[packages/apache-mod_nss.git] / apache-mod_nss.spec

# Conditional build:
%bcond_with	builddb		# build nss database. requires interactive input
#
%define		mod_name	nss
%define		apxs		/usr/sbin/apxs
Summary:	mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
Summary(pl.UTF-8):	mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
Name:		apache-mod_nss
Version:	1.0.8
Release:	0.6
License:	Apache v2.0
Group:		Networking/Daemons
Source0:	http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
# Source0-md5:	32458d91ce909260a6081cce58004e2f
Source1:	apache-server.crt
Source2:	apache-server.key
Source3:	nss.tar.bz2
# Source3-md5:	d5bfafc09ad23f4bdd917d450680cec7
Patch0:		%{name}-config.patch
URL:		http://directory.fedoraproject.org/wiki/Mod_nss
BuildRequires:	%{apxs}
BuildRequires:	apache-devel >= 2.0
BuildRequires:	apr-devel >= 1:1.0
BuildRequires:	apr-util-devel >= 1:1.0
BuildRequires:	libstdc++-devel
BuildRequires:	nspr-devel >= 1:4.6.2
BuildRequires:	nss-devel >= 1:3.11.3
%if %{with builddb}
BuildRequires:	nss-tools
BuildRequires:	openssl-tools
%endif
Requires:	apache(modules-api) = %{apache_modules_api}
Requires:	nspr >= 1:4.6.2
Requires:	nss >= 1:3.11.3
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_pkglibdir	%(%{apxs} -q LIBEXECDIR 2>/dev/null)
%define		_sysconfdir	%(%{apxs} -q SYSCONFDIR 2>/dev/null)

%description
An Apache 2.x module for implementing crypto using the Mozilla NSS
crypto libraries. This supports SSL v3/TLS v1 including support for
client certificate authentication. NSS provides web applications with
a FIPS 140 certified crypto provider and support for a full range of
PKCS#11 devices.

mod_nss is based directly on the mod_ssl package from Apache 2.0.54.
It is a conversion from using OpenSSL calls to using NSS calls
instead.

%description -l pl.UTF-8
Moduł Apache'a 2.x implementujący kryptografię przy użyciu bibliotek
kryptograficznych Mozilla NSS. Obsługuje SSL v3/TLS v1 wraz z
uwierzytelnianiem z użyciem certyfikatu klienta. NSS zapewnia
aplikacjom WWW dostarczanie kryptografii z certyfikacją FIPS 140 i
obsługę pełnego zakresu urządzeń PKCS#11.

mod_nss jest oparty bezpośrednio na pakiecie mod_ssl z Apache'a
2.0.54, jedynie został zmodyfikowany tak, aby używał wywołań NSS
zamiast OpenSSL.

%prep
%setup -q -n mod_nss-%{version} -a3
%patch0 -p1
cp %{SOURCE1} server.crt
cp %{SOURCE2} server.key

%build
# apr-util is missing in configure check
CPPFLAGS=$(apu-1-config --includes)
%configure \
	CPP="%{__cpp}" \
	CXXCPP="%{__cxx} -E" \
	--with-apxs=%{apxs} \
	--with-apr-config \
	--with-nspr-inc=/usr/include/nspr \
	--with-nspr-lib=%{_libdir} \
	--with-nss-inc=/usr/include/nss \
	--with-nss-lib=%{_libdir}

%{__make}

%if %{with builddb}
# XXX: this is interactive, cannot be done in builders process
rm -rf nss
install -d nss
certutil -N -d nss
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
pk12util -i server.p12 -d nss -W ''
%endif

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
install nss_pcache $RPM_BUILD_ROOT%{_sbindir}

cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss

%clean
rm -rf $RPM_BUILD_ROOT

%post
%service -q httpd restart

%postun
if [ "$1" = "0" ]; then
	%service -q httpd restart
fi

%files
%defattr(644,root,root,755)
%doc NOTICE README TODO docs/mod_nss.html migrate.pl
%attr(750,root,http) %dir %{_sysconfdir}/nss
%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
%attr(755,root,root) %{_pkglibdir}/libmodnss.so
%attr(755,root,root) %{_sbindir}/nss_pcache
Commit	Line	Data
bfdd18c0 ER	1	# Conditional build:
	2	%bcond_with builddb # build nss database. requires interactive input
	3	#
18337b87	4	%define mod_name nss
785a760e JB	5	%define apxs /usr/sbin/apxs
785a760e JB	6	Summary: mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
a66472ce	7	Summary(pl.UTF-8): mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
785a760e	8	Name: apache-mod_nss
b0142def	9	Version: 1.0.8
e79e4d0b	10	Release: 0.6
3e0cf6bd	11	License: Apache v2.0
785a760e	12	Group: Networking/Daemons
fb59b3a9	13	Source0: http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
b0142def	14	# Source0-md5: 32458d91ce909260a6081cce58004e2f
25bd5816 ER	15	Source1: apache-server.crt
25bd5816 ER	16	Source2: apache-server.key
bfdd18c0 ER	17	Source3: nss.tar.bz2
bfdd18c0 ER	18	# Source3-md5: d5bfafc09ad23f4bdd917d450680cec7
18337b87	19	Patch0: %{name}-config.patch
fb59b3a9	20	URL: http://directory.fedoraproject.org/wiki/Mod_nss
686ceb58	21	BuildRequires: %{apxs}
785a760e	22	BuildRequires: apache-devel >= 2.0
5b464216 JB	23	BuildRequires: apr-devel >= 1:1.0
5b464216 JB	24	BuildRequires: apr-util-devel >= 1:1.0
798ae4d4	25	BuildRequires: libstdc++-devel
785a760e JB	26	BuildRequires: nspr-devel >= 1:4.6.2
785a760e JB	27	BuildRequires: nss-devel >= 1:3.11.3
bfdd18c0 ER	28	%if %{with builddb}
	29	BuildRequires: nss-tools
	30	BuildRequires: openssl-tools
	31	%endif
dad6b5c7	32	Requires: apache(modules-api) = %{apache_modules_api}
785a760e JB	33	Requires: nspr >= 1:4.6.2
	34	Requires: nss >= 1:3.11.3
	35	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	36
	37	%define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null)
25bd5816	38	%define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null)
785a760e JB	39
785a760e JB	40	%description
4b91b249	41	An Apache 2.x module for implementing crypto using the Mozilla NSS
785a760e JB	42	crypto libraries. This supports SSL v3/TLS v1 including support for
	43	client certificate authentication. NSS provides web applications with
	44	a FIPS 140 certified crypto provider and support for a full range of
	45	PKCS#11 devices.
	46
	47	mod_nss is based directly on the mod_ssl package from Apache 2.0.54.
	48	It is a conversion from using OpenSSL calls to using NSS calls
	49	instead.
	50
a87a65b1	51	%description -l pl.UTF-8
4b91b249	52	Moduł Apache'a 2.x implementujący kryptografię przy użyciu bibliotek
a87a65b1 JR	53	kryptograficznych Mozilla NSS. Obsługuje SSL v3/TLS v1 wraz z
	54	uwierzytelnianiem z użyciem certyfikatu klienta. NSS zapewnia
	55	aplikacjom WWW dostarczanie kryptografii z certyfikacją FIPS 140 i
	56	obsługę pełnego zakresu urządzeń PKCS#11.
785a760e	57
a87a65b1 JR	58	mod_nss jest oparty bezpośrednio na pakiecie mod_ssl z Apache'a
a87a65b1 JR	59	2.0.54, jedynie został zmodyfikowany tak, aby używał wywołań NSS
785a760e JB	60	zamiast OpenSSL.
	61
	62	%prep
bfdd18c0	63	%setup -q -n mod_nss-%{version} -a3
18337b87	64	%patch0 -p1
25bd5816 ER	65	cp %{SOURCE1} server.crt
25bd5816 ER	66	cp %{SOURCE2} server.key
785a760e JB	67
	68	%build
	69	# apr-util is missing in configure check
798ae4d4	70	CPPFLAGS=$(apu-1-config --includes)
785a760e	71	%configure \
798ae4d4 ER	72	CPP="%{__cpp}" \
798ae4d4 ER	73	CXXCPP="%{__cxx} -E" \
785a760e JB	74	--with-apxs=%{apxs} \
	75	--with-apr-config \
	76	--with-nspr-inc=/usr/include/nspr \
	77	--with-nspr-lib=%{_libdir} \
	78	--with-nss-inc=/usr/include/nss \
	79	--with-nss-lib=%{_libdir}
	80
	81	%{__make}
	82
bfdd18c0 ER	83	%if %{with builddb}
	84	# XXX: this is interactive, cannot be done in builders process
	85	rm -rf nss
25bd5816	86	install -d nss
bfdd18c0 ER	87	certutil -N -d nss
	88	openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
	89	pk12util -i server.p12 -d nss -W ''
	90	%endif
25bd5816	91
785a760e JB	92	%install
785a760e JB	93	rm -rf $RPM_BUILD_ROOT
25bd5816	94	install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
785a760e JB	95	install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
	96	install nss_pcache $RPM_BUILD_ROOT%{_sbindir}
	97
25bd5816	98	cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
bfdd18c0	99	cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss
785a760e JB	100
	101	%clean
	102	rm -rf $RPM_BUILD_ROOT
	103
e7a3ca90 ER	104	%post
	105	%service -q httpd restart
	106
	107	%postun
	108	if [ "$1" = "0" ]; then
	109	%service -q httpd restart
	110	fi
	111
785a760e JB	112	%files
785a760e JB	113	%defattr(644,root,root,755)
25bd5816	114	%doc NOTICE README TODO docs/mod_nss.html migrate.pl
e79e4d0b ER	115	%attr(750,root,http) %dir %{_sysconfdir}/nss
	116	%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
	117	%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
	118	%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
25bd5816	119	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
785a760e JB	120	%attr(755,root,root) %{_pkglibdir}/libmodnss.so
785a760e JB	121	%attr(755,root,root) %{_sbindir}/nss_pcache