[packages/apache-mod_nss.git] / apache-mod_nss.spec

# TODO
# - certutil tries to open /dev/tty to get passphrase for nss db init
%define		mod_name	nss
%define		apxs		/usr/sbin/apxs
Summary:	mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
Summary(pl.UTF-8):	mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
Name:		apache-mod_nss
Version:	1.0.8
Release:	0.1
License:	Apache v2.0
Group:		Networking/Daemons
Source0:	http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
# Source0-md5:	32458d91ce909260a6081cce58004e2f
Source1:	apache-server.crt
Source2:	apache-server.key
Patch0:		%{name}-config.patch
URL:		http://directory.fedoraproject.org/wiki/Mod_nss
BuildRequires:	%{apxs}
BuildRequires:	apache-devel >= 2.0
BuildRequires:	apr-devel >= 1:1.0
BuildRequires:	apr-util-devel >= 1:1.0
BuildRequires:	nspr-devel >= 1:4.6.2
BuildRequires:	nss-devel >= 1:3.11.3
#BuildRequires:	nss-tools
#BuildRequires:	openssl-tools
Requires:	apache(modules-api) = %{apache_modules_api}
Requires:	nspr >= 1:4.6.2
Requires:	nss >= 1:3.11.3
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_pkglibdir	%(%{apxs} -q LIBEXECDIR 2>/dev/null)
%define		_sysconfdir	%(%{apxs} -q SYSCONFDIR 2>/dev/null)

%description
An Apache 2.x module for implementing crypto using the Mozilla NSS
crypto libraries. This supports SSL v3/TLS v1 including support for
client certificate authentication. NSS provides web applications with
a FIPS 140 certified crypto provider and support for a full range of
PKCS#11 devices.

mod_nss is based directly on the mod_ssl package from Apache 2.0.54.
It is a conversion from using OpenSSL calls to using NSS calls
instead.

%description -l pl.UTF-8
Moduł Apache'a 2.x implementujący kryptografię przy użyciu bibliotek
kryptograficznych Mozilla NSS. Obsługuje SSL v3/TLS v1 wraz z
uwierzytelnianiem z użyciem certyfikatu klienta. NSS zapewnia
aplikacjom WWW dostarczanie kryptografii z certyfikacją FIPS 140 i
obsługę pełnego zakresu urządzeń PKCS#11.

mod_nss jest oparty bezpośrednio na pakiecie mod_ssl z Apache'a
2.0.54, jedynie został zmodyfikowany tak, aby używał wywołań NSS
zamiast OpenSSL.

%prep
%setup -q -n mod_nss-%{version}
%patch0 -p1
cp %{SOURCE1} server.crt
cp %{SOURCE2} server.key

%build
# apr-util is missing in configure check
CPPFLAGS="`apu-1-config --includes`"
%configure \
	--with-apxs=%{apxs} \
	--with-apr-config \
	--with-nspr-inc=/usr/include/nspr \
	--with-nspr-lib=%{_libdir} \
	--with-nss-inc=/usr/include/nss \
	--with-nss-lib=%{_libdir}

%{__make}

install -d nss
# XXX: this is interactive, cannot be done in rpm build process
#certutil -N -d nss
#openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
#pk12util -i server.p12 -d nss -W ''

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
install nss_pcache $RPM_BUILD_ROOT%{_sbindir}

cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
#cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss

%clean
rm -rf $RPM_BUILD_ROOT

%post
%service -q httpd restart

%postun
if [ "$1" = "0" ]; then
	%service -q httpd restart
fi

%files
%defattr(644,root,root,755)
%doc NOTICE README TODO docs/mod_nss.html migrate.pl
%attr(750,root,root) %dir %{_sysconfdir}/nss
#%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
#%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
#%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
%attr(755,root,root) %{_pkglibdir}/libmodnss.so
%attr(755,root,root) %{_sbindir}/nss_pcache
Commit	Line	Data
25bd5816 ER	1	# TODO
25bd5816 ER	2	# - certutil tries to open /dev/tty to get passphrase for nss db init
18337b87	3	%define mod_name nss
785a760e JB	4	%define apxs /usr/sbin/apxs
785a760e JB	5	Summary: mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
a66472ce	6	Summary(pl.UTF-8): mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
785a760e	7	Name: apache-mod_nss
b0142def JB	8	Version: 1.0.8
b0142def JB	9	Release: 0.1
3e0cf6bd	10	License: Apache v2.0
785a760e	11	Group: Networking/Daemons
fb59b3a9	12	Source0: http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
b0142def	13	# Source0-md5: 32458d91ce909260a6081cce58004e2f
25bd5816 ER	14	Source1: apache-server.crt
25bd5816 ER	15	Source2: apache-server.key
18337b87	16	Patch0: %{name}-config.patch
fb59b3a9	17	URL: http://directory.fedoraproject.org/wiki/Mod_nss
686ceb58	18	BuildRequires: %{apxs}
785a760e	19	BuildRequires: apache-devel >= 2.0
5b464216 JB	20	BuildRequires: apr-devel >= 1:1.0
5b464216 JB	21	BuildRequires: apr-util-devel >= 1:1.0
785a760e JB	22	BuildRequires: nspr-devel >= 1:4.6.2
785a760e JB	23	BuildRequires: nss-devel >= 1:3.11.3
b0142def JB	24	#BuildRequires: nss-tools
b0142def JB	25	#BuildRequires: openssl-tools
dad6b5c7	26	Requires: apache(modules-api) = %{apache_modules_api}
785a760e JB	27	Requires: nspr >= 1:4.6.2
	28	Requires: nss >= 1:3.11.3
	29	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	30
	31	%define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null)
25bd5816	32	%define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null)
785a760e JB	33
785a760e JB	34	%description
4b91b249	35	An Apache 2.x module for implementing crypto using the Mozilla NSS
785a760e JB	36	crypto libraries. This supports SSL v3/TLS v1 including support for
	37	client certificate authentication. NSS provides web applications with
	38	a FIPS 140 certified crypto provider and support for a full range of
	39	PKCS#11 devices.
	40
	41	mod_nss is based directly on the mod_ssl package from Apache 2.0.54.
	42	It is a conversion from using OpenSSL calls to using NSS calls
	43	instead.
	44
a87a65b1	45	%description -l pl.UTF-8
4b91b249	46	Moduł Apache'a 2.x implementujący kryptografię przy użyciu bibliotek
a87a65b1 JR	47	kryptograficznych Mozilla NSS. Obsługuje SSL v3/TLS v1 wraz z
	48	uwierzytelnianiem z użyciem certyfikatu klienta. NSS zapewnia
	49	aplikacjom WWW dostarczanie kryptografii z certyfikacją FIPS 140 i
	50	obsługę pełnego zakresu urządzeń PKCS#11.
785a760e	51
a87a65b1 JR	52	mod_nss jest oparty bezpośrednio na pakiecie mod_ssl z Apache'a
a87a65b1 JR	53	2.0.54, jedynie został zmodyfikowany tak, aby używał wywołań NSS
785a760e JB	54	zamiast OpenSSL.
	55
	56	%prep
	57	%setup -q -n mod_nss-%{version}
18337b87	58	%patch0 -p1
25bd5816 ER	59	cp %{SOURCE1} server.crt
25bd5816 ER	60	cp %{SOURCE2} server.key
785a760e JB	61
	62	%build
	63	# apr-util is missing in configure check
	64	CPPFLAGS="`apu-1-config --includes`"
	65	%configure \
	66	--with-apxs=%{apxs} \
	67	--with-apr-config \
	68	--with-nspr-inc=/usr/include/nspr \
	69	--with-nspr-lib=%{_libdir} \
	70	--with-nss-inc=/usr/include/nss \
	71	--with-nss-lib=%{_libdir}
	72
	73	%{__make}
	74
25bd5816	75	install -d nss
b0142def JB	76	# XXX: this is interactive, cannot be done in rpm build process
	77	#certutil -N -d nss
	78	#openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
	79	#pk12util -i server.p12 -d nss -W ''
25bd5816	80
785a760e JB	81	%install
785a760e JB	82	rm -rf $RPM_BUILD_ROOT
25bd5816	83	install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
785a760e JB	84	install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
	85	install nss_pcache $RPM_BUILD_ROOT%{_sbindir}
	86
25bd5816	87	cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
b0142def	88	#cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss
785a760e JB	89
	90	%clean
	91	rm -rf $RPM_BUILD_ROOT
	92
e7a3ca90 ER	93	%post
	94	%service -q httpd restart
	95
	96	%postun
	97	if [ "$1" = "0" ]; then
	98	%service -q httpd restart
	99	fi
	100
785a760e JB	101	%files
785a760e JB	102	%defattr(644,root,root,755)
25bd5816 ER	103	%doc NOTICE README TODO docs/mod_nss.html migrate.pl
25bd5816 ER	104	%attr(750,root,root) %dir %{_sysconfdir}/nss
b0142def JB	105	#%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
	106	#%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
	107	#%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
25bd5816	108	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
785a760e JB	109	%attr(755,root,root) %{_pkglibdir}/libmodnss.so
785a760e JB	110	%attr(755,root,root) %{_sbindir}/nss_pcache