2 %bcond_with bootstrap # avoid dependency on nss-tools
3 %bcond_with tests # enable tests
5 %define nspr_ver 1:4.29
6 %define foover %(echo %{version} | tr . _)
7 Summary: NSS - Network Security Services
8 Summary(pl.UTF-8): NSS - Network Security Services
15 Source0: http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
16 # Source0-md5: e07573e1c0e1e5bef7c05075f8dfa46d
17 Source1: %{name}-mozilla-nss.pc
18 Source2: %{name}-config.in
19 Source3: http://www.cacert.org/certs/root.der
20 # Source3-md5: a61b375e390d9c3654eebd2031461f6b
21 Source4: nss-softokn.pc.in
22 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
23 URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
24 BuildRequires: nspr-devel >= %{nspr_ver}
25 %{!?with_bootstrap:BuildRequires: nss-tools}
26 BuildRequires: perl-base
27 BuildRequires: sqlite3-devel
28 BuildRequires: zlib-devel
29 BuildConflicts: mozilla < 0.9.6-3
30 Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
31 Requires: nspr >= %{nspr_ver}
33 # needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
34 Conflicts: firefox < 50.1.0-2
35 Conflicts: iceape < 2.46-1
36 Conflicts: iceweasel < 51
37 Conflicts: mozilla-firefox < 51
38 Conflicts: seamonkey < 2.47
39 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
41 %define specflags -fno-strict-aliasing
42 # signed - stripped before signing
43 %define _noautostrip .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
44 %define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
47 NSS supports cross-platform development of security-enabled server
48 applications. Applications built with NSS can support PKCS #5,
49 PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3
50 certificates, and other security standards.
52 %description -l pl.UTF-8
53 NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów.
54 Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7,
55 PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3,
56 i wiele innych bezpiecznych standardów.
59 Summary: NSS command line tools and utilities
60 Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
62 Requires: %{name} = %{epoch}:%{version}-%{release}
65 The NSS Toolkit command line tool.
67 %description tools -l pl.UTF-8
68 Narzędzia NSS obsługiwane z linii poleceń.
71 Summary: NSS - header files
72 Summary(pl.UTF-8): NSS - pliki nagłówkowe
73 Group: Development/Libraries
74 Requires: %{name} = %{epoch}:%{version}-%{release}
75 Requires: nspr-devel >= %{nspr_ver}
76 Obsoletes: libnss3-devel
79 Development part of NSS library.
81 %description devel -l pl.UTF-8
82 Część biblioteki NSS przeznaczona dla programistów.
85 Summary: NSS - static library
86 Summary(pl.UTF-8): NSS - biblioteka statyczna
87 Group: Development/Libraries
88 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
91 Static NSS Toolkit libraries.
93 %description static -l pl.UTF-8
94 Statyczne wersje bibliotek z NSS.
96 %package softokn-freebl
97 Summary: Freebl library for the Network Security Services
98 Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS
101 %description softokn-freebl
102 Freebl cryptographic library for the Network Security Services.
104 %description softokn-freebl -l pl.UTF-8
105 Biblioteka kryptograficzna freebl dla bibliotek NSS.
111 # strip before signing
112 %{__sed} -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' nss/cmd/shlibsign/sign.sh
116 %if %{without bootstrap}
117 # http://wiki.cacert.org/wiki/NSSLib
118 addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
121 %ifarch %{x8664} ppc64 sparc64 aarch64
125 # http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
126 for dir in ecc noecc; do
132 export MOZILLA_CLIENT=1
133 export NSDISTMODE=copy
134 export NSPR_INCLUDE_DIR=/usr/include/nspr
135 export NSS_ENABLE_WERROR=0
136 export NSS_USE_SYSTEM_SQLITE=1
137 export USE_PTHREADS=1
138 export USE_SYSTEM_ZLIB=1
139 export ZLIB_LIBS="-lz"
143 %{!?with_tests:export NSS_DISABLE_GTESTS=1}
145 # https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
147 # Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
148 # Thus we also build noecc version (which doesn't require hack) and use these
150 %{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
151 %{__make} -C ecc/nss all \
152 NSS_ECC_MORE_THAN_SUITE_B=1 \
154 OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
155 OS_TEST="%{_target_cpu}" \
158 %{__make} -C noecc/nss all \
160 OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
161 OS_TEST="%{_target_cpu}" \
165 rm -rf $RPM_BUILD_ROOT
166 install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
168 cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
169 cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
170 cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
171 install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir}
172 install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir}
174 # non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
175 install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir}
176 install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir}
177 install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir}
179 cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
182 s#libdir=.*#libdir=%{_libdir}#g
183 s#includedir=.*#includedir=%{_includedir}#g
184 s#VERSION#%{version}#g
185 ' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
186 # compatibility symlink
187 ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
190 sed -e "s,%%libdir%%,%{_libdir},g" \
191 -e "s,%%prefix%%,%{_prefix},g" \
192 -e "s,%%exec_prefix%%,%{_prefix},g" \
193 -e "s,%%includedir%%,%{_includedir}/nss,g" \
194 -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \
195 -e "s,%%NSS_VERSION%%,%{version},g" \
196 -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
197 $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc
199 NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
200 NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
201 NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
203 s,@libdir@,%{_libdir},g
204 s,@prefix@,%{_prefix},g
205 s,@exec_prefix@,%{_prefix},g
206 s,@includedir@,%{_includedir}/nss,g
207 s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g
208 s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g
209 s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g
210 " %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
211 chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config
213 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
214 ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
215 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
216 ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
217 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib}
218 ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so
219 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib}
220 ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk
222 # conflict with openssl-static
223 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
227 %{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
228 %{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
229 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
230 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
231 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
233 %{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
234 %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
235 %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
236 %{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
237 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
239 if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
240 echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
245 rm -rf $RPM_BUILD_ROOT
247 %post -p /sbin/ldconfig
248 %postun -p /sbin/ldconfig
251 %defattr(644,root,root,755)
252 # COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
253 %doc nss/{COPYING,trademarks.txt}
254 %attr(755,root,root) %{_libdir}/libfreebl3.so
255 %attr(755,root,root) %{_libdir}/libfreeblpriv3.so
256 %attr(755,root,root) %{_libdir}/libnss3.so
257 %attr(755,root,root) %{_libdir}/libnssckbi.so
258 %attr(755,root,root) %{_libdir}/libnssdbm3.so
259 %attr(755,root,root) %{_libdir}/libnssutil3.so
260 %attr(755,root,root) %{_libdir}/libsmime3.so
261 %attr(755,root,root) %{_libdir}/libsoftokn3.so
262 %attr(755,root,root) %{_libdir}/libssl3.so
263 %{_libdir}/libfreebl3.chk
264 %{_libdir}/libfreeblpriv3.chk
265 %{_libdir}/libnssdbm3.chk
266 %{_libdir}/libsoftokn3.chk
269 %defattr(644,root,root,755)
270 %attr(755,root,root) %{_bindir}/nss-config
272 %{_libdir}/libfreebl.a
274 %{_pkgconfigdir}/mozilla-nss.pc
275 %{_pkgconfigdir}/nss.pc
276 %{_pkgconfigdir}/nss-softokn.pc
279 %defattr(644,root,root,755)
280 %attr(755,root,root) %{_bindir}/addbuiltin
281 %attr(755,root,root) %{_bindir}/atob
282 %attr(755,root,root) %{_bindir}/baddbdir
283 %attr(755,root,root) %{_bindir}/bltest
284 %attr(755,root,root) %{_bindir}/btoa
285 %attr(755,root,root) %{_bindir}/certutil
286 %attr(755,root,root) %{_bindir}/chktest
287 %attr(755,root,root) %{_bindir}/cmsutil
288 %attr(755,root,root) %{_bindir}/conflict
289 %attr(755,root,root) %{_bindir}/crlutil
290 %attr(755,root,root) %{_bindir}/crmftest
291 %attr(755,root,root) %{_bindir}/dbtest
292 %attr(755,root,root) %{_bindir}/derdump
293 %attr(755,root,root) %{_bindir}/dertimetest
294 %attr(755,root,root) %{_bindir}/digest
295 %attr(755,root,root) %{_bindir}/ecperf
296 %attr(755,root,root) %{_bindir}/encodeinttest
297 %attr(755,root,root) %{_bindir}/fipstest
298 %attr(755,root,root) %{_bindir}/httpserv
299 %attr(755,root,root) %{_bindir}/listsuites
300 %attr(755,root,root) %{_bindir}/lowhashtest
301 %attr(755,root,root) %{_bindir}/makepqg
302 %attr(755,root,root) %{_bindir}/mangle
303 %attr(755,root,root) %{_bindir}/modutil
304 %attr(755,root,root) %{_bindir}/multinit
305 %attr(755,root,root) %{_bindir}/nonspr10
306 %attr(755,root,root) %{_bindir}/nss-policy-check
307 %attr(755,root,root) %{_bindir}/ocspclnt
308 %attr(755,root,root) %{_bindir}/ocspresp
309 %attr(755,root,root) %{_bindir}/oidcalc
310 %attr(755,root,root) %{_bindir}/p7content
311 %attr(755,root,root) %{_bindir}/p7env
312 %attr(755,root,root) %{_bindir}/p7sign
313 %attr(755,root,root) %{_bindir}/p7verify
314 %attr(755,root,root) %{_bindir}/pk11gcmtest
315 %attr(755,root,root) %{_bindir}/pk11mode
316 %attr(755,root,root) %{_bindir}/pk12util
317 %attr(755,root,root) %{_bindir}/pk1sign
318 %attr(755,root,root) %{_bindir}/pkix-errcodes
319 %attr(755,root,root) %{_bindir}/pp
320 %attr(755,root,root) %{_bindir}/pwdecrypt
321 %attr(755,root,root) %{_bindir}/remtest
322 %attr(755,root,root) %{_bindir}/rsaperf
323 %attr(755,root,root) %{_bindir}/sdrtest
324 %attr(755,root,root) %{_bindir}/secmodtest
325 %attr(755,root,root) %{_bindir}/selfserv
326 %attr(755,root,root) %{_bindir}/shlibsign
327 %attr(755,root,root) %{_bindir}/signtool
328 %attr(755,root,root) %{_bindir}/signver
329 %attr(755,root,root) %{_bindir}/ssltap
330 %attr(755,root,root) %{_bindir}/strsclnt
331 %attr(755,root,root) %{_bindir}/symkeyutil
332 %attr(755,root,root) %{_bindir}/tstclnt
333 %attr(755,root,root) %{_bindir}/vfychain
334 %attr(755,root,root) %{_bindir}/vfyserv
335 %{_mandir}/man1/certutil.1*
336 %{_mandir}/man1/cmsutil.1*
337 %{_mandir}/man1/crlutil.1*
338 %{_mandir}/man1/derdump.1*
339 %{_mandir}/man1/modutil.1*
340 %{_mandir}/man1/pk12util.1*
341 %{_mandir}/man1/pp.1*
342 %{_mandir}/man1/signtool.1*
343 %{_mandir}/man1/signver.1*
344 %{_mandir}/man1/ssltap.1*
345 %{_mandir}/man1/vfychain.1*
346 %{_mandir}/man1/vfyserv.1*
349 %defattr(644,root,root,755)
350 %{_libdir}/libcertdb.a
351 %{_libdir}/libcerthi.a
352 %{_libdir}/libcryptohi.a
357 %{_libdir}/libnssckfw.a
358 %{_libdir}/libnssdbm.a
359 %{_libdir}/libnssdev.a
360 %{_libdir}/libnsspki.a
361 %{_libdir}/libnssutil.a
362 %{_libdir}/libpk11wrap.a
363 %{_libdir}/libpkcs12.a
364 %{_libdir}/libpkcs7.a
365 %{_libdir}/libpkixcertsel.a
366 %{_libdir}/libpkixchecker.a
367 %{_libdir}/libpkixcrlsel.a
368 %{_libdir}/libpkixmodule.a
369 %{_libdir}/libpkixparams.a
370 %{_libdir}/libpkixpki.a
371 %{_libdir}/libpkixresults.a
372 %{_libdir}/libpkixstore.a
373 %{_libdir}/libpkixsystem.a
374 %{_libdir}/libpkixtop.a
375 %{_libdir}/libpkixutil.a
376 %{_libdir}/libsectool.a
377 %{_libdir}/libsmime.a
378 %{_libdir}/libsoftokn.a
381 %files softokn-freebl
382 %defattr(644,root,root,755)
383 %attr(755,root,root) /%{_lib}/libfreebl3.so
384 %attr(755,root,root) /%{_lib}/libfreeblpriv3.so
385 /%{_lib}/libfreebl3.chk
386 /%{_lib}/libfreeblpriv3.chk