2 %bcond_with bootstrap # avoid dependency on nss-tools
3 %bcond_with tests # enable tests
5 %define nspr_ver 1:4.35
6 %define foover %(echo %{version} | tr . _)
7 Summary: NSS - Network Security Services
8 Summary(pl.UTF-8): NSS - Network Security Services
15 Source0: https://ftp.mozilla.org/pub/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
16 # Source0-md5: 9bfacbd8a080b0aa0a7672ca643c440b
17 Source1: %{name}-mozilla-nss.pc
18 Source2: %{name}-config.in
19 Source3: https://www.cacert.org/certs/root.der
20 # Source3-md5: a61b375e390d9c3654eebd2031461f6b
21 Source4: nss-softokn.pc.in
22 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
23 URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
24 BuildRequires: nspr-devel >= %{nspr_ver}
25 %{!?with_bootstrap:BuildRequires: nss-tools}
26 BuildRequires: perl-base
27 BuildRequires: sqlite3-devel
28 BuildRequires: zlib-devel
29 BuildConflicts: mozilla < 0.9.6-3
30 Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
31 Requires: nspr >= %{nspr_ver}
33 # needs http2 code update: https://bugzilla.mozilla.org/show_bug.cgi?id=1323209
34 Conflicts: firefox < 50.1.0-2
35 Conflicts: iceape < 2.46-1
36 Conflicts: iceweasel < 51
37 Conflicts: mozilla-firefox < 51
38 Conflicts: seamonkey < 2.47
39 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
41 %define specflags -fno-strict-aliasing
42 %define signedlibs libfreebl3.so libfreeblpriv3.so libnssdbm3.so libsoftokn3.so
43 # signed - stripped before signing
44 %define _noautostrip .*%{_lib}/\\(%(echo %{signedlibs} | sed 's/ /\\\\|/g')\\)
45 %define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
48 NSS supports cross-platform development of security-enabled server
49 applications. Applications built with NSS can support PKCS #5,
50 PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3
51 certificates, and other security standards.
53 %description -l pl.UTF-8
54 NSS wspomaga pisanie wieloplatformowych bezpiecznych serwerów.
55 Aplikacja używająca NSS jest w stanie obsłużyć PKCS #5, PKCS #7,
56 PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 oraz v3, certyfikaty X.509 v3,
57 i wiele innych bezpiecznych standardów.
60 Summary: NSS command line tools and utilities
61 Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
63 Requires: %{name} = %{epoch}:%{version}-%{release}
66 The NSS Toolkit command line tool.
68 %description tools -l pl.UTF-8
69 Narzędzia NSS obsługiwane z linii poleceń.
72 Summary: NSS - header files
73 Summary(pl.UTF-8): NSS - pliki nagłówkowe
74 Group: Development/Libraries
75 Requires: %{name} = %{epoch}:%{version}-%{release}
76 Requires: nspr-devel >= %{nspr_ver}
77 Obsoletes: libnss3-devel
80 Development part of NSS library.
82 %description devel -l pl.UTF-8
83 Część biblioteki NSS przeznaczona dla programistów.
86 Summary: NSS - static library
87 Summary(pl.UTF-8): NSS - biblioteka statyczna
88 Group: Development/Libraries
89 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
92 Static NSS Toolkit libraries.
94 %description static -l pl.UTF-8
95 Statyczne wersje bibliotek z NSS.
97 %package softokn-freebl
98 Summary: Freebl library for the Network Security Services
99 Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS
102 %description softokn-freebl
103 Freebl cryptographic library for the Network Security Services.
105 %description softokn-freebl -l pl.UTF-8
106 Biblioteka kryptograficzna freebl dla bibliotek NSS.
111 # http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
112 for dir in ecc noecc; do
118 %if %{without bootstrap}
119 # http://wiki.cacert.org/wiki/NSSLib
120 addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
123 %ifarch %{x8664} ppc64 sparc64 aarch64
128 export MOZILLA_CLIENT=1
129 export NSDISTMODE=copy
130 export NSPR_INCLUDE_DIR=/usr/include/nspr
131 export NSS_ENABLE_WERROR=0
132 export NSS_USE_SYSTEM_SQLITE=1
133 export USE_PTHREADS=1
134 export USE_SYSTEM_ZLIB=1
135 export ZLIB_LIBS="-lz"
139 %{!?with_tests:export NSS_DISABLE_GTESTS=1}
141 # https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
143 # Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
144 # Thus we also build noecc version (which doesn't require hack) and use these
146 %{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
147 %{__make} -C ecc/nss all \
148 NSS_ECC_MORE_THAN_SUITE_B=1 \
150 OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
151 OS_TEST="%{_target_cpu}" \
154 %{__make} -C noecc/nss all \
156 OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
157 OS_TEST="%{_target_cpu}" \
160 # strip and sign again
161 %{__strip} --strip-unneeded -R.comment -R.note \
162 {,no}ecc/dist/Linux*/lib/{%(echo %{signedlibs} | tr ' ' ',')}
164 for dir in ecc noecc; do
165 distdir=$(echo $(pwd)/$dir/dist/Linux*)
166 for lib in %{signedlibs}; do
167 LD_LIBRARY_PATH="$distdir/lib" "$distdir/bin/shlibsign" -i "$distdir/lib/$lib"
172 rm -rf $RPM_BUILD_ROOT
173 install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
175 cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
176 cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
177 cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
178 install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir}
179 install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir}
181 # non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
182 install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir}
183 install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir}
184 install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir}
186 cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
189 s#libdir=.*#libdir=%{_libdir}#g
190 s#includedir=.*#includedir=%{_includedir}#g
191 s#VERSION#%{version}#g
192 ' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
193 # compatibility symlink
194 ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
197 sed -e "s,%%libdir%%,%{_libdir},g" \
198 -e "s,%%prefix%%,%{_prefix},g" \
199 -e "s,%%exec_prefix%%,%{_prefix},g" \
200 -e "s,%%includedir%%,%{_includedir}/nss,g" \
201 -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \
202 -e "s,%%NSS_VERSION%%,%{version},g" \
203 -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
204 $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc
206 NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
207 NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
208 NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
210 s,@libdir@,%{_libdir},g
211 s,@prefix@,%{_prefix},g
212 s,@exec_prefix@,%{_prefix},g
213 s,@includedir@,%{_includedir}/nss,g
214 s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g
215 s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g
216 s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g
217 " %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
218 chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config
220 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
221 ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
222 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
223 ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
224 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so $RPM_BUILD_ROOT/%{_lib}
225 ln -s /%{_lib}/libfreeblpriv3.so $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.so
226 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk $RPM_BUILD_ROOT/%{_lib}
227 ln -s /%{_lib}/libfreeblpriv3.chk $RPM_BUILD_ROOT%{_libdir}/libfreeblpriv3.chk
229 # conflict with openssl-static
230 %{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
234 %{__rm} $RPM_BUILD_ROOT%{_bindir}/{certdb,certhigh,cryptohi,der,pk11,softoken,smime,ssl,util}_gtest
235 %{__rm} $RPM_BUILD_ROOT%{_bindir}/nss_bogo_shim
236 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libgtest*
237 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libpkcs11testmodule.*
238 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libcpputil.*
240 %{__rm} $RPM_BUILD_ROOT%{_bindir}/fbectest
241 %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11ectest
242 %{__rm} $RPM_BUILD_ROOT%{_bindir}/pk11importtest
243 %{__rm} $RPM_BUILD_ROOT%{_bindir}/rsapoptst
244 %{__rm} $RPM_BUILD_ROOT%{_bindir}/sdbthreadtst
245 %{__rm} $RPM_BUILD_ROOT%{_libdir}/libnss*-testlib.so
247 if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
248 echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
253 rm -rf $RPM_BUILD_ROOT
255 %post -p /sbin/ldconfig
256 %postun -p /sbin/ldconfig
259 %defattr(644,root,root,755)
260 # COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
261 %doc nss/{COPYING,trademarks.txt}
262 %attr(755,root,root) %{_libdir}/libfreebl3.so
263 %attr(755,root,root) %{_libdir}/libfreeblpriv3.so
264 %attr(755,root,root) %{_libdir}/libnss3.so
265 %attr(755,root,root) %{_libdir}/libnssckbi.so
266 %attr(755,root,root) %{_libdir}/libnssdbm3.so
267 %attr(755,root,root) %{_libdir}/libnssutil3.so
268 %attr(755,root,root) %{_libdir}/libsmime3.so
269 %attr(755,root,root) %{_libdir}/libsoftokn3.so
270 %attr(755,root,root) %{_libdir}/libssl3.so
271 %{_libdir}/libfreebl3.chk
272 %{_libdir}/libfreeblpriv3.chk
273 %{_libdir}/libnssdbm3.chk
274 %{_libdir}/libsoftokn3.chk
277 %defattr(644,root,root,755)
278 %attr(755,root,root) %{_bindir}/nss-config
280 %{_libdir}/libfreebl.a
282 %{_pkgconfigdir}/mozilla-nss.pc
283 %{_pkgconfigdir}/nss.pc
284 %{_pkgconfigdir}/nss-softokn.pc
287 %defattr(644,root,root,755)
288 %attr(755,root,root) %{_bindir}/addbuiltin
289 %attr(755,root,root) %{_bindir}/atob
290 %attr(755,root,root) %{_bindir}/baddbdir
291 %attr(755,root,root) %{_bindir}/bltest
292 %attr(755,root,root) %{_bindir}/btoa
293 %attr(755,root,root) %{_bindir}/certutil
294 %attr(755,root,root) %{_bindir}/chktest
295 %attr(755,root,root) %{_bindir}/cmsutil
296 %attr(755,root,root) %{_bindir}/conflict
297 %attr(755,root,root) %{_bindir}/crlutil
298 %attr(755,root,root) %{_bindir}/crmftest
299 %attr(755,root,root) %{_bindir}/dbtest
300 %attr(755,root,root) %{_bindir}/derdump
301 %attr(755,root,root) %{_bindir}/dertimetest
302 %attr(755,root,root) %{_bindir}/digest
303 %attr(755,root,root) %{_bindir}/ecperf
304 %attr(755,root,root) %{_bindir}/encodeinttest
305 %attr(755,root,root) %{_bindir}/fipstest
306 %attr(755,root,root) %{_bindir}/httpserv
307 %attr(755,root,root) %{_bindir}/listsuites
308 %attr(755,root,root) %{_bindir}/lowhashtest
309 %attr(755,root,root) %{_bindir}/makepqg
310 %attr(755,root,root) %{_bindir}/mangle
311 %attr(755,root,root) %{_bindir}/modutil
312 %attr(755,root,root) %{_bindir}/multinit
313 %attr(755,root,root) %{_bindir}/nonspr10
314 %attr(755,root,root) %{_bindir}/nss-policy-check
315 %attr(755,root,root) %{_bindir}/ocspclnt
316 %attr(755,root,root) %{_bindir}/ocspresp
317 %attr(755,root,root) %{_bindir}/oidcalc
318 %attr(755,root,root) %{_bindir}/p7content
319 %attr(755,root,root) %{_bindir}/p7env
320 %attr(755,root,root) %{_bindir}/p7sign
321 %attr(755,root,root) %{_bindir}/p7verify
322 %attr(755,root,root) %{_bindir}/pk11gcmtest
323 %attr(755,root,root) %{_bindir}/pk11mode
324 %attr(755,root,root) %{_bindir}/pk12util
325 %attr(755,root,root) %{_bindir}/pk1sign
326 %attr(755,root,root) %{_bindir}/pkix-errcodes
327 %attr(755,root,root) %{_bindir}/pp
328 %attr(755,root,root) %{_bindir}/pwdecrypt
329 %attr(755,root,root) %{_bindir}/remtest
330 %attr(755,root,root) %{_bindir}/rsaperf
331 %attr(755,root,root) %{_bindir}/sdrtest
332 %attr(755,root,root) %{_bindir}/secmodtest
333 %attr(755,root,root) %{_bindir}/selfserv
334 %attr(755,root,root) %{_bindir}/shlibsign
335 %attr(755,root,root) %{_bindir}/signtool
336 %attr(755,root,root) %{_bindir}/signver
337 %attr(755,root,root) %{_bindir}/ssltap
338 %attr(755,root,root) %{_bindir}/strsclnt
339 %attr(755,root,root) %{_bindir}/symkeyutil
340 %attr(755,root,root) %{_bindir}/tstclnt
341 %attr(755,root,root) %{_bindir}/validation
342 %attr(755,root,root) %{_bindir}/vfychain
343 %attr(755,root,root) %{_bindir}/vfyserv
344 %{_mandir}/man1/certutil.1*
345 %{_mandir}/man1/cmsutil.1*
346 %{_mandir}/man1/crlutil.1*
347 %{_mandir}/man1/derdump.1*
348 %{_mandir}/man1/modutil.1*
349 %{_mandir}/man1/pk12util.1*
350 %{_mandir}/man1/pp.1*
351 %{_mandir}/man1/signtool.1*
352 %{_mandir}/man1/signver.1*
353 %{_mandir}/man1/ssltap.1*
354 %{_mandir}/man1/vfychain.1*
355 %{_mandir}/man1/vfyserv.1*
358 %defattr(644,root,root,755)
359 %{_libdir}/libcertdb.a
360 %{_libdir}/libcerthi.a
361 %{_libdir}/libcryptohi.a
366 %{_libdir}/libnssckfw.a
367 %{_libdir}/libnssdbm.a
368 %{_libdir}/libnssdev.a
369 %{_libdir}/libnsspki.a
370 %{_libdir}/libnssutil.a
371 %{_libdir}/libpk11wrap.a
372 %{_libdir}/libpkcs12.a
373 %{_libdir}/libpkcs7.a
374 %{_libdir}/libpkixcertsel.a
375 %{_libdir}/libpkixchecker.a
376 %{_libdir}/libpkixcrlsel.a
377 %{_libdir}/libpkixmodule.a
378 %{_libdir}/libpkixparams.a
379 %{_libdir}/libpkixpki.a
380 %{_libdir}/libpkixresults.a
381 %{_libdir}/libpkixstore.a
382 %{_libdir}/libpkixsystem.a
383 %{_libdir}/libpkixtop.a
384 %{_libdir}/libpkixutil.a
385 %{_libdir}/libsectool.a
386 %{_libdir}/libsmime.a
387 %{_libdir}/libsoftokn.a
390 %files softokn-freebl
391 %defattr(644,root,root,755)
392 %attr(755,root,root) /%{_lib}/libfreebl3.so
393 %attr(755,root,root) /%{_lib}/libfreeblpriv3.so
394 /%{_lib}/libfreebl3.chk
395 /%{_lib}/libfreeblpriv3.chk