# Conditional build:
+%bcond_with bootstrap # avoid dependency on nss-tools
%bcond_with tests # enable tests
-%define nspr_ver 1:4.29
+%define nspr_ver 1:4.35
%define foover %(echo %{version} | tr . _)
Summary: NSS - Network Security Services
Summary(pl.UTF-8): NSS - Network Security Services
Name: nss
-Version: 3.58
+Version: 3.99
Release: 1
Epoch: 1
License: MPL v2.0
Group: Libraries
-Source0: http://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
-# Source0-md5: 0012ef80308f70e35ab1babc6153cee5
+Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
+# Source0-md5: a9e62202ca3d6b542b9318bb05bb7027
Source1: %{name}-mozilla-nss.pc
Source2: %{name}-config.in
-Source3: http://www.cacert.org/certs/root.der
+Source3: https://www.cacert.org/certs/root.der
# Source3-md5: a61b375e390d9c3654eebd2031461f6b
Source4: nss-softokn.pc.in
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
BuildRequires: nspr-devel >= %{nspr_ver}
-BuildRequires: nss-tools
+%{!?with_bootstrap:BuildRequires: nss-tools}
BuildRequires: perl-base
BuildRequires: sqlite3-devel
BuildRequires: zlib-devel
BuildConflicts: mozilla < 0.9.6-3
-Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
-Requires: nspr >= %{nspr_ver}
+Requires: %{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: nspr%{?_isa} >= %{nspr_ver}
Obsoletes: libnss3
# needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
Conflicts: firefox < 50.1.0-2
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define specflags -fno-strict-aliasing
+%define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so
# signed - stripped before signing
-%define _noautostrip .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
+%define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\)
%define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
%description
Summary: NSS command line tools and utilities
Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
Group: Applications
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description tools
The NSS Toolkit command line tool.
Summary: NSS - header files
Summary(pl.UTF-8): NSS - pliki nagłówkowe
Group: Development/Libraries
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: nspr-devel >= %{nspr_ver}
Obsoletes: libnss3-devel
%prep
%setup -q
-%if 0%{!?debug:1}
-# strip before signing
-%{__sed} -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' nss/cmd/shlibsign/sign.sh
-%endif
+# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
+for dir in ecc noecc; do
+ install -d $dir
+ cp -a nss $dir
+done
%build
+%if %{without bootstrap}
# http://wiki.cacert.org/wiki/NSSLib
addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
+%endif
%ifarch %{x8664} ppc64 sparc64 aarch64
export USE_64=1
%endif
-# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
-for dir in ecc noecc; do
- install -d $dir
- cp -a nss $dir/nss
-done
-
export BUILD_OPT=1
export MOZILLA_CLIENT=1
export NSDISTMODE=copy
export NSPR_INCLUDE_DIR=/usr/include/nspr
+export NSS_ENABLE_WERROR=0
export NSS_USE_SYSTEM_SQLITE=1
export USE_PTHREADS=1
export USE_SYSTEM_ZLIB=1
NSS_ECC_MORE_THAN_SUITE_B=1 \
CC="%{__cc}" \
OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+ OS_TEST="%{_target_cpu}" \
NS_USE_GCC=1
%{__make} -C noecc/nss all \
CC="%{__cc}" \
OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+ OS_TEST="%{_target_cpu}" \
NS_USE_GCC=1
+# strip and sign again
+%{__strip} --strip-unneeded -R.comment -R.note \
+ {,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')}
+
+for dir in ecc noecc; do
+ distdir=$(echo $(pwd)/$dir/dist/Linux*)
+ for lib in %{signedlibs}; do
+ LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib"
+ done
+done
+
%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
+%{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
%attr(755,root,root) %{_bindir}/crlutil
%attr(755,root,root) %{_bindir}/crmftest
%attr(755,root,root) %{_bindir}/dbtest
+%attr(755,root,root) %{_bindir}/dbtool
%attr(755,root,root) %{_bindir}/derdump
%attr(755,root,root) %{_bindir}/dertimetest
%attr(755,root,root) %{_bindir}/digest
%attr(755,root,root) %{_bindir}/strsclnt
%attr(755,root,root) %{_bindir}/symkeyutil
%attr(755,root,root) %{_bindir}/tstclnt
+%attr(755,root,root) %{_bindir}/validation
%attr(755,root,root) %{_bindir}/vfychain
%attr(755,root,root) %{_bindir}/vfyserv
%{_mandir}/man1/certutil.1*