nss-3.21.1-2

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@10387 ec354946-7b23-47d6-9f5a-488ba84defc7

n/nss/nss-vl.spec

@@ -1,12 +1,33 @@
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
 
+%define _unpackaged_files_terminate_build 1
+
 %define nspr_version 4.11
 %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
+# Produce .chk files for the final stripped binaries
+#
+# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
+# against the freebl that we just built. This is necessary
+# because the signing algorithm changed on 3.14 to DSA2 with SHA256
+# whereas we previously signed with DSA and SHA1. We must Keep this line
+# until all mock platforms have been updated.
+# After %%{__os_install_post} we would add
+# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
+%{nil}
+
+
 Summary:          Network Security Services
 Name:             nss
 Version:          3.21.1
-Release:          1%{?_dist_release}
+Release:          2%{?_dist_release}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -23,6 +44,8 @@ Source8:          system-pkcs11.txt
 Source12:         %{name}-pem-20140125.tar.bz2
 Source101:	  nss-util.pc.in
 Source102:	  nss-util-config.in
+Source103:        nss-softokn.pc.in
+Source104:        nss-softokn-config.in
 
 Patch2:           add-relro-linker-option.patch
 Patch3:           renegotiate-transitional.patch
@@ -31,11 +54,6 @@ Patch16:          nss-539183.patch
 Patch18:          nss-646045.patch
 # TODO: Remove this patch when the ocsp test are fixed
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
-# Fedora / RHEL-only patch, the templates directory was originally 
-# introduced to support mod _revocator
-Patch47:          utilwrap-include-templates.patch
-# TODO remove when we switch to building nss without softoken
-Patch49:          nss-skip-bltest-and-fipstest.patch
 Patch50:          iquote.patch
 # As of nss-3.21 we compile NSS with -Werror.
 # see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
@@ -107,6 +125,8 @@ BuildRequires:    sqlite3-devel
 BuildRequires:    zlib-devel
 BuildRequires:    pkgconfig
 BuildRequires:    gawk
+BuildRequires:    psmisc
+BuildRequires:    perl
 Provides:         mozilla-nss
 Obsoletes:        mozilla-nss
 Requires:         nspr >= %{nspr_version}
@@ -182,8 +202,6 @@ pushd nss
 %patch18 -p1 -b .646045
 popd
 %patch40 -p0 -b .noocsptest
-%patch47 -p0 -b .templates
-%patch49 -p0 -b .skipthem
 %patch50 -p0 -b .iquote
 %patch51 -p1 -b -Werror
 pushd nss
@@ -242,11 +260,22 @@ popd
 
 export NSS_NO_SSL2=1
 
-#NSS_NO_PKCS11_BYPASS=1
-#export NSS_NO_PKCS11_BYPASS
+NSS_NO_PKCS11_BYPASS=1
+export NSS_NO_PKCS11_BYPASS
+
+# partial RELRO support as a security enhancement
+LDFLAGS+=-Wl,-z,relro
+export LDFLAGS
 
-#FREEBL_NO_DEPEND=1
-#export FREEBL_NO_DEPEND
+FREEBL_NO_DEPEND=1
+export FREEBL_NO_DEPEND
+
+# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
+# copied to dist and the rpm install phase can find it
+# This due of the upstream changes to fix
+# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
+FREEBL_LOWHASH=1
+export FREEBL_LOWHASH
 
 # Enable compiler optimizations and disable debugging code
 BUILD_OPT=1
@@ -270,11 +299,14 @@ export NSPR_LIB_DIR
 
 #export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
 #export FREEBL_LIB_DIR=%{_libdir}
-#export USE_SYSTEM_FREEBL=0
+export USE_SYSTEM_FREEBL=0
 
 NSS_USE_SYSTEM_SQLITE=1
 export NSS_USE_SYSTEM_SQLITE
 
+export USE_SYSTEM_ZLIB=1
+export ZLIB_LIBS=%{_libdir}
+
 %ifarch x86_64 ppc64 ia64 s390x
 USE_64=1
 export USE_64
@@ -283,12 +315,73 @@ export USE_64
 # uncomment if the iquote patch is activated
 export IN_TREE_FREEBL_HEADERS_FIRST=1
 
-export NSS_BLTEST_NOT_AVAILABLE=1
+#export NSS_BLTEST_NOT_AVAILABLE=1
 # 
-%{__make} -C ./nss/coreconf
-%{__make} -C ./nss/lib/dbm
+#%{__make} -C ./nss/coreconf
+#%{__make} -C ./nss/lib/dbm
 %{__make} -C ./nss
 
+
+%install
+
+# There is no make install target so we'll do it ourselves.
+
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+
+# Copy the binary libraries we want
+for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
+            libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so
+do
+  %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+done
+
+# Install the empty NSS db files
+# Legacy db
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
+%{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
+%{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
+%{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
+# Shared db
+%{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
+%{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
+%{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
+
+
+# Copy the development libraries we want
+for file in libcrmf.a libnssb.a libnssckfw.a
+do
+  %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+done
+
+# Copy the binaries we want
+for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+do
+  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
+done
+
+# Copy the binaries we ship as unsupported
+for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain
+do
+  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
+done
+
+# Copy the include files
+for file in dist/public/nss/*.h
+do
+  %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
+done
+
+# Copy some freebl include files we also want
+for file in blapi.h alghmac.h
+do
+  %{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
+done
+
 # Set up our package file
 %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
 %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
@@ -347,63 +440,33 @@ export NSSUTIL_VPATCH
 
 chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
 
-%install
-
-# There is no make install target so we'll do it ourselves.
-
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
-
-# Copy the binary libraries we want
-for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
-            libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so
-do
-  %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
-done
-
-# These ghost files will be generated in the post step
-touch $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.chk
-touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk
-
-# Install the empty NSS db files
-# Legacy db
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
-%{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
-%{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
-%{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
-# Shared db
-%{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
-%{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
-%{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
-
+%{__cat} %{SOURCE103} | sed -e "s,%%libdir%%,%{_libdir},g" \
+                          -e "s,%%prefix%%,%{_prefix},g" \
+                          -e "s,%%exec_prefix%%,%{_prefix},g" \
+                          -e "s,%%includedir%%,%{_includedir}/nss3,g" \
+                          -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
+                          -e "s,%%NSSUTIL_VERSION%%,%{version},g" \
+                          -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
+                          $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
 
-# Copy the development libraries we want
-for file in libcrmf.a libnssb.a libnssckfw.a
-do
-  %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
-done
+SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
+SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
+SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
 
-# Copy the binaries we want
-for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
-do
-  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
-done
+export SOFTOKEN_VMAJOR
+export SOFTOKEN_VMINOR
+export SOFTOKEN_VPATCH
 
-# Copy the binaries we ship as unsupported
-for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain
-do
-  %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
-done
+%{__cat} %{SOURCE104} | sed -e "s,@libdir@,%{_libdir},g" \
+                          -e "s,@prefix@,%{_prefix},g" \
+                          -e "s,@exec_prefix@,%{_prefix},g" \
+                          -e "s,@includedir@,%{_includedir}/nss3,g" \
+                          -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
+                          -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
+                          -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
+                          > $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
 
-# Copy the include files
-for file in dist/public/nss/*.h
-do
-  %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
-done
+chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
 
 
 %clean
@@ -412,9 +475,6 @@ done
 
 %post
 /sbin/ldconfig >/dev/null 2>/dev/null
-%{unsupported_tools_directory}/shlibsign -i %{_libdir}/libsoftokn3.so >/dev/null 2>/dev/null
-%{unsupported_tools_directory}/shlibsign -i %{_libdir}/libfreebl3.so >/dev/null 2>/dev/null
-
 
 %postun
 /sbin/ldconfig >/dev/null 2>/dev/null
@@ -432,8 +492,9 @@ done
 %{_libdir}/libnsspem.so
 %{_libdir}/libfreebl3.so
 %{unsupported_tools_directory}/shlibsign
-%ghost %{_libdir}/libsoftokn3.chk
-%ghost %{_libdir}/libfreebl3.chk
+%{_libdir}/libfreebl3.chk
+%{_libdir}/libnssdbm3.chk
+%{_libdir}/libsoftokn3.chk
 %dir %{_sysconfdir}/pki/nssdb
 %config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
 %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
@@ -469,12 +530,16 @@ done
 %defattr(-,root,root)
 %{_libdir}/libcrmf.a
 %{_libdir}/pkgconfig/nss.pc
+%{_libdir}/pkgconfig/nss-softokn.pc
 %{_libdir}/pkgconfig/nss-util.pc
 %{_bindir}/nss-config
+%{_bindir}/nss-softokn-config
 %{_bindir}/nss-util-config
 
 %dir %{_includedir}/nss3
+%{_includedir}/nss3/alghmac.h
 %{_includedir}/nss3/base64.h
+%{_includedir}/nss3/blapi.h
 %{_includedir}/nss3/blapit.h
 %{_includedir}/nss3/cert.h
 %{_includedir}/nss3/certdb.h
@@ -590,6 +655,10 @@ done
 
 
 %changelog
+* Mon Jun 20 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.21.1-2
+- enabled softokn and freebl.
+- dropped Patch47 and Patch49.
+
 * Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.21.1-1
 - update to 3.21.1
 - import patches from centos package