-# TODO
-# - check if the signed nss lib data (*.chk) is still valid after rpm stripping
-#
+%define nspr_ver 1:4.11
%define foover %(echo %{version} | tr . _)
Summary: NSS - Network Security Services
Summary(pl.UTF-8): NSS - Network Security Services
Name: nss
-Version: 3.11.7
+Version: 3.22
Release: 1
Epoch: 1
-License: GPL
+License: MPL v2.0
Group: Libraries
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/dbm -r DBM_1_61_RTM
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/dbm -r DBM_1_61_RTM
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/coreconf -r NSS_3_9_4_RTM
-# :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot mozilla/security/nss -r NSS_3_9_4_RTM
-#Source0: %{name}-%{version}.tar.bz2
-Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
-# Source0-md5: 82594a0773cedd7bb7aa25009a25f5a3
+Source0: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{foover}_RTM/src/%{name}-%{version}.tar.gz
+# Source0-md5: 07dfe5bed80cf44caa9a06e8eb043742
Source1: %{name}-mozilla-nss.pc
Source2: %{name}-config.in
-Patch0: %{name}-Makefile.patch
+Source3: http://www.cacert.org/certs/root.der
+# Source3-md5: a61b375e390d9c3654eebd2031461f6b
+Source4: nss-softokn.pc.in
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900
+Patch0: x32.patch
URL: http://www.mozilla.org/projects/security/pki/nss/
-BuildRequires: nspr-devel >= 1:4.6.7
+BuildRequires: nspr-devel >= %{nspr_ver}
+BuildRequires: nss-tools
+BuildRequires: perl-base
+BuildRequires: sqlite3-devel
BuildRequires: zlib-devel
BuildConflicts: mozilla < 0.9.6-3
-Requires: nspr >= 1:4.6.7
+Requires: %{name}-softokn-freebl = %{epoch}:%{version}-%{release}
+Requires: nspr >= %{nspr_ver}
Obsoletes: libnss3
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define specflags -fno-strict-aliasing
+# signed - stripped before signing
+%define _noautostrip .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
+%define _noautochrpath .*%{_libdir}/libfreebl3.so\\|.*%{_libdir}/libsoftokn3.so
%description
NSS supports cross-platform development of security-enabled server
%package tools
Summary: NSS command line tools and utilities
-Summary(pl.UTF-8): Narzędzia NSS
+Summary(pl.UTF-8): Narzędzia NSS obsługiwane z linii poleceń
Group: Applications
Requires: %{name} = %{epoch}:%{version}-%{release}
Summary(pl.UTF-8): NSS - pliki nagłówkowe
Group: Development/Libraries
Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: nspr-devel >= 1:4.6.7
+Requires: nspr-devel >= %{nspr_ver}
Obsoletes: libnss3-devel
%description devel
%description static -l pl.UTF-8
Statyczne wersje bibliotek z NSS.
+%package softokn-freebl
+Summary: Freebl library for the Network Security Services
+Summary(pl.UTF-8): Biblioteka freebl dla bibliotek NSS
+Group: Libraries
+
+%description softokn-freebl
+Freebl cryptographic library for the Network Security Services.
+
+%description softokn-freebl -l pl.UTF-8
+Biblioteka kryptograficzna freebl dla bibliotek NSS.
+
%prep
%setup -q
%patch0 -p1
+%if 0%{!?debug:1}
+# strip before signing
+%{__sed} -i -e '/export ADDON_PATH$/a\ echo STRIP \; %{__strip} --strip-unneeded -R.comment -R.note ${5}' nss/cmd/shlibsign/sign.sh
+%endif
+
%build
-cd mozilla/security/nss
+# http://wiki.cacert.org/wiki/NSSLib
+addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/certdata.txt
-%ifarch %{x8664} ppc64
+%ifarch %{x8664} ppc64 sparc64
export USE_64=1
%endif
-%{__make} -j1 build_coreconf \
- NSDISTMODE=copy \
- NS_USE_GCC=1 \
- MOZILLA_CLIENT=1 \
- NO_MDUPDATE=1 \
- USE_PTHREADS=1 \
- BUILD_OPT=1 \
- CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags}"
-
-%{__make} -j1 build_dbm \
- NSDISTMODE=copy \
- NS_USE_GCC=1 \
- MOZILLA_CLIENT=1 \
- NO_MDUPDATE=1 \
- USE_PTHREADS=1 \
- BUILD_OPT=1 \
+# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
+for dir in ecc noecc; do
+ install -d $dir
+ cp -a nss $dir/nss
+done
+
+export BUILD_OPT=1
+export MOZILLA_CLIENT=1
+export NSDISTMODE=copy
+export NSPR_INCLUDE_DIR=/usr/include/nspr
+export NSS_USE_SYSTEM_SQLITE=1
+export USE_PTHREADS=1
+export USE_SYSTEM_ZLIB=1
+export ZLIB_LIBS="-lz"
+%ifarch x32
+export USE_X32=1
+%endif
+
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623
+
+# Forcing ecc with this hack would produce broken librares (softoken, freebl etc).
+# Thus we also build noecc version (which doesn't require hack) and use these
+# libs from there.
+%{__sed} -i -e 's|#error|//error|g' ecc/nss/lib/freebl/ecl/ecl-curve.h
+%{__make} -j1 -C ecc/nss \
+ NSS_ECC_MORE_THAN_SUITE_B=1 \
CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags}" \
- PLATFORM="pld"
-
-%{__make} -j1 all \
- NSDISTMODE=copy \
- NS_USE_GCC=1 \
- MOZILLA_CLIENT=1 \
- NO_MDUPDATE=1 \
- USE_PTHREADS=1 \
- USE_SYSTEM_ZLIB=1 \
- ZLIB_LIBS="-lz" \
- BUILD_OPT=1 \
+ OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \
+
+%{__make} -j1 -C noecc/nss \
CC="%{__cc}" \
- OPTIMIZER="%{rpmcflags}" \
- PLATFORM="pld"
+ OPTIMIZER="%{rpmcflags} %{rpmcppflags}"
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir}/nss,%{_libdir},%{_pkgconfigdir}}
+install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}}
+
+cp -p ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
+cp -p ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
+cp -p ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
+install -p ecc/dist/Linux*/bin/* $RPM_BUILD_ROOT%{_bindir}
+install -p ecc/dist/Linux*/lib/* $RPM_BUILD_ROOT%{_libdir}
+# exclude unit tests
+%{__rm} $RPM_BUILD_ROOT{%{_bindir}/ssl_gtest,%{_libdir}/libgtest*}
+
+# non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3
+install -p noecc/dist/Linux*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir}
+install -p noecc/dist/Linux*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir}
+install -p noecc/dist/Linux*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir}
-install mozilla/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
-install mozilla/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss
-install mozilla/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss
-install mozilla/dist/pld/bin/* $RPM_BUILD_ROOT%{_bindir}
-install mozilla/dist/pld/lib/* $RPM_BUILD_ROOT%{_libdir}
+cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
%{__sed} -e '
s#libdir=.*#libdir=%{_libdir}#g
s#includedir=.*#includedir=%{_includedir}#g
s#VERSION#%{version}#g
-' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
-ln -s mozilla-nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
+' %{SOURCE1} > $RPM_BUILD_ROOT%{_pkgconfigdir}/nss.pc
+# compatibility symlink
+ln -s nss.pc $RPM_BUILD_ROOT%{_pkgconfigdir}/mozilla-nss.pc
-NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h)
-NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h)
-NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' mozilla/security/nss/lib/nss/nss.h)
+cat %{SOURCE4} | \
+sed -e "s,%%libdir%%,%{_libdir},g" \
+ -e "s,%%prefix%%,%{_prefix},g" \
+ -e "s,%%exec_prefix%%,%{_prefix},g" \
+ -e "s,%%includedir%%,%{_includedir}/nss,g" \
+ -e "s,%%NSPR_VERSION%%,$(echo %{nspr_ver} | sed -e 's#.*:##g'),g" \
+ -e "s,%%NSS_VERSION%%,%{version},g" \
+ -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
+ $RPM_BUILD_ROOT%{_pkgconfigdir}/nss-softokn.pc
+
+
+NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
+NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
+NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)
%{__sed} -e "
s,@libdir@,%{_libdir},g
s,@prefix@,%{_prefix},g
" %{SOURCE2} > $RPM_BUILD_ROOT%{_bindir}/nss-config
chmod +x $RPM_BUILD_ROOT%{_bindir}/nss-config
-# resolve conflict with squid
-mv -f $RPM_BUILD_ROOT%{_bindir}/{,nss-}client
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so $RPM_BUILD_ROOT/%{_lib}
+ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib}
+ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk
+
+# conflict with openssl-static
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a
+
+if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then
+ echo >&2 "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc"
+ exit 1
+fi
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/lib*.so
-%{_libdir}/lib*.chk
+# COPYING beside MPL v2.0 text contains GPL/LGPL compatibility notes
+%doc nss/{COPYING,trademarks.txt}
+%attr(755,root,root) %{_libdir}/libfreebl3.so
+%attr(755,root,root) %{_libdir}/libnss3.so
+%attr(755,root,root) %{_libdir}/libnssckbi.so
+%attr(755,root,root) %{_libdir}/libnssdbm3.so
+%attr(755,root,root) %{_libdir}/libnssutil3.so
+%attr(755,root,root) %{_libdir}/libsmime3.so
+%attr(755,root,root) %{_libdir}/libsoftokn3.so
+%attr(755,root,root) %{_libdir}/libssl3.so
+%{_libdir}/libfreebl3.chk
+%{_libdir}/libnssdbm3.chk
+%{_libdir}/libsoftokn3.chk
%files devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/nss-config
-%{_includedir}/nss
%{_libdir}/libcrmf.a
-%{_pkgconfigdir}/*.pc
+%{_libdir}/libfreebl.a
+%{_includedir}/nss
+%{_pkgconfigdir}/mozilla-nss.pc
+%{_pkgconfigdir}/nss.pc
+%{_pkgconfigdir}/nss-softokn.pc
%files tools
%defattr(644,root,root,755)
-%attr(755,root,root) %{_bindir}/*
-%exclude %{_bindir}/nss-config
+%attr(755,root,root) %{_bindir}/addbuiltin
+%attr(755,root,root) %{_bindir}/atob
+%attr(755,root,root) %{_bindir}/baddbdir
+%attr(755,root,root) %{_bindir}/bltest
+%attr(755,root,root) %{_bindir}/btoa
+%attr(755,root,root) %{_bindir}/certcgi
+%attr(755,root,root) %{_bindir}/certutil
+%attr(755,root,root) %{_bindir}/chktest
+%attr(755,root,root) %{_bindir}/cmsutil
+%attr(755,root,root) %{_bindir}/conflict
+%attr(755,root,root) %{_bindir}/crlutil
+%attr(755,root,root) %{_bindir}/crmftest
+%attr(755,root,root) %{_bindir}/dbtest
+%attr(755,root,root) %{_bindir}/derdump
+%attr(755,root,root) %{_bindir}/dertimetest
+%attr(755,root,root) %{_bindir}/digest
+%attr(755,root,root) %{_bindir}/encodeinttest
+%attr(755,root,root) %{_bindir}/fipstest
+%attr(755,root,root) %{_bindir}/httpserv
+%attr(755,root,root) %{_bindir}/listsuites
+%attr(755,root,root) %{_bindir}/lowhashtest
+%attr(755,root,root) %{_bindir}/makepqg
+%attr(755,root,root) %{_bindir}/mangle
+%attr(755,root,root) %{_bindir}/modutil
+%attr(755,root,root) %{_bindir}/multinit
+%attr(755,root,root) %{_bindir}/nonspr10
+%attr(755,root,root) %{_bindir}/ocspclnt
+%attr(755,root,root) %{_bindir}/ocspresp
+%attr(755,root,root) %{_bindir}/oidcalc
+%attr(755,root,root) %{_bindir}/p7content
+%attr(755,root,root) %{_bindir}/p7env
+%attr(755,root,root) %{_bindir}/p7sign
+%attr(755,root,root) %{_bindir}/p7verify
+%attr(755,root,root) %{_bindir}/pk11_gtest
+%attr(755,root,root) %{_bindir}/pk11gcmtest
+%attr(755,root,root) %{_bindir}/pk11mode
+%attr(755,root,root) %{_bindir}/pk12util
+%attr(755,root,root) %{_bindir}/pk1sign
+%attr(755,root,root) %{_bindir}/pkix-errcodes
+%attr(755,root,root) %{_bindir}/pp
+%attr(755,root,root) %{_bindir}/pwdecrypt
+%attr(755,root,root) %{_bindir}/remtest
+%attr(755,root,root) %{_bindir}/rsaperf
+%attr(755,root,root) %{_bindir}/sdrtest
+%attr(755,root,root) %{_bindir}/secmodtest
+%attr(755,root,root) %{_bindir}/selfserv
+%attr(755,root,root) %{_bindir}/shlibsign
+%attr(755,root,root) %{_bindir}/signtool
+%attr(755,root,root) %{_bindir}/signver
+%attr(755,root,root) %{_bindir}/ssltap
+%attr(755,root,root) %{_bindir}/strsclnt
+%attr(755,root,root) %{_bindir}/symkeyutil
+%attr(755,root,root) %{_bindir}/tstclnt
+%attr(755,root,root) %{_bindir}/vfychain
+%attr(755,root,root) %{_bindir}/vfyserv
+%{_mandir}/man1/certutil.1*
+%{_mandir}/man1/cmsutil.1*
+%{_mandir}/man1/crlutil.1*
+%{_mandir}/man1/derdump.1*
+%{_mandir}/man1/modutil.1*
+%{_mandir}/man1/pk12util.1*
+%{_mandir}/man1/pp.1*
+%{_mandir}/man1/signtool.1*
+%{_mandir}/man1/signver.1*
+%{_mandir}/man1/ssltap.1*
+%{_mandir}/man1/vfychain.1*
+%{_mandir}/man1/vfyserv.1*
%files static
%defattr(644,root,root,755)
-%{_libdir}/lib*.a
-%exclude %{_libdir}/libcrmf.a
+%{_libdir}/libcertdb.a
+%{_libdir}/libcerthi.a
+%{_libdir}/libcryptohi.a
+%{_libdir}/libdbm.a
+%{_libdir}/libjar.a
+%{_libdir}/libnss.a
+%{_libdir}/libnssb.a
+%{_libdir}/libnssckfw.a
+%{_libdir}/libnssdbm.a
+%{_libdir}/libnssdev.a
+%{_libdir}/libnsspki.a
+%{_libdir}/libnssutil.a
+%{_libdir}/libpk11wrap.a
+%{_libdir}/libpkcs12.a
+%{_libdir}/libpkcs7.a
+%{_libdir}/libpkixcertsel.a
+%{_libdir}/libpkixchecker.a
+%{_libdir}/libpkixcrlsel.a
+%{_libdir}/libpkixmodule.a
+%{_libdir}/libpkixparams.a
+%{_libdir}/libpkixpki.a
+%{_libdir}/libpkixresults.a
+%{_libdir}/libpkixstore.a
+%{_libdir}/libpkixsystem.a
+%{_libdir}/libpkixtop.a
+%{_libdir}/libpkixutil.a
+%{_libdir}/libsectool.a
+%{_libdir}/libsmime.a
+%{_libdir}/libsoftokn.a
+%{_libdir}/libssl3.a
+
+%files softokn-freebl
+%defattr(644,root,root,755)
+%attr(755,root,root) /%{_lib}/libfreebl3.so
+/%{_lib}/libfreebl3.chk