-# TODO
-# - apache config
+# Conditional build:
+%bcond_with builddb # build nss database. requires interactive input
+#
+%define mod_name nss
%define apxs /usr/sbin/apxs
Summary: mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
Summary(pl.UTF-8): mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
Name: apache-mod_nss
-Version: 1.0.7
-Release: 0.1
+Version: 1.0.8
+Release: 0.6
License: Apache v2.0
Group: Networking/Daemons
Source0: http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
-# Source0-md5: 71107cbc702bf07c6c79843aa92a0e09
+# Source0-md5: 32458d91ce909260a6081cce58004e2f
+Source1: apache-server.crt
+Source2: apache-server.key
+Source3: nss.tar.bz2
+# Source3-md5: d5bfafc09ad23f4bdd917d450680cec7
+Patch0: %{name}-config.patch
URL: http://directory.fedoraproject.org/wiki/Mod_nss
BuildRequires: %{apxs}
BuildRequires: apache-devel >= 2.0
BuildRequires: apr-devel >= 1:1.0
BuildRequires: apr-util-devel >= 1:1.0
+BuildRequires: libstdc++-devel
BuildRequires: nspr-devel >= 1:4.6.2
BuildRequires: nss-devel >= 1:3.11.3
+%if %{with builddb}
+BuildRequires: nss-tools
+BuildRequires: openssl-tools
+%endif
Requires: apache(modules-api) = %{apache_modules_api}
Requires: nspr >= 1:4.6.2
Requires: nss >= 1:3.11.3
zamiast OpenSSL.
%prep
-%setup -q -n mod_nss-%{version}
+%setup -q -n mod_nss-%{version} -a3
+%patch0 -p1
+cp %{SOURCE1} server.crt
+cp %{SOURCE2} server.key
%build
# apr-util is missing in configure check
-CPPFLAGS="`apu-1-config --includes`"
+CPPFLAGS=$(apu-1-config --includes)
%configure \
+ CPP="%{__cpp}" \
+ CXXCPP="%{__cxx} -E" \
--with-apxs=%{apxs} \
--with-apr-config \
--with-nspr-inc=/usr/include/nspr \
%{__make}
+%if %{with builddb}
+# XXX: this is interactive, cannot be done in builders process
+rm -rf nss
+install -d nss
+certutil -N -d nss
+openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
+pk12util -i server.p12 -d nss -W ''
+%endif
+
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir}}
-
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
install nss_pcache $RPM_BUILD_ROOT%{_sbindir}
-# TODO: nss.conf -> %{_sysconfdir}/httpd.conf/XX_mod_nss.conf
-# (NOTE: at least default config conflicts with mod_ssl)
+cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
+cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss
%clean
rm -rf $RPM_BUILD_ROOT
+%post
+%service -q httpd restart
+
+%postun
+if [ "$1" = "0" ]; then
+ %service -q httpd restart
+fi
+
%files
%defattr(644,root,root,755)
-%doc NOTICE README TODO docs/mod_nss.html nss.conf
+%doc NOTICE README TODO docs/mod_nss.html migrate.pl
+%attr(750,root,http) %dir %{_sysconfdir}/nss
+%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
+%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
+%attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
%attr(755,root,root) %{_pkglibdir}/libmodnss.so
%attr(755,root,root) %{_sbindir}/nss_pcache