From: Arkadiusz Miƛkiewicz Date: Sat, 18 Oct 2014 08:49:36 +0000 (+0200) Subject: - rel 5; enable enhanced ECC build (this requires ugly hacks); drop our makefile... X-Git-Tag: auto/th/nss-3.17.2-5~1 X-Git-Url: https://git.pld-linux.org/?p=packages%2Fnss.git;a=commitdiff_plain;h=1be8ae5513a872944ea1ee888d3dbd2fcfe7ed6e - rel 5; enable enhanced ECC build (this requires ugly hacks); drop our makefile patch which was renaming libraries; include libfreebl.a in -devel since it contains more things than freebl3.so (and these things are needed for icedtea7) --- diff --git a/nss-Makefile.patch b/nss-Makefile.patch deleted file mode 100644 index d04ff07..0000000 --- a/nss-Makefile.patch +++ /dev/null @@ -1,115 +0,0 @@ ---- nss-3.15/nss/coreconf/Linux.mk.orig 2006-04-25 03:32:16.000000000 +0200 -+++ nss-3.15/nss/coreconf/Linux.mk 2006-05-27 21:07:22.101515500 +0200 -@@ -169,8 +169,8 @@ - DSO_LDFLAGS = - LDFLAGS += $(ARCHFLAG) - --# INCLUDES += -I/usr/include -Y/usr/include/linux - G++INCLUDES = -I/usr/include/g++ -+INCLUDES += -I/usr/include/nspr - - # - # Always set CPU_TAG on Linux, OpenVMS, WINCE. ---- nss-3.15/nss/coreconf/ruleset.mk.orig 2005-09-16 18:09:23.000000000 +0100 -+++ nss-3.15/nss/coreconf/ruleset.mk 2006-01-26 15:13:55.000000000 +0000 -@@ -118,7 +118,7 @@ - - ifdef LIBRARY_NAME - ifndef LIBRARY -- LIBRARY = $(OBJDIR)/$(LIB_PREFIX)$(LIBRARY_NAME).$(LIB_SUFFIX) -+ LIBRARY = $(OBJDIR)/$(LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(LIB_SUFFIX) - endif - ifndef SHARED_LIBRARY - SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).$(DLL_SUFFIX) ---- nss-3.15/nss/cmd/platlibs.mk.orig 2013-06-08 07:11:01.663565564 +0200 -+++ nss-3.15/nss/cmd/platlibs.mk 2013-06-08 07:15:25.283560068 +0200 -@@ -37,13 +37,13 @@ - DEFINES += -DNSS_USE_STATIC_LIBS - # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) - ifndef NSS_USE_SYSTEM_FREEBL --CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) --SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) -+CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX) -+SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn3.$(LIB_SUFFIX) - else - # Use the system installed freebl static library and set softoken one to empty. - # Some tools need to link statically with freebl but none with softoken. Only - # the softoken shared library, not the static one, is installed in the system. --CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -+CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX) - SOFTOKENLIB= - EXTRA_SHARED_LIBS += \ - -L$(SOFTOKEN_LIB_DIR) \ -@@ -102,29 +102,29 @@ - else - - EXTRA_LIBS += \ -- $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)smime3.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)ssl3.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)nss3.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)ssl3.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)pk11wrap3.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)nsspki3.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)pk11wrap3.$(LIB_SUFFIX) \ - $(SOFTOKENLIB) \ - $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)nsspki3.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ - $(CRYPTOLIB) \ - $(DBMLIB) \ - $(PKIXLIB) \ -- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)nss3.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)pk11wrap3.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ - $(NULL) - ---- nss-3.15/nss/lib/ssl/config.mk.orig 2012-10-22 19:40:03.822256886 +0200 -+++ nss-3.15/nss/lib/ssl/config.mk 2012-10-22 20:42:30.725432977 +0200 -@@ -14,7 +14,7 @@ - ifdef NSS_NO_PKCS11_BYPASS - DEFINES += -DNO_PKCS11_BYPASS - else --CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -+CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX) - - EXTRA_LIBS += \ - $(CRYPTOLIB) \ ---- nss-3.15/nss/lib/softoken/legacydb/config.mk.orig 2009-06-11 02:55:49.000000000 +0200 -+++ nss-3.15/nss/lib/softoken/legacydb/config.mk 2009-08-28 22:40:40.392606747 +0200 -@@ -36,7 +36,7 @@ - # ***** END LICENSE BLOCK ***** - - # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) --CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -+CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX) - - EXTRA_LIBS += $(CRYPTOLIB) - ---- nss-3.15/nss/lib/softoken/config.mk.orig 2009-06-11 02:55:48.000000000 +0200 -+++ nss-3.15/nss/lib/softoken/config.mk 2009-08-28 22:39:36.436608423 +0200 -@@ -36,7 +36,7 @@ - # ***** END LICENSE BLOCK ***** - - # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) --CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) -+CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl3.$(LIB_SUFFIX) - - EXTRA_LIBS += \ - $(CRYPTOLIB) \ diff --git a/nss.spec b/nss.spec index 6bcac44..ff2a489 100644 --- a/nss.spec +++ b/nss.spec @@ -4,7 +4,7 @@ Summary: NSS - Network Security Services Summary(pl.UTF-8): NSS - Network Security Services Name: nss Version: 3.17.2 -Release: 4 +Release: 5 Epoch: 1 License: MPL v2.0 Group: Libraries @@ -15,9 +15,9 @@ Source2: %{name}-config.in Source3: http://www.cacert.org/certs/root.der # Source3-md5: a61b375e390d9c3654eebd2031461f6b Source4: nss-softokn.pc.in -Patch0: %{name}-Makefile.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1083900 -Patch1: tls12.patch +Patch0: tls12.patch +Patch1: build-nss-softoken-only.patch URL: http://www.mozilla.org/projects/security/pki/nss/ BuildRequires: nspr-devel >= %{nspr_ver} BuildRequires: nss-tools @@ -98,9 +98,8 @@ Biblioteka kryptograficzna freebl dla bibliotek NSS. %prep %setup -q -%patch0 -p1 cd nss -%patch1 -p1 +%patch0 -p1 cd .. %if 0%{!?debug:1} @@ -116,17 +115,34 @@ addbuiltin -n "CAcert Inc." -t "CT,C,C" < %{SOURCE3} >> nss/lib/ckfw/builtins/ce export USE_64=1 %endif -%{__make} -C nss -j1 all \ - NSDISTMODE=copy \ - NS_USE_GCC=1 \ - MOZILLA_CLIENT=1 \ - NO_MDUPDATE=1 \ - USE_PTHREADS=1 \ - USE_SYSTEM_ZLIB=1 \ - ZLIB_LIBS="-lz" \ - NSS_USE_SYSTEM_SQLITE=1 \ - NSS_ENABLE_ECC=1 \ - BUILD_OPT=1 \ +# http://pki.fedoraproject.org/wiki/ECC_Capable_NSS + +for dir in ecc noecc; do + install -d $dir + cp -a nss $dir/nss +done + +NSPR_INCLUDE_DIR=/usr/include/nspr; export NSPR_INCLUDE_DIR +NSDISTMODE=copy; export NSDISTMODE +MOZILLA_CLIENT=1; export MOZILLA_CLIENT +USE_PTHREADS=1; export USE_PTHREADS +USE_SYSTEM_ZLIB=1; export USE_SYSTEM_ZLIB +ZLIB_LIBS="-lz"; export ZLIB_LIBS +NSS_USE_SYSTEM_SQLITE=1; export NSS_USE_SYSTEM_SQLITE +BUILD_OPT=1; export BUILD_OPT=1 + +# https://bugzilla.mozilla.org/show_bug.cgi?id=1084623 + +# Forcing ecc with this hack would produce broken librares (softoken, freebl etc). +# Thus we also build noecc version (which doesn't require hack) and use these +# libs from there. +sed -i -e 's|#error|#warning|g' ecc/nss/lib/freebl/ecl/ecl-curve.h +%{__make} -j1 -C ecc/nss \ + NSS_ECC_MORE_THAN_SUITE_B=1 \ + CC="%{__cc}" \ + OPTIMIZER="%{rpmcflags} %{rpmcppflags}" \ + +%{__make} -j1 -C noecc/nss \ CC="%{__cc}" \ OPTIMIZER="%{rpmcflags} %{rpmcppflags}" @@ -134,11 +150,17 @@ export USE_64=1 rm -rf $RPM_BUILD_ROOT install -d $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1,%{_includedir}/nss,/%{_lib},%{_libdir},%{_pkgconfigdir}} -install dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss -install dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss -install dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss -install dist/*/bin/* $RPM_BUILD_ROOT%{_bindir} -install dist/*/lib/* $RPM_BUILD_ROOT%{_libdir} +install ecc/dist/private/nss/* $RPM_BUILD_ROOT%{_includedir}/nss +install ecc/dist/public/dbm/* $RPM_BUILD_ROOT%{_includedir}/nss +install ecc/dist/public/nss/* $RPM_BUILD_ROOT%{_includedir}/nss +install ecc/dist/*/bin/* $RPM_BUILD_ROOT%{_bindir} +install ecc/dist/*/lib/* $RPM_BUILD_ROOT%{_libdir} + +# non-ECC version, we need only libnssdbm3, libsoftokn3, libfreebl3 +install noecc/dist/*/lib/libnssdbm3.* $RPM_BUILD_ROOT%{_libdir} +install noecc/dist/*/lib/libsoftokn3.* $RPM_BUILD_ROOT%{_libdir} +install noecc/dist/*/lib/libfreebl3.* $RPM_BUILD_ROOT%{_libdir} + cp -p nss/doc/nroff/*.1 $RPM_BUILD_ROOT%{_mandir}/man1 %{__sed} -e ' @@ -179,6 +201,9 @@ ln -s /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT%{_libdir}/libfreebl3.so mv $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk $RPM_BUILD_ROOT/%{_lib} ln -s /%{_lib}/libfreebl3.chk $RPM_BUILD_ROOT%{_libdir}/libfreebl3.chk +# conflict with openssl-static +mv $RPM_BUILD_ROOT%{_libdir}/libssl{,3}.a + if [ ! -f "$RPM_BUILD_ROOT%{_includedir}/nss/nsslowhash.h" ]; then echo "ERROR: %{_includedir}/nss/nsslowhash.h not installed. Needed by glibc" >&2 exit 1 @@ -210,6 +235,7 @@ rm -rf $RPM_BUILD_ROOT %defattr(644,root,root,755) %attr(755,root,root) %{_bindir}/nss-config %{_libdir}/libcrmf.a +%{_libdir}/libfreebl.a %{_includedir}/nss %{_pkgconfigdir}/mozilla-nss.pc %{_pkgconfigdir}/nss.pc @@ -291,16 +317,15 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libcerthi.a %{_libdir}/libcryptohi.a %{_libdir}/libdbm.a -%{_libdir}/libfreebl3.a %{_libdir}/libjar.a -%{_libdir}/libnss3.a +%{_libdir}/libnss.a %{_libdir}/libnssb.a %{_libdir}/libnssckfw.a -%{_libdir}/libnssdbm3.a +%{_libdir}/libnssdbm.a %{_libdir}/libnssdev.a -%{_libdir}/libnsspki3.a -%{_libdir}/libnssutil3.a -%{_libdir}/libpk11wrap3.a +%{_libdir}/libnsspki.a +%{_libdir}/libnssutil.a +%{_libdir}/libpk11wrap.a %{_libdir}/libpkcs12.a %{_libdir}/libpkcs7.a %{_libdir}/libpkixcertsel.a @@ -315,8 +340,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpkixtop.a %{_libdir}/libpkixutil.a %{_libdir}/libsectool.a -%{_libdir}/libsmime3.a -%{_libdir}/libsoftokn3.a +%{_libdir}/libsmime.a +%{_libdir}/libsoftokn.a %{_libdir}/libssl3.a %files softokn-freebl