%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} %define nspr_version 4.10.1 %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools Summary: Network Security Services Name: nss Version: 3.15.2 Release: 1%{?_dist_release} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries Source0: %{name}-%{version}.tar.gz Source1: nss.pc.in Source2: nss-config.in Source3: blank-cert8.db Source4: blank-key3.db Source5: blank-secmod.db Source12: %{name}-pem-20130828.tar.bz2 Source101: nss-util.pc.in Source102: nss-util-config.in Patch2: add-relro-linker-option.patch Patch3: renegotiate-transitional.patch Patch6: nss-enable-pem.patch Patch16: nss-539183.patch Patch18: nss-646045.patch # TODO: Remove this patch when the ocsp test are fixed Patch40: nss-3.14.0.0-disble-ocsp-test.patch Patch44: 0001-sync-up-with-upstream-softokn-changes.patch Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch # The ocsp stapling tests currently require access to the # kuix.de test server but koji forbids outbount connections Patch46: disable-ocsp-stapling-tests.patch # Fedora / RHEL-only patch, the templates directory was originally # introduced to support mod _revocator Patch47: utilwrap-include-templates.patch # TODO submit this patch upstream Patch48: nss-versus-softoken-tests.patch # TODO remove when we switch to building nss without softoken Patch49: nss-skip-bltest-and-fipstest.patch Patch50: iquote.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: nspr-devel >= %{nspr_version} BuildRequires: sqlite3-devel BuildRequires: zlib-devel BuildRequires: pkgconfig BuildRequires: gawk Provides: mozilla-nss Obsoletes: mozilla-nss Requires: nspr >= %{nspr_version} %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. %package tools Summary: Tools for the Network Security Services Group: System Environment/Base Requires: nss = %{version}-%{release} %description tools Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Install the nss-tools package if you need command-line tools to manipulate the NSS certificate and key database. %package devel Summary: Development libraries for Network Security Services Group: Development/Libraries Requires: nss = %{version}-%{release} Requires: nspr-devel >= %{nspr_version} Provides: mozilla-nss-devel Obsoletes: mozilla-nss-devel %description devel Header and Library files for doing development with Network Security Services. %package pkcs11-devel Summary: Development libraries for PKCS #11 (Cryptoki) using NSS Group: Development/Libraries Requires: nss-devel = %{version}-%{release} %description pkcs11-devel Library files for developing PKCS #11 modules using basic NSS low level services. ## to build compat32 for x86_64 architecture support %package -n compat32-%{name} Summary: Network Security Services Group: System Environment/Libraries %description -n compat32-%{name} Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. %prep %setup -q %setup -q -T -D -n %{name}-%{version} -a 12 %patch2 -p0 -b .relro %patch3 -p0 -b .transitional %patch6 -p0 -b .libpem %patch16 -p0 -b .539183 %patch18 -p0 -b .646045 %patch40 -p0 -b .noocsptest %patch44 -p1 -b .syncupwithupstream %patch45 -p0 -b .notrash %patch46 -p0 -b .skipoutbound %patch47 -p0 -b .templates %patch48 -p0 -b .crypto %patch49 -p0 -b .skipthem %patch50 -p0 -b .iquote %build #NSS_NO_PKCS11_BYPASS=1 #export NSS_NO_PKCS11_BYPASS #FREEBL_NO_DEPEND=1 #export FREEBL_NO_DEPEND # Enable compiler optimizations and disable debugging code BUILD_OPT=1 export BUILD_OPT # Generate symbolic info for debuggers XCFLAGS=$RPM_OPT_FLAGS export XCFLAGS PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 export PKG_CONFIG_ALLOW_SYSTEM_LIBS export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` export NSPR_INCLUDE_DIR export NSPR_LIB_DIR export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'` export FREEBL_LIB_DIR=%{_libdir} export USE_SYSTEM_FREEBL=1 NSS_USE_SYSTEM_SQLITE=1 export NSS_USE_SYSTEM_SQLITE %ifarch x86_64 ppc64 ia64 s390x USE_64=1 export USE_64 %endif # %{__make} -C ./nss/coreconf %{__make} -C ./nss/lib/dbm %{__make} -C ./nss # Set up our package file %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ -e "s,%%includedir%%,%{_includedir}/nss3,g" \ -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ -e "s,%%NSS_VERSION%%,%{version},g" \ -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` export NSS_VMAJOR export NSS_VMINOR export NSS_VPATCH %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} %{__cat} %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ -e "s,@includedir@,%{_includedir}/nss3,g" \ -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ > $RPM_BUILD_ROOT/%{_bindir}/nss-config chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config %{__cat} %{SOURCE101} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ -e "s,%%includedir%%,%{_includedir}/nss3,g" \ -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'` NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'` NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'` export NSSUTIL_VMAJOR export NSSUTIL_VMINOR export NSSUTIL_VPATCH %{__cat} %{SOURCE102} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ -e "s,@includedir@,%{_includedir}/nss3,g" \ -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \ > $RPM_BUILD_ROOT/%{_bindir}/nss-util-config chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-util-config %install # There is no make install target so we'll do it ourselves. %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig # Copy the binary libraries we want for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \ libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so do %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} done # These ghost files will be generated in the post step touch $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.chk touch $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.chk # Install the empty NSS db files %{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb %{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db %{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db %{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db # Copy the development libraries we want for file in libcrmf.a libnssb.a libnssckfw.a do %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} done # Copy the binaries we want for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap do %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir} done # Copy the binaries we ship as unsupported for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain do %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} done # Copy the include files for file in dist/public/nss/*.h do %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 done %clean %{__rm} -rf $RPM_BUILD_ROOT %post /sbin/ldconfig >/dev/null 2>/dev/null %{unsupported_tools_directory}/shlibsign -i %{_libdir}/libsoftokn3.so >/dev/null 2>/dev/null %{unsupported_tools_directory}/shlibsign -i %{_libdir}/libfreebl3.so >/dev/null 2>/dev/null %postun /sbin/ldconfig >/dev/null 2>/dev/null %files %defattr(-,root,root) %{_libdir}/libnss3.so %{_libdir}/libnssutil3.so %{_libdir}/libnssdbm3.so %{_libdir}/libssl3.so %{_libdir}/libsmime3.so %{_libdir}/libsoftokn3.so %{_libdir}/libnssckbi.so %{_libdir}/libnsspem.so %{_libdir}/libfreebl3.so %{unsupported_tools_directory}/shlibsign %ghost %{_libdir}/libsoftokn3.chk %ghost %{_libdir}/libfreebl3.chk %dir %{_sysconfdir}/pki/nssdb %config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db %files tools %defattr(-,root,root) %{_bindir}/certutil %{_bindir}/cmsutil %{_bindir}/crlutil %{_bindir}/modutil %{_bindir}/pk12util %{_bindir}/signtool %{_bindir}/signver %{_bindir}/ssltap %{unsupported_tools_directory}/atob %{unsupported_tools_directory}/btoa %{unsupported_tools_directory}/derdump %{unsupported_tools_directory}/ocspclnt %{unsupported_tools_directory}/pp %{unsupported_tools_directory}/selfserv %{unsupported_tools_directory}/strsclnt %{unsupported_tools_directory}/symkeyutil %{unsupported_tools_directory}/tstclnt %{unsupported_tools_directory}/vfyserv %{unsupported_tools_directory}/vfychain %files devel %defattr(-,root,root) %{_libdir}/libcrmf.a %{_libdir}/pkgconfig/nss.pc %{_libdir}/pkgconfig/nss-util.pc %{_bindir}/nss-config %{_bindir}/nss-util-config %dir %{_includedir}/nss3 %{_includedir}/nss3/base64.h %{_includedir}/nss3/blapit.h %{_includedir}/nss3/cert.h %{_includedir}/nss3/certdb.h %{_includedir}/nss3/certt.h %{_includedir}/nss3/ciferfam.h %{_includedir}/nss3/cmmf.h %{_includedir}/nss3/cmmft.h %{_includedir}/nss3/cms.h %{_includedir}/nss3/cmsreclist.h %{_includedir}/nss3/cmst.h %{_includedir}/nss3/crmf.h %{_includedir}/nss3/crmft.h %{_includedir}/nss3/cryptohi.h %{_includedir}/nss3/cryptoht.h %{_includedir}/nss3/ecl-exp.h %{_includedir}/nss3/hasht.h %{_includedir}/nss3/jar-ds.h %{_includedir}/nss3/jar.h %{_includedir}/nss3/jarfile.h %{_includedir}/nss3/key.h %{_includedir}/nss3/keyhi.h %{_includedir}/nss3/keyt.h %{_includedir}/nss3/keythi.h %{_includedir}/nss3/nss.h %{_includedir}/nss3/nssb64.h %{_includedir}/nss3/nssb64t.h %{_includedir}/nss3/nssckbi.h %{_includedir}/nss3/nssilckt.h %{_includedir}/nss3/nssilock.h %{_includedir}/nss3/nsslocks.h %{_includedir}/nss3/nsslowhash.h %{_includedir}/nss3/nsspem.h %{_includedir}/nss3/nssrwlk.h %{_includedir}/nss3/nssrwlkt.h %{_includedir}/nss3/nssutil.h %{_includedir}/nss3/ocsp.h %{_includedir}/nss3/ocspt.h %{_includedir}/nss3/p12.h %{_includedir}/nss3/p12plcy.h %{_includedir}/nss3/p12t.h %{_includedir}/nss3/pk11func.h %{_includedir}/nss3/pk11pqg.h %{_includedir}/nss3/pk11priv.h %{_includedir}/nss3/pk11pub.h %{_includedir}/nss3/pk11sdr.h %{_includedir}/nss3/pkcs11.h %{_includedir}/nss3/pkcs11f.h %{_includedir}/nss3/pkcs11n.h %{_includedir}/nss3/pkcs11p.h %{_includedir}/nss3/pkcs11t.h %{_includedir}/nss3/pkcs11u.h %{_includedir}/nss3/pkcs12.h %{_includedir}/nss3/pkcs12t.h %{_includedir}/nss3/pkcs7t.h %{_includedir}/nss3/portreg.h %{_includedir}/nss3/preenc.h %{_includedir}/nss3/secasn1.h %{_includedir}/nss3/secasn1t.h %{_includedir}/nss3/seccomon.h %{_includedir}/nss3/secder.h %{_includedir}/nss3/secdert.h %{_includedir}/nss3/secdig.h %{_includedir}/nss3/secdigt.h %{_includedir}/nss3/secerr.h %{_includedir}/nss3/sechash.h %{_includedir}/nss3/secitem.h %{_includedir}/nss3/secmime.h %{_includedir}/nss3/secmod.h %{_includedir}/nss3/secmodt.h %{_includedir}/nss3/secoid.h %{_includedir}/nss3/secoidt.h %{_includedir}/nss3/secpkcs5.h %{_includedir}/nss3/secpkcs7.h %{_includedir}/nss3/secport.h %{_includedir}/nss3/shsign.h %{_includedir}/nss3/smime.h %{_includedir}/nss3/ssl.h %{_includedir}/nss3/sslerr.h %{_includedir}/nss3/sslproto.h %{_includedir}/nss3/sslt.h %{_includedir}/nss3/utilrename.h %{_includedir}/nss3/utilmodt.h %{_includedir}/nss3/utilpars.h %{_includedir}/nss3/utilparst.h %files pkcs11-devel %defattr(-, root, root) %{_includedir}/nss3/nssbase.h %{_includedir}/nss3/nssbaset.h %{_includedir}/nss3/nssckepv.h %{_includedir}/nss3/nssckft.h %{_includedir}/nss3/nssckfw.h %{_includedir}/nss3/nssckfwc.h %{_includedir}/nss3/nssckfwt.h %{_includedir}/nss3/nssckg.h %{_includedir}/nss3/nssckmdt.h %{_includedir}/nss3/nssckt.h %{_libdir}/libnssb.a %{_libdir}/libnssckfw.a ## to build compat32 for x86_64 architecture support %if %{build_compat32} %files -n compat32-%{name} %defattr(-,root,root) %{_libdir}/*.so %ghost %{_libdir}/libsoftokn3.chk %ghost %{_libdir}/libfreebl3.chk %{unsupported_tools_directory}/shlibsign %endif %changelog * Thu Apr 04 2013 Daisuke SUZUKI 3.14.3-1 - update to 3.24.3 - import patches from fedora package * Wed Jan 09 2013 Daisuke SUZUKI 3.14.1-1 - update to 3.14.1 * Sat Sep 15 2012 Yoji TOYODA 3.13.6-2 - add Source101 (nss-util.pc.in) - add Source102 (nss-util-config.in) * Mon Sep 03 2012 Daisuke SUZUKI 3.13.6-1 - new upstream release * Sun Mar 18 2012 Yoji TOYODA 3.13.3-1 - new upstream release * Thu Dec 22 2011 Daisuke SUZUKI 3.13.1-2 - fix nss.pc * Wed Dec 21 2011 Daisuke SUZUKI 3.13.1-1 - new upstream release * Fri Sep 02 2011 Daisuke SUZUKI 3.12.11-1 - new upstram release * Wed Jun 01 2011 Daisuke SUZUKI 3.12.10-1 - update to 3.12.10 * Tue Mar 29 2011 Daisuke SUZUKI 3.12.9-1 - update to 3.12.9.with.ckbi.1.82 - update nss-pem source - define NSS_USE_SYSTEM_SQLITE, remove unneeded Patch2 * Thu Sep 23 2010 Yoji TOYODA 3.12.6-2 - rebuild with rpm-4.8.1 for pkg-config file * Wed Apr 7 2010 MATSUBAYASHI Kohji 3.12.6-1 - new upstream release - update nss-pem Source12 to 20091210 (from 3.12.6-2.fc14) * Sat Jan 23 2010 NAKAMURA Kenta 3.12.5-2 - built with FREEBL_NO_DEPEND environmental variable to include nsslowhash.h * Sat Jan 09 2010 Daisuke SUZUKI 3.12.5-1 - new upstream release * Mon Jul 06 2009 Daisuke SUZUKI 3.12.3-4 - rebuild to fix the package built with broken environment. * Sun Jul 05 2009 Munehiro Yamamoto 3.12.3-3 - fixed %%files for compat32 * Sat Jul 04 2009 Munehiro Yamamoto 3.12.3-2 - added compat32 subpackages * Wed Apr 22 2009 Daisuke SUZUKI 3.12.3-1 - new upstream release * Wed Jul 02 2008 Daisuke SUZUKI 3.12-1 - new upstream release * Fri May 18 2007 Daisuke SUZUKI 3.11.4-0vl1 - initial build for Vine Linux * Fri Mar 02 2007 Kai Engert - 3.11.5-2 - Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password. * Sat Feb 24 2007 Kai Engert - 3.11.5-1 - Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package * Tue Jan 9 2007 Bob Relyea - 3.11.4-4 - disable ECC, cleanout dead code * Tue Nov 28 2006 Kai Engert - 3.11.4-1 - Update to 3.11.4 * Thu Sep 14 2006 Kai Engert - 3.11.3-2 - Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure. * Thu Sep 14 2006 Kai Engert - 3.11.3-1 - Update to 3.11.3 * Thu Aug 03 2006 Kai Engert - 3.11.2-2 - Add /etc/pki/nssdb * Wed Jul 12 2006 Jesse Keating - 3.11.2-1.1 - rebuild * Fri Jun 30 2006 Kai Engert - 3.11.2-1 - Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info. * Wed Jun 14 2006 Kai Engert - 3.11.1-2 - Enable Elliptic Curve Cryptography (ECC) * Fri May 26 2006 Kai Engert - 3.11.1-1 - Update to 3.11.1 - Include upstream patch to limit curves * Wed Feb 15 2006 Kai Engert - 3.11-4 - add --noexecstack when compiling assembler on x86_64 * Fri Feb 10 2006 Jesse Keating - 3.11-3.2 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating - 3.11-3.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Thu Jan 19 2006 Ray Strode 3.11-3 - rebuild * Fri Dec 16 2005 Christopher Aillon 3.11-2 - Update file list for the devel packages * Thu Dec 15 2005 Christopher Aillon 3.11-1 - Update to 3.11 * Thu Dec 15 2005 Christopher Aillon 3.11-0.cvs.2 - Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr * Thu Dec 15 2005 Christopher Aillon 3.11-0.cvs - Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file * Thu Dec 15 2005 Kai Engert - Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon. * Sat Jul 9 2005 Rob Crittenden 3.10-1 - Initial build