diff --git a/nss.spec b/nss.spec index 669daa6..cfa2cc0 100644 --- a/nss.spec +++ b/nss.spec @@ -2,38 +2,37 @@ %define major 3 %define libname %mklibname %{name} %{major} +%define libfreebl %mklibname freebl %{major} %define develname %mklibname -d %{name} %define sdevelname %mklibname -d -s %{name} %define cvsver 3_15_1 -%define version 3.15.1 - -%define patchver %(echo %{version}|cut -d. -f3) -%if %{patchver} -%define tarballver %{version} -%else -%define tarballver %(echo %{version}|cut -d. -f1,2) -%endif %define nspr_libname %mklibname nspr 4 +%define nspr_version 4.10.0 # this seems fragile, so require the exact version or later (#58754) %define sqlite3_version %(pkg-config --modversion sqlite3 &>/dev/null && pkg-config --modversion sqlite3 2>/dev/null || echo 0) %define nspr_version %(pkg-config --modversion nspr &>/dev/null && pkg-config --modversion nspr 2>/dev/null || echo 0) +%define build_empty 0 +%{?_with_empty: %{expand: %%global build_empty 1}} +%{?_without_empty: %{expand: %%global build_empty 0}} + Name: nss -Version: %{version} -Release: %mkrel 1 Epoch: 2 +Version: 3.15.1 +Release: 1 Summary: Netscape Security Services Group: System/Libraries License: MPL or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/index.html -Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{tarballver}.tar.gz +Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{cvsver}_RTM/src/nss-%{version}.tar.gz Source1: nss.pc.in Source2: nss-config.in Source3: blank-cert8.db Source4: blank-key3.db Source5: blank-secmod.db +Source6: certdata_empty.txt # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html # converted from PEM to DER format with openssl command: # openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der @@ -45,11 +44,10 @@ Source8: http://www.icpbrasil.gov.br/certificadoACRaiz.crt Patch0: nss-no-rpath.patch Patch1: nss-fixrandom.patch Patch4: renegotiate-transitional.patch -BuildRequires: rootcerts >= 1:20121229.00 -BuildRequires: nspr-devel >= 2:%{nspr_version} +BuildRequires: rootcerts >= 1:20120218.00 +BuildRequires: nspr-devel >= 2:4.9.0 BuildRequires: zlib-devel -# one should look in nss/lib/sqlite/README to check which version is "recommended" -BuildRequires: sqlite3-devel >= 3.7.14.1 +BuildRequires: sqlite3-devel >= 3.7.7.1 BuildRequires: zip %description @@ -66,65 +64,41 @@ libraries have been not been included due to conflicts with the Mozilla libraries. %endif -%package doc -Summary: Network Security Services (NSS) - Documentation -Group: Documentation -BuildArch: noarch +%package shlibsign +Summary: Netscape Security Services - shlibsign +Group: System/Libraries +Conflicts: %{name} < 2:3.13.1-2 -%description doc -Documentation for Network Security Services. +%description shlibsign +This package contains the binary shlibsign needed by libfreebl3 +and libsoftokn3. %if %with lib %package -n %{libname} Summary: Network Security Services (NSS) Group: System/Libraries -Provides: mozilla-nss = %{epoch}:%{version}-%{release} -Requires(pre): filesystem >= 2.1.9-18 -Requires(post): nss -Requires(post): rpm-helper -Requires: %{mklibname sqlite3_ 0} >= %{sqlite3_version} -Requires: %{nspr_libname} >= %{nspr_version} -Conflicts: %{_lib}nss-devel < 2:3.13.5-2 %description -n %{libname} -Network Security Services (NSS) is a set of libraries designed to -support cross-platform development of security-enabled server -applications. Applications built with NSS can support SSL v2 and v3, -TLS, PKCS #5, PKCS #7, PKCS #11, PKCS -#12, S/MIME, X.509 v3 certificates, and other security standards. For -detailed information on standards supported, see -http://www.mozilla.org/projects/security/pki/nss/overview.html. +This package contains the shared libraries libnss3, libnssckbi, libnssdbm3, +libnssutil3, libsmime3, and libssl3. + +%package -n %{libfreebl} +Summary: Network Security Services (NSS) +Group: System/Libraries +Requires(post): nss-shlibsign +Requires(post): rpm-helper +Conflicts: %{_lib}nss3 < 2:3.13.1-5 + +%description -n %{libfreebl} +This package contains the shared libraries libfreebl3 and libsoftokn3. %package -n %{develname} Summary: Network Security Services (NSS) - development files Group: Development/C++ -Requires(pre): filesystem >= 2.1.9-18 -Requires: %{libname} = %{epoch}:%{version}-%{release} -Requires: nspr-devel -Provides: libnss-devel = %{epoch}:%{version}-%{release} +Requires: %{libname} >= %{epoch}:%{version}-%{release} +Requires: %{libfreebl} >= %{epoch}:%{version}-%{release} Provides: nss-devel = %{epoch}:%{version}-%{release} -# (cg) The -devel package doesn't generate these automatically. -%ifarch x86_64 -Provides: devel(libfreebl3(64bit)) -Provides: devel(libnss3(64bit)) -Provides: devel(libnssckbi(64bit)) -Provides: devel(libnssdbm3(64bit)) -Provides: devel(libnssutil3(64bit)) -Provides: devel(libsmime3(64bit)) -Provides: devel(libsoftokn3(64bit)) -Provides: devel(libssl3(64bit)) -%else -Provides: devel(libfreebl3) -Provides: devel(libnss3) -Provides: devel(libnssckbi) -Provides: devel(libnssdbm3) -Provides: devel(libnssutil3) -Provides: devel(libsmime3) -Provides: devel(libsoftokn3) -Provides: devel(libssl3) -%endif -Obsoletes: %{libname}-devel < 2:3.12-8 -Conflicts: %{libname} < 2:3.12-8 +%rename %{libname}-devel %description -n %{develname} Header files to doing development with Network Security Services. @@ -132,21 +106,20 @@ Header files to doing development with Network Security Services. %package -n %{sdevelname} Summary: Network Security Services (NSS) - static libraries Group: Development/C++ -Requires: %{libname} = %{epoch}:%{version}-%{release} -Requires: %{develname} = %{epoch}:%{version}-%{release} -Requires: nspr-devel >= 2:%{nspr_version} -Provides: libnss-static-devel = %{epoch}:%{version}-%{release} +Requires: %{libname} >= %{epoch}:%{version}-%{release} +Requires: %{develname} >= %{epoch}:%{version}-%{release} Provides: nss-static-devel = %{epoch}:%{version}-%{release} Conflicts: libopenssl-static-devel -Obsoletes: %{libname}-static-devel < 2:3.12-8 +%rename %{libname}-static-devel %description -n %{sdevelname} Static libraries for doing development with Network Security Services. %endif %prep -%setup -qn %{name}-%{tarballver} -%patch0 -p0 + +%setup -q +%patch0 -p1 -b .no-rpath %patch1 -p0 %patch4 -p0 -b .transitional @@ -161,15 +134,14 @@ find . -name '*.c' -executable -exec chmod -x {} \; export BUILD_OPT=1 export OPTIMIZER="%{optflags}" export XCFLAGS="%{optflags}" -export LDOPTS="$LDFLAGS" export ARCHFLAG="$LDFLAGS" export LIBDIR=%{_libdir} export USE_SYSTEM_ZLIB=1 export ZLIB_LIBS="-lz" export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 -export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | %{__sed} 's/-I//'` -export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | %{__sed} 's/-L//'` +export NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --cflags-only-I nspr | sed 's/-I//'` +export NSPR_LIB_DIR=`%{_bindir}/pkg-config --libs-only-L nspr | sed 's/-L//'` export MOZILLA_CLIENT=1 export NS_USE_GCC=1 export NSS_USE_SYSTEM_SQLITE=1 @@ -178,11 +150,29 @@ export NSS_ENABLE_ECC=1 export USE_64=1 %endif +%if %{build_empty} +# (oe) the "trust no one" scenario, it goes like: +# 1. mv /% {_lib}/libnssckbi.so /% {_lib}/libnssckbi.so.BAK +# 2. mv /% {_lib}/libnssckbi_empty.so /% {_lib}/libnssckbi.so +# 3. restart ff/tb +# it has to be done manually for now, but at least we have a way for +# users to quickly mitigate future problems, or whatever :-) + +pushd mozilla/security/nss/lib/ckfw/builtins +%{__perl} ./certdata.perl < %{SOURCE6} +popd +%endif + # Parallel is broken as of 3.11.4 :( %make -j1 -C ./nss/coreconf %make -j1 -C ./nss/lib/dbm %make -j1 -C ./nss +%if %{build_empty} +# tuck away the empty libnssckbi.so library +cp -p mozilla/security/nss/lib/ckfw/builtins/Linux*/libnssckbi.so libnssckbi_empty.so +%endif + # install new Verisign intermediate certificate # http://qa.mandriva.com/show_bug.cgi?id=29612 # use built addbuildin command to avoid having @@ -193,13 +183,23 @@ if [ -z "$ADDBUILTIN" ]; then fi ADDBUILTIN="$PWD/$ADDBUILTIN" OLD="$LD_LIBRARY_PATH" -libpath=`%{_bindir}/find ./dist/ -name "Linux*.*" -type d` +libpath=`%{_bindir}/find mozilla/dist/ -name "Linux*" -type d` # to use the built libraries instead of requiring nss # again as buildrequires export LD_LIBRARY_PATH="$PWD/$libpath/lib" -pushd nss/lib/ckfw/builtins +pushd mozilla/security/nss/lib/ckfw/builtins +# (oe) for reference: +# *ALL* of the root CA certs are hard coded into the libnssckbi.so library. +# So, for Mandriva we can add/remove certs easily in the rootcerts package. Please +# checkout and examine the rootcerts package. +# Once this has been done and the new rootcerts package has been installed this +# package (nss) has to be rebuilt to pickup the changes made. The "recreate +# certificates" lines below generates a new certdata.c source containing the root +# CA certs for mozilla. +# *ALL* of the mozilla based softwares that support SSL has to link against +# the NSS library. # recreate certificates %{__perl} ./certdata.perl < /etc/pki/tls/mozilla/certdata.txt @@ -210,15 +210,14 @@ popd export LD_LIBRARY_PATH="$OLD" %install -%{__rm} -rf %{buildroot} - -pushd dist/$(uname -s)* +pushd mozilla/dist/$(uname -s)* %{__mkdir_p} %{buildroot}%{_bindir} %{__cp} -aL bin/* %{buildroot}%{_bindir} %if %with lib %{__mkdir_p} %{buildroot}%{_libdir} +%{__mkdir_p} %{buildroot}/%{_lib} %{__mkdir_p} %{buildroot}%{_includedir}/nss %{__cp} -aL ../public/nss/* %{buildroot}%{_includedir}/nss @@ -236,18 +235,20 @@ pushd dist/$(uname -s)* for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \ libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so do - %{__install} -m 755 lib/$file %{buildroot}%{_libdir} + %{__install} -m 755 lib/$file %{buildroot}/%{_lib} + ln -sf ../../%{_lib}/$file %{buildroot}%{_libdir}/$file done # These ghost files will be generated in the post step # Make sure chk files can be found in both places for file in libsoftokn3.chk libfreebl3.chk do - touch %{buildroot}%{_libdir}/$file + touch %{buildroot}/%{_lib}/$file + ln -s ../../%{_lib}/$file %{buildroot}%{_libdir}/$file done %{__mkdir_p} %{buildroot}%{_libdir}/pkgconfig -%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ +cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ -e "s,%%includedir%%,%{_includedir}/nss,g" \ @@ -259,12 +260,12 @@ done popd %if %with lib -export NSS_VMAJOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMAJOR" | %{__awk} '{print $3}'` -export NSS_VMINOR=`%{__cat} nss/lib/nss/nss.h | %{__grep} "#define.*NSS_VMINOR" | %{__awk} '{print $3}'` -export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/'` +export NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` +export NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` +export NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` %{__mkdir_p} %{buildroot}%{_bindir} -%{__cat} %{SOURCE2} | %{__sed} -e "s,@libdir@,%{_libdir},g" \ +cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ -e "s,@includedir@,%{_includedir}/nss%{major},g" \ @@ -274,34 +275,34 @@ export NSS_VPATCH=`echo %{version} | sed 's/\([0-9]*\).\([0-9]*\).\([0-9]*\)/\3/ > %{buildroot}/%{_bindir}/nss-config %endif -pushd nss/cmd/smimetools +pushd mozilla/security/nss/cmd/smimetools %{__install} -m 0755 smime %{buildroot}%{_bindir} %{__perl} -pi -e 's|/usr/local/bin|%{_bindir}|g' %{buildroot}%{_bindir}/smime popd # add docs %{__mkdir_p} docs/SSLsample -#%{__cp} -a nss/cmd/SSLsample/README docs/SSLsample/ %{__mkdir_p} docs/bltest -cp -a nss/cmd/bltest/tests/* docs/bltest/ +cp -a mozilla/security/nss/cmd/bltest/tests/* docs/bltest/ +chmod -R a+r docs %{__mkdir_p} docs/certcgi -%{__cp} -a nss/cmd/certcgi/*.html docs/certcgi/ -%{__cp} -a nss/cmd/certcgi/HOWTO.txt docs/certcgi/ +%{__cp} -a mozilla/security/nss/cmd/certcgi/*.html docs/certcgi/ +%{__cp} -a mozilla/security/nss/cmd/certcgi/HOWTO.txt docs/certcgi/ %{__mkdir_p} docs/modutil -%{__cp} -a nss/cmd/modutil/*.html docs/modutil/ +%{__cp} -a mozilla/security/nss/cmd/modutil/*.html docs/modutil/ %{__mkdir_p} docs/signtool -%{__cp} -a nss/cmd/signtool/README docs/signtool/ +%{__cp} -a mozilla/security/nss/cmd/signtool/README docs/signtool/ %{__mkdir_p} docs/signver -%{__cp} -a nss/cmd/signver/examples/1/*.pl docs/signver/ -%{__cp} -a nss/cmd/signver/examples/1/*.html docs/signver/ +%{__cp} -a mozilla/security/nss/cmd/signver/examples/1/*.pl docs/signver/ +%{__cp} -a mozilla/security/nss/cmd/signver/examples/1/*.html docs/signver/ %{__mkdir_p} docs/ssltap -%{__cp} -a nss/cmd/ssltap/*.html docs/ssltap/ +%{__cp} -a mozilla/security/nss/cmd/ssltap/*.html docs/ssltap/ # Install the empty NSS db files %{__mkdir_p} %{buildroot}%{_sysconfdir}/pki/nssdb @@ -311,21 +312,23 @@ cp -a nss/cmd/bltest/tests/* docs/bltest/ %{_bindir}/find docs -type f | %{_bindir}/xargs -t %{__perl} -pi -e 's/\r$//g' +%if %{build_empty} +# install the empty libnssckbi.so library (use alternatives?) +install -m0755 libnssckbi_empty.so %{buildroot}/%{_lib}/libnssckbi_empty.so +%endif + %multiarch_binaries %{buildroot}%{_bindir}/nss-config -%clean -%{__rm} -rf %{buildroot} - %if %with lib -%post -n %{libname} -%create_ghostfile %{_libdir}/libsoftokn%{major}.chk root root 644 -%create_ghostfile %{_libdir}/libfreebl%{major}.chk root root 644 -%{_bindir}/shlibsign -i %{_libdir}/libsoftokn%{major}.so >/dev/null 2>/dev/null -%{_bindir}/shlibsign -i %{_libdir}/libfreebl%{major}.so >/dev/null 2>/dev/null +%posttrans -n %{libfreebl} +%create_ghostfile /%{_lib}/libsoftokn%{major}.chk root root 644 +%create_ghostfile /%{_lib}/libfreebl%{major}.chk root root 644 +%{_bindir}/shlibsign -i /%{_lib}/libsoftokn%{major}.so >/dev/null 2>/dev/null +%{_bindir}/shlibsign -i /%{_lib}/libfreebl%{major}.so >/dev/null 2>/dev/null %endif %files -%defattr(0644,root,root,0755) +%doc docs/* %attr(0755,root,root) %{_bindir}/addbuiltin %attr(0755,root,root) %{_bindir}/atob %attr(0755,root,root) %{_bindir}/baddbdir @@ -360,7 +363,6 @@ cp -a nss/cmd/bltest/tests/* docs/bltest/ %attr(0755,root,root) %{_bindir}/p7env %attr(0755,root,root) %{_bindir}/p7sign %attr(0755,root,root) %{_bindir}/p7verify -%attr(0755,root,root) %{_bindir}/pk11gcmtest %attr(0755,root,root) %{_bindir}/pk11mode %attr(0755,root,root) %{_bindir}/pk12util %attr(0755,root,root) %{_bindir}/pk1sign @@ -372,7 +374,6 @@ cp -a nss/cmd/bltest/tests/* docs/bltest/ %attr(0755,root,root) %{_bindir}/sdrtest %attr(0755,root,root) %{_bindir}/secmodtest %attr(0755,root,root) %{_bindir}/selfserv -%attr(0755,root,root) %{_bindir}/shlibsign %attr(0755,root,root) %{_bindir}/signtool %attr(0755,root,root) %{_bindir}/signver %attr(0755,root,root) %{_bindir}/smime @@ -387,29 +388,33 @@ cp -a nss/cmd/bltest/tests/* docs/bltest/ %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db -%files doc -%defattr(0644,root,root,0755) -%doc docs/* +%files shlibsign +%attr(0755,root,root) %{_bindir}/shlibsign %if %with lib -%files -n %{libname} -%defattr(0755,root,root,0755) -%{_libdir}/libfreebl%{major}.so -%{_libdir}/libnss%{major}.so -%{_libdir}/libnssckbi.so -%{_libdir}/libsmime%{major}.so -%{_libdir}/libsoftokn%{major}.so -%{_libdir}/libssl%{major}.so -%{_libdir}/libnssutil%{major}.so -%{_libdir}/libnssdbm%{major}.so +%files -n %{libfreebl} +/%{_lib}/libfreebl%{major}.so +/%{_lib}/libsoftokn%{major}.so %defattr(0644,root,root,0755) -%ghost %{_libdir}/libsoftokn%{major}.chk -%ghost %{_libdir}/libfreebl%{major}.chk +%ghost /%{_lib}/libfreebl%{major}.chk +%ghost /%{_lib}/libsoftokn%{major}.chk + +%files -n %{libname} +/%{_lib}/libnss%{major}.so +/%{_lib}/libnssckbi.so +%if %{build_empty} +/%{_lib}/libnssckbi_empty.so +%endif +/%{_lib}/libnssutil%{major}.so +/%{_lib}/libnssdbm%{major}.so +/%{_lib}/libsmime%{major}.so +/%{_lib}/libssl%{major}.so %files -n %{develname} %defattr(0644,root,root,0755) %attr(0755,root,root) %{_bindir}/nss-config %attr(0755,root,root) %{multiarch_bindir}/nss-config +%_libdir/*.so %dir %{_includedir}/nss %{_includedir}/nss/base64.h %{_includedir}/nss/blapit.h @@ -507,8 +512,8 @@ cp -a nss/cmd/bltest/tests/* docs/bltest/ %{_includedir}/nss/utilparst.h %{_includedir}/nss/utilrename.h %{_libdir}/pkgconfig/nss.pc -#%{_libdir}/libsoftokn%{major}.chk -#%{_libdir}/libfreebl%{major}.chk +%{_libdir}/libsoftokn%{major}.chk +%{_libdir}/libfreebl%{major}.chk %files -n %{sdevelname} %defattr(0644,root,root,0755) @@ -521,3 +526,4 @@ cp -a nss/cmd/bltest/tests/* docs/bltest/ %{_libdir}/libssl.a %endif +