-%define nspr_ver 1:4.25
+# Conditional build:
+%bcond_with bootstrap # avoid dependency on nss-tools
+%bcond_with tests # enable tests
+
+%define nspr_ver 1:4.35
%define foover %(echo %{version} | tr . _)
Summary: NSS - Network Security Services
Summary(pl.UTF-8): NSS - Network Security Services
Name: nss
-Version: 3.53
+Version: 3.99
Release: 1
Epoch: 1
License: MPL v2.0
Group: Libraries
-Source0: http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
-# Source0-md5: 64f5b4719d26e01257ba5f0fa19acf20
+Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
+# Source0-md5: a9e62202ca3d6b542b9318bb05bb7027
Source1: %{name}-mozilla-nss.pc
Source2: %{name}-config.in
-Source3: http://www.cacert.org/certs/root.der
+Source3: https://www.cacert.org/certs/root.der
# Source3-md5: a61b375e390d9c3654eebd2031461f6b
Source4: nss-softokn.pc.in
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
BuildRequires: nspr-devel >= %{nspr_ver}
-BuildRequires: nss-tools
+%{!?with_bootstrap:BuildRequires: nss-tools}
BuildRequires: perl-base
BuildRequires: sqlite3-devel
BuildRequires: zlib-devel
BuildConflicts: mozilla < 0.9.6-3
-Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
-Requires: nspr >= %{nspr_ver}
+Requires: %{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: nspr%{?_isa} >= %{nspr_ver}
Obsoletes: libnss3
# needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
Conflicts: firefox < 50.1.0-2
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define specflags -fno-strict-aliasing
+%define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so
# signed - stripped before signing
-%define _noautostrip .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
+%define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\)
%define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
%description
Summary: NSS command line tools and utilities
Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
Group: Applications
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description tools
The NSS Toolkit command line tool.
Summary: NSS - header files
Summary(pl.UTF-8): NSS - pliki nagłówkowe
Group: Development/Libraries
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: nspr-devel >= %{nspr_ver}
Obsoletes: libnss3-devel
%prep
%setup -q
-%if 0%{!?debug:1}
-# strip before signing
-%{__sed} -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' nss/cmd/shlibsign/sign.sh
-%endif
+# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
+for dir in ecc noecc; do
+ install -d $dir
+ cp -a nss $dir
+done
%build
+%if %{without bootstrap}
# http://wiki.cacert.org/wiki/NSSLib
addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
+%endif
%ifarch %{x8664} ppc64 sparc64 aarch64
export USE_64=1
%endif
-# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
-for dir in ecc noecc; do
- install -d $dir
- cp -a nss $dir/nss
-done
-
export BUILD_OPT=1
export MOZILLA_CLIENT=1
export NSDISTMODE=copy
export NSPR_INCLUDE_DIR=/usr/include/nspr
+export NSS_ENABLE_WERROR=0
export NSS_USE_SYSTEM_SQLITE=1
export USE_PTHREADS=1
export USE_SYSTEM_ZLIB=1
%ifarch x32
export USE_X32=1
%endif
+%{!?with_tests:export NSS_DISABLE_GTESTS=1}
# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
NSS_ECC_MORE_THAN_SUITE_B=1 \
CC="%{__cc}" \
OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+ OS_TEST="%{_target_cpu}" \
+ NS_USE_GCC=1
%{__make} -C noecc/nss all \
CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags} %{rpmcppflags}"
+ OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+ OS_TEST="%{_target_cpu}" \
+ NS_USE_GCC=1
+
+# strip and sign again
+%{__strip} --strip-unneeded -R.comment -R.note \
+ {,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')}
+
+for dir in ecc noecc; do
+ distdir=$(echo $(pwd)/$dir/dist/Linux*)
+ for lib in %{signedlibs}; do
+ LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib"
+ done
+done
%install
rm -rf $RPM_BUILD_ROOT
%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
# unit tests
+%if %{with tests}
%{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
-%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
+%endif
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/nss-config
-%{_libdir}/libcpputil.a
%{_libdir}/libcrmf.a
%{_libdir}/libfreebl.a
%{_includedir}/nss
%attr(755,root,root) %{_bindir}/crlutil
%attr(755,root,root) %{_bindir}/crmftest
%attr(755,root,root) %{_bindir}/dbtest
+%attr(755,root,root) %{_bindir}/dbtool
%attr(755,root,root) %{_bindir}/derdump
%attr(755,root,root) %{_bindir}/dertimetest
%attr(755,root,root) %{_bindir}/digest
%attr(755,root,root) %{_bindir}/strsclnt
%attr(755,root,root) %{_bindir}/symkeyutil
%attr(755,root,root) %{_bindir}/tstclnt
+%attr(755,root,root) %{_bindir}/validation
%attr(755,root,root) %{_bindir}/vfychain
%attr(755,root,root) %{_bindir}/vfyserv
%{_mandir}/man1/certutil.1*