[packages/nss.git] / nss.spec

# Conditional build:
%bcond_with	bootstrap	# avoid dependency on nss-tools
%bcond_with	tests		# enable tests

%define	nspr_ver	1:4.35
%define	foover	%(echo %{version} | tr . _)
Summary:	NSS - Network Security Services
Summary(pl.UTF-8):	NSS - Network Security Services
Name:		nss
Version:	3.90
Release:	2
Epoch:		1
License:	MPL v2.0
Group:		Libraries
Source0:	https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
# Source0-md5:	d83c24d03fb4f9a7f688b5d7c6938972
Source1:	%{name}-mozilla-nss.pc
Source2:	%{name}-config.in
Source3:	https://www.cacert.org/certs/root.der
# Source3-md5:	a61b375e390d9c3654eebd2031461f6b
Source4:	nss-softokn.pc.in
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
Patch0:		disable-hacl-curve25519.patch
URL:		https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
BuildRequires:	nspr-devel >= %{nspr_ver}
%{!?with_bootstrap:BuildRequires:	nss-tools}
BuildRequires:	perl-base
BuildRequires:	sqlite3-devel
BuildRequires:	zlib-devel
BuildConflicts:	mozilla < 0.9.6-3
Requires:	%{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release}
Requires:	nspr%{?_isa} >= %{nspr_ver}
Obsoletes:	libnss3
# needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
Conflicts:	firefox < 50.1.0-2
Conflicts:	iceape < 2.46-1
Conflicts:	iceweasel < 51
Conflicts:	mozilla-firefox < 51
Conflicts:	seamonkey < 2.47
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		specflags	-fno-strict-aliasing
%define		signedlibs	libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so
# signed -  stripped before signing
%define		_noautostrip	.*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\)
%define		_noautochrpath	.*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so

%description
NSS supports cross-platform development of security-enabled server
applications. Applications built with NSS can support PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3
certificates, and other security standards.

%description -l pl.UTF-8
NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów.
Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7,
PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3,
i wiele innych bezpiecznych standardów.

%package tools
Summary:	NSS command line tools and utilities
Summary(pl.UTF-8):	Narzędzia NSS obsługiwane z linii poleceń
Group:		Applications
Requires:	%{name}%{?_isa} = %{epoch}:%{version}-%{release}

%description tools
The NSS Toolkit command line tool.

%description tools -l pl.UTF-8
Narzędzia NSS obsługiwane z linii poleceń.

%package devel
Summary:	NSS - header files
Summary(pl.UTF-8):	NSS - pliki nagłówkowe
Group:		Development/Libraries
Requires:	%{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires:	nspr-devel >= %{nspr_ver}
Obsoletes:	libnss3-devel

%description devel
Development part of NSS library.

%description devel -l pl.UTF-8
Część biblioteki NSS przeznaczona dla programistów.

%package static
Summary:	NSS - static library
Summary(pl.UTF-8):	NSS - biblioteka statyczna
Group:		Development/Libraries
Requires:	%{name}-devel = %{epoch}:%{version}-%{release}

%description static
Static NSS Toolkit libraries.

%description static -l pl.UTF-8
Statyczne wersje bibliotek z NSS.

%package softokn-freebl
Summary:	Freebl library for the Network Security Services
Summary(pl.UTF-8):	Biblioteka freebl dla bibliotek NSS
Group:		Libraries

%description softokn-freebl
Freebl cryptographic library for the Network Security Services.

%description softokn-freebl -l pl.UTF-8
Biblioteka kryptograficzna freebl dla bibliotek NSS.

%prep
%setup -q
cd nss
%patch0 -p1
cd ..

# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
for dir in ecc noecc; do
	install -d $dir
	cp -a nss $dir
done

%build
%if %{without bootstrap}
# http://wiki.cacert.org/wiki/NSSLib
addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
%endif

%ifarch %{x8664} ppc64 sparc64 aarch64
export USE_64=1
%endif

export BUILD_OPT=1
export MOZILLA_CLIENT=1
export NSDISTMODE=copy
export NSPR_INCLUDE_DIR=/usr/include/nspr
export NSS_ENABLE_WERROR=0
export NSS_USE_SYSTEM_SQLITE=1
export USE_PTHREADS=1
export USE_SYSTEM_ZLIB=1
export ZLIB_LIBS="-lz"
%ifarch x32
export USE_X32=1
%endif
%{!?with_tests:export NSS_DISABLE_GTESTS=1}

# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623

# Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
# Thus we also build noecc version (which doesn't require hack) and use these
# libs from there.
%{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
%{__make} -C ecc/nss all \
	NSS_ECC_MORE_THAN_SUITE_B=1 \
	CC="%{__cc}" \
	OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
	OS_TEST="%{_target_cpu}" \
	NS_USE_GCC=1

%{__make} -C noecc/nss all \
	CC="%{__cc}" \
	OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
	OS_TEST="%{_target_cpu}" \
	NS_USE_GCC=1

# strip and sign again
%{__strip} --strip-unneeded -R.comment -R.note \
	{,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')}

for dir in ecc noecc; do
	distdir=$(echo $(pwd)/$dir/dist/Linux*)
	for lib in %{signedlibs}; do
		LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib"
	done
done

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}

cp -p ecc/dist/private/nss/*	$RPM_BUILD_ROOT%{_includedir}/nss
cp -p ecc/dist/public/dbm/*	$RPM_BUILD_ROOT%{_includedir}/nss
cp -p ecc/dist/public/nss/*	$RPM_BUILD_ROOT%{_includedir}/nss
install -p ecc/dist/Linux*/bin/*	$RPM_BUILD_ROOT%{_bindir}
install -p ecc/dist/Linux*/lib/*	$RPM_BUILD_ROOT%{_libdir}

# non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
install -p noecc/dist/Linux*/lib/libnssdbm3.*	$RPM_BUILD_ROOT%{_libdir}
install -p noecc/dist/Linux*/lib/libsoftokn3.*	$RPM_BUILD_ROOT%{_libdir}
install -p noecc/dist/Linux*/lib/libfreebl3.*	$RPM_BUILD_ROOT%{_libdir}

cp -p nss/doc/nroff/*.1		$RPM_BUILD_ROOT%{_mandir}/man1

%{__sed} -e '
	s#libdir=.*#libdir=%{_libdir}#g
	s#includedir=.*#includedir=%{_includedir}#g
	s#VERSION#%{version}#g
' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
# compatibility symlink
ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc

cat %{SOURCE4} | \
sed -e "s,%%libdir%%,%{_libdir},g" \
	-e "s,%%prefix%%,%{_prefix},g" \
	-e "s,%%exec_prefix%%,%{_prefix},g" \
	-e "s,%%includedir%%,%{_includedir}/nss,g" \
	-e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \
	-e "s,%%NSS_VERSION%%,%{version},g" \
	-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
	$RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc

NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
%{__sed} -e "
	s,@libdir@,%{_libdir},g
	s,@prefix@,%{_prefix},g
	s,@exec_prefix@,%{_prefix},g
	s,@includedir@,%{_includedir}/nss,g
	s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g
	s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g
	s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g
" %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config

%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib}
ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so
%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib}
ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk

# conflict with openssl-static
%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a

# unit tests
%if %{with tests}
%{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
%endif
%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
%{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
%{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
%{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so

if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
	echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
	exit 1
fi

%clean
rm -rf $RPM_BUILD_ROOT

%post	-p /sbin/ldconfig
%postun	-p /sbin/ldconfig

%files
%defattr(644,root,root,755)
# COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
%doc nss/{COPYING,trademarks.txt}
%attr(755,root,root) %{_libdir}/libfreebl3.so
%attr(755,root,root) %{_libdir}/libfreeblpriv3.so
%attr(755,root,root) %{_libdir}/libnss3.so
%attr(755,root,root) %{_libdir}/libnssckbi.so
%attr(755,root,root) %{_libdir}/libnssdbm3.so
%attr(755,root,root) %{_libdir}/libnssutil3.so
%attr(755,root,root) %{_libdir}/libsmime3.so
%attr(755,root,root) %{_libdir}/libsoftokn3.so
%attr(755,root,root) %{_libdir}/libssl3.so
%{_libdir}/libfreebl3.chk
%{_libdir}/libfreeblpriv3.chk
%{_libdir}/libnssdbm3.chk
%{_libdir}/libsoftokn3.chk

%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/nss-config
%{_libdir}/libcrmf.a
%{_libdir}/libfreebl.a
%{_includedir}/nss
%{_pkgconfigdir}/mozilla-nss.pc
%{_pkgconfigdir}/nss.pc
%{_pkgconfigdir}/nss-softokn.pc

%files tools
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/addbuiltin
%attr(755,root,root) %{_bindir}/atob
%attr(755,root,root) %{_bindir}/baddbdir
%attr(755,root,root) %{_bindir}/bltest
%attr(755,root,root) %{_bindir}/btoa
%attr(755,root,root) %{_bindir}/certutil
%attr(755,root,root) %{_bindir}/chktest
%attr(755,root,root) %{_bindir}/cmsutil
%attr(755,root,root) %{_bindir}/conflict
%attr(755,root,root) %{_bindir}/crlutil
%attr(755,root,root) %{_bindir}/crmftest
%attr(755,root,root) %{_bindir}/dbtest
%attr(755,root,root) %{_bindir}/derdump
%attr(755,root,root) %{_bindir}/dertimetest
%attr(755,root,root) %{_bindir}/digest
%attr(755,root,root) %{_bindir}/ecperf
%attr(755,root,root) %{_bindir}/encodeinttest
%attr(755,root,root) %{_bindir}/fipstest
%attr(755,root,root) %{_bindir}/httpserv
%attr(755,root,root) %{_bindir}/listsuites
%attr(755,root,root) %{_bindir}/lowhashtest
%attr(755,root,root) %{_bindir}/makepqg
%attr(755,root,root) %{_bindir}/mangle
%attr(755,root,root) %{_bindir}/modutil
%attr(755,root,root) %{_bindir}/multinit
%attr(755,root,root) %{_bindir}/nonspr10
%attr(755,root,root) %{_bindir}/nss-policy-check
%attr(755,root,root) %{_bindir}/ocspclnt
%attr(755,root,root) %{_bindir}/ocspresp
%attr(755,root,root) %{_bindir}/oidcalc
%attr(755,root,root) %{_bindir}/p7content
%attr(755,root,root) %{_bindir}/p7env
%attr(755,root,root) %{_bindir}/p7sign
%attr(755,root,root) %{_bindir}/p7verify
%attr(755,root,root) %{_bindir}/pk11gcmtest
%attr(755,root,root) %{_bindir}/pk11mode
%attr(755,root,root) %{_bindir}/pk12util
%attr(755,root,root) %{_bindir}/pk1sign
%attr(755,root,root) %{_bindir}/pkix-errcodes
%attr(755,root,root) %{_bindir}/pp
%attr(755,root,root) %{_bindir}/pwdecrypt
%attr(755,root,root) %{_bindir}/remtest
%attr(755,root,root) %{_bindir}/rsaperf
%attr(755,root,root) %{_bindir}/sdrtest
%attr(755,root,root) %{_bindir}/secmodtest
%attr(755,root,root) %{_bindir}/selfserv
%attr(755,root,root) %{_bindir}/shlibsign
%attr(755,root,root) %{_bindir}/signtool
%attr(755,root,root) %{_bindir}/signver
%attr(755,root,root) %{_bindir}/ssltap
%attr(755,root,root) %{_bindir}/strsclnt
%attr(755,root,root) %{_bindir}/symkeyutil
%attr(755,root,root) %{_bindir}/tstclnt
%attr(755,root,root) %{_bindir}/validation
%attr(755,root,root) %{_bindir}/vfychain
%attr(755,root,root) %{_bindir}/vfyserv
%{_mandir}/man1/certutil.1*
%{_mandir}/man1/cmsutil.1*
%{_mandir}/man1/crlutil.1*
%{_mandir}/man1/derdump.1*
%{_mandir}/man1/modutil.1*
%{_mandir}/man1/pk12util.1*
%{_mandir}/man1/pp.1*
%{_mandir}/man1/signtool.1*
%{_mandir}/man1/signver.1*
%{_mandir}/man1/ssltap.1*
%{_mandir}/man1/vfychain.1*
%{_mandir}/man1/vfyserv.1*

%files static
%defattr(644,root,root,755)
%{_libdir}/libcertdb.a
%{_libdir}/libcerthi.a
%{_libdir}/libcryptohi.a
%{_libdir}/libdbm.a
%{_libdir}/libjar.a
%{_libdir}/libnss.a
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a
%{_libdir}/libnssdbm.a
%{_libdir}/libnssdev.a
%{_libdir}/libnsspki.a
%{_libdir}/libnssutil.a
%{_libdir}/libpk11wrap.a
%{_libdir}/libpkcs12.a
%{_libdir}/libpkcs7.a
%{_libdir}/libpkixcertsel.a
%{_libdir}/libpkixchecker.a
%{_libdir}/libpkixcrlsel.a
%{_libdir}/libpkixmodule.a
%{_libdir}/libpkixparams.a
%{_libdir}/libpkixpki.a
%{_libdir}/libpkixresults.a
%{_libdir}/libpkixstore.a
%{_libdir}/libpkixsystem.a
%{_libdir}/libpkixtop.a
%{_libdir}/libpkixutil.a
%{_libdir}/libsectool.a
%{_libdir}/libsmime.a
%{_libdir}/libsoftokn.a
%{_libdir}/libssl3.a

%files softokn-freebl
%defattr(644,root,root,755)
%attr(755,root,root) /%{_lib}/libfreebl3.so
%attr(755,root,root) /%{_lib}/libfreeblpriv3.so
/%{_lib}/libfreebl3.chk
/%{_lib}/libfreeblpriv3.chk
Commit	Line	Data
	1	# Conditional build:
	2	%bcond_with bootstrap # avoid dependency on nss-tools
	3	%bcond_with tests # enable tests
	4
	5	%define nspr_ver 1:4.35
	6	%define foover %(echo %{version} \| tr . _)
	7	Summary: NSS - Network Security Services
	8	Summary(pl.UTF-8): NSS - Network Security Services
	9	Name: nss
	10	Version: 3.90
	11	Release: 2
	12	Epoch: 1
	13	License: MPL v2.0
	14	Group: Libraries
	15	Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
	16	# Source0-md5: d83c24d03fb4f9a7f688b5d7c6938972
	17	Source1: %{name}-mozilla-nss.pc
	18	Source2: %{name}-config.in
	19	Source3: https://www.cacert.org/certs/root.der
	20	# Source3-md5: a61b375e390d9c3654eebd2031461f6b
	21	Source4: nss-softokn.pc.in
	22	# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
	23	Patch0: disable-hacl-curve25519.patch
	24	URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
	25	BuildRequires: nspr-devel >= %{nspr_ver}
	26	%{!?with_bootstrap:BuildRequires: nss-tools}
	27	BuildRequires: perl-base
	28	BuildRequires: sqlite3-devel
	29	BuildRequires: zlib-devel
	30	BuildConflicts: mozilla < 0.9.6-3
	31	Requires: %{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release}
	32	Requires: nspr%{?_isa} >= %{nspr_ver}
	33	Obsoletes: libnss3
	34	# needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
	35	Conflicts: firefox < 50.1.0-2
	36	Conflicts: iceape < 2.46-1
	37	Conflicts: iceweasel < 51
	38	Conflicts: mozilla-firefox < 51
	39	Conflicts: seamonkey < 2.47
	40	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	41
	42	%define specflags -fno-strict-aliasing
	43	%define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so
	44	# signed - stripped before signing
	45	%define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} \| sed 's/ /\\\\\|/g')\\)
	46	%define _noautochrpath .%{_libdir}/libfreebl3.so\\\|.%{_libdir}/libsoftokn3.so
	47
	48	%description
	49	NSS supports cross-platform development of security-enabled server
	50	applications. Applications built with NSS can support PKCS #5,
	51	PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3
	52	certificates, and other security standards.
	53
	54	%description -l pl.UTF-8
	55	NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów.
	56	Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7,
	57	PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3,
	58	i wiele innych bezpiecznych standardów.
	59
	60	%package tools
	61	Summary: NSS command line tools and utilities
	62	Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
	63	Group: Applications
	64	Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
	65
	66	%description tools
	67	The NSS Toolkit command line tool.
	68
	69	%description tools -l pl.UTF-8
	70	Narzędzia NSS obsługiwane z linii poleceń.
	71
	72	%package devel
	73	Summary: NSS - header files
	74	Summary(pl.UTF-8): NSS - pliki nagłówkowe
	75	Group: Development/Libraries
	76	Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
	77	Requires: nspr-devel >= %{nspr_ver}
	78	Obsoletes: libnss3-devel
	79
	80	%description devel
	81	Development part of NSS library.
	82
	83	%description devel -l pl.UTF-8
	84	Część biblioteki NSS przeznaczona dla programistów.
	85
	86	%package static
	87	Summary: NSS - static library
	88	Summary(pl.UTF-8): NSS - biblioteka statyczna
	89	Group: Development/Libraries
	90	Requires: %{name}-devel = %{epoch}:%{version}-%{release}
	91
	92	%description static
	93	Static NSS Toolkit libraries.
	94
	95	%description static -l pl.UTF-8
	96	Statyczne wersje bibliotek z NSS.
	97
	98	%package softokn-freebl
	99	Summary: Freebl library for the Network Security Services
	100	Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS
	101	Group: Libraries
	102
	103	%description softokn-freebl
	104	Freebl cryptographic library for the Network Security Services.
	105
	106	%description softokn-freebl -l pl.UTF-8
	107	Biblioteka kryptograficzna freebl dla bibliotek NSS.
	108
	109	%prep
	110	%setup -q
	111	cd nss
	112	%patch0 -p1
	113	cd ..
	114
	115	# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
	116	for dir in ecc noecc; do
	117	install -d $dir
	118	cp -a nss $dir
	119	done
	120
	121	%build
	122	%if %{without bootstrap}
	123	# http://wiki.cacert.org/wiki/NSSLib
	124	addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
	125	%endif
	126
	127	%ifarch %{x8664} ppc64 sparc64 aarch64
	128	export USE_64=1
	129	%endif
	130
	131	export BUILD_OPT=1
	132	export MOZILLA_CLIENT=1
	133	export NSDISTMODE=copy
	134	export NSPR_INCLUDE_DIR=/usr/include/nspr
	135	export NSS_ENABLE_WERROR=0
	136	export NSS_USE_SYSTEM_SQLITE=1
	137	export USE_PTHREADS=1
	138	export USE_SYSTEM_ZLIB=1
	139	export ZLIB_LIBS="-lz"
	140	%ifarch x32
	141	export USE_X32=1
	142	%endif
	143	%{!?with_tests:export NSS_DISABLE_GTESTS=1}
	144
	145	# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
	146
	147	# Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
	148	# Thus we also build noecc version (which doesn't require hack) and use these
	149	# libs from there.
	150	%{__sed} -i -e 's\|#error\|//error\|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
	151	%{__make} -C ecc/nss all \
	152	NSS_ECC_MORE_THAN_SUITE_B=1 \
	153	CC="%{__cc}" \
	154	OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
	155	OS_TEST="%{_target_cpu}" \
	156	NS_USE_GCC=1
	157
	158	%{__make} -C noecc/nss all \
	159	CC="%{__cc}" \
	160	OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
	161	OS_TEST="%{_target_cpu}" \
	162	NS_USE_GCC=1
	163
	164	# strip and sign again
	165	%{__strip} --strip-unneeded -R.comment -R.note \
	166	{,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} \| tr ' ' ',')}
	167
	168	for dir in ecc noecc; do
	169	distdir=$(echo $(pwd)/$dir/dist/Linux*)
	170	for lib in %{signedlibs}; do
	171	LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib"
	172	done
	173	done
	174
	175	%install
	176	rm -rf $RPM_BUILD_ROOT
	177	install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
	178
	179	cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
	180	cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
	181	cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
	182	install -p ecc/dist/Linux/bin/ $RPM_BUILD_ROOT%{_bindir}
	183	install -p ecc/dist/Linux/lib/ $RPM_BUILD_ROOT%{_libdir}
	184
	185	# non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
	186	install -p noecc/dist/Linux/lib/libnssdbm3. $RPM_BUILD_ROOT%{_libdir}
	187	install -p noecc/dist/Linux/lib/libsoftokn3. $RPM_BUILD_ROOT%{_libdir}
	188	install -p noecc/dist/Linux/lib/libfreebl3. $RPM_BUILD_ROOT%{_libdir}
	189
	190	cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
	191
	192	%{__sed} -e '
	193	s#libdir=.*#libdir=%{_libdir}#g
	194	s#includedir=.*#includedir=%{_includedir}#g
	195	s#VERSION#%{version}#g
	196	' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
	197	# compatibility symlink
	198	ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
	199
	200	cat %{SOURCE4} \| \
	201	sed -e "s,%%libdir%%,%{_libdir},g" \
	202	-e "s,%%prefix%%,%{_prefix},g" \
	203	-e "s,%%exec_prefix%%,%{_prefix},g" \
	204	-e "s,%%includedir%%,%{_includedir}/nss,g" \
	205	-e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} \| sed -e 's#.*:##g'),g" \
	206	-e "s,%%NSS_VERSION%%,%{version},g" \
	207	-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
	208	$RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc
	209
	210	NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
	211	NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
	212	NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
	213	%{__sed} -e "
	214	s,@libdir@,%{_libdir},g
	215	s,@prefix@,%{_prefix},g
	216	s,@exec_prefix@,%{_prefix},g
	217	s,@includedir@,%{_includedir}/nss,g
	218	s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g
	219	s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g
	220	s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g
	221	" %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
	222	chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config
	223
	224	%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
	225	ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
	226	%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
	227	ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
	228	%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib}
	229	ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so
	230	%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib}
	231	ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk
	232
	233	# conflict with openssl-static
	234	%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
	235
	236	# unit tests
	237	%if %{with tests}
	238	%{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
	239	%{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
	240	%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
	241	%{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
	242	%{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
	243	%endif
	244	%{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
	245	%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
	246	%{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
	247	%{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
	248	%{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
	249	%{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
	250
	251	if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
	252	echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
	253	exit 1
	254	fi
	255
	256	%clean
	257	rm -rf $RPM_BUILD_ROOT
	258
	259	%post -p /sbin/ldconfig
	260	%postun -p /sbin/ldconfig
	261
	262	%files
	263	%defattr(644,root,root,755)
	264	# COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
	265	%doc nss/{COPYING,trademarks.txt}
	266	%attr(755,root,root) %{_libdir}/libfreebl3.so
	267	%attr(755,root,root) %{_libdir}/libfreeblpriv3.so
	268	%attr(755,root,root) %{_libdir}/libnss3.so
	269	%attr(755,root,root) %{_libdir}/libnssckbi.so
	270	%attr(755,root,root) %{_libdir}/libnssdbm3.so
	271	%attr(755,root,root) %{_libdir}/libnssutil3.so
	272	%attr(755,root,root) %{_libdir}/libsmime3.so
	273	%attr(755,root,root) %{_libdir}/libsoftokn3.so
	274	%attr(755,root,root) %{_libdir}/libssl3.so
	275	%{_libdir}/libfreebl3.chk
	276	%{_libdir}/libfreeblpriv3.chk
	277	%{_libdir}/libnssdbm3.chk
	278	%{_libdir}/libsoftokn3.chk
	279
	280	%files devel
	281	%defattr(644,root,root,755)
	282	%attr(755,root,root) %{_bindir}/nss-config
	283	%{_libdir}/libcrmf.a
	284	%{_libdir}/libfreebl.a
	285	%{_includedir}/nss
	286	%{_pkgconfigdir}/mozilla-nss.pc
	287	%{_pkgconfigdir}/nss.pc
	288	%{_pkgconfigdir}/nss-softokn.pc
	289
	290	%files tools
	291	%defattr(644,root,root,755)
	292	%attr(755,root,root) %{_bindir}/addbuiltin
	293	%attr(755,root,root) %{_bindir}/atob
	294	%attr(755,root,root) %{_bindir}/baddbdir
	295	%attr(755,root,root) %{_bindir}/bltest
	296	%attr(755,root,root) %{_bindir}/btoa
	297	%attr(755,root,root) %{_bindir}/certutil
	298	%attr(755,root,root) %{_bindir}/chktest
	299	%attr(755,root,root) %{_bindir}/cmsutil
	300	%attr(755,root,root) %{_bindir}/conflict
	301	%attr(755,root,root) %{_bindir}/crlutil
	302	%attr(755,root,root) %{_bindir}/crmftest
	303	%attr(755,root,root) %{_bindir}/dbtest
	304	%attr(755,root,root) %{_bindir}/derdump
	305	%attr(755,root,root) %{_bindir}/dertimetest
	306	%attr(755,root,root) %{_bindir}/digest
	307	%attr(755,root,root) %{_bindir}/ecperf
	308	%attr(755,root,root) %{_bindir}/encodeinttest
	309	%attr(755,root,root) %{_bindir}/fipstest
	310	%attr(755,root,root) %{_bindir}/httpserv
	311	%attr(755,root,root) %{_bindir}/listsuites
	312	%attr(755,root,root) %{_bindir}/lowhashtest
	313	%attr(755,root,root) %{_bindir}/makepqg
	314	%attr(755,root,root) %{_bindir}/mangle
	315	%attr(755,root,root) %{_bindir}/modutil
	316	%attr(755,root,root) %{_bindir}/multinit
	317	%attr(755,root,root) %{_bindir}/nonspr10
	318	%attr(755,root,root) %{_bindir}/nss-policy-check
	319	%attr(755,root,root) %{_bindir}/ocspclnt
	320	%attr(755,root,root) %{_bindir}/ocspresp
	321	%attr(755,root,root) %{_bindir}/oidcalc
	322	%attr(755,root,root) %{_bindir}/p7content
	323	%attr(755,root,root) %{_bindir}/p7env
	324	%attr(755,root,root) %{_bindir}/p7sign
	325	%attr(755,root,root) %{_bindir}/p7verify
	326	%attr(755,root,root) %{_bindir}/pk11gcmtest
	327	%attr(755,root,root) %{_bindir}/pk11mode
	328	%attr(755,root,root) %{_bindir}/pk12util
	329	%attr(755,root,root) %{_bindir}/pk1sign
	330	%attr(755,root,root) %{_bindir}/pkix-errcodes
	331	%attr(755,root,root) %{_bindir}/pp
	332	%attr(755,root,root) %{_bindir}/pwdecrypt
	333	%attr(755,root,root) %{_bindir}/remtest
	334	%attr(755,root,root) %{_bindir}/rsaperf
	335	%attr(755,root,root) %{_bindir}/sdrtest
	336	%attr(755,root,root) %{_bindir}/secmodtest
	337	%attr(755,root,root) %{_bindir}/selfserv
	338	%attr(755,root,root) %{_bindir}/shlibsign
	339	%attr(755,root,root) %{_bindir}/signtool
	340	%attr(755,root,root) %{_bindir}/signver
	341	%attr(755,root,root) %{_bindir}/ssltap
	342	%attr(755,root,root) %{_bindir}/strsclnt
	343	%attr(755,root,root) %{_bindir}/symkeyutil
	344	%attr(755,root,root) %{_bindir}/tstclnt
	345	%attr(755,root,root) %{_bindir}/validation
	346	%attr(755,root,root) %{_bindir}/vfychain
	347	%attr(755,root,root) %{_bindir}/vfyserv
	348	%{_mandir}/man1/certutil.1*
	349	%{_mandir}/man1/cmsutil.1*
	350	%{_mandir}/man1/crlutil.1*
	351	%{_mandir}/man1/derdump.1*
	352	%{_mandir}/man1/modutil.1*
	353	%{_mandir}/man1/pk12util.1*
	354	%{_mandir}/man1/pp.1*
	355	%{_mandir}/man1/signtool.1*
	356	%{_mandir}/man1/signver.1*
	357	%{_mandir}/man1/ssltap.1*
	358	%{_mandir}/man1/vfychain.1*
	359	%{_mandir}/man1/vfyserv.1*
	360
	361	%files static
	362	%defattr(644,root,root,755)
	363	%{_libdir}/libcertdb.a
	364	%{_libdir}/libcerthi.a
	365	%{_libdir}/libcryptohi.a
	366	%{_libdir}/libdbm.a
	367	%{_libdir}/libjar.a
	368	%{_libdir}/libnss.a
	369	%{_libdir}/libnssb.a
	370	%{_libdir}/libnssckfw.a
	371	%{_libdir}/libnssdbm.a
	372	%{_libdir}/libnssdev.a
	373	%{_libdir}/libnsspki.a
	374	%{_libdir}/libnssutil.a
	375	%{_libdir}/libpk11wrap.a
	376	%{_libdir}/libpkcs12.a
	377	%{_libdir}/libpkcs7.a
	378	%{_libdir}/libpkixcertsel.a
	379	%{_libdir}/libpkixchecker.a
	380	%{_libdir}/libpkixcrlsel.a
	381	%{_libdir}/libpkixmodule.a
	382	%{_libdir}/libpkixparams.a
	383	%{_libdir}/libpkixpki.a
	384	%{_libdir}/libpkixresults.a
	385	%{_libdir}/libpkixstore.a
	386	%{_libdir}/libpkixsystem.a
	387	%{_libdir}/libpkixtop.a
	388	%{_libdir}/libpkixutil.a
	389	%{_libdir}/libsectool.a
	390	%{_libdir}/libsmime.a
	391	%{_libdir}/libsoftokn.a
	392	%{_libdir}/libssl3.a
	393
	394	%files softokn-freebl
	395	%defattr(644,root,root,755)
	396	%attr(755,root,root) /%{_lib}/libfreebl3.so
	397	%attr(755,root,root) /%{_lib}/libfreeblpriv3.so
	398	/%{_lib}/libfreebl3.chk
	399	/%{_lib}/libfreeblpriv3.chk