]>
Commit | Line | Data |
---|---|---|
1 | # Conditional build: | |
2 | %bcond_with bootstrap # avoid dependency on nss-tools | |
3 | %bcond_with tests # enable tests | |
4 | ||
5 | %define nspr_ver 1:4.35 | |
6 | %define foover %(echo %{version} | tr . _) | |
7 | Summary: NSS - Network Security Services | |
8 | Summary(pl.UTF-8): NSS - Network Security Services | |
9 | Name: nss | |
10 | Version: 3.90 | |
11 | Release: 2 | |
12 | Epoch: 1 | |
13 | License: MPL v2.0 | |
14 | Group: Libraries | |
15 | Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz | |
16 | # Source0-md5: d83c24d03fb4f9a7f688b5d7c6938972 | |
17 | Source1: %{name}-mozilla-nss.pc | |
18 | Source2: %{name}-config.in | |
19 | Source3: https://www.cacert.org/certs/root.der | |
20 | # Source3-md5: a61b375e390d9c3654eebd2031461f6b | |
21 | Source4: nss-softokn.pc.in | |
22 | # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900 | |
23 | Patch0: disable-hacl-curve25519.patch | |
24 | URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS | |
25 | BuildRequires: nspr-devel >= %{nspr_ver} | |
26 | %{!?with_bootstrap:BuildRequires: nss-tools} | |
27 | BuildRequires: perl-base | |
28 | BuildRequires: sqlite3-devel | |
29 | BuildRequires: zlib-devel | |
30 | BuildConflicts: mozilla < 0.9.6-3 | |
31 | Requires: %{name}-softokn-freebl%{?_isa} = %{epoch}:%{version}-%{release} | |
32 | Requires: nspr%{?_isa} >= %{nspr_ver} | |
33 | Obsoletes: libnss3 | |
34 | # needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209 | |
35 | Conflicts: firefox < 50.1.0-2 | |
36 | Conflicts: iceape < 2.46-1 | |
37 | Conflicts: iceweasel < 51 | |
38 | Conflicts: mozilla-firefox < 51 | |
39 | Conflicts: seamonkey < 2.47 | |
40 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
41 | ||
42 | %define specflags -fno-strict-aliasing | |
43 | %define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so | |
44 | # signed - stripped before signing | |
45 | %define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\) | |
46 | %define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so | |
47 | ||
48 | %description | |
49 | NSS supports cross-platform development of security-enabled server | |
50 | applications. Applications built with NSS can support PKCS #5, | |
51 | PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3 | |
52 | certificates, and other security standards. | |
53 | ||
54 | %description -l pl.UTF-8 | |
55 | NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów. | |
56 | Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7, | |
57 | PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3, | |
58 | i wiele innych bezpiecznych standardów. | |
59 | ||
60 | %package tools | |
61 | Summary: NSS command line tools and utilities | |
62 | Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń | |
63 | Group: Applications | |
64 | Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} | |
65 | ||
66 | %description tools | |
67 | The NSS Toolkit command line tool. | |
68 | ||
69 | %description tools -l pl.UTF-8 | |
70 | Narzędzia NSS obsługiwane z linii poleceń. | |
71 | ||
72 | %package devel | |
73 | Summary: NSS - header files | |
74 | Summary(pl.UTF-8): NSS - pliki nagłówkowe | |
75 | Group: Development/Libraries | |
76 | Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} | |
77 | Requires: nspr-devel >= %{nspr_ver} | |
78 | Obsoletes: libnss3-devel | |
79 | ||
80 | %description devel | |
81 | Development part of NSS library. | |
82 | ||
83 | %description devel -l pl.UTF-8 | |
84 | Część biblioteki NSS przeznaczona dla programistów. | |
85 | ||
86 | %package static | |
87 | Summary: NSS - static library | |
88 | Summary(pl.UTF-8): NSS - biblioteka statyczna | |
89 | Group: Development/Libraries | |
90 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} | |
91 | ||
92 | %description static | |
93 | Static NSS Toolkit libraries. | |
94 | ||
95 | %description static -l pl.UTF-8 | |
96 | Statyczne wersje bibliotek z NSS. | |
97 | ||
98 | %package softokn-freebl | |
99 | Summary: Freebl library for the Network Security Services | |
100 | Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS | |
101 | Group: Libraries | |
102 | ||
103 | %description softokn-freebl | |
104 | Freebl cryptographic library for the Network Security Services. | |
105 | ||
106 | %description softokn-freebl -l pl.UTF-8 | |
107 | Biblioteka kryptograficzna freebl dla bibliotek NSS. | |
108 | ||
109 | %prep | |
110 | %setup -q | |
111 | cd nss | |
112 | %patch0 -p1 | |
113 | cd .. | |
114 | ||
115 | # http://pki.fedoraproject.org/wiki/ECC_Capable_NSS | |
116 | for dir in ecc noecc; do | |
117 | install -d $dir | |
118 | cp -a nss $dir | |
119 | done | |
120 | ||
121 | %build | |
122 | %if %{without bootstrap} | |
123 | # http://wiki.cacert.org/wiki/NSSLib | |
124 | addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt | |
125 | %endif | |
126 | ||
127 | %ifarch %{x8664} ppc64 sparc64 aarch64 | |
128 | export USE_64=1 | |
129 | %endif | |
130 | ||
131 | export BUILD_OPT=1 | |
132 | export MOZILLA_CLIENT=1 | |
133 | export NSDISTMODE=copy | |
134 | export NSPR_INCLUDE_DIR=/usr/include/nspr | |
135 | export NSS_ENABLE_WERROR=0 | |
136 | export NSS_USE_SYSTEM_SQLITE=1 | |
137 | export USE_PTHREADS=1 | |
138 | export USE_SYSTEM_ZLIB=1 | |
139 | export ZLIB_LIBS="-lz" | |
140 | %ifarch x32 | |
141 | export USE_X32=1 | |
142 | %endif | |
143 | %{!?with_tests:export NSS_DISABLE_GTESTS=1} | |
144 | ||
145 | # https://bugzilla.mozilla.org/show_bug.cgi?id=1084623 | |
146 | ||
147 | # Forcing ecc with this hack would produce broken librares (softoken, freebl etc). | |
148 | # Thus we also build noecc version (which doesn't require hack) and use these | |
149 | # libs from there. | |
150 | %{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h | |
151 | %{__make} -C ecc/nss all \ | |
152 | NSS_ECC_MORE_THAN_SUITE_B=1 \ | |
153 | CC="%{__cc}" \ | |
154 | OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \ | |
155 | OS_TEST="%{_target_cpu}" \ | |
156 | NS_USE_GCC=1 | |
157 | ||
158 | %{__make} -C noecc/nss all \ | |
159 | CC="%{__cc}" \ | |
160 | OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \ | |
161 | OS_TEST="%{_target_cpu}" \ | |
162 | NS_USE_GCC=1 | |
163 | ||
164 | # strip and sign again | |
165 | %{__strip} --strip-unneeded -R.comment -R.note \ | |
166 | {,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')} | |
167 | ||
168 | for dir in ecc noecc; do | |
169 | distdir=$(echo $(pwd)/$dir/dist/Linux*) | |
170 | for lib in %{signedlibs}; do | |
171 | LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib" | |
172 | done | |
173 | done | |
174 | ||
175 | %install | |
176 | rm -rf $RPM_BUILD_ROOT | |
177 | install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}} | |
178 | ||
179 | cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss | |
180 | cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss | |
181 | cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss | |
182 | install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir} | |
183 | install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir} | |
184 | ||
185 | # non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3 | |
186 | install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir} | |
187 | install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir} | |
188 | install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir} | |
189 | ||
190 | cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1 | |
191 | ||
192 | %{__sed} -e ' | |
193 | s#libdir=.*#libdir=%{_libdir}#g | |
194 | s#includedir=.*#includedir=%{_includedir}#g | |
195 | s#VERSION#%{version}#g | |
196 | ' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc | |
197 | # compatibility symlink | |
198 | ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc | |
199 | ||
200 | cat %{SOURCE4} | \ | |
201 | sed -e "s,%%libdir%%,%{_libdir},g" \ | |
202 | -e "s,%%prefix%%,%{_prefix},g" \ | |
203 | -e "s,%%exec_prefix%%,%{_prefix},g" \ | |
204 | -e "s,%%includedir%%,%{_includedir}/nss,g" \ | |
205 | -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \ | |
206 | -e "s,%%NSS_VERSION%%,%{version},g" \ | |
207 | -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ | |
208 | $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc | |
209 | ||
210 | NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h) | |
211 | NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h) | |
212 | NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h) | |
213 | %{__sed} -e " | |
214 | s,@libdir@,%{_libdir},g | |
215 | s,@prefix@,%{_prefix},g | |
216 | s,@exec_prefix@,%{_prefix},g | |
217 | s,@includedir@,%{_includedir}/nss,g | |
218 | s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g | |
219 | s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g | |
220 | s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g | |
221 | " %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config | |
222 | chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config | |
223 | ||
224 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib} | |
225 | ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so | |
226 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib} | |
227 | ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk | |
228 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib} | |
229 | ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so | |
230 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib} | |
231 | ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk | |
232 | ||
233 | # conflict with openssl-static | |
234 | %{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a | |
235 | ||
236 | # unit tests | |
237 | %if %{with tests} | |
238 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest | |
239 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim | |
240 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest* | |
241 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.* | |
242 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.* | |
243 | %endif | |
244 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest | |
245 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest | |
246 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest | |
247 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst | |
248 | %{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst | |
249 | %{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so | |
250 | ||
251 | if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then | |
252 | echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc" | |
253 | exit 1 | |
254 | fi | |
255 | ||
256 | %clean | |
257 | rm -rf $RPM_BUILD_ROOT | |
258 | ||
259 | %post -p /sbin/ldconfig | |
260 | %postun -p /sbin/ldconfig | |
261 | ||
262 | %files | |
263 | %defattr(644,root,root,755) | |
264 | # COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes | |
265 | %doc nss/{COPYING,trademarks.txt} | |
266 | %attr(755,root,root) %{_libdir}/libfreebl3.so | |
267 | %attr(755,root,root) %{_libdir}/libfreeblpriv3.so | |
268 | %attr(755,root,root) %{_libdir}/libnss3.so | |
269 | %attr(755,root,root) %{_libdir}/libnssckbi.so | |
270 | %attr(755,root,root) %{_libdir}/libnssdbm3.so | |
271 | %attr(755,root,root) %{_libdir}/libnssutil3.so | |
272 | %attr(755,root,root) %{_libdir}/libsmime3.so | |
273 | %attr(755,root,root) %{_libdir}/libsoftokn3.so | |
274 | %attr(755,root,root) %{_libdir}/libssl3.so | |
275 | %{_libdir}/libfreebl3.chk | |
276 | %{_libdir}/libfreeblpriv3.chk | |
277 | %{_libdir}/libnssdbm3.chk | |
278 | %{_libdir}/libsoftokn3.chk | |
279 | ||
280 | %files devel | |
281 | %defattr(644,root,root,755) | |
282 | %attr(755,root,root) %{_bindir}/nss-config | |
283 | %{_libdir}/libcrmf.a | |
284 | %{_libdir}/libfreebl.a | |
285 | %{_includedir}/nss | |
286 | %{_pkgconfigdir}/mozilla-nss.pc | |
287 | %{_pkgconfigdir}/nss.pc | |
288 | %{_pkgconfigdir}/nss-softokn.pc | |
289 | ||
290 | %files tools | |
291 | %defattr(644,root,root,755) | |
292 | %attr(755,root,root) %{_bindir}/addbuiltin | |
293 | %attr(755,root,root) %{_bindir}/atob | |
294 | %attr(755,root,root) %{_bindir}/baddbdir | |
295 | %attr(755,root,root) %{_bindir}/bltest | |
296 | %attr(755,root,root) %{_bindir}/btoa | |
297 | %attr(755,root,root) %{_bindir}/certutil | |
298 | %attr(755,root,root) %{_bindir}/chktest | |
299 | %attr(755,root,root) %{_bindir}/cmsutil | |
300 | %attr(755,root,root) %{_bindir}/conflict | |
301 | %attr(755,root,root) %{_bindir}/crlutil | |
302 | %attr(755,root,root) %{_bindir}/crmftest | |
303 | %attr(755,root,root) %{_bindir}/dbtest | |
304 | %attr(755,root,root) %{_bindir}/derdump | |
305 | %attr(755,root,root) %{_bindir}/dertimetest | |
306 | %attr(755,root,root) %{_bindir}/digest | |
307 | %attr(755,root,root) %{_bindir}/ecperf | |
308 | %attr(755,root,root) %{_bindir}/encodeinttest | |
309 | %attr(755,root,root) %{_bindir}/fipstest | |
310 | %attr(755,root,root) %{_bindir}/httpserv | |
311 | %attr(755,root,root) %{_bindir}/listsuites | |
312 | %attr(755,root,root) %{_bindir}/lowhashtest | |
313 | %attr(755,root,root) %{_bindir}/makepqg | |
314 | %attr(755,root,root) %{_bindir}/mangle | |
315 | %attr(755,root,root) %{_bindir}/modutil | |
316 | %attr(755,root,root) %{_bindir}/multinit | |
317 | %attr(755,root,root) %{_bindir}/nonspr10 | |
318 | %attr(755,root,root) %{_bindir}/nss-policy-check | |
319 | %attr(755,root,root) %{_bindir}/ocspclnt | |
320 | %attr(755,root,root) %{_bindir}/ocspresp | |
321 | %attr(755,root,root) %{_bindir}/oidcalc | |
322 | %attr(755,root,root) %{_bindir}/p7content | |
323 | %attr(755,root,root) %{_bindir}/p7env | |
324 | %attr(755,root,root) %{_bindir}/p7sign | |
325 | %attr(755,root,root) %{_bindir}/p7verify | |
326 | %attr(755,root,root) %{_bindir}/pk11gcmtest | |
327 | %attr(755,root,root) %{_bindir}/pk11mode | |
328 | %attr(755,root,root) %{_bindir}/pk12util | |
329 | %attr(755,root,root) %{_bindir}/pk1sign | |
330 | %attr(755,root,root) %{_bindir}/pkix-errcodes | |
331 | %attr(755,root,root) %{_bindir}/pp | |
332 | %attr(755,root,root) %{_bindir}/pwdecrypt | |
333 | %attr(755,root,root) %{_bindir}/remtest | |
334 | %attr(755,root,root) %{_bindir}/rsaperf | |
335 | %attr(755,root,root) %{_bindir}/sdrtest | |
336 | %attr(755,root,root) %{_bindir}/secmodtest | |
337 | %attr(755,root,root) %{_bindir}/selfserv | |
338 | %attr(755,root,root) %{_bindir}/shlibsign | |
339 | %attr(755,root,root) %{_bindir}/signtool | |
340 | %attr(755,root,root) %{_bindir}/signver | |
341 | %attr(755,root,root) %{_bindir}/ssltap | |
342 | %attr(755,root,root) %{_bindir}/strsclnt | |
343 | %attr(755,root,root) %{_bindir}/symkeyutil | |
344 | %attr(755,root,root) %{_bindir}/tstclnt | |
345 | %attr(755,root,root) %{_bindir}/validation | |
346 | %attr(755,root,root) %{_bindir}/vfychain | |
347 | %attr(755,root,root) %{_bindir}/vfyserv | |
348 | %{_mandir}/man1/certutil.1* | |
349 | %{_mandir}/man1/cmsutil.1* | |
350 | %{_mandir}/man1/crlutil.1* | |
351 | %{_mandir}/man1/derdump.1* | |
352 | %{_mandir}/man1/modutil.1* | |
353 | %{_mandir}/man1/pk12util.1* | |
354 | %{_mandir}/man1/pp.1* | |
355 | %{_mandir}/man1/signtool.1* | |
356 | %{_mandir}/man1/signver.1* | |
357 | %{_mandir}/man1/ssltap.1* | |
358 | %{_mandir}/man1/vfychain.1* | |
359 | %{_mandir}/man1/vfyserv.1* | |
360 | ||
361 | %files static | |
362 | %defattr(644,root,root,755) | |
363 | %{_libdir}/libcertdb.a | |
364 | %{_libdir}/libcerthi.a | |
365 | %{_libdir}/libcryptohi.a | |
366 | %{_libdir}/libdbm.a | |
367 | %{_libdir}/libjar.a | |
368 | %{_libdir}/libnss.a | |
369 | %{_libdir}/libnssb.a | |
370 | %{_libdir}/libnssckfw.a | |
371 | %{_libdir}/libnssdbm.a | |
372 | %{_libdir}/libnssdev.a | |
373 | %{_libdir}/libnsspki.a | |
374 | %{_libdir}/libnssutil.a | |
375 | %{_libdir}/libpk11wrap.a | |
376 | %{_libdir}/libpkcs12.a | |
377 | %{_libdir}/libpkcs7.a | |
378 | %{_libdir}/libpkixcertsel.a | |
379 | %{_libdir}/libpkixchecker.a | |
380 | %{_libdir}/libpkixcrlsel.a | |
381 | %{_libdir}/libpkixmodule.a | |
382 | %{_libdir}/libpkixparams.a | |
383 | %{_libdir}/libpkixpki.a | |
384 | %{_libdir}/libpkixresults.a | |
385 | %{_libdir}/libpkixstore.a | |
386 | %{_libdir}/libpkixsystem.a | |
387 | %{_libdir}/libpkixtop.a | |
388 | %{_libdir}/libpkixutil.a | |
389 | %{_libdir}/libsectool.a | |
390 | %{_libdir}/libsmime.a | |
391 | %{_libdir}/libsoftokn.a | |
392 | %{_libdir}/libssl3.a | |
393 | ||
394 | %files softokn-freebl | |
395 | %defattr(644,root,root,755) | |
396 | %attr(755,root,root) /%{_lib}/libfreebl3.so | |
397 | %attr(755,root,root) /%{_lib}/libfreeblpriv3.so | |
398 | /%{_lib}/libfreebl3.chk | |
399 | /%{_lib}/libfreeblpriv3.chk |