2 %bcond_with bootstrap # avoid dependency on nss-tools
3 %bcond_with tests # enable tests
5 %define nspr_ver 1:4.35
6 %define foover %(echo %{version} | tr . _)
7 Summary: NSS - Network Security Services
8 Summary(pl.UTF-8): NSS - Network Security Services
15 Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
16 # Source0-md5: d83c24d03fb4f9a7f688b5d7c6938972
17 Source1: %{name}-mozilla-nss.pc
18 Source2: %{name}-config.in
19 Source3: https://www.cacert.org/certs/root.der
20 # Source3-md5: a61b375e390d9c3654eebd2031461f6b
21 Source4: nss-softokn.pc.in
22 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
23 Patch0: non-x86-64b-archs.patch
24 URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
25 BuildRequires: nspr-devel >= %{nspr_ver}
26 %{!?with_bootstrap:BuildRequires: nss-tools}
27 BuildRequires: perl-base
28 BuildRequires: sqlite3-devel
29 BuildRequires: zlib-devel
30 BuildConflicts: mozilla < 0.9.6-3
31 Requires: %{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release}
32 Requires: nspr%{?_isa} >= %{nspr_ver}
34 # needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
35 Conflicts: firefox < 50.1.0-2
36 Conflicts: iceape < 2.46-1
37 Conflicts: iceweasel < 51
38 Conflicts: mozilla-firefox < 51
39 Conflicts: seamonkey < 2.47
40 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
42 %define specflags -fno-strict-aliasing
43 %define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so
44 # signed - stripped before signing
45 %define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\)
46 %define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
49 NSS supports cross-platform development of security-enabled server
50 applications. Applications built with NSS can support PKCS #5,
51 PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3
52 certificates, and other security standards.
54 %description -l pl.UTF-8
55 NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów.
56 Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7,
57 PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3,
58 i wiele innych bezpiecznych standardów.
61 Summary: NSS command line tools and utilities
62 Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
64 Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
67 The NSS Toolkit command line tool.
69 %description tools -l pl.UTF-8
70 Narzędzia NSS obsługiwane z linii poleceń.
73 Summary: NSS - header files
74 Summary(pl.UTF-8): NSS - pliki nagłówkowe
75 Group: Development/Libraries
76 Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
77 Requires: nspr-devel >= %{nspr_ver}
78 Obsoletes: libnss3-devel
81 Development part of NSS library.
83 %description devel -l pl.UTF-8
84 Część biblioteki NSS przeznaczona dla programistów.
87 Summary: NSS - static library
88 Summary(pl.UTF-8): NSS - biblioteka statyczna
89 Group: Development/Libraries
90 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
93 Static NSS Toolkit libraries.
95 %description static -l pl.UTF-8
96 Statyczne wersje bibliotek z NSS.
98 %package softokn-freebl
99 Summary: Freebl library for the Network Security Services
100 Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS
103 %description softokn-freebl
104 Freebl cryptographic library for the Network Security Services.
106 %description softokn-freebl -l pl.UTF-8
107 Biblioteka kryptograficzna freebl dla bibliotek NSS.
115 # http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
116 for dir in ecc noecc; do
122 %if %{without bootstrap}
123 # http://wiki.cacert.org/wiki/NSSLib
124 addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
127 %ifarch %{x8664} ppc64 sparc64 aarch64
132 export MOZILLA_CLIENT=1
133 export NSDISTMODE=copy
134 export NSPR_INCLUDE_DIR=/usr/include/nspr
135 export NSS_ENABLE_WERROR=0
136 export NSS_USE_SYSTEM_SQLITE=1
137 export USE_PTHREADS=1
138 export USE_SYSTEM_ZLIB=1
139 export ZLIB_LIBS="-lz"
143 %{!?with_tests:export NSS_DISABLE_GTESTS=1}
145 # https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
147 # Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
148 # Thus we also build noecc version (which doesn't require hack) and use these
150 %{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
151 %{__make} -C ecc/nss all \
152 NSS_ECC_MORE_THAN_SUITE_B=1 \
154 OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
155 OS_TEST="%{_target_cpu}" \
158 %{__make} -C noecc/nss all \
160 OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
161 OS_TEST="%{_target_cpu}" \
164 # strip and sign again
165 %{__strip} --strip-unneeded -R.comment -R.note \
166 {,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')}
168 for dir in ecc noecc; do
169 distdir=$(echo $(pwd)/$dir/dist/Linux*)
170 for lib in %{signedlibs}; do
171 LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib"
176 rm -rf $RPM_BUILD_ROOT
177 install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
179 cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
180 cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
181 cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
182 install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir}
183 install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir}
185 # non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
186 install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir}
187 install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir}
188 install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir}
190 cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
193 s#libdir=.*#libdir=%{_libdir}#g
194 s#includedir=.*#includedir=%{_includedir}#g
195 s#VERSION#%{version}#g
196 ' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
197 # compatibility symlink
198 ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
201 sed -e "s,%%libdir%%,%{_libdir},g" \
202 -e "s,%%prefix%%,%{_prefix},g" \
203 -e "s,%%exec_prefix%%,%{_prefix},g" \
204 -e "s,%%includedir%%,%{_includedir}/nss,g" \
205 -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \
206 -e "s,%%NSS_VERSION%%,%{version},g" \
207 -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
208 $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc
210 NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
211 NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
212 NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
214 s,@libdir@,%{_libdir},g
215 s,@prefix@,%{_prefix},g
216 s,@exec_prefix@,%{_prefix},g
217 s,@includedir@,%{_includedir}/nss,g
218 s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g
219 s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g
220 s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g
221 " %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
222 chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config
224 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
225 ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
226 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
227 ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
228 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib}
229 ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so
230 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib}
231 ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk
233 # conflict with openssl-static
234 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
238 %{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
239 %{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
240 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
241 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
242 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
244 %{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
245 %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
246 %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
247 %{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
248 %{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
249 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
251 if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
252 echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
257 rm -rf $RPM_BUILD_ROOT
259 %post -p /sbin/ldconfig
260 %postun -p /sbin/ldconfig
263 %defattr(644,root,root,755)
264 # COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
265 %doc nss/{COPYING,trademarks.txt}
266 %attr(755,root,root) %{_libdir}/libfreebl3.so
267 %attr(755,root,root) %{_libdir}/libfreeblpriv3.so
268 %attr(755,root,root) %{_libdir}/libnss3.so
269 %attr(755,root,root) %{_libdir}/libnssckbi.so
270 %attr(755,root,root) %{_libdir}/libnssdbm3.so
271 %attr(755,root,root) %{_libdir}/libnssutil3.so
272 %attr(755,root,root) %{_libdir}/libsmime3.so
273 %attr(755,root,root) %{_libdir}/libsoftokn3.so
274 %attr(755,root,root) %{_libdir}/libssl3.so
275 %{_libdir}/libfreebl3.chk
276 %{_libdir}/libfreeblpriv3.chk
277 %{_libdir}/libnssdbm3.chk
278 %{_libdir}/libsoftokn3.chk
281 %defattr(644,root,root,755)
282 %attr(755,root,root) %{_bindir}/nss-config
284 %{_libdir}/libfreebl.a
286 %{_pkgconfigdir}/mozilla-nss.pc
287 %{_pkgconfigdir}/nss.pc
288 %{_pkgconfigdir}/nss-softokn.pc
291 %defattr(644,root,root,755)
292 %attr(755,root,root) %{_bindir}/addbuiltin
293 %attr(755,root,root) %{_bindir}/atob
294 %attr(755,root,root) %{_bindir}/baddbdir
295 %attr(755,root,root) %{_bindir}/bltest
296 %attr(755,root,root) %{_bindir}/btoa
297 %attr(755,root,root) %{_bindir}/certutil
298 %attr(755,root,root) %{_bindir}/chktest
299 %attr(755,root,root) %{_bindir}/cmsutil
300 %attr(755,root,root) %{_bindir}/conflict
301 %attr(755,root,root) %{_bindir}/crlutil
302 %attr(755,root,root) %{_bindir}/crmftest
303 %attr(755,root,root) %{_bindir}/dbtest
304 %attr(755,root,root) %{_bindir}/derdump
305 %attr(755,root,root) %{_bindir}/dertimetest
306 %attr(755,root,root) %{_bindir}/digest
307 %attr(755,root,root) %{_bindir}/ecperf
308 %attr(755,root,root) %{_bindir}/encodeinttest
309 %attr(755,root,root) %{_bindir}/fipstest
310 %attr(755,root,root) %{_bindir}/httpserv
311 %attr(755,root,root) %{_bindir}/listsuites
312 %attr(755,root,root) %{_bindir}/lowhashtest
313 %attr(755,root,root) %{_bindir}/makepqg
314 %attr(755,root,root) %{_bindir}/mangle
315 %attr(755,root,root) %{_bindir}/modutil
316 %attr(755,root,root) %{_bindir}/multinit
317 %attr(755,root,root) %{_bindir}/nonspr10
318 %attr(755,root,root) %{_bindir}/nss-policy-check
319 %attr(755,root,root) %{_bindir}/ocspclnt
320 %attr(755,root,root) %{_bindir}/ocspresp
321 %attr(755,root,root) %{_bindir}/oidcalc
322 %attr(755,root,root) %{_bindir}/p7content
323 %attr(755,root,root) %{_bindir}/p7env
324 %attr(755,root,root) %{_bindir}/p7sign
325 %attr(755,root,root) %{_bindir}/p7verify
326 %attr(755,root,root) %{_bindir}/pk11gcmtest
327 %attr(755,root,root) %{_bindir}/pk11mode
328 %attr(755,root,root) %{_bindir}/pk12util
329 %attr(755,root,root) %{_bindir}/pk1sign
330 %attr(755,root,root) %{_bindir}/pkix-errcodes
331 %attr(755,root,root) %{_bindir}/pp
332 %attr(755,root,root) %{_bindir}/pwdecrypt
333 %attr(755,root,root) %{_bindir}/remtest
334 %attr(755,root,root) %{_bindir}/rsaperf
335 %attr(755,root,root) %{_bindir}/sdrtest
336 %attr(755,root,root) %{_bindir}/secmodtest
337 %attr(755,root,root) %{_bindir}/selfserv
338 %attr(755,root,root) %{_bindir}/shlibsign
339 %attr(755,root,root) %{_bindir}/signtool
340 %attr(755,root,root) %{_bindir}/signver
341 %attr(755,root,root) %{_bindir}/ssltap
342 %attr(755,root,root) %{_bindir}/strsclnt
343 %attr(755,root,root) %{_bindir}/symkeyutil
344 %attr(755,root,root) %{_bindir}/tstclnt
345 %attr(755,root,root) %{_bindir}/validation
346 %attr(755,root,root) %{_bindir}/vfychain
347 %attr(755,root,root) %{_bindir}/vfyserv
348 %{_mandir}/man1/certutil.1*
349 %{_mandir}/man1/cmsutil.1*
350 %{_mandir}/man1/crlutil.1*
351 %{_mandir}/man1/derdump.1*
352 %{_mandir}/man1/modutil.1*
353 %{_mandir}/man1/pk12util.1*
354 %{_mandir}/man1/pp.1*
355 %{_mandir}/man1/signtool.1*
356 %{_mandir}/man1/signver.1*
357 %{_mandir}/man1/ssltap.1*
358 %{_mandir}/man1/vfychain.1*
359 %{_mandir}/man1/vfyserv.1*
362 %defattr(644,root,root,755)
363 %{_libdir}/libcertdb.a
364 %{_libdir}/libcerthi.a
365 %{_libdir}/libcryptohi.a
370 %{_libdir}/libnssckfw.a
371 %{_libdir}/libnssdbm.a
372 %{_libdir}/libnssdev.a
373 %{_libdir}/libnsspki.a
374 %{_libdir}/libnssutil.a
375 %{_libdir}/libpk11wrap.a
376 %{_libdir}/libpkcs12.a
377 %{_libdir}/libpkcs7.a
378 %{_libdir}/libpkixcertsel.a
379 %{_libdir}/libpkixchecker.a
380 %{_libdir}/libpkixcrlsel.a
381 %{_libdir}/libpkixmodule.a
382 %{_libdir}/libpkixparams.a
383 %{_libdir}/libpkixpki.a
384 %{_libdir}/libpkixresults.a
385 %{_libdir}/libpkixstore.a
386 %{_libdir}/libpkixsystem.a
387 %{_libdir}/libpkixtop.a
388 %{_libdir}/libpkixutil.a
389 %{_libdir}/libsectool.a
390 %{_libdir}/libsmime.a
391 %{_libdir}/libsoftokn.a
394 %files softokn-freebl
395 %defattr(644,root,root,755)
396 %attr(755,root,root) /%{_lib}/libfreebl3.so
397 %attr(755,root,root) /%{_lib}/libfreeblpriv3.so
398 /%{_lib}/libfreebl3.chk
399 /%{_lib}/libfreeblpriv3.chk