Djam/nss
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/nss.git synced 2025-02-23 16:32:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from import/nss:rosa2023.1

Browse source 
Backports and update
This commit is contained in:
djam 2024-08-23 07:46:07 +00:00
commit 0c6a8e81e1
19 changed files with 1016 additions and 152 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.abf.yml
View file

@ -3,5 +3,5 @@ sources:
blank-cert8.db: d272a7b58364862613d44261c5744f7a336bf177
blank-key3.db: 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5
blank-secmod.db: bd748cf6e1465a1bbe6e751b72ffc0076aff0b50
nss-3.52.1.tar.gz: 15c56e41102a788cebc1df3cf46ca08b71ac0942
nss-3.103.tar.gz: 45eda4a1dfe7b28d082865bdd028ef5d58bc8d7b
verisign-class-3-secure-server-ca.der: 188590e94878478e33b6194e59fbbb28ff0888d5

16
add-relro-linker-option.patch Normal file
View file

@ -0,0 +1,16 @@
diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk
--- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700
+++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700
@@ -174,6 +174,12 @@ endif
endif
endif
+# harden DSOs/executables a bit against exploits
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
+DSO_LDOPTS+=-Wl,-z,relro
+LDFLAGS += -Wl,-z,relro
+endif
+
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz

13
iquote.patch Normal file
View file

@ -0,0 +1,13 @@
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
SQLITE_LIB_NAME = sqlite3
endif
+# Prefer in-tree headers over system headers
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
+endif
+
MK_LOCATION = included

6
nss-config.in
View file

@ -66,7 +66,11 @@ while test $# -gt 0; do
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
version=${major_version}.${minor_version}
if [ ! -z ${patch_version} ]; then
version=${version}.${patch_version}
fi
echo ${version}
;;
--cflags)
echo_cflags=yes

132
nss-config.xml Normal file
View file

@ -0,0 +1,132 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="nss-config">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>nss-config</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>nss-config</refname>
<refpurpose>Return meta information about nss libraries</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nss-config</command>
<arg><option>--prefix</option></arg>
<arg><option>--exec-prefix</option></arg>
<arg><option>--includedir</option></arg>
<arg><option>--libs</option></arg>
<arg><option>--cflags</option></arg>
<arg><option>--libdir</option></arg>
<arg><option>--version</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>nss-config</command> is a shell scrip
tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>--prefix</option></term>
<listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--exec-prefix</option></term>
<listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--includedir</option> <replaceable>count</replaceable></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--version</option></term>
<listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libs</option></term>
<listitem><simpara>returns the compiler linking flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--cflags</option></term>
<listitem><simpara>returns the compiler include flags.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--libdir</option></term>
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for both include path and linkage flags:
<programlisting>
/usr/bin/nss-config --cflags --libs
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/nss-config</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>
Authors: Elio Maldonado &lt;emaldona@redhat.com>.
</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

4
nss-p11-kit.config Normal file
View file

@ -0,0 +1,4 @@
name=p11-kit-proxy
library=p11-kit-proxy.so

10
nss-skip-util-gtest.patch Normal file
View file

@ -0,0 +1,10 @@
diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn
--- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200
+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200
@@ -31,6 +31,5 @@ endif
DIRS = \
$(LIB_SRCDIRS) \
- $(UTIL_SRCDIRS) \
$(NSS_SRCDIRS) \
$(NULL)

116
nss-softokn-config.in Normal file
View file

@ -0,0 +1,116 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
softokn3 - Requires full dynamic linking
freebl3 - for internal use only (and glibc for self-integrity check)
nssdbm3 - for internal use only
Dymamically linked
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-softokn`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-softokn`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
echo $libdirs
fi

18
nss-softokn-dracut-module-setup.sh Normal file
View file

@ -0,0 +1,18 @@
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
check() {
return 255
}
depends() {
return 0
}
install() {
local _dir
inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
libfreebl3.so
}

3
nss-softokn-dracut.conf Normal file
View file

@ -0,0 +1,3 @@
# turn on nss-softokn module
add_dracutmodules+=" nss-softokn "

4
nss-softokn.pc.in
View file

@ -6,6 +6,6 @@ includedir=%includedir%
Name: NSS-SOFTOKN
Description: Network Security Services Softoken PKCS #11 Module
Version: %SOFTOKEN_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
Cflags: -I${includedir}

118
nss-util-config.in Normal file
View file

@ -0,0 +1,118 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-util-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nssutil
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss-util`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss-util`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

11
nss-util.pc.in Normal file
View file

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS-UTIL
Description: Network Security Services Utility Library
Version: %NSSUTIL_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lnssutil3
Cflags: -I${includedir}

466
nss.spec
View file

@ -1,6 +1,16 @@
%bcond_without lib
%bcond_with cross_compiling
%define url_ver %(echo %{version}| sed -e "s|\\.|_|g")
# Excluding devel packages from nss libs
# libraries are named in a non standard way,
# all really devel ones are *.chk
# fix it
#global __develgen_exclude_path ^/%{_libdir}/.*$
%global __develgen_path %nil
# (tpg) WARNING !!!
# When you bump major, please make sure you bump "local major = 3" in %post section for lua script
%define major 3
%define libname %mklibname %{name} %{major}
%define libfreebl %mklibname freebl %{major}
@ -8,48 +18,70 @@
%define sdevname %mklibname -d -s %{name}
%define _disable_lto 1
%global optflags %{optflags} -O3
# this seems fragile, so require the exact version or later (#58754)
%define sqlite3_version %(pkg-config --modversion sqlite3 &>/dev/null && pkg-config --modversion sqlite3 2>/dev/null || echo 0)
%define nspr_version %(pkg-config --modversion nspr &>/dev/null && pkg-config --modversion nspr 2>/dev/null || echo 0)
%define build_empty 0
%{?_with_empty: %{expand: %%global build_empty 1}}
%{?_without_empty: %{expand: %%global build_empty 0}}
%{?_with_empty: %{expand: %%global build_empty 1}}
%{?_without_empty: %{expand: %%global build_empty 0}}
Summary: Network Security Services
Name: nss
Version: 3.52.1
Release: 1
Epoch: 2
Version: 3.103
Release: 1
Group: System/Libraries
License: MPL or GPLv2+ or LGPLv2+
Url: http://www.mozilla.org/projects/security/pki/nss/index.html
Source0: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz
Source2: nss.pc.in
Source3: nss-config.in
Source4: blank-cert8.db
Source5: blank-key3.db
Source6: blank-secmod.db
Source7: certdata_empty.txt
Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{url_ver}_RTM/src/nss-%{version}.tar.gz
# pkgconfig file templates and other extras from Fedora
Source1: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-util.pc.in
Source2: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-util-config.in
Source3: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn.pc.in
Source4: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn-config.in
Source6: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn-dracut-module-setup.sh
Source7: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-softokn-dracut.conf
Source8: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss.pc.in
Source9: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-config.in
Source10: blank-cert8.db
Source11: blank-key3.db
Source12: blank-secmod.db
Source15: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/system-pkcs11.txt
Source16: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/setup-nsssysinit.sh
Source20: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-config.xml
Source21: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/setup-nsssysinit.xml
Source22: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/pkcs11.txt.xml
Source28: https://src.fedoraproject.org/rpms/nss/raw/rawhide/f/nss-p11-kit.config
# https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
# converted from PEM to DER format with openssl command:
# openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der
# this way we can avoid a buildrequires for openssl
Source8: verisign-class-3-secure-server-ca.der
Source100: verisign-class-3-secure-server-ca.der
# Brasilian government certificate
# verified in person with a government official
Source9: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-brasil/src/main/resources/trustedca/CertificadoACRaiz.crt
Source10: nss-softokn.pc.in
Patch0: nss-no-rpath.patch
Patch2: renegotiate-transitional.patch
# (tpg) be carefull with last nspr4-4.10 because prtypes.h was moved to include/nspr4/
Patch4: nss-3.15.1-correct-path-to-prtypes.h.patch
Source101: https://github.com/demoiselle/certificate/raw/master/impl/ca-icp-brasil/src/main/resources/trustedca/CertificadoACRaiz.crt
# From Fedora
Patch0: add-relro-linker-option.patch
Patch1: renegotiate-transitional.patch
Patch3: utilwrap-include-templates.patch
Patch5: iquote.patch
Patch8: nss-skip-util-gtest.patch
# Our own
BuildRequires: rootcerts >= 1:20120218.00
BuildRequires: zip
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(zlib)
BuildRequires: p11-kit
# compat with RH/Fedora
Provides: nss-tools = %{EVRD}
# compat with openSUSE
Provides: mozilla-nss = %{EVRD}
%description
Network Security Services (NSS) is a set of libraries designed to
@ -58,7 +90,7 @@ applications. Applications built with NSS can support SSL v2 and v3,
TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and
other security standards. For detailed information on standards supported, see
http://www.mozilla.org/projects/security/pki/nss/overview.html.
%if %without lib
%if %{without lib}
Note: This package currently contains the NSS binaries only. The
libraries have been not been included due to conflicts with the Mozilla
@ -66,78 +98,113 @@ libraries.
%endif
%files
%doc docs/*
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
#nss supported bins
%attr(0755,root,root) %{_bindir}/certutil
%attr(0755,root,root) %{_bindir}/dbtool
%attr(0755,root,root) %{_bindir}/cmsutil
%attr(0755,root,root) %{_bindir}/crlutil
%attr(0755,root,root) %{_bindir}/modutil
%attr(0755,root,root) %{_bindir}/nss-policy-check
%attr(0755,root,root) %{_bindir}/pk12util
%attr(0755,root,root) %{_bindir}/signver
%attr(0755,root,root) %{_bindir}/ssltap
%attr(0755,root,root) %{_bindir}/sdbthreadtst
#debian-additional
%attr(0755,root,root) %{_bindir}/addbuiltin
%attr(0755,root,root) %{_bindir}/chktest
%attr(0755,root,root) %{_bindir}/dbtest
%attr(0755,root,root) %{_bindir}/derdump
%attr(0755,root,root) %{_bindir}/httpserv
%attr(0755,root,root) %{_bindir}/ocspclnt
%attr(0755,root,root) %{_bindir}/p7content
%attr(0755,root,root) %{_bindir}/p7env
%attr(0755,root,root) %{_bindir}/p7sign
%attr(0755,root,root) %{_bindir}/p7verify
%attr(0755,root,root) %{_bindir}/pk1sign
%attr(0755,root,root) %{_bindir}/pp
%attr(0755,root,root) %{_bindir}/pwdecrypt
%attr(0755,root,root) %{_bindir}/rsaperf
%attr(0755,root,root) %{_bindir}/selfserv
%attr(0755,root,root) %{_bindir}/signtool
%attr(0755,root,root) %{_bindir}/strsclnt
%attr(0755,root,root) %{_bindir}/symkeyutil
%attr(0755,root,root) %{_bindir}/tstclnt
%attr(0755,root,root) %{_bindir}/vfychain
%attr(0755,root,root) %{_bindir}/vfyserv
%attr(0755,root,root) %{_bindir}/validation
#-------------------------------------------------------------------------
%package unsupported-tools
Summary: Network Security Services - Examples
Group: System/Libraries
Requires: %{name} = %{EVRD}
Conflicts: %{name} < 1:3.44-2
%description unsupported-tools
This package contains additional unsupported tools
for ${name}.
%files unsupported-tools
#unsupported
%attr(0755,root,root) %{_bindir}/atob
%attr(0755,root,root) %{_bindir}/baddbdir
%attr(0755,root,root) %{_bindir}/bltest
%attr(0755,root,root) %{_bindir}/btoa
%attr(0755,root,root) %{_bindir}/certutil
%attr(0755,root,root) %{_bindir}/chktest
%attr(0755,root,root) %{_bindir}/cmsutil
%attr(0755,root,root) %{_bindir}/conflict
%attr(0755,root,root) %{_bindir}/crlutil
%attr(0755,root,root) %{_bindir}/crmftest
%attr(0755,root,root) %{_bindir}/dbtest
%attr(0755,root,root) %{_bindir}/derdump
%attr(0755,root,root) %{_bindir}/dertimetest
%attr(0755,root,root) %{_bindir}/digest
%attr(0755,root,root) %{_bindir}/ecperf
%attr(0755,root,root) %{_bindir}/encodeinttest
%attr(0755,root,root) %{_bindir}/fbectest
%attr(0755,root,root) %{_bindir}/fipstest
%attr(0755,root,root) %{_bindir}/httpserv
%attr(0755,root,root) %{_bindir}/listsuites
%attr(0755,root,root) %{_bindir}/lowhashtest
%attr(0755,root,root) %{_bindir}/makepqg
%attr(0755,root,root) %{_bindir}/mangle
%attr(0755,root,root) %{_bindir}/modutil
%attr(0755,root,root) %{_bindir}/multinit
%attr(0755,root,root) %{_bindir}/nonspr10
%attr(0755,root,root) %{_bindir}/nss-policy-check
%attr(0755,root,root) %{_bindir}/ocspclnt
%attr(0755,root,root) %{_bindir}/ocspresp
%attr(0755,root,root) %{_bindir}/oidcalc
%attr(0755,root,root) %{_bindir}/p7content
%attr(0755,root,root) %{_bindir}/p7env
%attr(0755,root,root) %{_bindir}/p7sign
%attr(0755,root,root) %{_bindir}/p7verify
%attr(0755,root,root) %{_bindir}/pk11ectest
%attr(0755,root,root) %{_bindir}/pk11gcmtest
%attr(0755,root,root) %{_bindir}/pk11importtest
%attr(0755,root,root) %{_bindir}/pk11mode
%attr(0755,root,root) %{_bindir}/pk12util
%attr(0755,root,root) %{_bindir}/pk1sign
%attr(0755,root,root) %{_bindir}/pkix-errcodes
%attr(0755,root,root) %{_bindir}/pp
%attr(0755,root,root) %{_bindir}/pwdecrypt
%attr(0755,root,root) %{_bindir}/remtest
%attr(0755,root,root) %{_bindir}/rsaperf
%attr(0755,root,root) %{_bindir}/rsapoptst
%attr(0755,root,root) %{_bindir}/sdrtest
%attr(0755,root,root) %{_bindir}/secmodtest
%attr(0755,root,root) %{_bindir}/selfserv
%attr(0755,root,root) %{_bindir}/signtool
%attr(0755,root,root) %{_bindir}/signver
%attr(0755,root,root) %{_bindir}/smime
%attr(0755,root,root) %{_bindir}/ssltap
%attr(0755,root,root) %{_bindir}/strsclnt
%attr(0755,root,root) %{_bindir}/symkeyutil
%attr(0755,root,root) %{_bindir}/tstclnt
%attr(0755,root,root) %{_bindir}/vfychain
%attr(0755,root,root) %{_bindir}/vfyserv
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
#-------------------------------------------------------------------------
%package examples
Summary: Network Security Services - Examples
Group: System/Libraries
Requires: %{name} = %{EVRD}
Conflicts: %{name} < 1:3.44-2
%description examples
This package contains the bltest, modutil, signtool, signver,
and ssltap examples for ${name}.
%files examples
%{_datadir}/%{name}/*
#-------------------------------------------------------------------------
%package shlibsign
Summary: Network Security Services - shlibsign
Group: System/Libraries
Conflicts: %{name} < 2:3.13.1-2
%if %{with lib}
Requires: %{libname}
%endif
%description shlibsign
This package contains the binary shlibsign needed by libfreebl3
@ -148,54 +215,79 @@ and libsoftokn3.
#-------------------------------------------------------------------------
%if %with lib
%if %{with lib}
%package -n %{libname}
Summary: Network Security Services (NSS)
Group: System/Libraries
Requires: p11-kit-trust
%description -n %{libname}
This package contains the shared libraries libnss3, libnssckbi, libnssdbm3,
This package contains the shared libraries libnss3, libnssdbm3,
libnssutil3, libsmime3, and libssl3.
%files -n %{libname}
/%{_lib}/libnss%{major}.so
/%{_lib}/libnssckbi.so
%{_libdir}/libnss%{major}.so
%if %{build_empty}
/%{_lib}/libnssckbi_empty.so
%{_libdir}/libnssckbi_empty.so
%endif
/%{_lib}/libnssutil%{major}.so
/%{_lib}/libnssdbm%{major}.so
/%{_lib}/libsmime%{major}.so
/%{_lib}/libssl%{major}.so
%{_libdir}/libnssutil%{major}.so
%{_libdir}/libnssdbm%{major}.so
%{_libdir}/libsmime%{major}.so
%{_libdir}/libssl%{major}.so
%{_libdir}/p11-kit-trust.so
%{_libdir}/libnssckbi.so
#-------------------------------------------------------------------------
%post -n %{libname} -p <lua>
-- (tpg) execute only on install
if arg[2] == "0" then
-- variable definitions
-- make sure it meets %{major} from spec file
local major = 3
local f1 = "libsoftokn" .. major .. ".chk"
local f2 = "libfreebl" .. major .. ".chk"
local f3 = "libfreeblpriv" .. major .. ".chk"
-- check if we are 64bit
libcheck = posix.stat("/lib64")
if libcheck then
libpath = "/lib64"
else
libpath = "/lib"
end
-- list of files to iterate
files = { f1, f2, f3 }
-- iterate through all the files
for file in list_iter(files) do
local f = io.open(libpath .. "/" .. file, "w")
f:write("")
f:close()
posix.chown(libpath .. "/" .. file, "root", "root")
posix.chmod(libpath .. "/" .. file, "0644")
posix.exec(shlibsign, "-i", libpath .. "/" .. file)
end
end
%package -n %{libfreebl}
Summary: Network Security Services (NSS)
Group: System/Libraries
Requires(post): nss-shlibsign
Requires(post): rpm-helper
Requires(post): coreutils
Requires(post): /bin/sh
Provides: nss-softokn%{?_isa} = %{EVRD}
Conflicts: %{_lib}nss3 < 2:3.13.1-5
%description -n %{libfreebl}
This package contains the shared libraries libfreebl3 and libsoftokn3.
%files -n %{libfreebl}
/%{_lib}/libfreebl%{major}.so
/%{_lib}/libfreeblpriv%{major}.so
/%{_lib}/libsoftokn%{major}.so
%defattr(0644,root,root,0755)
%ghost /%{_lib}/libfreebl%{major}.chk
%ghost /%{_lib}/libsoftokn%{major}.chk
%{_libdir}/libfreebl%{major}.so
%{_libdir}/libfreeblpriv%{major}.so
%{_libdir}/libsoftokn%{major}.so
%posttrans -n %{libfreebl}
%create_ghostfile /%{_lib}/libsoftokn%{major}.chk root root 644
%create_ghostfile /%{_lib}/libfreebl%{major}.chk root root 644
%{_bindir}/shlibsign -i /%{_lib}/libsoftokn%{major}.so >/dev/null 2>/dev/null
%{_bindir}/shlibsign -i /%{_lib}/libfreebl%{major}.so >/dev/null 2>/dev/null
%defattr(0644,root,root,0755)
%ghost %{_libdir}/libfreebl%{major}.chk
%ghost %{_libdir}/libsoftokn%{major}.chk
%if %rpm4
%ghost %{_libdir}/libfreeblpriv%{major}.chk
%endif
#-------------------------------------------------------------------------
@ -205,8 +297,26 @@ Group: Development/C++
Requires: %{libname} >= %{EVRD}
Requires: %{libfreebl} >= %{EVRD}
Provides: nss-devel = %{EVRD}
# a BR of Java in RH/OEU
Provides: nss-softokn-freebl-devel = %{EVRD}
%if %{__isa_bits} == 64
Provides: devel(libfreebl3(64bit))
Provides: devel(libnss3(64bit))
Provides: devel(libnssdbm3(64bit))
Provides: devel(libnssutil3(64bit))
Provides: devel(libsmime3(64bit))
Provides: devel(libsoftokn3(64bit))
Provides: devel(libssl3(64bit))
%else
Provides: devel(libfreebl3)
Provides: devel(libnss3)
Provides: devel(libnssdbm3)
Provides: devel(libnssutil3)
Provides: devel(libsmime3)
Provides: devel(libsoftokn3)
Provides: devel(libssl3)
%endif
%rename %{libname}-devel
%description -n %{devname}
@ -214,12 +324,10 @@ Header files to doing development with Network Security Services.
%files -n %{devname}
%attr(0755,root,root) %{_bindir}/nss-config
%_libdir/*.so
%dir %{_includedir}/nss
%{_includedir}/nss/*.h
%{_includedir}/nss/nssck.api
%{_includedir}/nss
%{_libdir}/pkgconfig/nss.pc
%{_libdir}/pkgconfig/nss-softokn.pc
%{_libdir}/pkgconfig/nss-util.pc
%{_libdir}/libsoftokn%{major}.chk
%{_libdir}/libfreebl%{major}.chk
@ -245,15 +353,13 @@ Static libraries for doing development with Network Security Services.
%{_libdir}/libnssckfw.a
%{_libdir}/libsmime.a
%{_libdir}/libssl.a
%{_libdir}/libfreebl.a
%endif
#-------------------------------------------------------------------------
%prep
%setup -q
#% apply_patches
%patch0 -p0
%patch2 -p0 -b .transitional
%patch4 -p1
%autosetup -p0
find . -type d -perm 0700 -exec chmod 755 {} \;
find . -type f -perm 0555 -exec chmod 755 {} \;
@ -264,10 +370,13 @@ find . -name '*.c' -executable -exec chmod -x {} \;
# remove hardcoded gcc
sed -i 's!gcc!%{__cc}!g' nss/coreconf/Linux.mk
# make 100% sure we don't pull in the internal copy of sqlite
rm nss/lib/sqlite/*.{c,h}
%build
%serverbuild
%setup_compile_flags
export CC=gcc
export CC=%{__cc}
export BUILD_OPT=1
export OPTIMIZER="%{optflags}"
export XCFLAGS="%{optflags} -Wno-error"
@ -280,9 +389,10 @@ export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | sed 's/-I//'`
export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | sed 's/-L//'`
export MOZILLA_CLIENT=1
export NS_USE_GCC=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
export MAKE_FLAGS="BUILD_OPT=1 NSS_ENABLE_ECC=1"
export NSS_ENABLE_TLS_1_3=1
# external tests are causing build problems because they access ssl internal types
# TODO: Investigate as there may be a better solution
@ -290,30 +400,57 @@ export NSS_DISABLE_GTESTS=1
%if %{build_empty}
# (oe) the "trust no one" scenario, it goes like:
# 1. mv /%%{_lib}/libnssckbi.so /%%{_lib}/libnssckbi.so.BAK
# 2. mv /%%{_lib}/libnssckbi_empty.so /%%{_lib}/libnssckbi.so
# 1. mv /%{_lib}/libnssckbi.so /%{_lib}/libnssckbi.so.BAK
# 2. mv /%{_lib}/libnssckbi_empty.so /%{_lib}/libnssckbi.so
# 3. restart ff/tb
# it has to be done manually for now, but at least we have a way for
# it has to be done manually for now, but at least we have a way for
# users to quickly mitigate future problems, or whatever :-)
pushd nss/lib/ckfw/builtins
perl ./certdata.perl < %{SOURCE7}
perl ./certdata.perl /etc/pki/tls/mozilla/certdata.txt
popd
%endif
export NATIVE_CC="/usr/bin/gcc"
%if %{with cross_compiling}
# Compile tools used at build time (nsinstall) in native
# mode before setting up the environment for crosscompiling
export USE_64=1
make -j1 -C ./nss all
make -j1 -C ./nss latest
CPU_ARCH="%_target_cpu"
if echo $CPU_ARCH |grep -qE '(i.86|pentium.|athlon)'; then
CPU_ARCH=x86
fi
export CPU_ARCH
%endif
export NATIVE_CC=%{__cc}
export TARGETCC="%{__cc}"
export TARGETCCC="%{__cxx}"
export TARGETRANLIB="%{__ranlib}"
%ifarch x86_64 ppc64 ia64 s390x aarch64
%ifarch %{x86_64} ppc64 ia64 s390x aarch64 riscv64 %{e2k}
export USE_64=1
%else
unset USE_64 || :
%endif
%make -j1 -C ./nss/coreconf
%make -j1 -C ./nss/lib/dbm
%make -j1 -C ./nss
# Parallel is broken as of 3.11.4 :(
#make -j1 -C ./nss/coreconf ./nss/lib/dbm ./nss \
# TARGETCC="$TARGETCC" \
# TARGETCCC="$TARGETCCC" \
# TARGETRANLIB="$TARGETRANLIB" \
# AR="%__ar cr \"\$@\"" \
#%if %cross_compiling
# CPU_ARCH="$CPU_ARCH" \
#%endif
#%if %with %{cross_compiling}
#buildflags="TARGETCC='$TARGETCC' TARGETCCC='$TARGETCCC' TARGETRANLIB='$TARGETRANLIB' AR='%__ar" CPU_ARCH="$CPU_ARCH"
#%else
#buildflags="TARGETCC='$TARGETCC' TARGETCCC='$TARGETCCC' TARGETRANLIB='$TARGETRANLIB' AR='%__ar"
#%endif
%make_build -j1 -C ./nss all
%make_build -j1 -C ./nss latest
%if %{build_empty}
# tuck away the empty libnssckbi.so library
@ -324,9 +461,9 @@ cp -p nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so
# http://qa.mandriva.com/show_bug.cgi?id=29612
# use built addbuildin command to avoid having
# a buildrequires for nss
ADDBUILTIN=`%{_bindir}/find . -type f -name addbuiltin`
ADDBUILTIN=$(%{_bindir}/find . -type f -name addbuiltin)
if [ -z "$ADDBUILTIN" ]; then
exit 1
exit 1
fi
ADDBUILTIN="$PWD/$ADDBUILTIN"
OLD="$LD_LIBRARY_PATH"
@ -342,7 +479,7 @@ pushd nss/lib/ckfw/builtins
# So, for Mandriva we can add/remove certs easily in the rootcerts package. Please
# checkout and examine the rootcerts package.
# Once this has been done and the new rootcerts package has been installed this
# package (nss) has to be rebuilt to pickup the changes made. The "recreate
# package (nss) has to be rebuilt to pickup the changes made. The "recreate
# certificates" lines below generates a new certdata.c source containing the root
# CA certs for mozilla.
# *ALL* of the mozilla based softwares that support SSL has to link against
@ -351,7 +488,7 @@ pushd nss/lib/ckfw/builtins
perl ./certdata.perl /etc/pki/tls/mozilla/certdata.txt
%make clean
%make -j1
%make_build
popd
export LD_LIBRARY_PATH="$OLD"
@ -362,71 +499,101 @@ pushd dist/$(uname -s)*
mkdir -p %{buildroot}%{_bindir}
cp -aL bin/* %{buildroot}%{_bindir}
%if %with lib
%if %{with lib}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}%{_includedir}/nss
cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss
cp -aL lib/libcrmf.a \
lib/libnss.a \
lib/libnssb.a \
lib/libnssckbi.so \
lib/libnssckfw.a \
lib/libnssutil.a \
lib/libsmime.a \
lib/libssl.a \
%{buildroot}%{_libdir}
lib/libnss.a \
lib/libnssb.a \
lib/libnssckfw.a \
lib/libnssutil.a \
lib/libsmime.a \
lib/libssl.a \
%{buildroot}%{_libdir}
# Copy the binary libraries we want
for file in libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnssutil3.so \
libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so
libssl3.so libsmime3.so libnssdbm3.so
do
install -m 755 lib/$file %{buildroot}/%{_lib}
ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file
install -m 755 lib/$file %{buildroot}/%{_libdir}
done
# Copy the include files we want
cp -aL ../public/nss/* %{buildroot}%{_includedir}/nss
# Copy some freebl include files we also want
for file in blapi.h alghmac.h cmac.h; do
install -p -m 644 ../private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss
done
# Copy the static freebl library
for file in libfreebl.a; do
install -p -m 644 ../*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}/%{_libdir}/libnssckbi.so
# weird bug that exist only on new arches
# /lib64/p11-kit-trust.so not exist
if [ ! -L %{buildroot}/%{_libdir}/p11-kit-trust.so ]; then
echo "=> p11-kit symlink not exist"
pushd %{buildroot}/%{_libdir}
ln -s libnssckbi.so p11-kit-trust.so
popd
fi
# These ghost files will be generated in the post step
# Make sure chk files can be found in both places
for file in libsoftokn3.chk libfreebl3.chk
do
touch %{buildroot}/%{_lib}/$file
ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file
touch %{buildroot}/%{_libdir}/$file
done
mkdir -p %{buildroot}%{_libdir}/pkgconfig
cat %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSS_VERSION%%,%{version},g" > \
%{buildroot}%{_libdir}/pkgconfig/nss.pc
cat %{SOURCE10} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
%{buildroot}%{_libdir}/pkgconfig/nss-softokn.pc
cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
%{buildroot}%{_libdir}/pkgconfig/nss-util.pc
cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSSUTIL_VERSION%%,%{version},g" \
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
%{buildroot}%{_libdir}/pkgconfig/nss-softokn.pc
cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss,g" \
-e "s,%%NSS_VERSION%%,%{version},g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSSUTIL_VERSION%%,%{version},g" \
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
%{buildroot}%{_libdir}/pkgconfig/nss.pc
%endif
popd
%if %with lib
%if %{with lib}
export NSS_VMAJOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMAJOR" | %{__awk} '{print $3}'`
export NSS_VMINOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMINOR" | %{__awk} '{print $3}'`
export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'`
mkdir -p %{buildroot}%{_bindir}
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss%{major},g" \
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
> %{buildroot}/%{_bindir}/nss-config
cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss,g" \
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
> %{buildroot}/%{_bindir}/nss-config
%endif
pushd nss/cmd/smimetools
@ -434,7 +601,7 @@ install -m 0755 smime %{buildroot}%{_bindir}
perl -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime
popd
# add docs
# add docs/examples
mkdir -p docs/SSLsample
#cp -a mozilla/security/nss/cmd/SSLsample/README docs/SSLsample/
@ -455,15 +622,18 @@ cp -a nss/cmd/signver/examples/1/*.html docs/signver/
mkdir -p docs/ssltap
cp -a nss/cmd/ssltap/*.html docs/ssltap/
install -d %{buildroot}%{_datadir}/%{name}/
cp -pr docs/* %{buildroot}%{_datadir}/%{name}/
# Install the empty NSS db files
mkdir -p %{buildroot}%{_sysconfdir}/pki/nssdb
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
install -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
%{_bindir}/find docs -type f | %{_bindir}/xargs -t perl -pi -e 's/\r$//g'
%if %{build_empty}
# install the empty libnssckbi.so library (use alternatives?)
install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so
install -m0755 libnssckbi_empty.so %{buildroot}/%{_libdir}/libnssckbi_empty.so
%endif

56
pkcs11.txt.xml Normal file
View file

@ -0,0 +1,56 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="pkcs11.txt">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>pkcs11.txt</refentrytitle>
<manvolnum>5</manvolnum>
</refmeta>
<refnamediv>
<refname>pkcs11.txt</refname>
<refpurpose>NSS PKCS #11 module configuration file</refpurpose>
</refnamediv>
<refsection id="description">
<title>Description</title>
<para>
The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
</para>
<para>
For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

68
setup-nsssysinit.sh Normal file
View file

@ -0,0 +1,68 @@
#!/bin/sh
#
# Turns on or off the nss-sysinit module db by editing the
# global PKCS #11 congiguration file. Displays the status.
#
# This script can be invoked by the user as super user.
# It is invoked at nss-sysinit post install time with argument on.
#
usage()
{
cat <<EOF
Usage: setup-nsssysinit [on|off]
on - turns on nsssysinit
off - turns off nsssysinit
status - reports whether nsssysinit is turned on or off
EOF
exit $1
}
# validate
if [ $# -eq 0 ]; then
usage 1 1>&2
fi
# the system-wide configuration file
p11conf="/etc/pki/nssdb/pkcs11.txt"
# must exist, otherwise report it and exit with failure
if [ ! -f $p11conf ]; then
echo "Could not find ${p11conf}"
exit 1
fi
# check if nsssysinit is currently enabled or disabled
sysinit_enabled()
{
grep -q '^library=libnsssysinit' ${p11conf}
}
umask 022
case "$1" in
on | ON )
if sysinit_enabled; then
exit 0
fi
cat ${p11conf} | \
sed -e 's/^library=$/library=libnsssysinit.so/' \
-e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
${p11conf}.on
mv ${p11conf}.on ${p11conf}
;;
off | OFF )
if ! sysinit_enabled; then
exit 0
fi
cat ${p11conf} | \
sed -e 's/^library=libnsssysinit.so/library=/' \
-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
${p11conf}.off
mv ${p11conf}.off ${p11conf}
;;
status )
echo -n 'NSS sysinit is '
sysinit_enabled && echo 'enabled' || echo 'disabled'
;;
* )
usage 1 1>&2
;;
esac

106
setup-nsssysinit.xml Normal file
View file

@ -0,0 +1,106 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry id="setup-nsssysinit">
<refentryinfo>
<date>&date;</date>
<title>Network Security Services</title>
<productname>nss</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>setup-nsssysinit</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>setup-nsssysinit</refname>
<refpurpose>Query or enable the nss-sysinit module</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>setup-nsssysinit</command>
<arg><option>on</option></arg>
<arg><option>off</option></arg>
<arg><option>status</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection id="description">
<title>Description</title>
<para><command>setup-nsssysinit</command> is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. </para>
<para>Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
</para>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>on</option></term>
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>off</option></term>
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>status</option></term>
<listitem><simpara>returns whether nss-syinit is enabled or not.</simpara></listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Examples</title>
<para>The following example will query for the status of nss-sysinit:
<programlisting>
/usr/bin/setup-nsssysinit status
</programlisting>
</para>
<para>The following example, when run as superuser, will turn on nss-sysinit:
<programlisting>
/usr/bin/setup-nsssysinit on
</programlisting>
</para>
</refsection>
<refsection>
<title>Files</title>
<para><filename>/usr/bin/setup-nsssysinit</filename></para>
</refsection>
<refsection>
<title>See also</title>
<para>pkg-config(1)</para>
</refsection>
<refsection id="authors">
<title>Authors</title>
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
<para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
</refsection>
<!-- don't change -->
<refsection id="license">
<title>LICENSE</title>
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</para>
</refsection>
</refentry>

5
system-pkcs11.txt Normal file
View file

@ -0,0 +1,5 @@
library=libnsssysinit.so
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

14
utilwrap-include-templates.patch Normal file
View file

@ -0,0 +1,14 @@
diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk
--- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700
+++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700
@@ -3,6 +3,10 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+INCLUDES += -I/usr/include/nss3/templates
+#endif
+
# can't do this in manifest.mn because OS_TARGET isn't defined there.
ifeq (,$(filter-out WIN%,$(OS_TARGET)))