@ v3 certificates, and other security standards.
|
|
|
|
|
|
|
|
|
|
%package tools
|
|
|
|
|
Summary: Tools for the Network Security Services
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description tools
|
|
|
|
@ -138,10 +112,11 @@ manipulate the NSS certificate and key database.
|
|
|
|
|
|
|
|
|
|
%package sysinit
|
|
|
|
|
Summary: System NSS Initialization
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
# providing nss-system-init without version so that it can
|
|
|
|
|
# be replaced by a better one, e.g. supplied by the os vendor
|
|
|
|
|
Provides: nss-system-init
|
|
|
|
|
Requires: nss%{?_isa} = %{version}-%{release}
|
|
|
|
|
Requires: nss = %{version}-%{release}
|
|
|
|
|
Requires(post): coreutils, sed
|
|
|
|
|
|
|
|
|
|
%description sysinit
|
|
|
|
@ -152,8 +127,9 @@ any system or user configured modules.
|
|
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
|
Summary: Development libraries for Network Security Services
|
|
|
|
|
Group: Development/Libraries
|
|
|
|
|
Provides: nss-static = %{version}-%{release}
|
|
|
|
|
Requires: nss%{?_isa} = %{version}-%{release}
|
|
|
|
|
Requires: nss = %{version}-%{release}
|
|
|
|
|
Requires: nss-util-devel
|
|
|
|
|
Requires: nss-softokn-devel
|
|
|
|
|
Requires: nspr-devel >= %{nspr_version}
|
|
|
|
@ -166,6 +142,7 @@ Header and Library files for doing development with Network Security Services.
|
|
|
|
|
|
|
|
|
|
%package pkcs11-devel
|
|
|
|
|
Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
|
|
|
|
|
Group: Development/Libraries
|
|
|
|
|
Provides: nss-pkcs11-devel-static = %{version}-%{release}
|
|
|
|
|
Requires: nss-devel = %{version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl-devel = %{version}-%{release}
|
|
|
|
@ -177,6 +154,7 @@ low level services.
|
|
|
|
|
|
|
|
|
|
%package util
|
|
|
|
|
Summary: Network Security Services Utilities Library
|
|
|
|
|
Group: System Environment/Libraries
|
|
|
|
|
Requires: nspr >= %{nspr_version}
|
|
|
|
|
|
|
|
|
|
%description util
|
|
|
|
@ -184,7 +162,8 @@ Utilities for Network Security Services and the Softoken module
|
|
|
|
|
|
|
|
|
|
%package util-devel
|
|
|
|
|
Summary: Development libraries for Network Security Services Utilities
|
|
|
|
|
Requires: nss-util%{?_isa} = %{version}-%{release}
|
|
|
|
|
Group: Development/Libraries
|
|
|
|
|
Requires: nss-util = %{version}-%{release}
|
|
|
|
|
Requires: nspr-devel >= %{nspr_version}
|
|
|
|
|
Requires: pkgconfig
|
|
|
|
|
|
|
|
|
@ -194,6 +173,7 @@ Header and library files for doing development with Network Security Services.
|
|
|
|
|
|
|
|
|
|
%package softokn
|
|
|
|
|
Summary: Network Security Services Softoken Module
|
|
|
|
|
Group: System Environment/Libraries
|
|
|
|
|
Requires: nspr >= %{nspr_version}
|
|
|
|
|
Requires: nss-util >= %{version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl%{_isa} >= %{version}-%{release}
|
|
|
|
@ -203,11 +183,13 @@ Network Security Services Softoken Cryptographic Module
|
|
|
|
|
|
|
|
|
|
%package softokn-freebl
|
|
|
|
|
Summary: Freebl library for the Network Security Services
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
# For PR_GetEnvSecure() from nspr >= 4.12
|
|
|
|
|
Requires: nspr >= 4.12
|
|
|
|
|
# For NSS_SecureMemcmpZero() from nss-util >= 3.33
|
|
|
|
|
Requires: nss-util >= 3.33
|
|
|
|
|
Conflicts: nss < 3.12.2.99.3-5
|
|
|
|
|
Conflicts: prelink < 0.4.3
|
|
|
|
|
Conflicts: filesystem < 3
|
|
|
|
|
|
|
|
|
|
%description softokn-freebl
|
|
|
|
@ -217,6 +199,7 @@ Install the nss-softokn-freebl package if you need the freebl library.
|
|
|
|
|
|
|
|
|
|
%package softokn-freebl-devel
|
|
|
|
|
Summary: Header and Library files for doing development with the Freebl library for NSS
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
Provides: nss-softokn-freebl-static = %{version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
|
|
|
|
|
|
|
|
|
@ -229,6 +212,7 @@ Developers should rely only on the officially supported NSS public API.
|
|
|
|
|
|
|
|
|
|
%package softokn-devel
|
|
|
|
|
Summary: Development libraries for Network Security Services
|
|
|
|
|
Group: Development/Libraries
|
|
|
|
|
Requires: nss-softokn%{?_isa} = %{version}-%{release}
|
|
|
|
|
Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
|
|
|
|
|
Requires: nspr-devel >= %{nspr_version}
|
|
|
|
@ -241,29 +225,32 @@ Header and library files for doing development with Network Security Services.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%autosetup -N -S quilt -n %{name}-%{nss_archive_version}
|
|
|
|
|
pushd nss
|
|
|
|
|
%autopatch -p1
|
|
|
|
|
popd
|
|
|
|
|
%setup -q -n %{name}-%{nss_archive_version}
|
|
|
|
|
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
|
|
|
|
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
|
|
|
|
%patch3 -p0 -b .transitional
|
|
|
|
|
%patch16 -p0 -b .539183
|
|
|
|
|
%patch47 -p0 -b .templates
|
|
|
|
|
%patch50 -p0 -b .iquote
|
|
|
|
|
%patch58 -p0 -b .1185708_3des
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
|
|
|
|
|
export FREEBL_NO_DEPEND=1
|
|
|
|
|
FREEBL_NO_DEPEND=1
|
|
|
|
|
export FREEBL_NO_DEPEND
|
|
|
|
|
|
|
|
|
|
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
|
|
|
|
|
# copied to dist and the rpm install phase can find it
|
|
|
|
|
# This due of the upstream changes to fix
|
|
|
|
|
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
|
|
|
|
|
export FREEBL_LOWHASH=1
|
|
|
|
|
FREEBL_LOWHASH=1
|
|
|
|
|
export FREEBL_LOWHASH
|
|
|
|
|
|
|
|
|
|
# uncomment if the iquote patch is activated
|
|
|
|
|
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
|
|
|
|
|
|
|
|
|
export NSS_FORCE_FIPS=1
|
|
|
|
|
NSS_FORCE_FIPS=1
|
|
|
|
|
export NSS_FORCE_FIPS
|
|
|
|
|
|
|
|
|
|
# Enable compiler optimizations and disable debugging code
|
|
|
|
|
export BUILD_OPT=1
|
|
|
|
@ -273,39 +260,40 @@ export BUILD_OPT=1
|
|
|
|
|
#export RPM_OPT_FLAGS
|
|
|
|
|
|
|
|
|
|
# Generate symbolic info for debuggers
|
|
|
|
|
export XCFLAGS=$RPM_OPT_FLAGS
|
|
|
|
|
XCFLAGS=$RPM_OPT_FLAGS
|
|
|
|
|
export XCFLAGS
|
|
|
|
|
|
|
|
|
|
# Work around false-positive warnings with gcc 10:
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1803029
|
|
|
|
|
%ifarch s390x
|
|
|
|
|
export XCFLAGS="$XCFLAGS -Wno-error=maybe-uninitialized"
|
|
|
|
|
%endif
|
|
|
|
|
LDFLAGS=$RPM_LD_FLAGS
|
|
|
|
|
export LDFLAGS
|
|
|
|
|
|
|
|
|
|
export LDFLAGS=$RPM_LD_FLAGS
|
|
|
|
|
DSO_LDOPTS=$RPM_LD_FLAGS
|
|
|
|
|
export DSO_LDOPTS
|
|
|
|
|
|
|
|
|
|
export DSO_LDOPTS=$RPM_LD_FLAGS
|
|
|
|
|
PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
|
|
|
|
PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
|
|
|
|
|
|
|
|
|
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
|
|
|
|
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
|
|
|
|
export PKG_CONFIG_ALLOW_SYSTEM_LIBS
|
|
|
|
|
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
|
|
|
|
|
|
|
|
|
|
export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
|
|
|
|
|
export NSPR_LIB_DIR=%{_libdir}
|
|
|
|
|
NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
|
|
|
|
|
NSPR_LIB_DIR=%{_libdir}
|
|
|
|
|
|
|
|
|
|
export NSS_USE_SYSTEM_SQLITE=1
|
|
|
|
|
export NSPR_INCLUDE_DIR
|
|
|
|
|
export NSPR_LIB_DIR
|
|
|
|
|
|
|
|
|
|
NSS_USE_SYSTEM_SQLITE=1
|
|
|
|
|
export NSS_USE_SYSTEM_SQLITE
|
|
|
|
|
|
|
|
|
|
export NSS_ALLOW_SSLKEYLOGFILE=1
|
|
|
|
|
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
%else
|
|
|
|
|
export NSS_DISABLE_DBM=1
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%ifnarch noarch
|
|
|
|
|
%if 0%{__isa_bits} == 64
|
|
|
|
|
export USE_64=1
|
|
|
|
|
USE_64=1
|
|
|
|
|
export USE_64
|
|
|
|
|
%endif
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
##### phase 2: build the rest of nss
|
|
|
|
|
%{__make} -C ./nss/coreconf
|
|
|
|
|
%{__make} -C ./nss/lib/dbm
|
|
|
|
|
|
|
|
|
@ -323,13 +311,13 @@ pushd ./nss
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
# and copy them to the dist directory for %%install to find them
|
|
|
|
|
mkdir -p ./dist/docs/nroff
|
|
|
|
|
cp ./nss/doc/nroff/* ./dist/docs/nroff
|
|
|
|
|
%{__mkdir_p} ./dist/docs/nroff
|
|
|
|
|
%{__cp} ./nss/doc/nroff/* ./dist/docs/nroff
|
|
|
|
|
|
|
|
|
|
# Set up our package files
|
|
|
|
|
mkdir -p ./dist/pkgconfig
|
|
|
|
|
%{__mkdir_p} ./dist/pkgconfig
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|
|
|
|
%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|
|
|
|
-e "s,%%prefix%%,%{_prefix},g" \
|
|
|
|
|
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
|
|
|
|
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
|
|
|
@ -341,7 +329,11 @@ NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | aw
|
|
|
|
|
NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
|
|
|
|
|
NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
export NSSUTIL_VMAJOR
|
|
|
|
|
export NSSUTIL_VMINOR
|
|
|
|
|
export NSSUTIL_VPATCH
|
|
|
|
|
|
|
|
|
|
%{__cat} %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
-e "s,@prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@exec_prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
|
|
|
@ -352,7 +344,7 @@ cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
|
|
|
|
|
chmod 755 ./dist/pkgconfig/nss-util-config
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|
|
|
|
%{__cat} %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|
|
|
|
-e "s,%%prefix%%,%{_prefix},g" \
|
|
|
|
|
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
|
|
|
|
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
|
|
|
@ -365,7 +357,11 @@ SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJO
|
|
|
|
|
SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
|
|
|
|
|
SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
export SOFTOKEN_VMAJOR
|
|
|
|
|
export SOFTOKEN_VMINOR
|
|
|
|
|
export SOFTOKEN_VPATCH
|
|
|
|
|
|
|
|
|
|
%{__cat} %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
-e "s,@prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@exec_prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
|
|
|
@ -376,7 +372,7 @@ cat %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
|
|
|
|
|
chmod 755 ./dist/pkgconfig/nss-softokn-config
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|
|
|
|
%{__cat} %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \
|
|
|
|
|
-e "s,%%prefix%%,%{_prefix},g" \
|
|
|
|
|
-e "s,%%exec_prefix%%,%{_prefix},g" \
|
|
|
|
|
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
|
|
|
|
@ -390,7 +386,11 @@ NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}
|
|
|
|
|
NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
|
|
|
|
|
NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
export NSS_VMAJOR
|
|
|
|
|
export NSS_VMINOR
|
|
|
|
|
export NSS_VPATCH
|
|
|
|
|
|
|
|
|
|
%{__cat} %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
-e "s,@prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@exec_prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
|
|
|
@ -401,10 +401,10 @@ cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
|
|
|
|
|
chmod 755 ./dist/pkgconfig/nss-config
|
|
|
|
|
|
|
|
|
|
cat %{SOURCE16} > ./dist/pkgconfig/setup-nsssysinit.sh
|
|
|
|
|
%{__cat} %{SOURCE16} > ./dist/pkgconfig/setup-nsssysinit.sh
|
|
|
|
|
chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
|
|
|
|
|
|
|
|
|
|
cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/
|
|
|
|
|
%{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/
|
|
|
|
|
|
|
|
|
|
date +"%e %B %Y" | tr -d '\n' > date.xml
|
|
|
|
|
echo -n %{version} > version.xml
|
|
|
|
@ -427,16 +427,22 @@ done
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%check
|
|
|
|
|
%if %{with tests}
|
|
|
|
|
if [ ${DISABLETEST:-0} -eq 1 ]; then
|
|
|
|
|
echo "testing disabled"
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Begin -- copied from the build section
|
|
|
|
|
|
|
|
|
|
export FREEBL_NO_DEPEND=1
|
|
|
|
|
FREEBL_NO_DEPEND=1
|
|
|
|
|
export FREEBL_NO_DEPEND
|
|
|
|
|
|
|
|
|
|
export BUILD_OPT=1
|
|
|
|
|
|
|
|
|
|
%ifnarch noarch
|
|
|
|
|
%if 0%{__isa_bits} == 64
|
|
|
|
|
export USE_64=1
|
|
|
|
|
USE_64=1
|
|
|
|
|
export USE_64
|
|
|
|
|
%endif
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
@ -468,7 +474,8 @@ fi
|
|
|
|
|
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
|
|
|
|
|
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
|
|
|
|
|
DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
|
|
|
|
|
pushd "$DISTBINDIR"
|
|
|
|
|
pushd `pwd`
|
|
|
|
|
cd $DISTBINDIR
|
|
|
|
|
ln -s selfserv $RANDSERV
|
|
|
|
|
popd
|
|
|
|
|
# man perlrun, man perlrequick
|
|
|
|
@ -481,7 +488,7 @@ find ./nss/tests -type f |\
|
|
|
|
|
killall $RANDSERV || :
|
|
|
|
|
|
|
|
|
|
rm -rf ./tests_results
|
|
|
|
|
pushd nss/tests
|
|
|
|
|
pushd ./nss/tests/
|
|
|
|
|
# all.sh is the test suite script
|
|
|
|
|
|
|
|
|
|
# don't need to run all the tests when testing packaging
|
|
|
|
@ -497,107 +504,150 @@ pushd nss/tests
|
|
|
|
|
# % define nss_ssl_tests "normal_fips"
|
|
|
|
|
# % define nss_ssl_run "cov"
|
|
|
|
|
|
|
|
|
|
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
|
|
|
|
SKIP_NSS_TEST_SUITE=`echo $SKIP_NSS_TEST_SUITE`
|
|
|
|
|
|
|
|
|
|
if [ "x$SKIP_NSS_TEST_SUITE" == "x" ]; then
|
|
|
|
|
HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
|
|
|
|
|
else
|
|
|
|
|
echo "skipped test suite"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
# Normally, the grep exit status is 0 if selected lines are found and 1 otherwise,
|
|
|
|
|
# Grep exits with status greater than 1 if an error ocurred.
|
|
|
|
|
# If there are test failures we expect TEST_FAILURES > 0 and GREP_EXIT_STATUS = 0,
|
|
|
|
|
# With no test failures we expect TEST_FAILURES = 0 and GREP_EXIT_STATUS = 1, whereas
|
|
|
|
|
# GREP_EXIT_STATUS > 1 would indicate an error in grep such as failure to find the log file.
|
|
|
|
|
killall $RANDSERV || :
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
if [ "x$SKIP_NSS_TEST_SUITE" == "x" ]; then
|
|
|
|
|
TEST_FAILURES=$(grep -c -- '- FAILED$' ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$?
|
|
|
|
|
else
|
|
|
|
|
TEST_FAILURES=0
|
|
|
|
|
GREP_EXIT_STATUS=1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ${GREP_EXIT_STATUS:-0} -eq 1 ]; then
|
|
|
|
|
echo "okay: test suite detected no failures"
|
|
|
|
|
else
|
|
|
|
|
if [ ${GREP_EXIT_STATUS:-0} -eq 0 ]; then
|
|
|
|
|
# while a situation in which grep return status is 0 and it doesn't output
|
|
|
|
|
# anything shouldn't happen, set the default to something that is
|
|
|
|
|
# obviously wrong (-1)
|
|
|
|
|
echo "error: test suite had ${TEST_FAILURES:--1} test failure(s)"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
if [ ${GREP_EXIT_STATUS:-0} -eq 2 ]; then
|
|
|
|
|
echo "error: grep has not found log file"
|
|
|
|
|
exit 1
|
|
|
|
|
else
|
|
|
|
|
echo "error: grep failed with exit code: ${GREP_EXIT_STATUS}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
echo "test suite completed"
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
|
|
|
|
|
%{__rm} -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
|
|
# There is no make install target so we'll do it ourselves.
|
|
|
|
|
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_bindir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{saved_files_dir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{dracut_modules_dir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{dracut_conf_dir}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{prelink_conf_dir}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_modules_dir}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_conf_dir}
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
|
|
|
|
%if %{defined rhel}
|
|
|
|
|
# not needed for rhel and its derivatives only fedora
|
|
|
|
|
%else
|
|
|
|
|
# because of the pp.1 conflict with perl-PAR-Packer
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh
|
|
|
|
|
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf
|
|
|
|
|
%{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{prelink_conf_dir}
|
|
|
|
|
%{__install} -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh
|
|
|
|
|
%{__install} -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf
|
|
|
|
|
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
|
|
|
|
|
|
|
|
|
|
# Copy the binary libraries we want
|
|
|
|
|
for file in libnssutil3.so libsoftokn3.so %{?with_dbm:libnssdbm3.so} libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so
|
|
|
|
|
for file in libnssutil3.so libsoftokn3.so libnssdbm3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so
|
|
|
|
|
do
|
|
|
|
|
install -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
%{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Install the empty NSS db files
|
|
|
|
|
# Legacy db
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
|
|
|
|
|
install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
|
|
|
|
|
install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
|
|
|
|
|
install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
|
|
|
|
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
|
|
|
|
|
# Shared db
|
|
|
|
|
install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
|
|
|
|
|
install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
|
|
|
|
|
install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
|
|
|
|
|
|
|
|
|
|
# Copy the development libraries we want
|
|
|
|
|
for file in libcrmf.a libnssb.a libnssckfw.a
|
|
|
|
|
do
|
|
|
|
|
install -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the binaries we want
|
|
|
|
|
for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
|
|
|
|
|
do
|
|
|
|
|
install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
|
|
|
|
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the binaries we ship as unsupported
|
|
|
|
|
for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
|
|
|
|
|
do
|
|
|
|
|
install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
|
|
|
|
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the include files we want
|
|
|
|
|
for file in dist/public/nss/*.h
|
|
|
|
|
do
|
|
|
|
|
install -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
|
|
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy some freebl include files we also want
|
|
|
|
|
for file in blapi.h alghmac.h cmac.h
|
|
|
|
|
for file in blapi.h alghmac.h
|
|
|
|
|
do
|
|
|
|
|
install -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
|
|
%{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the static freebl library
|
|
|
|
|
for file in libfreebl.a
|
|
|
|
|
do
|
|
|
|
|
install -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the template files we want
|
|
|
|
|
for file in dist/private/nss/templates.c dist/private/nss/nssck.api
|
|
|
|
|
do
|
|
|
|
|
install -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
|
|
|
|
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the package configuration files
|
|
|
|
|
install -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
|
|
|
|
|
install -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
|
|
|
|
|
install -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
|
|
|
|
|
install -p -m 755 ./dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
|
|
|
|
|
install -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
|
|
|
|
|
install -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
|
|
|
|
|
%{__install} -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
|
|
|
|
|
%{__install} -p -m 755 ./dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
|
|
|
|
|
%{__install} -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
|
|
|
|
|
%{__install} -p -m 755 ./dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
|
|
|
|
|
%{__install} -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
|
|
|
|
|
%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
|
|
|
|
|
# Copy the pkcs #11 configuration script
|
|
|
|
|
install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
|
|
|
|
|
%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
|
|
|
|
|
# install a symbolic link to it, without the ".sh" suffix,
|
|
|
|
|
# that matches the man page documentation
|
|
|
|
|
ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
|
|
|
|
@ -607,7 +657,7 @@ for f in nss-config setup-nsssysinit; do
|
|
|
|
|
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
|
|
|
|
done
|
|
|
|
|
# Copy the man pages for the nss tools
|
|
|
|
|
for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do
|
|
|
|
|
for f in "%{allTools}"; do
|
|
|
|
|
install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
|
|
|
|
done
|
|
|
|
|
%if %{defined rhel}
|
|
|
|
@ -626,7 +676,7 @@ for f in cert8.db cert9.db key3.db key4.db secmod.db; do
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Copy the crypto-policies configuration file
|
|
|
|
|
install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
|
|
|
|
%{__install} -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
|
|
|
|
|
|
|
|
|
|
%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
|
|
|
|
|
# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
|
|
|
|
@ -634,10 +684,12 @@ install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/loc
|
|
|
|
|
/usr/bin/setup-nsssysinit.sh on
|
|
|
|
|
|
|
|
|
|
%post
|
|
|
|
|
update-crypto-policies &> /dev/null || :
|
|
|
|
|
update-crypto-policies
|
|
|
|
|
|
|
|
|
|
%postun
|
|
|
|
|
update-crypto-policies &> /dev/null || :
|
|
|
|
|
update-crypto-policies
|
|
|
|
|
|
|
|
|
|
%ldconfig_scriptlets
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
@ -654,19 +706,19 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
|
|
|
|
|
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
|
|
|
|
|
%doc %{_mandir}/man5/cert8.db.5*
|
|
|
|
|
%doc %{_mandir}/man5/key3.db.5*
|
|
|
|
|
%doc %{_mandir}/man5/secmod.db.5*
|
|
|
|
|
%doc %{_mandir}/man5/cert9.db.5*
|
|
|
|
|
%doc %{_mandir}/man5/key4.db.5*
|
|
|
|
|
%doc %{_mandir}/man5/pkcs11.txt.5*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man5/cert8.db.5.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man5/key3.db.5.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man5/secmod.db.5.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man5/cert9.db.5.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man5/key4.db.5.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man5/pkcs11.txt.5.gz
|
|
|
|
|
|
|
|
|
|
%files sysinit
|
|
|
|
|
%{_libdir}/libnsssysinit.so
|
|
|
|
|
%{_bindir}/setup-nsssysinit.sh
|
|
|
|
|
# symbolic link to setup-nsssysinit.sh
|
|
|
|
|
%{_bindir}/setup-nsssysinit
|
|
|
|
|
%doc %{_mandir}/man1/setup-nsssysinit.1*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/setup-nsssysinit.1.gz
|
|
|
|
|
|
|
|
|
|
%files tools
|
|
|
|
|
%{_bindir}/certutil
|
|
|
|
@ -690,32 +742,32 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%{unsupported_tools_directory}/tstclnt
|
|
|
|
|
%{unsupported_tools_directory}/vfyserv
|
|
|
|
|
%{unsupported_tools_directory}/vfychain
|
|
|
|
|
# instead of %%{_mandir}/man*/* let's list them explicitly
|
|
|
|
|
# instead of %%{_mandir}/man*/* let's list them explicitely
|
|
|
|
|
# supported tools
|
|
|
|
|
%doc %{_mandir}/man1/certutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/cmsutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/crlutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/modutil.1*
|
|
|
|
|
%doc %{_mandir}/man1/pk12util.1*
|
|
|
|
|
%doc %{_mandir}/man1/signver.1*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/certutil.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/cmsutil.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/crlutil.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/modutil.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/pk12util.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/signver.1.gz
|
|
|
|
|
# unsupported tools
|
|
|
|
|
%doc %{_mandir}/man1/derdump.1*
|
|
|
|
|
%doc %{_mandir}/man1/signtool.1*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/derdump.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/signtool.1.gz
|
|
|
|
|
%if %{defined rhel}
|
|
|
|
|
%doc %{_mandir}/man1/pp.1*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/pp.1.gz
|
|
|
|
|
%else
|
|
|
|
|
%dir %{_datadir}/doc/nss-tools
|
|
|
|
|
%doc %{_datadir}/doc/nss-tools/pp.1
|
|
|
|
|
%attr(0644,root,root) %doc %{_datadir}/doc/nss-tools/pp.1
|
|
|
|
|
%endif
|
|
|
|
|
%doc %{_mandir}/man1/ssltap.1*
|
|
|
|
|
%doc %{_mandir}/man1/vfychain.1*
|
|
|
|
|
%doc %{_mandir}/man1/vfyserv.1*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/ssltap.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/vfychain.1.gz
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/vfyserv.1.gz
|
|
|
|
|
|
|
|
|
|
%files devel
|
|
|
|
|
%{_libdir}/libcrmf.a
|
|
|
|
|
%{_libdir}/pkgconfig/nss.pc
|
|
|
|
|
%{_bindir}/nss-config
|
|
|
|
|
%doc %{_mandir}/man1/nss-config.1*
|
|
|
|
|
%attr(0644,root,root) %doc %{_mandir}/man1/nss-config.1.gz
|
|
|
|
|
|
|
|
|
|
%dir %{_includedir}/nss3
|
|
|
|
|
%{_includedir}/nss3/cert.h
|
|
|
|
@ -834,10 +886,8 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%{_includedir}/nss3/templates/templates.c
|
|
|
|
|
|
|
|
|
|
%files softokn
|
|
|
|
|
%if %{with dbm}
|
|
|
|
|
%{_libdir}/libnssdbm3.so
|
|
|
|
|
%{_libdir}/libnssdbm3.chk
|
|
|
|
|
%endif
|
|
|
|
|
%{_libdir}/libsoftokn3.so
|
|
|
|
|
%{_libdir}/libsoftokn3.chk
|
|
|
|
|
# shared with nss-tools
|
|
|
|
@ -858,6 +908,8 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%{_libdir}/libfreeblpriv3.so
|
|
|
|
|
%{_libdir}/libfreeblpriv3.chk
|
|
|
|
|
#shared
|
|
|
|
|
%dir %{prelink_conf_dir}
|
|
|
|
|
%{prelink_conf_dir}/nss-softokn-prelink.conf
|
|
|
|
|
%dir %{dracut_modules_dir}
|
|
|
|
|
%{dracut_modules_dir}/module-setup.sh
|
|
|
|
|
%{dracut_conf_dir}/50-nss-softokn.conf
|
|
|
|
@ -867,7 +919,6 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
%{_includedir}/nss3/blapi.h
|
|
|
|
|
%{_includedir}/nss3/blapit.h
|
|
|
|
|
%{_includedir}/nss3/alghmac.h
|
|
|
|
|
%{_includedir}/nss3/cmac.h
|
|
|
|
|
%{_includedir}/nss3/lowkeyi.h
|
|
|
|
|
%{_includedir}/nss3/lowkeyti.h
|
|
|
|
|
|
|
|
|
@ -892,133 +943,6 @@ update-crypto-policies &> /dev/null || :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Wed May 13 2020 Bob Relyea <rrelyea@redhat.com> - 3.52.0-2
|
|
|
|
|
- Delay CK_GCM_PARAMS semantics until fedora 34
|
|
|
|
|
|
|
|
|
|
* Mon May 11 2020 Daiki Ueno <dueno@redhat.com> - 3.52.0-1
|
|
|
|
|
- Update to NSS 3.52
|
|
|
|
|
|
|
|
|
|
* Sat Apr 25 2020 Daiki Ueno <dueno@redhat.com> - 3.51.1-2
|
|
|
|
|
- Temporarily revert DBM disablement for kernel build failure (#1827902)
|
|
|
|
|
|
|
|
|
|
* Mon Apr 20 2020 Daiki Ueno <dueno@redhat.com> - 3.51.1-1
|
|
|
|
|
- Update to NSS 3.51.1
|
|
|
|
|
- Disable building DBM backend
|
|
|
|
|
|
|
|
|
|
* Tue Apr 7 2020 Daiki Ueno <dueno@redhat.com> - 3.51.0-1
|
|
|
|
|
- Update to NSS 3.51
|
|
|
|
|
|
|
|
|
|
* Thu Mar 26 2020 Tom Stellard <tstellar@redhat.com> - 3.50.0-3
|
|
|
|
|
- Use __make macro to invoke make
|
|
|
|
|
|
|
|
|
|
* Thu Mar 5 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-2
|
|
|
|
|
- Apply CMAC fixes from upstream
|
|
|
|
|
|
|
|
|
|
* Mon Feb 17 2020 Daiki Ueno <dueno@redhat.com> - 3.50.0-1
|
|
|
|
|
- Update to NSS 3.50
|
|
|
|
|
|
|
|
|
|
* Fri Feb 14 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-3
|
|
|
|
|
- Ignore false-positive compiler warnings with gcc 10
|
|
|
|
|
- Fix build with gcc 10
|
|
|
|
|
|
|
|
|
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.49.2-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon Jan 27 2020 Daiki Ueno <dueno@redhat.com> - 3.49.2-1
|
|
|
|
|
- Update to NSS 3.49.2
|
|
|
|
|
- Don't enable TLS 1.3 by default (#1794814)
|
|
|
|
|
|
|
|
|
|
* Fri Jan 10 2020 Daiki Ueno <dueno@redhat.com> - 3.49.0-1
|
|
|
|
|
- Update to NSS 3.49
|
|
|
|
|
- Fix build on armv7hl with the patch proposed in upstream
|
|
|
|
|
|
|
|
|
|
* Fri Jan 3 2020 Daiki Ueno <dueno@redhat.com> - 3.48.0-1
|
|
|
|
|
- Update to NSS 3.48
|
|
|
|
|
|
|
|
|
|
* Tue Dec 3 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-4
|
|
|
|
|
- Update nss-3.47-certdb-temp-cert.patch to avoid setting empty trust value
|
|
|
|
|
|
|
|
|
|
* Tue Dec 3 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-3
|
|
|
|
|
- Update nss-3.47-certdb-temp-cert.patch to the final version
|
|
|
|
|
|
|
|
|
|
* Thu Nov 28 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-2
|
|
|
|
|
- Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617)
|
|
|
|
|
|
|
|
|
|
* Fri Nov 22 2019 Daiki Ueno <dueno@redhat.com> - 3.47.1-1
|
|
|
|
|
- Update to NSS 3.47.1
|
|
|
|
|
|
|
|
|
|
* Mon Nov 4 2019 Bob Relyea <rrelyea@redhat.com> - 3.47.0-3
|
|
|
|
|
- Include ike mechanism fix
|
|
|
|
|
|
|
|
|
|
* Wed Oct 23 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-2
|
|
|
|
|
- Install cmac.h required by blapi.h (#1764513)
|
|
|
|
|
|
|
|
|
|
* Tue Oct 22 2019 Daiki Ueno <dueno@redhat.com> - 3.47.0-1
|
|
|
|
|
- Update to NSS 3.47
|
|
|
|
|
|
|
|
|
|
* Mon Oct 21 2019 Daiki Ueno <dueno@redhat.com> - 3.46.1-1
|
|
|
|
|
- Update to NSS 3.46.1
|
|
|
|
|
|
|
|
|
|
* Tue Sep 3 2019 Daiki Ueno <dueno@redhat.com> - 3.46.0-1
|
|
|
|
|
- Update to NSS 3.46
|
|
|
|
|
|
|
|
|
|
* Thu Aug 29 2019 Daiki Ueno <dueno@redhat.com> - 3.45.0-1
|
|
|
|
|
- Update to NSS 3.45
|
|
|
|
|
|
|
|
|
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.44.1-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Tue Jul 2 2019 Daiki Ueno <dueno@redhat.com> - 3.44.1-1
|
|
|
|
|
- Update to NSS 3.44.1
|
|
|
|
|
|
|
|
|
|
* Mon May 20 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-2
|
|
|
|
|
- Skip TLS 1.3 tests under FIPS mode
|
|
|
|
|
|
|
|
|
|
* Fri May 17 2019 Daiki Ueno <dueno@redhat.com> - 3.44.0-1
|
|
|
|
|
- Update to NSS 3.44
|
|
|
|
|
|
|
|
|
|
* Mon May 6 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-3
|
|
|
|
|
- Fix PKCS#11 module leak if C_GetSlotInfo() failed
|
|
|
|
|
|
|
|
|
|
* Tue Mar 26 2019 Elio Maldonado <elio.maldonado.batiz@gmail.com> - 3.43.0-2
|
|
|
|
|
- Update %%{nspr_version} to 4.21.0 and remove obsolete comment
|
|
|
|
|
|
|
|
|
|
* Thu Mar 21 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-1
|
|
|
|
|
- Update to NSS 3.43
|
|
|
|
|
|
|
|
|
|
* Mon Feb 11 2019 Daiki Ueno <dueno@redhat.com> - 3.42.1-1
|
|
|
|
|
- Update to NSS 3.42.1
|
|
|
|
|
|
|
|
|
|
* Fri Feb 8 2019 Daiki Ueno <dueno@redhat.com> - 3.42.0-1
|
|
|
|
|
- Update to NSS 3.42
|
|
|
|
|
|
|
|
|
|
* Fri Feb 8 2019 Daiki Ueno <dueno@redhat.com> - 3.41.0-5
|
|
|
|
|
- Simplify test failure detection in %%check
|
|
|
|
|
|
|
|
|
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.41.0-4
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Fri Jan 11 2019 Daiki Ueno <dueno@redhat.com> - 3.41.0-3
|
|
|
|
|
- Remove prelink.conf as prelink was removed in F24, suggested by
|
|
|
|
|
Harald Reindl
|
|
|
|
|
- Use quilt for %%autopatch
|
|
|
|
|
- Make sysinit require arch-dependent nss, suggested by Igor Gnatenko
|
|
|
|
|
- Silence %%post/%%postun scriptlets, suggested by Ian Collier
|
|
|
|
|
|
|
|
|
|
* Mon Dec 10 2018 Daiki Ueno <dueno@redhat.com> - 3.41.0-1
|
|
|
|
|
- Update to NSS 3.41
|
|
|
|
|
|
|
|
|
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
|
|
|
|
|
- Remove unnecessary patches
|
|
|
|
|
|
|
|
|
|
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-2
|
|
|
|
|
- Update to NSS 3.40.1
|
|
|
|
|
|
|
|
|
|
* Wed Nov 14 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-4
|
|
|
|
|
- Consolidate nss-util, nss-softokn, and nss into a single package
|
|
|
|
|
- Fix FTBFS with expired test certs
|
|
|
|
|
- Modernize spec file based on the suggestion from Robert-André Mauchin
|
|
|
|
|
|
|
|
|
|
* Thu Sep 13 2018 Daiki Ueno <dueno@redhat.com> - 3.39.0-3
|
|
|
|
|
- Fix LDFLAGS injection
|
|
|
|
|
|
|
|
|
|