123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821 |
- %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
- %define _unpackaged_files_terminate_build 1
- %define nspr_version 4.11
- %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
- # Produce .chk files for the final stripped binaries
- #
- # NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
- # against the freebl that we just built. This is necessary
- # because the signing algorithm changed on 3.14 to DSA2 with SHA256
- # whereas we previously signed with DSA and SHA1. We must Keep this line
- # until all mock platforms have been updated.
- # After %%{__os_install_post} we would add
- # export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
- %define __spec_install_post \
- %{?__debug_package:%{__debug_install_post}} \
- %{__arch_install_post} \
- %{__os_install_post} \
- $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
- $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
- $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
- %{nil}
- Summary: Network Security Services
- Name: nss
- Version: 3.21.1
- Release: 3%{?_dist_release}
- License: MPLv1.1 or GPLv2+ or LGPLv2+
- URL: http://www.mozilla.org/projects/security/pki/nss/
- Group: System Environment/Libraries
- Vendor: Project Vine
- Distribution: Vine Linux
- Source0: %{name}-%{version}.tar.gz
- Source1: nss.pc.in
- Source2: nss-config.in
- Source3: blank-cert8.db
- Source4: blank-key3.db
- Source5: blank-secmod.db
- Source6: blank-cert9.db
- Source7: blank-key4.db
- Source8: system-pkcs11.txt
- Source12: %{name}-pem-20140125.tar.bz2
- Source101: nss-util.pc.in
- Source102: nss-util-config.in
- Source103: nss-softokn.pc.in
- Source104: nss-softokn-config.in
- Patch2: add-relro-linker-option.patch
- Patch3: renegotiate-transitional.patch
- Patch6: nss-enable-pem.patch
- Patch16: nss-539183.patch
- Patch18: nss-646045.patch
- # TODO: Remove this patch when the ocsp test are fixed
- Patch40: nss-3.14.0.0-disble-ocsp-test.patch
- Patch50: iquote.patch
- # As of nss-3.21 we compile NSS with -Werror.
- # see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
- # This requires a cleanup of the PEM module as we have it here.
- # TODO: submit a patch to the interim nss-pem upstream project
- # The submission will be very different from this patch as
- # cleanup there is already in progress there.
- Patch51: pem-compile-with-Werror.patch
- Patch52: Bug-1001841-disable-sslv2-libssl.patch
- Patch53: Bug-1001841-disable-sslv2-tests.patch
- Patch54: sslauth-no-v2.patch
- Patch55: enable-fips-when-system-is-in-fips-mode.patch
- # rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677
- Patch56: p-ignore-setpolicy.patch
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
- Patch62: nss-fix-deadlock-squash.patch
- # Two patches from from rhel6.8 that are also needed for rhel-7
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1054373
- Patch74: race.patch
- Patch94: nss-3.16-token-init-race.patch
- Patch99: ssl-server-min-key-sizes.patch
- Patch100: fix-min-library-version-in-SSLVersionRange.patch
- # Add support for sha384 tls cipher suites, dss cipher suites, and
- # server-side dhe key exchange
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=102794
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
- Patch101: dhe-sha384-dss-support.patch
- # TODO: From upstream review: For the client authentication case, should
- # probably drop our hack of swapping between sha256 and sha384 and plan
- # on implementing the fix we already have a patch for. What is that fix?
- Patch102: client_auth_for_sha384_prf_support.patch
- Patch103: nss-fix-client-auth-init-hashes.patch
- Patch104: nss-map-oid-to-hashalg.patch
- Patch105: nss-remove-bogus-assert.patch
- Patch106: nss-old-pkcs11-num.patch
- Patch107: nss-enable-384-cipher-tests.patch
- Patch108: nss-sni-c-v-fix.patch
- Patch109: nss-fix-signature-and-hash.patch
- Patch110: nss-sslstress-txt-ssl3-lower-value-in-range.patch
- # Enable by default two additional ciphers and fix order of two tables
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1211403
- Patch112: rh1238290.patch
- # Local: keep as long nss-softokn lacks support
- Patch113: disable-extended-master-secret-with-old-softoken.patch
- # extra tests needed
- Patch114: tests-extra.patch
- Patch115: nss-prevent-abi-issue.patch
- Patch116: nss-tests-prevent-abi-issue.patch
- Patch117: fix-nss-test-filtering.patch
- Patch118: fix-allowed-sig-alg.patch
- Patch119: nss-ssl-ssl3con-delete-duplicates.patch
- # Local patches
- Patch1002: hasht-dont-include-prtypes.patch
- Patch1007: pkcs1sig-include-prtypes.patch
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455
- # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
- Patch1008: nss-util-3.19.1-tls12-mechanisms.patch
- BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
- BuildRequires: nspr-devel >= %{nspr_version}
- BuildRequires: sqlite3-devel
- BuildRequires: zlib-devel
- BuildRequires: pkgconfig
- BuildRequires: gawk
- BuildRequires: psmisc
- BuildRequires: perl
- Provides: mozilla-nss
- Obsoletes: mozilla-nss
- Requires: nspr >= %{nspr_version}
- %description
- Network Security Services (NSS) is a set of libraries designed to
- support cross-platform development of security-enabled client and
- server applications. Applications built with NSS can support SSL v2
- and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
- v3 certificates, and other security standards.
- %package tools
- Summary: Tools for the Network Security Services
- Group: System Environment/Base
- Requires: nss = %{version}-%{release}
- %description tools
- Network Security Services (NSS) is a set of libraries designed to
- support cross-platform development of security-enabled client and
- server applications. Applications built with NSS can support SSL v2
- and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
- v3 certificates, and other security standards.
- Install the nss-tools package if you need command-line tools to
- manipulate the NSS certificate and key database.
- %package devel
- Summary: Development libraries for Network Security Services
- Group: Development/Libraries
- Requires: nss = %{version}-%{release}
- Requires: nspr-devel >= %{nspr_version}
- Provides: mozilla-nss-devel
- Obsoletes: mozilla-nss-devel
- %description devel
- Header and Library files for doing development with Network Security Services.
- %package pkcs11-devel
- Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
- Group: Development/Libraries
- Requires: nss-devel = %{version}-%{release}
- %description pkcs11-devel
- Library files for developing PKCS #11 modules using basic NSS
- low level services.
- ## to build compat32 for x86_64 architecture support
- %package -n compat32-%{name}
- Summary: Network Security Services
- Group: System Environment/Libraries
- %description -n compat32-%{name}
- Network Security Services (NSS) is a set of libraries designed to
- support cross-platform development of security-enabled client and
- server applications. Applications built with NSS can support SSL v2
- and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
- v3 certificates, and other security standards.
- %prep
- %setup -q
- %setup -q -T -D -n %{name}-%{version} -a 12
- %patch2 -p0 -b .relro
- %patch3 -p0 -b .transitional
- %patch6 -p0 -b .libpem
- %patch16 -p0 -b .539183
- pushd nss
- %patch18 -p1 -b .646045
- popd
- %patch40 -p0 -b .noocsptest
- %patch50 -p0 -b .iquote
- %patch51 -p1 -b -Werror
- pushd nss
- %patch52 -p1 -b .disableSSL2libssl
- %patch53 -p1 -b .disableSSL2tests
- %patch54 -p1 -b .sslauth-no-v2
- %patch55 -p1 -b .852023_enable_fips_when_in_fips_mode
- %patch56 -p1 -b .1026677_ignore_set_policy
- %patch62 -p1 -b .fix_deadlock
- %patch99 -p1 -b .min_key_sizes
- %patch100 -p0 -b .1171318
- %patch101 -p1 -b .dhe_and_sha384
- %patch102 -p1 -b .client_auth_prf
- %patch112 -p1 -b .1238290
- %patch113 -p1 -b .disable-ems
- %patch114 -p1 -b .extra
- %patch115 -p1 -b .abi_lib
- %patch116 -p1 -b .abi_tests
- %patch117 -p1 -b .test-filtering
- %patch74 -p1 -b .race
- popd
- %patch94 -p0 -b .init-token-race
- %patch103 -p0 -b .fix_client_auth_crash
- %patch104 -p0 -b .use_oids
- %patch105 -p0 -b .remove_bogus_assert
- %patch106 -p0 -b .old_pkcs11_num
- %patch107 -p0 -b .enable_384_cipher_tests
- %patch108 -p0 -b .sni_c_v_fix
- %patch109 -p0 -b .fix_signature_and_hash
- %patch110 -p0 -b .no_ssl2
- pushd nss
- %patch118 -p1 -b .allowed-sig-alg
- popd
- %patch119 -p0 -b .delete_duplicates
- %patch1002 -p0 -b .prtypes
- %patch1007 -p0 -b .include_prtypes
- %patch1008 -p1 -b .tls12_mechs
- pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
- for file in ${pemNeedsFromSoftoken}; do
- %{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
- done
- %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
- %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
- pushd nss/tests/ssl
- # Create versions of sslcov.txt and sslstress.txt that disable tests
- # for SSL2 and EXPORT ciphers.
- cat sslcov.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslcov.noSSL2orExport.txt
- cat sslstress.txt| sed -r "s/^([^#].*EXPORT|^[^#].*SSL2)/#disabled \1/" > sslstress.noSSL2orExport.txt
- popd
- %build
- export NSS_NO_SSL2=1
- NSS_NO_PKCS11_BYPASS=1
- export NSS_NO_PKCS11_BYPASS
- # partial RELRO support as a security enhancement
- #LDFLAGS+=-Wl,-z,relro
- #export LDFLAGS
- FREEBL_NO_DEPEND=1
- export FREEBL_NO_DEPEND
- # Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
- # copied to dist and the rpm install phase can find it
- # This due of the upstream changes to fix
- # https://bugzilla.mozilla.org/show_bug.cgi?id=717906
- FREEBL_LOWHASH=1
- export FREEBL_LOWHASH
- # Enable compiler optimizations and disable debugging code
- BUILD_OPT=1
- export BUILD_OPT
- # Generate symbolic info for debuggers
- XCFLAGS=$RPM_OPT_FLAGS
- export XCFLAGS
- PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
- PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
- export PKG_CONFIG_ALLOW_SYSTEM_LIBS
- export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
- NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
- NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
- export NSPR_INCLUDE_DIR
- export NSPR_LIB_DIR
- #export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
- #export FREEBL_LIB_DIR=%{_libdir}
- export USE_SYSTEM_FREEBL=0
- NSS_USE_SYSTEM_SQLITE=1
- export NSS_USE_SYSTEM_SQLITE
- export USE_SYSTEM_ZLIB=1
- export ZLIB_LIBS=%{_libdir}
- %ifarch x86_64 ppc64 ia64 s390x
- USE_64=1
- export USE_64
- %endif
- # uncomment if the iquote patch is activated
- export IN_TREE_FREEBL_HEADERS_FIRST=1
- #export NSS_BLTEST_NOT_AVAILABLE=1
- #
- #%{__make} -C ./nss/coreconf
- #%{__make} -C ./nss/lib/dbm
- %{__make} -C ./nss
- %install
- # There is no make install target so we'll do it ourselves.
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}
- %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
- # Copy the binary libraries we want
- for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
- libssl3.so libsmime3.so libnssckbi.so libnsspem.so libnssdbm3.so
- do
- %{__install} -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
- done
- # Install the empty NSS db files
- # Legacy db
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
- %{__install} -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
- %{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
- %{__install} -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
- # Shared db
- %{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
- %{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
- %{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
- # Copy the development libraries we want
- for file in libcrmf.a libnssb.a libnssckfw.a
- do
- %{__install} -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
- done
- # Copy the binaries we want
- for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
- do
- %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
- done
- # Copy the binaries we ship as unsupported
- for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain
- do
- %{__install} -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
- done
- # Copy the include files
- for file in dist/public/nss/*.h
- do
- %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
- done
- # Copy some freebl include files we also want
- for file in blapi.h alghmac.h
- do
- %{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
- done
- # Copy the static freebl library
- for file in libfreebl.a
- do
- %{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
- done
- # Set up our package file
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
- %{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
- -e "s,%%prefix%%,%{_prefix},g" \
- -e "s,%%exec_prefix%%,%{_prefix},g" \
- -e "s,%%includedir%%,%{_includedir}/nss3,g" \
- -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSS_VERSION%%,%{version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
- $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
- NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
- NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
- NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
- export NSS_VMAJOR
- export NSS_VMINOR
- export NSS_VPATCH
- %{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir}
- %{__cat} %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
- -e "s,@prefix@,%{_prefix},g" \
- -e "s,@exec_prefix@,%{_prefix},g" \
- -e "s,@includedir@,%{_includedir}/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
- -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
- -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
- > $RPM_BUILD_ROOT/%{_bindir}/nss-config
- chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
- %{__cat} %{SOURCE101} | sed -e "s,%%libdir%%,%{_libdir},g" \
- -e "s,%%prefix%%,%{_prefix},g" \
- -e "s,%%exec_prefix%%,%{_prefix},g" \
- -e "s,%%includedir%%,%{_includedir}/nss3,g" \
- -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
- $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
- NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
- NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
- NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
- export NSSUTIL_VMAJOR
- export NSSUTIL_VMINOR
- export NSSUTIL_VPATCH
- %{__cat} %{SOURCE102} | sed -e "s,@libdir@,%{_libdir},g" \
- -e "s,@prefix@,%{_prefix},g" \
- -e "s,@exec_prefix@,%{_prefix},g" \
- -e "s,@includedir@,%{_includedir}/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \
- -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \
- -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \
- > $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
- chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
- %{__cat} %{SOURCE103} | sed -e "s,%%libdir%%,%{_libdir},g" \
- -e "s,%%prefix%%,%{_prefix},g" \
- -e "s,%%exec_prefix%%,%{_prefix},g" \
- -e "s,%%includedir%%,%{_includedir}/nss3,g" \
- -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{version},g" \
- -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
- $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
- SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
- SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
- SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
- export SOFTOKEN_VMAJOR
- export SOFTOKEN_VMINOR
- export SOFTOKEN_VPATCH
- %{__cat} %{SOURCE104} | sed -e "s,@libdir@,%{_libdir},g" \
- -e "s,@prefix@,%{_prefix},g" \
- -e "s,@exec_prefix@,%{_prefix},g" \
- -e "s,@includedir@,%{_includedir}/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
- -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
- -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
- > $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
- chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
- %clean
- %{__rm} -rf $RPM_BUILD_ROOT
- %post
- /sbin/ldconfig >/dev/null 2>/dev/null
- %postun
- /sbin/ldconfig >/dev/null 2>/dev/null
- %files
- %defattr(-,root,root)
- %{_libdir}/libnss3.so
- %{_libdir}/libnssutil3.so
- %{_libdir}/libnssdbm3.so
- %{_libdir}/libssl3.so
- %{_libdir}/libsmime3.so
- %{_libdir}/libsoftokn3.so
- %{_libdir}/libnssckbi.so
- %{_libdir}/libnsspem.so
- %{_libdir}/libfreebl3.so
- %{unsupported_tools_directory}/shlibsign
- %{_libdir}/libfreebl3.chk
- %{_libdir}/libnssdbm3.chk
- %{_libdir}/libsoftokn3.chk
- %dir %{_sysconfdir}/pki/nssdb
- %config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
- %config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
- %config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
- %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
- %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
- %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
- %files tools
- %defattr(-,root,root)
- %{_bindir}/certutil
- %{_bindir}/cmsutil
- %{_bindir}/crlutil
- %{_bindir}/modutil
- %{_bindir}/pk12util
- %{_bindir}/signtool
- %{_bindir}/signver
- %{_bindir}/ssltap
- %{unsupported_tools_directory}/atob
- %{unsupported_tools_directory}/btoa
- %{unsupported_tools_directory}/derdump
- %{unsupported_tools_directory}/ocspclnt
- %{unsupported_tools_directory}/pp
- %{unsupported_tools_directory}/selfserv
- %{unsupported_tools_directory}/strsclnt
- %{unsupported_tools_directory}/symkeyutil
- %{unsupported_tools_directory}/tstclnt
- %{unsupported_tools_directory}/vfyserv
- %{unsupported_tools_directory}/vfychain
- %files devel
- %defattr(-,root,root)
- %{_libdir}/libcrmf.a
- %{_libdir}/libfreebl.a
- %{_libdir}/pkgconfig/nss.pc
- %{_libdir}/pkgconfig/nss-softokn.pc
- %{_libdir}/pkgconfig/nss-util.pc
- %{_bindir}/nss-config
- %{_bindir}/nss-softokn-config
- %{_bindir}/nss-util-config
- %dir %{_includedir}/nss3
- %{_includedir}/nss3/alghmac.h
- %{_includedir}/nss3/base64.h
- %{_includedir}/nss3/blapi.h
- %{_includedir}/nss3/blapit.h
- %{_includedir}/nss3/cert.h
- %{_includedir}/nss3/certdb.h
- %{_includedir}/nss3/certt.h
- %{_includedir}/nss3/ciferfam.h
- %{_includedir}/nss3/cmmf.h
- %{_includedir}/nss3/cmmft.h
- %{_includedir}/nss3/cms.h
- %{_includedir}/nss3/cmsreclist.h
- %{_includedir}/nss3/cmst.h
- %{_includedir}/nss3/crmf.h
- %{_includedir}/nss3/crmft.h
- %{_includedir}/nss3/cryptohi.h
- %{_includedir}/nss3/cryptoht.h
- %{_includedir}/nss3/ecl-exp.h
- %{_includedir}/nss3/hasht.h
- %{_includedir}/nss3/jar-ds.h
- %{_includedir}/nss3/jar.h
- %{_includedir}/nss3/jarfile.h
- %{_includedir}/nss3/key.h
- %{_includedir}/nss3/keyhi.h
- %{_includedir}/nss3/keyt.h
- %{_includedir}/nss3/keythi.h
- %{_includedir}/nss3/nss.h
- %{_includedir}/nss3/nssb64.h
- %{_includedir}/nss3/nssb64t.h
- %{_includedir}/nss3/nssckbi.h
- %{_includedir}/nss3/nssilckt.h
- %{_includedir}/nss3/nssilock.h
- %{_includedir}/nss3/nsslocks.h
- %{_includedir}/nss3/nsslowhash.h
- %{_includedir}/nss3/nsspem.h
- %{_includedir}/nss3/nssrwlk.h
- %{_includedir}/nss3/nssrwlkt.h
- %{_includedir}/nss3/nssutil.h
- %{_includedir}/nss3/ocsp.h
- %{_includedir}/nss3/ocspt.h
- %{_includedir}/nss3/p12.h
- %{_includedir}/nss3/p12plcy.h
- %{_includedir}/nss3/p12t.h
- %{_includedir}/nss3/pk11func.h
- %{_includedir}/nss3/pk11pqg.h
- %{_includedir}/nss3/pk11priv.h
- %{_includedir}/nss3/pk11pub.h
- %{_includedir}/nss3/pk11sdr.h
- %{_includedir}/nss3/pkcs11.h
- %{_includedir}/nss3/pkcs11f.h
- %{_includedir}/nss3/pkcs11n.h
- %{_includedir}/nss3/pkcs11p.h
- %{_includedir}/nss3/pkcs11t.h
- %{_includedir}/nss3/pkcs11u.h
- %{_includedir}/nss3/pkcs12.h
- %{_includedir}/nss3/pkcs12t.h
- %{_includedir}/nss3/pkcs7t.h
- %{_includedir}/nss3/pkcs1sig.h
- %{_includedir}/nss3/portreg.h
- %{_includedir}/nss3/preenc.h
- %{_includedir}/nss3/secasn1.h
- %{_includedir}/nss3/secasn1t.h
- %{_includedir}/nss3/seccomon.h
- %{_includedir}/nss3/secder.h
- %{_includedir}/nss3/secdert.h
- %{_includedir}/nss3/secdig.h
- %{_includedir}/nss3/secdigt.h
- %{_includedir}/nss3/secerr.h
- %{_includedir}/nss3/sechash.h
- %{_includedir}/nss3/secitem.h
- %{_includedir}/nss3/secmime.h
- %{_includedir}/nss3/secmod.h
- %{_includedir}/nss3/secmodt.h
- %{_includedir}/nss3/secoid.h
- %{_includedir}/nss3/secoidt.h
- %{_includedir}/nss3/secpkcs5.h
- %{_includedir}/nss3/secpkcs7.h
- %{_includedir}/nss3/secport.h
- %{_includedir}/nss3/shsign.h
- %{_includedir}/nss3/smime.h
- %{_includedir}/nss3/ssl.h
- %{_includedir}/nss3/sslerr.h
- %{_includedir}/nss3/sslproto.h
- %{_includedir}/nss3/sslt.h
- %{_includedir}/nss3/utilrename.h
- %{_includedir}/nss3/utilmodt.h
- %{_includedir}/nss3/utilpars.h
- %{_includedir}/nss3/utilparst.h
-
- %files pkcs11-devel
- %defattr(-, root, root)
- %{_includedir}/nss3/nssbase.h
- %{_includedir}/nss3/nssbaset.h
- %{_includedir}/nss3/nssckepv.h
- %{_includedir}/nss3/nssckft.h
- %{_includedir}/nss3/nssckfw.h
- %{_includedir}/nss3/nssckfwc.h
- %{_includedir}/nss3/nssckfwt.h
- %{_includedir}/nss3/nssckg.h
- %{_includedir}/nss3/nssckmdt.h
- %{_includedir}/nss3/nssckt.h
- %{_libdir}/libnssb.a
- %{_libdir}/libnssckfw.a
- ## to build compat32 for x86_64 architecture support
- %if %{build_compat32}
- %files -n compat32-%{name}
- %defattr(-,root,root)
- %{_libdir}/*.so
- %ghost %{_libdir}/libsoftokn3.chk
- %ghost %{_libdir}/libfreebl3.chk
- %{unsupported_tools_directory}/shlibsign
- %endif
- %changelog
- * Mon Jun 20 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.21.1-3
- - added libfreebl.a.
- * Mon Jun 20 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.21.1-2
- - enabled softokn and freebl.
- - dropped Patch47 and Patch49.
- * Tue May 10 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.21.1-1
- - update to 3.21.1
- - import patches from centos package
- * Thu Jun 12 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 3.16.1-1
- - update to 3.16.1
- * Thu Apr 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.3-1
- - update to 3.14.3
- - import patches from fedora package
- * Wed Jan 09 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 3.14.1-1
- - update to 3.14.1
- * Sat Sep 15 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.13.6-2
- - add Source101 (nss-util.pc.in)
- - add Source102 (nss-util-config.in)
- * Mon Sep 03 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.6-1
- - new upstream release
- * Sun Mar 18 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.13.3-1
- - new upstream release
- * Thu Dec 22 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.1-2
- - fix nss.pc
- * Wed Dec 21 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.13.1-1
- - new upstream release
- * Fri Sep 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.11-1
- - new upstram release
- * Wed Jun 01 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.10-1
- - update to 3.12.10
- * Tue Mar 29 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.9-1
- - update to 3.12.9.with.ckbi.1.82
- - update nss-pem source
- - define NSS_USE_SYSTEM_SQLITE, remove unneeded Patch2
- * Thu Sep 23 2010 Yoji TOYODA <bsyamato@sea.plala.or.jp> 3.12.6-2
- - rebuild with rpm-4.8.1 for pkg-config file
- * Wed Apr 7 2010 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 3.12.6-1
- - new upstream release
- - update nss-pem Source12 to 20091210 (from 3.12.6-2.fc14)
- * Sat Jan 23 2010 NAKAMURA Kenta <kenta@vinelinux.org> 3.12.5-2
- - built with FREEBL_NO_DEPEND environmental variable to include nsslowhash.h
- * Sat Jan 09 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.5-1
- - new upstream release
- * Mon Jul 06 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.3-4
- - rebuild to fix the package built with broken environment.
- * Sun Jul 05 2009 Munehiro Yamamoto <munepi@cg8.so-net.ne.jp> 3.12.3-3
- - fixed %%files for compat32
- * Sat Jul 04 2009 Munehiro Yamamoto <munepi@cg8.so-net.ne.jp> 3.12.3-2
- - added compat32 subpackages
- * Wed Apr 22 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12.3-1
- - new upstream release
- * Wed Jul 02 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 3.12-1
- - new upstream release
- * Fri May 18 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 3.11.4-0vl1
- - initial build for Vine Linux
- * Fri Mar 02 2007 Kai Engert <kengert@redhat.com> - 3.11.5-2
- - Fix rhbz#230545, failure to enable FIPS mode
- - Fix rhbz#220542, make NSS more tolerant of resets when in the
- middle of prompting for a user password.
- * Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-1
- - Update to 3.11.5
- - This update fixes two security vulnerabilities with SSL 2
- - Do not use -rpath link option
- - Added several unsupported tools to tools package
- * Tue Jan 9 2007 Bob Relyea <rrelyea@redhat.com> - 3.11.4-4
- - disable ECC, cleanout dead code
- * Tue Nov 28 2006 Kai Engert <kengert@redhat.com> - 3.11.4-1
- - Update to 3.11.4
- * Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-2
- - Revert the attempt to require latest NSPR, as it is not yet available
- in the build infrastructure.
- * Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-1
- - Update to 3.11.3
- * Thu Aug 03 2006 Kai Engert <kengert@redhat.com> - 3.11.2-2
- - Add /etc/pki/nssdb
- * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.11.2-1.1
- - rebuild
- * Fri Jun 30 2006 Kai Engert <kengert@redhat.com> - 3.11.2-1
- - Update to 3.11.2
- - Enable executable bit on shared libs, also fixes debug info.
- * Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 3.11.1-2
- - Enable Elliptic Curve Cryptography (ECC)
- * Fri May 26 2006 Kai Engert <kengert@redhat.com> - 3.11.1-1
- - Update to 3.11.1
- - Include upstream patch to limit curves
- * Wed Feb 15 2006 Kai Engert <kengert@redhat.com> - 3.11-4
- - add --noexecstack when compiling assembler on x86_64
- * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.2
- - bump again for double-long bug on ppc(64)
- * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 3.11-3.1
- - rebuilt for new gcc4.1 snapshot and glibc changes
- * Thu Jan 19 2006 Ray Strode <rstrode@redhat.com> 3.11-3
- - rebuild
- * Fri Dec 16 2005 Christopher Aillon <caillon@redhat.com> 3.11-2
- - Update file list for the devel packages
- * Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-1
- - Update to 3.11
- * Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs.2
- - Add patch to allow building on ppc*
- - Update the pkgconfig file to Require nspr
- * Thu Dec 15 2005 Christopher Aillon <caillon@redhat.com> 3.11-0.cvs
- - Initial import into Fedora Core, based on a CVS snapshot of
- the NSS_3_11_RTM tag
- - Fix up the pkcs11-devel subpackage to contain the proper headers
- - Build with RPM_OPT_FLAGS
- - No need to have rpath of /usr/lib in the pc file
- * Thu Dec 15 2005 Kai Engert <kengert@redhat.com>
- - Adressed review comments by Wan-Teh Chang, Bob Relyea,
- Christopher Aillon.
- * Sat Jul 9 2005 Rob Crittenden <rcritten@redhat.com> 3.10-1
- - Initial build
|