-%define nspr_ver 1:4.17
+# Conditional build:
+%bcond_with bootstrap # avoid dependency on nss-tools
+%bcond_with tests # enable tests
+
+%define nspr_ver 1:4.34.1
%define foover %(echo %{version} | tr . _)
Summary: NSS - Network Security Services
Summary(pl.UTF-8): NSS - Network Security Services
Name: nss
-Version: 3.34
+Version: 3.83
Release: 1
Epoch: 1
License: MPL v2.0
Group: Libraries
-Source0: http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
-# Source0-md5: 1e30b8e5b13b5b08bbc489c265948d82
+Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
+# Source0-md5: 4a5a8c42772e202e4e94c261f6a5324c
Source1: %{name}-mozilla-nss.pc
Source2: %{name}-config.in
-Source3: http://www.cacert.org/certs/root.der
+Source3: https://www.cacert.org/certs/root.der
# Source3-md5: a61b375e390d9c3654eebd2031461f6b
Source4: nss-softokn.pc.in
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
-Patch0: x32.patch
URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
BuildRequires: nspr-devel >= %{nspr_ver}
-BuildRequires: nss-tools
+%{!?with_bootstrap:BuildRequires: nss-tools}
BuildRequires: perl-base
BuildRequires: sqlite3-devel
BuildRequires: zlib-devel
%prep
%setup -q
-%patch0 -p1
%if 0%{!?debug:1}
# strip before signing
%endif
%build
+%if %{without bootstrap}
# http://wiki.cacert.org/wiki/NSSLib
addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
+%endif
-%ifarch %{x8664} ppc64 sparc64
+%ifarch %{x8664} ppc64 sparc64 aarch64
export USE_64=1
%endif
export MOZILLA_CLIENT=1
export NSDISTMODE=copy
export NSPR_INCLUDE_DIR=/usr/include/nspr
+export NSS_ENABLE_WERROR=0
export NSS_USE_SYSTEM_SQLITE=1
export USE_PTHREADS=1
export USE_SYSTEM_ZLIB=1
%ifarch x32
export USE_X32=1
%endif
+%{!?with_tests:export NSS_DISABLE_GTESTS=1}
# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
# Thus we also build noecc version (which doesn't require hack) and use these
# libs from there.
%{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
-%{__make} -j1 -C ecc/nss \
+%{__make} -C ecc/nss all \
NSS_ECC_MORE_THAN_SUITE_B=1 \
CC="%{__cc}" \
OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+ OS_TEST="%{_target_cpu}" \
+ NS_USE_GCC=1
-%{__make} -j1 -C noecc/nss \
+%{__make} -C noecc/nss all \
CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags} %{rpmcppflags}"
+ OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+ OS_TEST="%{_target_cpu}" \
+ NS_USE_GCC=1
%install
rm -rf $RPM_BUILD_ROOT
%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
# unit tests
-%{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,ssl,util}_gtest
-%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
+%if %{with tests}
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
+%endif
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/nss-config
-%{_libdir}/libcpputil.a
%{_libdir}/libcrmf.a
%{_libdir}/libfreebl.a
%{_includedir}/nss
%attr(755,root,root) %{_bindir}/baddbdir
%attr(755,root,root) %{_bindir}/bltest
%attr(755,root,root) %{_bindir}/btoa
-%attr(755,root,root) %{_bindir}/certcgi
%attr(755,root,root) %{_bindir}/certutil
%attr(755,root,root) %{_bindir}/chktest
%attr(755,root,root) %{_bindir}/cmsutil
%attr(755,root,root) %{_bindir}/modutil
%attr(755,root,root) %{_bindir}/multinit
%attr(755,root,root) %{_bindir}/nonspr10
+%attr(755,root,root) %{_bindir}/nss-policy-check
%attr(755,root,root) %{_bindir}/ocspclnt
%attr(755,root,root) %{_bindir}/ocspresp
%attr(755,root,root) %{_bindir}/oidcalc
%attr(755,root,root) %{_bindir}/strsclnt
%attr(755,root,root) %{_bindir}/symkeyutil
%attr(755,root,root) %{_bindir}/tstclnt
+%attr(755,root,root) %{_bindir}/validation
%attr(755,root,root) %{_bindir}/vfychain
%attr(755,root,root) %{_bindir}/vfyserv
%{_mandir}/man1/certutil.1*