X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=nss.spec;h=420c9fa44e5b19116d4c7829b9501011310ee1e9;hb=394e04c;hp=bed1eac8235a848a33c56fffb3cacd3a8ffce9d7;hpb=900f3743471d515ed6b94f00127c5ab6ce608283;p=packages%2Fnss.git diff --git a/nss.spec b/nss.spec index bed1eac..420c9fa 100644 --- a/nss.spec +++ b/nss.spec @@ -1,34 +1,38 @@ -# TODO -# - check if the signed nss lib data (*.chk) is still valid after rpm stripping -# +%define nspr_ver 1:4.13 %define foover %(echo %{version} | tr . _) Summary: NSS - Network Security Services Summary(pl.UTF-8): NSS - Network Security Services Name: nss -Version: 3.11.4 +Version: 3.27 Release: 1 Epoch: 1 -License: GPL +License: MPL v2.0 Group: Libraries -# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/dbm -r DBM_1_61_RTM -# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/dbm -r DBM_1_61_RTM -# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/coreconf -r NSS_3_9_4_RTM -# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/nss -r NSS_3_9_4_RTM -#Source0: %{name}-%{version}.tar.bz2 -Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz -# Source0-md5: 74af8ebdf94307f47ff8931adbef9c39 +Source0: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz +# Source0-md5: d11b3038db57b2acaf9a638cd41ce8d8 Source1: %{name}-mozilla-nss.pc Source2: %{name}-config.in -Patch0: %{name}-Makefile.patch +Source3: http://www.cacert.org/certs/root.der +# Source3-md5: a61b375e390d9c3654eebd2031461f6b +Source4: nss-softokn.pc.in +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900 +Patch0: x32.patch URL: http://www.mozilla.org/projects/security/pki/nss/ -BuildRequires: nspr-devel >= 1:4.6.4 +BuildRequires: nspr-devel >= %{nspr_ver} +BuildRequires: nss-tools +BuildRequires: perl-base +BuildRequires: sqlite3-devel BuildRequires: zlib-devel BuildConflicts: mozilla < 0.9.6-3 -Requires: nspr >= 1:4.6.4 +Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release} +Requires: nspr >= %{nspr_ver} Obsoletes: libnss3 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %define specflags -fno-strict-aliasing +# signed - stripped before signing +%define _noautostrip .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so +%define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so %description NSS supports cross-platform development of security-enabled server @@ -44,7 +48,7 @@ i wiele innych bezpiecznych standardów. %package tools Summary: NSS command line tools and utilities -Summary(pl.UTF-8): Narzędzia NSS +Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń Group: Applications Requires: %{name} = %{epoch}:%{version}-%{release} @@ -59,7 +63,7 @@ Summary: NSS - header files Summary(pl.UTF-8): NSS - pliki nagłówkowe Group: Development/Libraries Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: nspr-devel >= 1:4.6.4 +Requires: nspr-devel >= %{nspr_ver} Obsoletes: libnss3-devel %description devel @@ -80,71 +84,105 @@ Static NSS Toolkit libraries. %description static -l pl.UTF-8 Statyczne wersje bibliotek z NSS. +%package softokn-freebl +Summary: Freebl library for the Network Security Services +Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS +Group: Libraries + +%description softokn-freebl +Freebl cryptographic library for the Network Security Services. + +%description softokn-freebl -l pl.UTF-8 +Biblioteka kryptograficzna freebl dla bibliotek NSS. + %prep %setup -q %patch0 -p1 +%if 0%{!?debug:1} +# strip before signing +%{__sed} -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' nss/cmd/shlibsign/sign.sh +%endif + %build -cd mozilla/security/nss +# http://wiki.cacert.org/wiki/NSSLib +addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt -%ifarch %{x8664} ppc64 +%ifarch %{x8664} ppc64 sparc64 export USE_64=1 %endif -%{__make} -j1 build_coreconf \ - NSDISTMODE=copy \ - NS_USE_GCC=1 \ - MOZILLA_CLIENT=1 \ - NO_MDUPDATE=1 \ - USE_PTHREADS=1 \ - BUILD_OPT=1 \ - CC="%{__cc}" \ - OPTIMIZER="%{rpmcflags}" - -%{__make} -j1 build_dbm \ - NSDISTMODE=copy \ - NS_USE_GCC=1 \ - MOZILLA_CLIENT=1 \ - NO_MDUPDATE=1 \ - USE_PTHREADS=1 \ - BUILD_OPT=1 \ +# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS +for dir in ecc noecc; do + install -d $dir + cp -a nss $dir/nss +done + +export BUILD_OPT=1 +export MOZILLA_CLIENT=1 +export NSDISTMODE=copy +export NSPR_INCLUDE_DIR=/usr/include/nspr +export NSS_USE_SYSTEM_SQLITE=1 +export USE_PTHREADS=1 +export USE_SYSTEM_ZLIB=1 +export ZLIB_LIBS="-lz" +%ifarch x32 +export USE_X32=1 +%endif + +# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623 + +# Forcing ecc with this hack would produce broken librares (softoken, freebl etc). +# Thus we also build noecc version (which doesn't require hack) and use these +# libs from there. +%{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h +%{__make} -j1 -C ecc/nss \ + NSS_ECC_MORE_THAN_SUITE_B=1 \ CC="%{__cc}" \ - OPTIMIZER="%{rpmcflags}" \ - PLATFORM="pld" - -%{__make} -j1 all \ - NSDISTMODE=copy \ - NS_USE_GCC=1 \ - MOZILLA_CLIENT=1 \ - NO_MDUPDATE=1 \ - USE_PTHREADS=1 \ - USE_SYSTEM_ZLIB=1 \ - ZLIB_LIBS="-lz" \ - BUILD_OPT=1 \ + OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \ + +%{__make} -j1 -C noecc/nss \ CC="%{__cc}" \ - OPTIMIZER="%{rpmcflags}" \ - PLATFORM="pld" + OPTIMIZER="%{rpmcflags} %{rpmcppflags}" %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir}/nss,%{_libdir},%{_pkgconfigdir}} +install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}} -install mozilla/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss -install mozilla/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss -install mozilla/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss -install mozilla/dist/pld/bin/* $RPM_BUILD_ROOT%{_bindir} -install mozilla/dist/pld/lib/* $RPM_BUILD_ROOT%{_libdir} +cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss +cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss +cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss +install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir} +install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir} + +# non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3 +install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir} +install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir} +install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir} + +cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1 %{__sed} -e ' s#libdir=.*#libdir=%{_libdir}#g s#includedir=.*#includedir=%{_includedir}#g s#VERSION#%{version}#g -' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc -ln -s mozilla-nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc +' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc +# compatibility symlink +ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc + +cat %{SOURCE4} | \ +sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss,g" \ + -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \ + -e "s,%%NSS_VERSION%%,%{version},g" \ + -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ + $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc -NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h) -NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h) -NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' mozilla/security/nss/lib/nss/nss.h) +NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h) +NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h) +NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h) %{__sed} -e " s,@libdir@,%{_libdir},g s,@prefix@,%{_prefix},g @@ -156,8 +194,32 @@ NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' mozilla/security/nss/lib/nss " %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config -# resolve conflict with squid -mv -f $RPM_BUILD_ROOT%{_bindir}/{,nss-}client +%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib} +ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so +%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib} +ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk +%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib} +ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so +%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib} +ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk + +# conflict with openssl-static +%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a + +# unit tests +%{__rm} $RPM_BUILD_ROOT%{_bindir}/der_gtest +%{__rm} $RPM_BUILD_ROOT%{_bindir}/ectest +%{__rm} $RPM_BUILD_ROOT%{_bindir}/gtests +%{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim +%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11_gtest +%{__rm} $RPM_BUILD_ROOT%{_bindir}/ssl_gtest +%{__rm} $RPM_BUILD_ROOT%{_bindir}/util_gtest +%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest* + +if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then + echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc" + exit 1 +fi %clean rm -rf $RPM_BUILD_ROOT @@ -167,22 +229,138 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(644,root,root,755) -%attr(755,root,root) %{_libdir}/lib*.so -%{_libdir}/lib*.chk +# COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes +%doc nss/{COPYING,trademarks.txt} +%attr(755,root,root) %{_libdir}/libfreebl3.so +%attr(755,root,root) %{_libdir}/libfreeblpriv3.so +%attr(755,root,root) %{_libdir}/libnss3.so +%attr(755,root,root) %{_libdir}/libnssckbi.so +%attr(755,root,root) %{_libdir}/libnssdbm3.so +%attr(755,root,root) %{_libdir}/libnssutil3.so +%attr(755,root,root) %{_libdir}/libsmime3.so +%attr(755,root,root) %{_libdir}/libsoftokn3.so +%attr(755,root,root) %{_libdir}/libssl3.so +%{_libdir}/libfreebl3.chk +%{_libdir}/libfreeblpriv3.chk +%{_libdir}/libnssdbm3.chk +%{_libdir}/libsoftokn3.chk %files devel %defattr(644,root,root,755) -%{_includedir}/nss -%{_libdir}/libcrmf.a -%{_pkgconfigdir}/*.pc %attr(755,root,root) %{_bindir}/nss-config +%{_libdir}/libcrmf.a +%{_libdir}/libfreebl.a +%{_includedir}/nss +%{_pkgconfigdir}/mozilla-nss.pc +%{_pkgconfigdir}/nss.pc +%{_pkgconfigdir}/nss-softokn.pc %files tools %defattr(644,root,root,755) -%attr(755,root,root) %{_bindir}/* -%exclude %{_bindir}/nss-config +%attr(755,root,root) %{_bindir}/addbuiltin +%attr(755,root,root) %{_bindir}/atob +%attr(755,root,root) %{_bindir}/baddbdir +%attr(755,root,root) %{_bindir}/bltest +%attr(755,root,root) %{_bindir}/btoa +%attr(755,root,root) %{_bindir}/certcgi +%attr(755,root,root) %{_bindir}/certutil +%attr(755,root,root) %{_bindir}/chktest +%attr(755,root,root) %{_bindir}/cmsutil +%attr(755,root,root) %{_bindir}/conflict +%attr(755,root,root) %{_bindir}/crlutil +%attr(755,root,root) %{_bindir}/crmftest +%attr(755,root,root) %{_bindir}/dbtest +%attr(755,root,root) %{_bindir}/derdump +%attr(755,root,root) %{_bindir}/dertimetest +%attr(755,root,root) %{_bindir}/digest +%attr(755,root,root) %{_bindir}/ecperf +%attr(755,root,root) %{_bindir}/encodeinttest +%attr(755,root,root) %{_bindir}/fipstest +%attr(755,root,root) %{_bindir}/httpserv +%attr(755,root,root) %{_bindir}/listsuites +%attr(755,root,root) %{_bindir}/lowhashtest +%attr(755,root,root) %{_bindir}/makepqg +%attr(755,root,root) %{_bindir}/mangle +%attr(755,root,root) %{_bindir}/modutil +%attr(755,root,root) %{_bindir}/multinit +%attr(755,root,root) %{_bindir}/nonspr10 +%attr(755,root,root) %{_bindir}/ocspclnt +%attr(755,root,root) %{_bindir}/ocspresp +%attr(755,root,root) %{_bindir}/oidcalc +%attr(755,root,root) %{_bindir}/p7content +%attr(755,root,root) %{_bindir}/p7env +%attr(755,root,root) %{_bindir}/p7sign +%attr(755,root,root) %{_bindir}/p7verify +%attr(755,root,root) %{_bindir}/pk11gcmtest +%attr(755,root,root) %{_bindir}/pk11mode +%attr(755,root,root) %{_bindir}/pk12util +%attr(755,root,root) %{_bindir}/pk1sign +%attr(755,root,root) %{_bindir}/pkix-errcodes +%attr(755,root,root) %{_bindir}/pp +%attr(755,root,root) %{_bindir}/pwdecrypt +%attr(755,root,root) %{_bindir}/remtest +%attr(755,root,root) %{_bindir}/rsaperf +%attr(755,root,root) %{_bindir}/sdrtest +%attr(755,root,root) %{_bindir}/secmodtest +%attr(755,root,root) %{_bindir}/selfserv +%attr(755,root,root) %{_bindir}/shlibsign +%attr(755,root,root) %{_bindir}/signtool +%attr(755,root,root) %{_bindir}/signver +%attr(755,root,root) %{_bindir}/ssltap +%attr(755,root,root) %{_bindir}/strsclnt +%attr(755,root,root) %{_bindir}/symkeyutil +%attr(755,root,root) %{_bindir}/tstclnt +%attr(755,root,root) %{_bindir}/vfychain +%attr(755,root,root) %{_bindir}/vfyserv +%{_mandir}/man1/certutil.1* +%{_mandir}/man1/cmsutil.1* +%{_mandir}/man1/crlutil.1* +%{_mandir}/man1/derdump.1* +%{_mandir}/man1/modutil.1* +%{_mandir}/man1/pk12util.1* +%{_mandir}/man1/pp.1* +%{_mandir}/man1/signtool.1* +%{_mandir}/man1/signver.1* +%{_mandir}/man1/ssltap.1* +%{_mandir}/man1/vfychain.1* +%{_mandir}/man1/vfyserv.1* %files static %defattr(644,root,root,755) -%{_libdir}/lib*.a -%exclude %{_libdir}/libcrmf.a +%{_libdir}/libcertdb.a +%{_libdir}/libcerthi.a +%{_libdir}/libcryptohi.a +%{_libdir}/libdbm.a +%{_libdir}/libjar.a +%{_libdir}/libnss.a +%{_libdir}/libnssb.a +%{_libdir}/libnssckfw.a +%{_libdir}/libnssdbm.a +%{_libdir}/libnssdev.a +%{_libdir}/libnsspki.a +%{_libdir}/libnssutil.a +%{_libdir}/libpk11wrap.a +%{_libdir}/libpkcs12.a +%{_libdir}/libpkcs7.a +%{_libdir}/libpkixcertsel.a +%{_libdir}/libpkixchecker.a +%{_libdir}/libpkixcrlsel.a +%{_libdir}/libpkixmodule.a +%{_libdir}/libpkixparams.a +%{_libdir}/libpkixpki.a +%{_libdir}/libpkixresults.a +%{_libdir}/libpkixstore.a +%{_libdir}/libpkixsystem.a +%{_libdir}/libpkixtop.a +%{_libdir}/libpkixutil.a +%{_libdir}/libsectool.a +%{_libdir}/libsmime.a +%{_libdir}/libsoftokn.a +%{_libdir}/libssl3.a + +%files softokn-freebl +%defattr(644,root,root,755) +%attr(755,root,root) /%{_lib}/libfreebl3.so +%attr(755,root,root) /%{_lib}/libfreeblpriv3.so +/%{_lib}/libfreebl3.chk +/%{_lib}/libfreeblpriv3.chk