1 | %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} |
---|
2 | |
---|
3 | %define nspr_version 4.11 |
---|
4 | %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools |
---|
5 | |
---|
6 | Summary: Network Security Services |
---|
7 | Name: nss |
---|
8 | Version: 3.21.1 |
---|
9 | Release: 1%{?_dist_release} |
---|
10 | License: MPLv1.1 or GPLv2+ or LGPLv2+ |
---|
11 | URL: http://www.mozilla.org/projects/security/pki/nss/ |
---|
12 | Group: System Environment/Libraries |
---|
13 | |
---|
14 | Source0: %{name}-%{version}.tar.gz |
---|
15 | Source1: nss.pc.in |
---|
16 | Source2: nss-config.in |
---|
17 | Source3: blank-cert8.db |
---|
18 | Source4: blank-key3.db |
---|
19 | Source5: blank-secmod.db |
---|
20 | Source6: blank-cert9.db |
---|
21 | Source7: blank-key4.db |
---|
22 | Source8: system-pkcs11.txt |
---|
23 | Source12: %{name}-pem-20140125.tar.bz2 |
---|
24 | Source101: nss-util.pc.in |
---|
25 | Source102: nss-util-config.in |
---|
26 | |
---|
27 | Patch2: add-relro-linker-option.patch |
---|
28 | Patch3: renegotiate-transitional.patch |
---|
29 | Patch6: nss-enable-pem.patch |
---|
30 | Patch16: nss-539183.patch |
---|
31 | Patch18: nss-646045.patch |
---|
32 | # TODO: Remove this patch when the ocsp test are fixed |
---|
33 | Patch40: nss-3.14.0.0-disble-ocsp-test.patch |
---|
34 | # Fedora / RHEL-only patch, the templates directory was originally |
---|
35 | # introduced to support mod _revocator |
---|
36 | Patch47: utilwrap-include-templates.patch |
---|
37 | # TODO remove when we switch to building nss without softoken |
---|
38 | Patch49: nss-skip-bltest-and-fipstest.patch |
---|
39 | Patch50: iquote.patch |
---|
40 | # As of nss-3.21 we compile NSS with -Werror. |
---|
41 | # see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667 |
---|
42 | # This requires a cleanup of the PEM module as we have it here. |
---|
43 | # TODO: submit a patch to the interim nss-pem upstream project |
---|
44 | # The submission will be very different from this patch as |
---|
45 | # cleanup there is already in progress there. |
---|
46 | Patch51: pem-compile-with-Werror.patch |
---|
47 | Patch52: Bug-1001841-disable-sslv2-libssl.patch |
---|
48 | Patch53: Bug-1001841-disable-sslv2-tests.patch |
---|
49 | Patch54: sslauth-no-v2.patch |
---|
50 | Patch55: enable-fips-when-system-is-in-fips-mode.patch |
---|
51 | # rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677 |
---|
52 | Patch56: p-ignore-setpolicy.patch |
---|
53 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144 |
---|
54 | Patch62: nss-fix-deadlock-squash.patch |
---|
55 | # Two patches from from rhel6.8 that are also needed for rhel-7 |
---|
56 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1054373 |
---|
57 | Patch74: race.patch |
---|
58 | Patch94: nss-3.16-token-init-race.patch |
---|
59 | Patch99: ssl-server-min-key-sizes.patch |
---|
60 | Patch100: fix-min-library-version-in-SSLVersionRange.patch |
---|
61 | # Add support for sha384 tls cipher suites, dss cipher suites, and |
---|
62 | # server-side dhe key exchange |
---|
63 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=102794 |
---|
64 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 |
---|
65 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 |
---|
66 | Patch101: dhe-sha384-dss-support.patch |
---|
67 | # TODO: From upstream review: For the client authentication case, should |
---|
68 | # probably drop our hack of swapping between sha256 and sha384 and plan |
---|
69 | # on implementing the fix we already have a patch for. What is that fix? |
---|
70 | Patch102: client_auth_for_sha384_prf_support.patch |
---|
71 | Patch103: nss-fix-client-auth-init-hashes.patch |
---|
72 | Patch104: nss-map-oid-to-hashalg.patch |
---|
73 | Patch105: nss-remove-bogus-assert.patch |
---|
74 | Patch106: nss-old-pkcs11-num.patch |
---|
75 | Patch107: nss-enable-384-cipher-tests.patch |
---|
76 | Patch108: nss-sni-c-v-fix.patch |
---|
77 | Patch109: nss-fix-signature-and-hash.patch |
---|
78 | Patch110: nss-sslstress-txt-ssl3-lower-value-in-range.patch |
---|
79 | |
---|
80 | # Enable by default two additional ciphers and fix order of two tables |
---|
81 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 |
---|
82 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 |
---|
83 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1211403 |
---|
84 | Patch112: rh1238290.patch |
---|
85 | # Local: keep as long nss-softokn lacks support |
---|
86 | Patch113: disable-extended-master-secret-with-old-softoken.patch |
---|
87 | # extra tests needed |
---|
88 | Patch114: tests-extra.patch |
---|
89 | Patch115: nss-prevent-abi-issue.patch |
---|
90 | Patch116: nss-tests-prevent-abi-issue.patch |
---|
91 | Patch117: fix-nss-test-filtering.patch |
---|
92 | Patch118: fix-allowed-sig-alg.patch |
---|
93 | Patch119: nss-ssl-ssl3con-delete-duplicates.patch |
---|
94 | |
---|
95 | # Local patches |
---|
96 | Patch1002: hasht-dont-include-prtypes.patch |
---|
97 | Patch1007: pkcs1sig-include-prtypes.patch |
---|
98 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 |
---|
99 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 |
---|
100 | Patch1008: nss-util-3.19.1-tls12-mechanisms.patch |
---|
101 | |
---|
102 | |
---|
103 | |
---|
104 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
---|
105 | BuildRequires: nspr-devel >= %{nspr_version} |
---|
106 | BuildRequires: sqlite3-devel |
---|
107 | BuildRequires: zlib-devel |
---|
108 | BuildRequires: pkgconfig |
---|
109 | BuildRequires: gawk |
---|
110 | Provides: mozilla-nss |
---|
111 | Obsoletes: mozilla-nss |
---|
112 | Requires: nspr >= %{nspr_version} |
---|
113 | |
---|
114 | %description |
---|
115 | Network Security Services (NSS) is a set of libraries designed to |
---|
116 | support cross-platform development of security-enabled client and |
---|
117 | server applications. Applications built with NSS can support SSL v2 |
---|
118 | and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 |
---|
119 | v3 certificates, and other security standards. |
---|
120 | |
---|
121 | |
---|
122 | %package tools |
---|
123 | Summary: Tools for the Network Security Services |
---|
124 | Group: System Environment/Base |
---|
125 | Requires: nss = %{version}-%{release} |
---|
126 | |
---|
127 | %description tools |
---|
128 | Network Security Services (NSS) is a set of libraries designed to |
---|
129 | support cross-platform development of security-enabled client and |
---|
130 | server applications. Applications built with NSS can support SSL v2 |
---|
131 | and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 |
---|
132 | v3 certificates, and other security standards. |
---|
133 | |
---|
134 | Install the nss-tools package if you need command-line tools to |
---|
135 | manipulate the NSS certificate and key database. |
---|
136 | |
---|
137 | |
---|
138 | %package devel |
---|
139 | Summary: Development libraries for Network Security Services |
---|
140 | Group: Development/Libraries |
---|
141 | Requires: nss = %{version}-%{release} |
---|
142 | Requires: nspr-devel >= %{nspr_version} |
---|
143 | Provides: mozilla-nss-devel |
---|
144 | Obsoletes: mozilla-nss-devel |
---|
145 | |
---|
146 | %description devel |
---|
147 | Header and Library files for doing development with Network Security Services. |
---|
148 | |
---|
149 | |
---|
150 | %package pkcs11-devel |
---|
151 | Summary: Development libraries for PKCS #11 (Cryptoki) using NSS |
---|
152 | Group: Development/Libraries |
---|
153 | Requires: nss-devel = %{version}-%{release} |
---|
154 | |
---|
155 | %description pkcs11-devel |
---|
156 | Library files for developing PKCS #11 modules using basic NSS |
---|
157 | low level services. |
---|
158 | |
---|
159 | |
---|
160 | ## to build compat32 for x86_64 architecture support |
---|
161 | %package -n compat32-%{name} |
---|
162 | Summary: Network Security Services |
---|
163 | Group: System Environment/Libraries |
---|
164 | |
---|
165 | %description -n compat32-%{name} |
---|
166 | Network Security Services (NSS) is a set of libraries designed to |
---|
167 | support cross-platform development of security-enabled client and |
---|
168 | server applications. Applications built with NSS can support SSL v2 |
---|
169 | and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 |
---|
170 | v3 certificates, and other security standards. |
---|
171 | |
---|
172 | |
---|
173 | %prep |
---|
174 | %setup -q |
---|
175 | %setup -q -T -D -n %{name}-%{version} -a 12 |
---|
176 | |
---|
177 | %patch2 -p0 -b .relro |
---|
178 | %patch3 -p0 -b .transitional |
---|
179 | %patch6 -p0 -b .libpem |
---|
180 | %patch16 -p0 -b .539183 |
---|
181 | pushd nss |
---|
182 | %patch18 -p1 -b .646045 |
---|
183 | popd |
---|
184 | %patch40 -p0 -b .noocsptest |
---|
185 | %patch47 -p0 -b .templates |
---|
186 | %patch49 -p0 -b .skipthem |
---|
187 | %patch50 -p0 -b .iquote |
---|
188 | %patch51 -p1 -b -Werror |
---|
189 | pushd nss |
---|
190 | %patch52 -p1 -b .disableSSL2libssl |
---|
191 | %patch53 -p1 -b .disableSSL2tests |
---|
192 | %patch54 -p1 -b .sslauth-no-v2 |
---|
193 | %patch55 -p1 -b .852023_enable_fips_when_in_fips_mode |
---|
194 | %patch56 -p1 -b .1026677_ignore_set_policy |
---|
195 | %patch62 -p1 -b .fix_deadlock |
---|
196 | %patch99 -p1 -b .min_key_sizes |
---|
197 | %patch100 -p0 -b .1171318 |
---|
198 | %patch101 -p1 -b .dhe_and_sha384 |
---|
199 | %patch102 -p1 -b .client_auth_prf |
---|
200 | %patch112 -p1 -b .1238290 |
---|
201 | %patch113 -p1 -b .disable-ems |
---|
202 | %patch114 -p1 -b .extra |
---|
203 | %patch115 -p1 -b .abi_lib |
---|
204 | %patch116 -p1 -b .abi_tests |
---|
205 | %patch117 -p1 -b .test-filtering |
---|
206 | %patch74 -p1 -b .race |
---|
207 | popd |
---|
208 | %patch94 -p0 -b .init-token-race |
---|
209 | %patch103 -p0 -b .fix_client_auth_crash |
---|
210 | %patch104 -p0 -b .use_oids |
---|
211 | %patch105 -p0 -b .remove_bogus_assert |
---|
212 | %patch106 -p0 -b .old_pkcs11_num |
---|
213 | %patch107 -p0 -b .enable_384_cipher_tests |
---|
214 | %patch108 -p0 -b .sni_c_v_fix |
---|
215 | %patch109 -p0 -b .fix_signature_and_hash |
---|
216 | %patch110 -p0 -b .no_ssl2 |
---|
217 | pushd nss |
---|
218 | %patch118 -p1 -b .allowed-sig-alg |
---|
219 | popd |
---|
220 | %patch119 -p0 -b .delete_duplicates |
---|
221 | |
---|
222 | %patch1002 -p0 -b .prtypes |
---|
223 | %patch1007 -p0 -b .include_prtypes |
---|
224 | %patch1008 -p1 -b .tls12_mechs |
---|
225 | |
---|
226 | |
---|
227 | pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt" |
---|
228 | for file in ${pemNeedsFromSoftoken}; do |
---|
229 | %{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/ |
---|
230 | done |
---|
231 | %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf |
---|
232 | %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf |
---|
233 | |
---|
234 | pushd nss/tests/ssl |
---|
235 | # Create versions of sslcov.txt and sslstress.txt that disable tests |
---|
236 | # for SSL2 and EXPORT ciphers. |
---|
237 | cat sslcov.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslcov.noSSL2orExport.txt |
---|
238 | cat sslstress.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslstress.noSSL2orExport.txt |
---|
239 | popd |
---|
240 | |
---|
241 | %build |
---|
242 | |
---|
243 | export NSS_NO_SSL2=1 |
---|
244 | |
---|
245 | #NSS_NO_PKCS11_BYPASS=1 |
---|
246 | #export NSS_NO_PKCS11_BYPASS |
---|
247 | |
---|
248 | #FREEBL_NO_DEPEND=1 |
---|
249 | #export FREEBL_NO_DEPEND |
---|
250 | |
---|
251 | # Enable compiler optimizations and disable debugging code |
---|
252 | BUILD_OPT=1 |
---|
253 | export BUILD_OPT |
---|
254 | |
---|
255 | # Generate symbolic info for debuggers |
---|
256 | XCFLAGS=$RPM_OPT_FLAGS |
---|
257 | export XCFLAGS |
---|
258 | |
---|
259 | PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 |
---|
260 | PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 |
---|
261 | |
---|
262 | export PKG_CONFIG_ALLOW_SYSTEM_LIBS |
---|
263 | export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS |
---|
264 | |
---|
265 | NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` |
---|
266 | NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` |
---|
267 | |
---|
268 | export NSPR_INCLUDE_DIR |
---|
269 | export NSPR_LIB_DIR |
---|
270 | |
---|
271 | #export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'` |
---|
272 | #export FREEBL_LIB_DIR=%{_libdir} |
---|
273 | #export USE_SYSTEM_FREEBL=0 |
---|
274 | |
---|
275 | NSS_USE_SYSTEM_SQLITE=1 |
---|
276 | export NSS_USE_SYSTEM_SQLITE |
---|
277 | |
---|
278 | %ifarch x86_64 ppc64 ia64 s390x |
---|
279 | USE_64=1 |
---|
280 | export USE_64 |
---|
281 | %endif |
---|
282 | |
---|
283 | # uncomment if the iquote patch is activated |
---|
284 | export IN_TREE_FREEBL_HEADERS_FIRST=1 |
---|
285 | |
---|
286 | export NSS_BLTEST_NOT_AVAILABLE=1 |
---|
287 | # |
---|
288 | %{__make} -C ./nss/coreconf |
---|
289 | %{__make} -C ./nss/lib/dbm |
---|
290 | %{__make} -C ./nss |
---|
291 | |
---|
292 | # Set up our package file |
---|
293 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig |
---|
294 | %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ |
---|
295 | -e "s,%%prefix%%,%{_prefix},g" \ |
---|
296 | -e "s,%%exec_prefix%%,%{_prefix},g" \ |
---|
297 | -e "s,%%includedir%%,%{_includedir}/nss3,g" \ |
---|
298 | -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ |
---|
299 | -e "s,%%NSS_VERSION%%,%{version},g" \ |
---|
300 | -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ |
---|
301 | $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc |
---|
302 | |
---|
303 | NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` |
---|
304 | NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` |
---|
305 | NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` |
---|
306 | |
---|
307 | export NSS_VMAJOR |
---|
308 | export NSS_VMINOR |
---|
309 | export NSS_VPATCH |
---|
310 | |
---|
311 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} |
---|
312 | %{__cat} %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ |
---|
313 | -e "s,@prefix@,%{_prefix},g" \ |
---|
314 | -e "s,@exec_prefix@,%{_prefix},g" \ |
---|
315 | -e "s,@includedir@,%{_includedir}/nss3,g" \ |
---|
316 | -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ |
---|
317 | -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ |
---|
318 | -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ |
---|
319 | > $RPM_BUILD_ROOT/%{_bindir}/nss-config |
---|
320 | |
---|
321 | chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config |
---|
322 | |
---|
323 | %{__cat} %{SOURCE101} | sed -e "s,%%libdir%%,%{_libdir},g" \ |
---|
324 | -e "s,%%prefix%%,%{_prefix},g" \ |
---|
325 | -e "s,%%exec_prefix%%,%{_prefix},g" \ |
---|
326 | -e "s,%%includedir%%,%{_includedir}/nss3,g" \ |
---|
327 | -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ |
---|
328 | -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ |
---|
329 | $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc |
---|
330 | |
---|
331 | NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'` |
---|
332 | NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'` |
---|
333 | NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'` |
---|
334 | |
---|
335 | export NSSUTIL_VMAJOR |
---|
336 | export NSSUTIL_VMINOR |
---|
337 | export NSSUTIL_VPATCH |
---|
338 | |
---|
339 | %{__cat} %{SOURCE102} | sed -e "s,@libdir@,%{_libdir},g" \ |
---|
340 | -e "s,@prefix@,%{_prefix},g" \ |
---|
341 | -e "s,@exec_prefix@,%{_prefix},g" \ |
---|
342 | -e "s,@includedir@,%{_includedir}/nss3,g" \ |
---|
343 | -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \ |
---|
344 | -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \ |
---|
345 | -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \ |
---|
346 | > $RPM_BUILD_ROOT/%{_bindir}/nss-util-config |
---|
347 | |
---|
348 | chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-util-config |
---|
349 | |
---|
350 | %install |
---|
351 | |
---|
352 | # There is no make install target so we'll do it ourselves. |
---|
353 | |
---|
354 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 |
---|
355 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates |
---|
356 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} |
---|
357 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} |
---|
358 | %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} |
---|
359 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig |
---|
360 | |
---|
361 | # Copy the binary libraries we want |
---|
362 | for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \ |
---|
363 | libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so |
---|
364 | do |
---|
365 | %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} |
---|
366 | done |
---|
367 | |
---|
368 | # These ghost files will be generated in the post step |
---|
369 | touch $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.chk |
---|
370 | touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk |
---|
371 | |
---|
372 | # Install the empty NSS db files |
---|
373 | # Legacy db |
---|
374 | %{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb |
---|
375 | %{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db |
---|
376 | %{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db |
---|
377 | %{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db |
---|
378 | # Shared db |
---|
379 | %{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db |
---|
380 | %{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db |
---|
381 | %{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt |
---|
382 | |
---|
383 | |
---|
384 | # Copy the development libraries we want |
---|
385 | for file in libcrmf.a libnssb.a libnssckfw.a |
---|
386 | do |
---|
387 | %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} |
---|
388 | done |
---|
389 | |
---|
390 | # Copy the binaries we want |
---|
391 | for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap |
---|
392 | do |
---|
393 | %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir} |
---|
394 | done |
---|
395 | |
---|
396 | # Copy the binaries we ship as unsupported |
---|
397 | for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain |
---|
398 | do |
---|
399 | %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} |
---|
400 | done |
---|
401 | |
---|
402 | # Copy the include files |
---|
403 | for file in dist/public/nss/*.h |
---|
404 | do |
---|
405 | %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 |
---|
406 | done |
---|
407 | |
---|
408 | |
---|
409 | %clean |
---|
410 | %{__rm} -rf $RPM_BUILD_ROOT |
---|
411 | |
---|
412 | |
---|
413 | %post |
---|
414 | /sbin/ldconfig >/dev/null 2>/dev/null |
---|
415 | %{unsupported_tools_directory}/shlibsign -i %{_libdir}/libsoftokn3.so >/dev/null 2>/dev/null |
---|
416 | %{unsupported_tools_directory}/shlibsign -i %{_libdir}/libfreebl3.so >/dev/null 2>/dev/null |
---|
417 | |
---|
418 | |
---|
419 | %postun |
---|
420 | /sbin/ldconfig >/dev/null 2>/dev/null |
---|
421 | |
---|
422 | |
---|
423 | %files |
---|
424 | %defattr(-,root,root) |
---|
425 | %{_libdir}/libnss3.so |
---|
426 | %{_libdir}/libnssutil3.so |
---|
427 | %{_libdir}/libnssdbm3.so |
---|
428 | %{_libdir}/libssl3.so |
---|
429 | %{_libdir}/libsmime3.so |
---|
430 | %{_libdir}/libsoftokn3.so |
---|
431 | %{_libdir}/libnssckbi.so |
---|
432 | %{_libdir}/libnsspem.so |
---|
433 | %{_libdir}/libfreebl3.so |
---|
434 | %{unsupported_tools_directory}/shlibsign |
---|
435 | %ghost %{_libdir}/libsoftokn3.chk |
---|
436 | %ghost %{_libdir}/libfreebl3.chk |
---|
437 | %dir %{_sysconfdir}/pki/nssdb |
---|
438 | %config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db |
---|
439 | %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db |
---|
440 | %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db |
---|
441 | %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db |
---|
442 | %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db |
---|
443 | %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt |
---|
444 | |
---|
445 | %files tools |
---|
446 | %defattr(-,root,root) |
---|
447 | %{_bindir}/certutil |
---|
448 | %{_bindir}/cmsutil |
---|
449 | %{_bindir}/crlutil |
---|
450 | %{_bindir}/modutil |
---|
451 | %{_bindir}/pk12util |
---|
452 | %{_bindir}/signtool |
---|
453 | %{_bindir}/signver |
---|
454 | %{_bindir}/ssltap |
---|
455 | %{unsupported_tools_directory}/atob |
---|
456 | %{unsupported_tools_directory}/btoa |
---|
457 | %{unsupported_tools_directory}/derdump |
---|
458 | %{unsupported_tools_directory}/ocspclnt |
---|
459 | %{unsupported_tools_directory}/pp |
---|
460 | %{unsupported_tools_directory}/selfserv |
---|
461 | %{unsupported_tools_directory}/strsclnt |
---|
462 | %{unsupported_tools_directory}/symkeyutil |
---|
463 | %{unsupported_tools_directory}/tstclnt |
---|
464 | %{unsupported_tools_directory}/vfyserv |
---|
465 | %{unsupported_tools_directory}/vfychain |
---|
466 | |
---|
467 | |
---|
468 | %files devel |
---|
469 | %defattr(-,root,root) |
---|
470 | %{_libdir}/libcrmf.a |
---|
471 | %{_libdir}/pkgconfig/nss.pc |
---|
472 | %{_libdir}/pkgconfig/nss-util.pc |
---|
473 | %{_bindir}/nss-config |
---|
474 | %{_bindir}/nss-util-config |
---|
475 | |
---|
476 | %dir %{_includedir}/nss3 |
---|
477 | %{_includedir}/nss3/base64.h |
---|
478 | %{_includedir}/nss3/blapit.h |
---|
479 | %{_includedir}/nss3/cert.h |
---|
480 | %{_includedir}/nss3/certdb.h |
---|
481 | %{_includedir}/nss3/certt.h |
---|
482 | %{_includedir}/nss3/ciferfam.h |
---|
483 | %{_includedir}/nss3/cmmf.h |
---|
484 | %{_includedir}/nss3/cmmft.h |
---|
485 | %{_includedir}/nss3/cms.h |
---|
486 | %{_includedir}/nss3/cmsreclist.h |
---|
487 | %{_includedir}/nss3/cmst.h |
---|
488 | %{_includedir}/nss3/crmf.h |
---|
489 | %{_includedir}/nss3/crmft.h |
---|
490 | %{_includedir}/nss3/cryptohi.h |
---|
491 | %{_includedir}/nss3/cryptoht.h |
---|
492 | %{_includedir}/nss3/ecl-exp.h |
---|
493 | %{_includedir}/nss3/hasht.h |
---|
494 | %{_includedir}/nss3/jar-ds.h |
---|
495 | %{_includedir}/nss3/jar.h |
---|
496 | %{_includedir}/nss3/jarfile.h |
---|
497 | %{_includedir}/nss3/key.h |
---|
498 | %{_includedir}/nss3/keyhi.h |
---|
499 | %{_includedir}/nss3/keyt.h |
---|
500 | %{_includedir}/nss3/keythi.h |
---|
501 | %{_includedir}/nss3/nss.h |
---|
502 | %{_includedir}/nss3/nssb64.h |
---|
503 | %{_includedir}/nss3/nssb64t.h |
---|
504 | %{_includedir}/nss3/nssckbi.h |
---|
505 | %{_includedir}/nss3/nssilckt.h |
---|
506 | %{_includedir}/nss3/nssilock.h |
---|
507 | %{_includedir}/nss3/nsslocks.h |
---|
508 | %{_includedir}/nss3/nsslowhash.h |
---|
509 | %{_includedir}/nss3/nsspem.h |
---|
510 | %{_includedir}/nss3/nssrwlk.h |
---|
511 | %{_includedir}/nss3/nssrwlkt.h |
---|
512 | %{_includedir}/nss3/nssutil.h |
---|
513 | %{_includedir}/nss3/ocsp.h |
---|
514 | %{_includedir}/nss3/ocspt.h |
---|
515 | %{_includedir}/nss3/p12.h |
---|
516 | %{_includedir}/nss3/p12plcy.h |
---|
517 | %{_includedir}/nss3/p12t.h |
---|
518 | %{_includedir}/nss3/pk11func.h |
---|
519 | %{_includedir}/nss3/pk11pqg.h |
---|
520 | %{_includedir}/nss3/pk11priv.h |
---|
521 | %{_includedir}/nss3/pk11pub.h |
---|
522 | %{_includedir}/nss3/pk11sdr.h |
---|
523 | %{_includedir}/nss3/pkcs11.h |
---|
524 | %{_includedir}/nss3/pkcs11f.h |
---|
525 | %{_includedir}/nss3/pkcs11n.h |
---|
526 | %{_includedir}/nss3/pkcs11p.h |
---|
527 | %{_includedir}/nss3/pkcs11t.h |
---|
528 | %{_includedir}/nss3/pkcs11u.h |
---|
529 | %{_includedir}/nss3/pkcs12.h |
---|
530 | %{_includedir}/nss3/pkcs12t.h |
---|
531 | %{_includedir}/nss3/pkcs7t.h |
---|
532 | %{_includedir}/nss3/pkcs1sig.h |
---|
533 | %{_includedir}/nss3/portreg.h |
---|
534 | %{_includedir}/nss3/preenc.h |
---|
535 | %{_includedir}/nss3/secasn1.h |
---|
536 | %{_includedir}/nss3/secasn1t.h |
---|
537 | %{_includedir}/nss3/seccomon.h |
---|
538 | %{_includedir}/nss3/secder.h |
---|
539 | %{_includedir}/nss3/secdert.h |
---|
540 | %{_includedir}/nss3/secdig.h |
---|
541 | %{_includedir}/nss3/secdigt.h |
---|
542 | %{_includedir}/nss3/secerr.h |
---|
543 | %{_includedir}/nss3/sechash.h |
---|
544 | %{_includedir}/nss3/secitem.h |
---|
545 | %{_includedir}/nss3/secmime.h |
---|
546 | %{_includedir}/nss3/secmod.h |
---|
547 | %{_includedir}/nss3/secmodt.h |
---|
548 | %{_includedir}/nss3/secoid.h |
---|
549 | %{_includedir}/nss3/secoidt.h |
---|
550 | %{_includedir}/nss3/secpkcs5.h |
---|
551 | %{_includedir}/nss3/secpkcs7.h |
---|
552 | %{_includedir}/nss3/secport.h |
---|
553 | %{_includedir}/nss3/shsign.h |
---|
554 | %{_includedir}/nss3/smime.h |
---|
555 | %{_includedir}/nss3/ssl.h |
---|
556 | %{_includedir}/nss3/sslerr.h |
---|
557 | %{_includedir}/nss3/sslproto.h |
---|
558 | %{_includedir}/nss3/sslt.h |
---|
559 | %{_includedir}/nss3/utilrename.h |
---|
560 | %{_includedir}/nss3/utilmodt.h |
---|
561 | %{_includedir}/nss3/utilpars.h |
---|
562 | %{_includedir}/nss3/utilparst.h |
---|
563 | |
---|
564 | |
---|
565 | %files pkcs11-devel |
---|
566 | %defattr(-, root, root) |
---|
567 | %{_includedir}/nss3/nssbase.h |
---|
568 | %{_includedir}/nss3/nssbaset.h |
---|
569 | %{_includedir}/nss3/nssckepv.h |
---|
570 | %{_includedir}/nss3/nssckft.h |
---|
571 | %{_includedir}/nss3/nssckfw.h |
---|
572 | %{_includedir}/nss3/nssckfwc.h |
---|
573 | %{_includedir}/nss3/nssckfwt.h |
---|
574 | %{_includedir}/nss3/nssckg.h |
---|
575 | %{_includedir}/nss3/nssckmdt.h |
---|
576 | %{_includedir}/nss3/nssckt.h |
---|
577 | %{_libdir}/libnssb.a |
---|
578 | %{_libdir}/libnssckfw.a |
---|
579 | |
---|
580 | |
---|
581 | ## to build compat32 for x86_64 architecture support |
---|
582 | %if %{build_compat32} |
---|
583 | %files -n compat32-%{name} |
---|
584 | %defattr(-,root,root) |
---|
585 | %{_libdir}/*.so |
---|
586 | %ghost %{_libdir}/libsoftokn3.chk |
---|
587 | %ghost %{_libdir}/libfreebl3.chk |
---|
588 | %{unsupported_tools_directory}/shlibsign |
---|
589 | %endif |
---|
590 | |
---|
591 | |
---|
592 | %changelog |
---|
593 | * Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.21.1-1 |
---|
594 | - update to 3.21.1 |
---|
595 | - import patches from centos package |
---|
596 | |
---|
597 | * Thu Jun 12 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 3.16.1-1 |
---|
598 | - update to 3.16.1 |
---|
599 | |
---|
600 | * Thu Apr 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.3-1 |
---|
601 | - update to 3.14.3 |
---|
602 | - import patches from fedora package |
---|
603 | |
---|
604 | * Wed Jan 09 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.1-1 |
---|
605 | - update to 3.14.1 |
---|
606 | |
---|
607 | * Sat Sep 15 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.13.6-2 |
---|
608 | - add Source101 (nss-util.pc.in) |
---|
609 | - add Source102 (nss-util-config.in) |
---|
610 | |
---|
611 | * Mon Sep 03 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.6-1 |
---|
612 | - new upstream release |
---|
613 | |
---|
614 | * Sun Mar 18 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.13.3-1 |
---|
615 | - new upstream release |
---|
616 | |
---|
617 | * Thu Dec 22 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.1-2 |
---|
618 | - fix nss.pc |
---|
619 | |
---|
620 | * Wed Dec 21 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.1-1 |
---|
621 | - new upstream release |
---|
622 | |
---|
623 | * Fri Sep 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.11-1 |
---|
624 | - new upstram release |
---|
625 | |
---|
626 | * Wed Jun 01 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.10-1 |
---|
627 | - update to 3.12.10 |
---|
628 | |
---|
629 | * Tue Mar 29 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.9-1 |
---|
630 | - update to 3.12.9.with.ckbi.1.82 |
---|
631 | - update nss-pem source |
---|
632 | - define NSS_USE_SYSTEM_SQLITE, remove unneeded Patch2 |
---|
633 | |
---|
634 | * Thu Sep 23 2010 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.12.6-2 |
---|
635 | - rebuild with rpm-4.8.1 for pkg-config file |
---|
636 | |
---|
637 | * Wed Apr 7 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 3.12.6-1 |
---|
638 | - new upstream release |
---|
639 | - update nss-pem Source12 to 20091210 (from 3.12.6-2.fc14) |
---|
640 | |
---|
641 | * Sat Jan 23 2010 NAKAMURA Kenta <kenta@vinelinux.org> 3.12.5-2 |
---|
642 | - built with FREEBL_NO_DEPEND environmental variable to include nsslowhash.h |
---|
643 | |
---|
644 | * Sat Jan 09 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.5-1 |
---|
645 | - new upstream release |
---|
646 | |
---|
647 | * Mon Jul 06 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.3-4 |
---|
648 | - rebuild to fix the package built with broken environment. |
---|
649 | |
---|
650 | * Sun Jul 05 2009 Munehiro Yamamoto <munepi@cg8.so-net.ne.jp> 3.12.3-3 |
---|
651 | - fixed %%files for compat32 |
---|
652 | |
---|
653 | * Sat Jul 04 2009 Munehiro Yamamoto <munepi@cg8.so-net.ne.jp> 3.12.3-2 |
---|
654 | - added compat32 subpackages |
---|
655 | |
---|
656 | * Wed Apr 22 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.3-1 |
---|
657 | - new upstream release |
---|
658 | |
---|
659 | * Wed Jul 02 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12-1 |
---|
660 | - new upstream release |
---|
661 | |
---|
662 | * Fri May 18 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 3.11.4-0vl1 |
---|
663 | - initial build for Vine Linux |
---|
664 | |
---|
665 | * Fri Mar 02 2007 Kai Engert <kengert@redhat.com> - 3.11.5-2 |
---|
666 | - Fix rhbz#230545, failure to enable FIPS mode |
---|
667 | - Fix rhbz#220542, make NSS more tolerant of resets when in the |
---|
668 | middle of prompting for a user password. |
---|
669 | |
---|
670 | * Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-1 |
---|
671 | - Update to 3.11.5 |
---|
672 | - This update fixes two security vulnerabilities with SSL 2 |
---|
673 | - Do not use -rpath link option |
---|
674 | - Added several unsupported tools to tools package |
---|
675 | |
---|
676 | * Tue Jan 9 2007 Bob Relyea <rrelyea@redhat.com> - 3.11.4-4 |
---|
677 | - disable ECC, cleanout dead code |
---|
678 | |
---|
679 | * Tue Nov 28 2006 Kai Engert <kengert@redhat.com> - 3.11.4-1 |
---|
680 | - Update to 3.11.4 |
---|
681 | |
---|
682 | * Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-2 |
---|
683 | - Revert the attempt to require latest NSPR, as it is not yet available |
---|
684 | in the build infrastructure. |
---|
685 | |
---|
686 | * Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-1 |
---|
687 | - Update to 3.11.3 |
---|
688 | |
---|
689 | * Thu Aug 03 2006 Kai Engert <kengert@redhat.com> - 3.11.2-2 |
---|
690 | - Add /etc/pki/nssdb |
---|
691 | |
---|
692 | * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.11.2-1.1 |
---|
693 | - rebuild |
---|
694 | |
---|
695 | * Fri Jun 30 2006 Kai Engert <kengert@redhat.com> - 3.11.2-1 |
---|
696 | - Update to 3.11.2 |
---|
697 | - Enable executable bit on shared libs, also fixes debug info. |
---|
698 | |
---|
699 | * Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 3.11.1-2 |
---|
700 | - Enable Elliptic Curve Cryptography (ECC) |
---|
701 | |
---|
702 | * Fri May 26 2006 Kai Engert <kengert@redhat.com> - 3.11.1-1 |
---|
703 | - Update to 3.11.1 |
---|
704 | - Include upstream patch to limit curves |
---|
705 | |
---|
706 | * Wed Feb 15 2006 Kai Engert <kengert@redhat.com> - 3.11-4 |
---|
707 | - add --noexecstack when compiling assembler on x86_64 |
---|
708 | |
---|
709 | * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.2 |
---|
710 | - bump again for double-long bug on ppc(64) |
---|
711 | |
---|
712 | * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.1 |
---|
713 | - rebuilt for new gcc4.1 snapshot and glibc changes |
---|
714 | |
---|
715 | * Thu Jan 19 2006 Ray Strode <rstrode@redhat.com> 3.11-3 |
---|
716 | - rebuild |
---|
717 | |
---|
718 | * Fri Dec 16 2005 Christopher Aillon <caillon@redhat.com> 3.11-2 |
---|
719 | - Update file list for the devel packages |
---|
720 | |
---|
721 | * Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-1 |
---|
722 | - Update to 3.11 |
---|
723 | |
---|
724 | * Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs.2 |
---|
725 | - Add patch to allow building on ppc* |
---|
726 | - Update the pkgconfig file to Require nspr |
---|
727 | |
---|
728 | * Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs |
---|
729 | - Initial import into Fedora Core, based on a CVS snapshot of |
---|
730 | the NSS_3_11_RTM tag |
---|
731 | - Fix up the pkcs11-devel subpackage to contain the proper headers |
---|
732 | - Build with RPM_OPT_FLAGS |
---|
733 | - No need to have rpath of /usr/lib in the pc file |
---|
734 | |
---|
735 | * Thu Dec 15 2005 Kai Engert <kengert@redhat.com> |
---|
736 | - Adressed review comments by Wan-Teh Chang, Bob Relyea, |
---|
737 | Christopher Aillon. |
---|
738 | |
---|
739 | * Sat Jul 9 2005 Rob Crittenden <rcritten@redhat.com> 3.10-1 |
---|
740 | - Initial build |
---|