]>
Commit | Line | Data |
---|---|---|
1 | # Conditional build: | |
2 | %bcond_with bootstrap # avoid dependency on nss-tools | |
3 | %bcond_with tests # enable tests | |
4 | ||
5 | %define nspr_ver 1:4.35 | |
6 | %define foover %(echo %{version} | tr . _) | |
7 | Summary: NSS - Network Security Services | |
8 | Summary(pl.UTF-8): NSS - Network Security Services | |
9 | Name: nss | |
10 | Version: 3.100 | |
11 | Release: 1 | |
12 | Epoch: 1 | |
13 | License: MPL v2.0 | |
14 | Group: Libraries | |
15 | Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz | |
16 | # Source0-md5: 91d114f373c71ed04c4fca96958cdcd1 | |
17 | Source1: %{name}-mozilla-nss.pc | |
18 | Source2: %{name}-config.in | |
19 | Source3: https://www.cacert.org/certs/root.der | |
20 | # Source3-md5: a61b375e390d9c3654eebd2031461f6b | |
21 | Source4: nss-softokn.pc.in | |
22 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900 | |
23 | URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS | |
24 | BuildRequires: nspr-devel >= %{nspr_ver} | |
25 | %{!?with_bootstrap:BuildRequires: nss-tools} | |
26 | BuildRequires: perl-base | |
27 | BuildRequires: sqlite3-devel | |
28 | BuildRequires: zlib-devel | |
29 | BuildConflicts: mozilla < 0.9.6-3 | |
30 | Requires: %{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release} | |
31 | Requires: nspr%{?_isa} >= %{nspr_ver} | |
32 | Obsoletes: libnss3 | |
33 | # needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209 | |
34 | Conflicts: firefox < 50.1.0-2 | |
35 | Conflicts: iceape < 2.46-1 | |
36 | Conflicts: iceweasel < 51 | |
37 | Conflicts: mozilla-firefox < 51 | |
38 | Conflicts: seamonkey < 2.47 | |
39 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
40 | ||
41 | %define specflags -fno-strict-aliasing | |
42 | %define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so | |
43 | # signed - stripped before signing | |
44 | %define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\) | |
45 | %define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so | |
46 | ||
47 | %description | |
48 | NSS supports cross-platform development of security-enabled server | |
49 | applications. Applications built with NSS can support PKCS #5, | |
50 | PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3 | |
51 | certificates, and other security standards. | |
52 | ||
53 | %description -l pl.UTF-8 | |
54 | NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów. | |
55 | Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7, | |
56 | PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3, | |
57 | i wiele innych bezpiecznych standardów. | |
58 | ||
59 | %package tools | |
60 | Summary: NSS command line tools and utilities | |
61 | Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń | |
62 | Group: Applications | |
63 | Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} | |
64 | ||
65 | %description tools | |
66 | The NSS Toolkit command line tool. | |
67 | ||
68 | %description tools -l pl.UTF-8 | |
69 | Narzędzia NSS obsługiwane z linii poleceń. | |
70 | ||
71 | %package devel | |
72 | Summary: NSS - header files | |
73 | Summary(pl.UTF-8): NSS - pliki nagłówkowe | |
74 | Group: Development/Libraries | |
75 | Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} | |
76 | Requires: nspr-devel >= %{nspr_ver} | |
77 | Obsoletes: libnss3-devel | |
78 | ||
79 | %description devel | |
80 | Development part of NSS library. | |
81 | ||
82 | %description devel -l pl.UTF-8 | |
83 | Część biblioteki NSS przeznaczona dla programistów. | |
84 | ||
85 | %package static | |
86 | Summary: NSS - static library | |
87 | Summary(pl.UTF-8): NSS - biblioteka statyczna | |
88 | Group: Development/Libraries | |
89 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} | |
90 | ||
91 | %description static | |
92 | Static NSS Toolkit libraries. | |
93 | ||
94 | %description static -l pl.UTF-8 | |
95 | Statyczne wersje bibliotek z NSS. | |
96 | ||
97 | %package softokn-freebl | |
98 | Summary: Freebl library for the Network Security Services | |
99 | Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS | |
100 | Group: Libraries | |
101 | ||
102 | %description softokn-freebl | |
103 | Freebl cryptographic library for the Network Security Services. | |
104 | ||
105 | %description softokn-freebl -l pl.UTF-8 | |
106 | Biblioteka kryptograficzna freebl dla bibliotek NSS. | |
107 | ||
108 | %prep | |
109 | %setup -q | |
110 | ||
111 | # http://pki.fedoraproject.org/wiki/ECC_Capable_NSS | |
112 | for dir in ecc noecc; do | |
113 | install -d $dir | |
114 | cp -a nss $dir | |
115 | done | |
116 | ||
117 | %build | |
118 | %if %{without bootstrap} | |
119 | # http://wiki.cacert.org/wiki/NSSLib | |
120 | addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt | |
121 | %endif | |
122 | ||
123 | %ifarch %{x8664} ppc64 sparc64 aarch64 | |
124 | export USE_64=1 | |
125 | %endif | |
126 | ||
127 | export BUILD_OPT=1 | |
128 | export MOZILLA_CLIENT=1 | |
129 | export NSDISTMODE=copy | |
130 | export NSPR_INCLUDE_DIR=/usr/include/nspr | |
131 | export NSS_ENABLE_WERROR=0 | |
132 | export NSS_USE_SYSTEM_SQLITE=1 | |
133 | export USE_PTHREADS=1 | |
134 | export USE_SYSTEM_ZLIB=1 | |
135 | export ZLIB_LIBS="-lz" | |
136 | %ifarch x32 | |
137 | export USE_X32=1 | |
138 | %endif | |
139 | %{!?with_tests:export NSS_DISABLE_GTESTS=1} | |
140 | ||
141 | # https://bugzilla.mozilla.org/show_bug.cgi?id=1084623 | |
142 | ||
143 | # Forcing ecc with this hack would produce broken librares (softoken, freebl etc). | |
144 | # Thus we also build noecc version (which doesn't require hack) and use these | |
145 | # libs from there. | |
146 | %{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h | |
147 | %{__make} -C ecc/nss all \ | |
148 | NSS_ECC_MORE_THAN_SUITE_B=1 \ | |
149 | CC="%{__cc}" \ | |
150 | OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \ | |
151 | OS_TEST="%{_target_cpu}" \ | |
152 | NS_USE_GCC=1 | |
153 | ||
154 | %{__make} -C noecc/nss all \ | |
155 | CC="%{__cc}" \ | |
156 | OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \ | |
157 | OS_TEST="%{_target_cpu}" \ | |
158 | NS_USE_GCC=1 | |
159 | ||
160 | # strip and sign again | |
161 | %{__strip} --strip-unneeded -R.comment -R.note \ | |
162 | {,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')} | |
163 | ||
164 | for dir in ecc noecc; do | |
165 | distdir=$(echo $(pwd)/$dir/dist/Linux*) | |
166 | for lib in %{signedlibs}; do | |
167 | LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib" | |
168 | done | |
169 | done | |
170 | ||
171 | %install | |
172 | rm -rf $RPM_BUILD_ROOT | |
173 | install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}} | |
174 | ||
175 | cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss | |
176 | cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss | |
177 | cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss | |
178 | install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir} | |
179 | install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir} | |
180 | ||
181 | # non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3 | |
182 | install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir} | |
183 | install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir} | |
184 | install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir} | |
185 | ||
186 | cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1 | |
187 | ||
188 | %{__sed} -e ' | |
189 | s#libdir=.*#libdir=%{_libdir}#g | |
190 | s#includedir=.*#includedir=%{_includedir}#g | |
191 | s#VERSION#%{version}#g | |
192 | ' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc | |
193 | # compatibility symlink | |
194 | ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc | |
195 | ||
196 | cat %{SOURCE4} | \ | |
197 | sed -e "s,%%libdir%%,%{_libdir},g" \ | |
198 | -e "s,%%prefix%%,%{_prefix},g" \ | |
199 | -e "s,%%exec_prefix%%,%{_prefix},g" \ | |
200 | -e "s,%%includedir%%,%{_includedir}/nss,g" \ | |
201 | -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \ | |
202 | -e "s,%%NSS_VERSION%%,%{version},g" \ | |
203 | -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ | |
204 | $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc | |
205 | ||
206 | NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h) | |
207 | NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h) | |
208 | NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h) | |
209 | %{__sed} -e " | |
210 | s,@libdir@,%{_libdir},g | |
211 | s,@prefix@,%{_prefix},g | |
212 | s,@exec_prefix@,%{_prefix},g | |
213 | s,@includedir@,%{_includedir}/nss,g | |
214 | s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g | |
215 | s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g | |
216 | s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g | |
217 | " %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config | |
218 | chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config | |
219 | ||
220 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib} | |
221 | ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so | |
222 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib} | |
223 | ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk | |
224 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib} | |
225 | ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so | |
226 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib} | |
227 | ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk | |
228 | ||
229 | # conflict with openssl-static | |
230 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a | |
231 | ||
232 | # unit tests | |
233 | %if %{with tests} | |
234 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest | |
235 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim | |
236 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest* | |
237 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.* | |
238 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.* | |
239 | %endif | |
240 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest | |
241 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest | |
242 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest | |
243 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst | |
244 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst | |
245 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so | |
246 | ||
247 | if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then | |
248 | echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc" | |
249 | exit 1 | |
250 | fi | |
251 | ||
252 | %clean | |
253 | rm -rf $RPM_BUILD_ROOT | |
254 | ||
255 | %post -p /sbin/ldconfig | |
256 | %postun -p /sbin/ldconfig | |
257 | ||
258 | %files | |
259 | %defattr(644,root,root,755) | |
260 | # COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes | |
261 | %doc nss/{COPYING,trademarks.txt} | |
262 | %attr(755,root,root) %{_libdir}/libfreebl3.so | |
263 | %attr(755,root,root) %{_libdir}/libfreeblpriv3.so | |
264 | %attr(755,root,root) %{_libdir}/libnss3.so | |
265 | %attr(755,root,root) %{_libdir}/libnssckbi.so | |
266 | %attr(755,root,root) %{_libdir}/libnssdbm3.so | |
267 | %attr(755,root,root) %{_libdir}/libnssutil3.so | |
268 | %attr(755,root,root) %{_libdir}/libsmime3.so | |
269 | %attr(755,root,root) %{_libdir}/libsoftokn3.so | |
270 | %attr(755,root,root) %{_libdir}/libssl3.so | |
271 | %{_libdir}/libfreebl3.chk | |
272 | %{_libdir}/libfreeblpriv3.chk | |
273 | %{_libdir}/libnssdbm3.chk | |
274 | %{_libdir}/libsoftokn3.chk | |
275 | ||
276 | %files devel | |
277 | %defattr(644,root,root,755) | |
278 | %attr(755,root,root) %{_bindir}/nss-config | |
279 | %{_libdir}/libcrmf.a | |
280 | %{_libdir}/libfreebl.a | |
281 | %{_includedir}/nss | |
282 | %{_pkgconfigdir}/mozilla-nss.pc | |
283 | %{_pkgconfigdir}/nss.pc | |
284 | %{_pkgconfigdir}/nss-softokn.pc | |
285 | ||
286 | %files tools | |
287 | %defattr(644,root,root,755) | |
288 | %attr(755,root,root) %{_bindir}/addbuiltin | |
289 | %attr(755,root,root) %{_bindir}/atob | |
290 | %attr(755,root,root) %{_bindir}/baddbdir | |
291 | %attr(755,root,root) %{_bindir}/bltest | |
292 | %attr(755,root,root) %{_bindir}/btoa | |
293 | %attr(755,root,root) %{_bindir}/certutil | |
294 | %attr(755,root,root) %{_bindir}/chktest | |
295 | %attr(755,root,root) %{_bindir}/cmsutil | |
296 | %attr(755,root,root) %{_bindir}/conflict | |
297 | %attr(755,root,root) %{_bindir}/crlutil | |
298 | %attr(755,root,root) %{_bindir}/crmftest | |
299 | %attr(755,root,root) %{_bindir}/dbtest | |
300 | %attr(755,root,root) %{_bindir}/dbtool | |
301 | %attr(755,root,root) %{_bindir}/derdump | |
302 | %attr(755,root,root) %{_bindir}/dertimetest | |
303 | %attr(755,root,root) %{_bindir}/digest | |
304 | %attr(755,root,root) %{_bindir}/ecperf | |
305 | %attr(755,root,root) %{_bindir}/encodeinttest | |
306 | %attr(755,root,root) %{_bindir}/fipstest | |
307 | %attr(755,root,root) %{_bindir}/httpserv | |
308 | %attr(755,root,root) %{_bindir}/listsuites | |
309 | %attr(755,root,root) %{_bindir}/lowhashtest | |
310 | %attr(755,root,root) %{_bindir}/makepqg | |
311 | %attr(755,root,root) %{_bindir}/mangle | |
312 | %attr(755,root,root) %{_bindir}/modutil | |
313 | %attr(755,root,root) %{_bindir}/multinit | |
314 | %attr(755,root,root) %{_bindir}/nonspr10 | |
315 | %attr(755,root,root) %{_bindir}/nss-policy-check | |
316 | %attr(755,root,root) %{_bindir}/ocspclnt | |
317 | %attr(755,root,root) %{_bindir}/ocspresp | |
318 | %attr(755,root,root) %{_bindir}/oidcalc | |
319 | %attr(755,root,root) %{_bindir}/p7content | |
320 | %attr(755,root,root) %{_bindir}/p7env | |
321 | %attr(755,root,root) %{_bindir}/p7sign | |
322 | %attr(755,root,root) %{_bindir}/p7verify | |
323 | %attr(755,root,root) %{_bindir}/pk11gcmtest | |
324 | %attr(755,root,root) %{_bindir}/pk11mode | |
325 | %attr(755,root,root) %{_bindir}/pk12util | |
326 | %attr(755,root,root) %{_bindir}/pk1sign | |
327 | %attr(755,root,root) %{_bindir}/pkix-errcodes | |
328 | %attr(755,root,root) %{_bindir}/pp | |
329 | %attr(755,root,root) %{_bindir}/pwdecrypt | |
330 | %attr(755,root,root) %{_bindir}/remtest | |
331 | %attr(755,root,root) %{_bindir}/rsaperf | |
332 | %attr(755,root,root) %{_bindir}/sdrtest | |
333 | %attr(755,root,root) %{_bindir}/secmodtest | |
334 | %attr(755,root,root) %{_bindir}/selfserv | |
335 | %attr(755,root,root) %{_bindir}/shlibsign | |
336 | %attr(755,root,root) %{_bindir}/signtool | |
337 | %attr(755,root,root) %{_bindir}/signver | |
338 | %attr(755,root,root) %{_bindir}/ssltap | |
339 | %attr(755,root,root) %{_bindir}/strsclnt | |
340 | %attr(755,root,root) %{_bindir}/symkeyutil | |
341 | %attr(755,root,root) %{_bindir}/tstclnt | |
342 | %attr(755,root,root) %{_bindir}/validation | |
343 | %attr(755,root,root) %{_bindir}/vfychain | |
344 | %attr(755,root,root) %{_bindir}/vfyserv | |
345 | %{_mandir}/man1/certutil.1* | |
346 | %{_mandir}/man1/cmsutil.1* | |
347 | %{_mandir}/man1/crlutil.1* | |
348 | %{_mandir}/man1/derdump.1* | |
349 | %{_mandir}/man1/modutil.1* | |
350 | %{_mandir}/man1/pk12util.1* | |
351 | %{_mandir}/man1/pp.1* | |
352 | %{_mandir}/man1/signtool.1* | |
353 | %{_mandir}/man1/signver.1* | |
354 | %{_mandir}/man1/ssltap.1* | |
355 | %{_mandir}/man1/vfychain.1* | |
356 | %{_mandir}/man1/vfyserv.1* | |
357 | ||
358 | %files static | |
359 | %defattr(644,root,root,755) | |
360 | %{_libdir}/libcertdb.a | |
361 | %{_libdir}/libcerthi.a | |
362 | %{_libdir}/libcryptohi.a | |
363 | %{_libdir}/libdbm.a | |
364 | %{_libdir}/libjar.a | |
365 | %{_libdir}/libnss.a | |
366 | %{_libdir}/libnssb.a | |
367 | %{_libdir}/libnssckfw.a | |
368 | %{_libdir}/libnssdbm.a | |
369 | %{_libdir}/libnssdev.a | |
370 | %{_libdir}/libnsspki.a | |
371 | %{_libdir}/libnssutil.a | |
372 | %{_libdir}/libpk11wrap.a | |
373 | %{_libdir}/libpkcs12.a | |
374 | %{_libdir}/libpkcs7.a | |
375 | %{_libdir}/libpkixcertsel.a | |
376 | %{_libdir}/libpkixchecker.a | |
377 | %{_libdir}/libpkixcrlsel.a | |
378 | %{_libdir}/libpkixmodule.a | |
379 | %{_libdir}/libpkixparams.a | |
380 | %{_libdir}/libpkixpki.a | |
381 | %{_libdir}/libpkixresults.a | |
382 | %{_libdir}/libpkixstore.a | |
383 | %{_libdir}/libpkixsystem.a | |
384 | %{_libdir}/libpkixtop.a | |
385 | %{_libdir}/libpkixutil.a | |
386 | %{_libdir}/libsectool.a | |
387 | %{_libdir}/libsmime.a | |
388 | %{_libdir}/libsoftokn.a | |
389 | %{_libdir}/libssl3.a | |
390 | ||
391 | %files softokn-freebl | |
392 | %defattr(644,root,root,755) | |
393 | %attr(755,root,root) /%{_lib}/libfreebl3.so | |
394 | %attr(755,root,root) /%{_lib}/libfreeblpriv3.so | |
395 | /%{_lib}/libfreebl3.chk | |
396 | /%{_lib}/libfreeblpriv3.chk |