]>
Commit | Line | Data |
---|---|---|
25bd5816 ER |
1 | # TODO |
2 | # - certutil tries to open /dev/tty to get passphrase for nss db init | |
18337b87 | 3 | %define mod_name nss |
785a760e JB |
4 | %define apxs /usr/sbin/apxs |
5 | Summary: mod_nss - strong cryptography support for Apache using SSL/TLS library NSS | |
a66472ce | 6 | Summary(pl.UTF-8): mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS |
785a760e | 7 | Name: apache-mod_nss |
b0142def JB |
8 | Version: 1.0.8 |
9 | Release: 0.1 | |
3e0cf6bd | 10 | License: Apache v2.0 |
785a760e | 11 | Group: Networking/Daemons |
fb59b3a9 | 12 | Source0: http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz |
b0142def | 13 | # Source0-md5: 32458d91ce909260a6081cce58004e2f |
25bd5816 ER |
14 | Source1: apache-server.crt |
15 | Source2: apache-server.key | |
18337b87 | 16 | Patch0: %{name}-config.patch |
fb59b3a9 | 17 | URL: http://directory.fedoraproject.org/wiki/Mod_nss |
686ceb58 | 18 | BuildRequires: %{apxs} |
785a760e | 19 | BuildRequires: apache-devel >= 2.0 |
5b464216 JB |
20 | BuildRequires: apr-devel >= 1:1.0 |
21 | BuildRequires: apr-util-devel >= 1:1.0 | |
785a760e JB |
22 | BuildRequires: nspr-devel >= 1:4.6.2 |
23 | BuildRequires: nss-devel >= 1:3.11.3 | |
b0142def JB |
24 | #BuildRequires: nss-tools |
25 | #BuildRequires: openssl-tools | |
dad6b5c7 | 26 | Requires: apache(modules-api) = %{apache_modules_api} |
785a760e JB |
27 | Requires: nspr >= 1:4.6.2 |
28 | Requires: nss >= 1:3.11.3 | |
29 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
30 | ||
31 | %define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null) | |
25bd5816 | 32 | %define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null) |
785a760e JB |
33 | |
34 | %description | |
4b91b249 | 35 | An Apache 2.x module for implementing crypto using the Mozilla NSS |
785a760e JB |
36 | crypto libraries. This supports SSL v3/TLS v1 including support for |
37 | client certificate authentication. NSS provides web applications with | |
38 | a FIPS 140 certified crypto provider and support for a full range of | |
39 | PKCS#11 devices. | |
40 | ||
41 | mod_nss is based directly on the mod_ssl package from Apache 2.0.54. | |
42 | It is a conversion from using OpenSSL calls to using NSS calls | |
43 | instead. | |
44 | ||
a87a65b1 | 45 | %description -l pl.UTF-8 |
4b91b249 | 46 | Moduł Apache'a 2.x implementujący kryptografię przy użyciu bibliotek |
a87a65b1 JR |
47 | kryptograficznych Mozilla NSS. Obsługuje SSL v3/TLS v1 wraz z |
48 | uwierzytelnianiem z użyciem certyfikatu klienta. NSS zapewnia | |
49 | aplikacjom WWW dostarczanie kryptografii z certyfikacją FIPS 140 i | |
50 | obsługę pełnego zakresu urządzeń PKCS#11. | |
785a760e | 51 | |
a87a65b1 JR |
52 | mod_nss jest oparty bezpośrednio na pakiecie mod_ssl z Apache'a |
53 | 2.0.54, jedynie został zmodyfikowany tak, aby używał wywołań NSS | |
785a760e JB |
54 | zamiast OpenSSL. |
55 | ||
56 | %prep | |
57 | %setup -q -n mod_nss-%{version} | |
18337b87 | 58 | %patch0 -p1 |
25bd5816 ER |
59 | cp %{SOURCE1} server.crt |
60 | cp %{SOURCE2} server.key | |
785a760e JB |
61 | |
62 | %build | |
63 | # apr-util is missing in configure check | |
64 | CPPFLAGS="`apu-1-config --includes`" | |
65 | %configure \ | |
66 | --with-apxs=%{apxs} \ | |
67 | --with-apr-config \ | |
68 | --with-nspr-inc=/usr/include/nspr \ | |
69 | --with-nspr-lib=%{_libdir} \ | |
70 | --with-nss-inc=/usr/include/nss \ | |
71 | --with-nss-lib=%{_libdir} | |
72 | ||
73 | %{__make} | |
74 | ||
25bd5816 | 75 | install -d nss |
b0142def JB |
76 | # XXX: this is interactive, cannot be done in rpm build process |
77 | #certutil -N -d nss | |
78 | #openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass: | |
79 | #pk12util -i server.p12 -d nss -W '' | |
25bd5816 | 80 | |
785a760e JB |
81 | %install |
82 | rm -rf $RPM_BUILD_ROOT | |
25bd5816 | 83 | install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}} |
785a760e JB |
84 | install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir} |
85 | install nss_pcache $RPM_BUILD_ROOT%{_sbindir} | |
86 | ||
25bd5816 | 87 | cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf |
b0142def | 88 | #cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss |
785a760e JB |
89 | |
90 | %clean | |
91 | rm -rf $RPM_BUILD_ROOT | |
92 | ||
e7a3ca90 ER |
93 | %post |
94 | %service -q httpd restart | |
95 | ||
96 | %postun | |
97 | if [ "$1" = "0" ]; then | |
98 | %service -q httpd restart | |
99 | fi | |
100 | ||
785a760e JB |
101 | %files |
102 | %defattr(644,root,root,755) | |
25bd5816 ER |
103 | %doc NOTICE README TODO docs/mod_nss.html migrate.pl |
104 | %attr(750,root,root) %dir %{_sysconfdir}/nss | |
b0142def JB |
105 | #%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db |
106 | #%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db | |
107 | #%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db | |
25bd5816 | 108 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf |
785a760e JB |
109 | %attr(755,root,root) %{_pkglibdir}/libmodnss.so |
110 | %attr(755,root,root) %{_sbindir}/nss_pcache |