2007-01-16 00:25:44 +01:00
|
|
|
#
|
2011-04-28 08:41:37 +02:00
|
|
|
# spec file for package mozilla-nss
|
2007-01-16 00:25:44 +01:00
|
|
|
#
|
2024-01-24 09:28:43 +01:00
|
|
|
# Copyright (c) 2024 SUSE LLC
|
2024-03-19 14:39:57 +01:00
|
|
|
# Copyright (c) 2006-2024 Wolfgang Rosenauer
|
2007-01-16 00:25:44 +01:00
|
|
|
#
|
2008-10-23 22:36:47 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-10-21 09:59:26 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:25:44 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
2024-05-15 09:48:31 +02:00
|
|
|
%global nss_softokn_fips_version 3.100
|
2022-11-12 18:33:29 +01:00
|
|
|
%define NSPR_min_version 4.35
|
2019-08-30 09:14:36 +02:00
|
|
|
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
|
2019-08-30 08:37:13 +02:00
|
|
|
%define nssdbdir %{_sysconfdir}/pki/nssdb
|
2024-03-16 22:37:01 +01:00
|
|
|
%global crypto_policies_version 20210118
|
2007-01-16 00:25:44 +01:00
|
|
|
Name: mozilla-nss
|
2024-05-15 09:48:31 +02:00
|
|
|
Version: 3.100
|
2011-12-18 18:50:41 +01:00
|
|
|
Release: 0
|
2024-05-15 09:48:31 +02:00
|
|
|
%define underscore_version 3_100
|
2010-03-15 16:05:35 +01:00
|
|
|
Summary: Network Security Services
|
2012-10-25 16:10:44 +02:00
|
|
|
License: MPL-2.0
|
2007-01-16 00:25:44 +01:00
|
|
|
Group: System/Libraries
|
2019-08-30 08:37:13 +02:00
|
|
|
URL: https://www.mozilla.org/projects/security/pki/nss/
|
2019-06-12 23:59:32 +02:00
|
|
|
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{underscore_version}_RTM/src/nss-%{version}.tar.gz
|
2019-08-30 08:37:13 +02:00
|
|
|
# hg clone https://hg.mozilla.org/projects/nss nss-%%{version}/nss ; cd nss-%%{version}/nss ; hg up NSS_%%{underscore_version}_RTM
|
|
|
|
|
#Source: nss-%%{version}.tar.gz
|
2007-01-16 00:25:44 +01:00
|
|
|
Source1: nss.pc.in
|
|
|
|
|
Source3: nss-config.in
|
2009-12-21 14:21:30 +01:00
|
|
|
Source4: %{name}-rpmlintrc
|
|
|
|
|
Source5: baselibs.conf
|
2010-03-15 16:05:35 +01:00
|
|
|
Source6: setup-nsssysinit.sh
|
2010-06-03 22:48:06 +02:00
|
|
|
Source7: cert9.db
|
|
|
|
|
Source8: key4.db
|
|
|
|
|
Source9: pkcs11.txt
|
2011-04-28 08:41:37 +02:00
|
|
|
#Source10: PayPalEE.cert
|
2022-03-27 21:24:54 +02:00
|
|
|
Source11: nss-util.pc.in
|
2022-04-02 20:00:25 +02:00
|
|
|
Source13: nss-util-config.in
|
- update to 3.18
* Firefox target release 38
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt
without providing a database (-D). A PKCS#11 library that
contains root CA certificates can be loaded by tstclnt, which
may either be the nssckbi library provided by NSS (-b) or
another compatible library (-R).
New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames
New Types:
* SEC_PKCS12NicknameRenameCallback
Notable Changes:
* The highest TLS protocol version enabled by default has been
increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
protocol version enabled by default has been increased from
DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
pair has been increased from 1024 bits to 2048 bits.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=175
2015-04-03 10:58:03 +02:00
|
|
|
Source99: %{name}.changes
|
2007-01-16 00:25:44 +01:00
|
|
|
Patch1: nss-opt.patch
|
2012-02-17 09:35:36 +01:00
|
|
|
Patch2: system-nspr.patch
|
2017-04-12 23:26:25 +02:00
|
|
|
Patch3: nss-no-rpath.patch
|
2018-06-07 15:20:25 +02:00
|
|
|
Patch4: add-relro-linker-option.patch
|
2017-04-12 23:26:25 +02:00
|
|
|
Patch5: malloc.patch
|
2019-01-23 17:49:06 +01:00
|
|
|
Patch6: bmo-1400603.patch
|
2017-04-12 23:26:25 +02:00
|
|
|
Patch7: nss-sqlitename.patch
|
2020-10-07 10:15:55 +02:00
|
|
|
Patch9: nss-fips-use-getrandom.patch
|
|
|
|
|
Patch10: nss-fips-dsa-kat.patch
|
|
|
|
|
Patch11: nss-fips-pairwise-consistency-check.patch
|
|
|
|
|
Patch12: nss-fips-rsa-keygen-strictness.patch
|
|
|
|
|
Patch13: nss-fips-cavs-keywrap.patch
|
|
|
|
|
Patch14: nss-fips-cavs-kas-ffc.patch
|
|
|
|
|
Patch15: nss-fips-cavs-kas-ecc.patch
|
|
|
|
|
Patch16: nss-fips-gcm-ctr.patch
|
|
|
|
|
Patch17: nss-fips-constructor-self-tests.patch
|
|
|
|
|
Patch18: nss-fips-cavs-general.patch
|
|
|
|
|
Patch19: nss-fips-cavs-dsa-fixes.patch
|
|
|
|
|
Patch20: nss-fips-cavs-rsa-fixes.patch
|
|
|
|
|
Patch21: nss-fips-approved-crypto-non-ec.patch
|
|
|
|
|
Patch22: nss-fips-zeroization.patch
|
|
|
|
|
Patch24: nss-fips-use-strong-random-pool.patch
|
|
|
|
|
Patch25: nss-fips-detect-fips-mode-fixes.patch
|
|
|
|
|
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
|
|
|
|
|
Patch27: nss-fips-aes-keywrap-post.patch
|
2022-06-28 08:46:22 +02:00
|
|
|
Patch37: nss-fips-fix-missing-nspr.patch
|
|
|
|
|
Patch38: nss-fips-stricter-dh.patch
|
|
|
|
|
Patch40: nss-fips-180-3-csp-clearing.patch
|
|
|
|
|
Patch41: nss-fips-pbkdf-kat-compliance.patch
|
|
|
|
|
Patch44: nss-fips-tests-enable-fips.patch
|
2023-07-05 13:49:19 +02:00
|
|
|
Patch45: nss-fips-drbg-libjitter.patch
|
|
|
|
|
Patch46: nss-allow-slow-tests.patch
|
|
|
|
|
Patch47: nss-fips-pct-pubkeys.patch
|
2023-10-27 09:13:16 +02:00
|
|
|
Patch48: nss-fips-test.patch
|
2023-12-27 13:13:11 +01:00
|
|
|
Patch49: nss-allow-slow-tests-s390x.patch
|
2024-05-24 11:22:57 +02:00
|
|
|
Patch50: nss-fips-bsc1223724.patch
|
2020-06-27 23:18:50 +02:00
|
|
|
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
|
|
|
|
|
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
|
|
|
|
|
BuildRequires: gcc9-c++
|
|
|
|
|
%else
|
2019-08-30 08:37:13 +02:00
|
|
|
BuildRequires: gcc-c++
|
2020-06-27 23:18:50 +02:00
|
|
|
%endif
|
2019-08-30 08:37:13 +02:00
|
|
|
BuildRequires: pkgconfig
|
|
|
|
|
BuildRequires: pkgconfig(nspr) >= %{NSPR_min_version}
|
|
|
|
|
BuildRequires: pkgconfig(sqlite3)
|
|
|
|
|
BuildRequires: pkgconfig(zlib)
|
2023-07-05 13:49:19 +02:00
|
|
|
%if 0%{?sle_version} >= 150400
|
|
|
|
|
BuildRequires: jitterentropy-devel
|
|
|
|
|
# Libjitter needs to be present before AND after the install
|
|
|
|
|
Requires(pre): libjitterentropy3
|
|
|
|
|
Requires: libjitterentropy3
|
|
|
|
|
%endif
|
2024-03-16 22:37:01 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
Requires: crypto-policies >= %{crypto_policies_version}
|
|
|
|
|
%endif
|
2022-08-17 13:24:51 +02:00
|
|
|
Requires: libfreebl3 >= %{nss_softokn_fips_version}
|
|
|
|
|
Requires: libsoftokn3 >= %{nss_softokn_fips_version}
|
|
|
|
|
Requires: mozilla-nspr >= %{NSPR_min_version}
|
2020-10-12 17:35:14 +02:00
|
|
|
%if "%{_lib}" == "lib64"
|
2013-07-03 12:36:27 +02:00
|
|
|
Requires: libnssckbi.so()(64bit)
|
|
|
|
|
%else
|
2013-07-05 14:48:09 +02:00
|
|
|
Requires: libnssckbi.so
|
2013-07-03 12:36:27 +02:00
|
|
|
%endif
|
2024-05-24 11:22:57 +02:00
|
|
|
Provides: nss = %{version}
|
2019-08-30 09:14:36 +02:00
|
|
|
%ifnarch %sparc
|
|
|
|
|
%if ! 0%{?qemu_user_space_build}
|
2022-06-28 08:46:22 +02:00
|
|
|
%define run_testsuite 1
|
2019-08-30 09:14:36 +02:00
|
|
|
%endif
|
|
|
|
|
%endif
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2007-01-16 00:25:44 +01:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
|
Summary: Network (Netscape) Security Services development files
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2010-03-15 16:05:35 +01:00
|
|
|
Requires: libfreebl3
|
|
|
|
|
Requires: libsoftokn3
|
2012-06-01 22:35:17 +02:00
|
|
|
Requires: mozilla-nss = %{version}-%{release}
|
2019-08-30 08:37:13 +02:00
|
|
|
Requires: pkgconfig(nspr) >= %{NSPR_min_version}
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
|
%description devel
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2007-01-16 00:25:44 +01:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
|
2008-03-26 16:24:30 +01:00
|
|
|
%package tools
|
2009-06-02 12:26:37 +02:00
|
|
|
Summary: Tools for developing, debugging, and managing applications that use NSS
|
2008-03-26 16:24:30 +01:00
|
|
|
Group: System/Management
|
2019-08-30 08:37:13 +02:00
|
|
|
Requires(pre): mozilla-nss >= %{version}
|
2008-03-26 16:24:30 +01:00
|
|
|
|
|
|
|
|
%description tools
|
|
|
|
|
The NSS Security Tools allow developers to test, debug, and manage
|
|
|
|
|
applications that use NSS.
|
|
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%package sysinit
|
|
|
|
|
Summary: System NSS Initialization
|
|
|
|
|
Group: System/Management
|
|
|
|
|
Requires: mozilla-nss >= %{version}
|
|
|
|
|
Requires(post): coreutils
|
|
|
|
|
|
|
|
|
|
%description sysinit
|
|
|
|
|
Default Operation System module that manages applications loading
|
|
|
|
|
NSS globally on the system. This module loads the system defined
|
|
|
|
|
PKCS #11 modules for NSS and chains with other NSS modules to load
|
|
|
|
|
any system or user configured modules.
|
|
|
|
|
|
2009-04-29 00:40:53 +02:00
|
|
|
%package -n libfreebl3
|
|
|
|
|
Summary: Freebl library for the Network Security Services
|
|
|
|
|
Group: System/Libraries
|
2023-06-09 15:20:43 +02:00
|
|
|
Provides: libfreebl3-hmac = %{version}-%{release}
|
|
|
|
|
Obsoletes: libfreebl3-hmac < %{version}-%{release}
|
2009-04-29 00:40:53 +02:00
|
|
|
|
|
|
|
|
%description -n libfreebl3
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2009-04-29 00:40:53 +02:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
|
|
|
|
|
This package installs the freebl library from NSS.
|
|
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%package -n libsoftokn3
|
2011-08-24 10:38:15 +02:00
|
|
|
Summary: Network Security Services Softoken Module
|
2010-03-15 16:05:35 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
Requires: libfreebl3 = %{version}-%{release}
|
2023-06-09 15:20:43 +02:00
|
|
|
Provides: libsoftokn3-hmac = %{version}-%{release}
|
|
|
|
|
Obsoletes: libsoftokn3-hmac < %{version}-%{release}
|
2010-03-15 16:05:35 +01:00
|
|
|
|
|
|
|
|
%description -n libsoftokn3
|
|
|
|
|
Network Security Services (NSS) is a set of libraries designed to
|
|
|
|
|
support cross-platform development of security-enabled server
|
2013-11-11 23:19:45 +01:00
|
|
|
applications. Applications built with NSS can support SSL v3,
|
|
|
|
|
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
|
2010-03-15 16:05:35 +01:00
|
|
|
certificates, and other security standards.
|
|
|
|
|
|
2010-11-09 11:00:46 +01:00
|
|
|
Network Security Services Softoken Cryptographic Module
|
2010-03-15 16:05:35 +01:00
|
|
|
|
2009-12-21 14:21:30 +01:00
|
|
|
%package certs
|
|
|
|
|
Summary: CA certificates for NSS
|
|
|
|
|
Group: Productivity/Networking/Security
|
|
|
|
|
|
|
|
|
|
%description certs
|
2010-11-09 11:00:46 +01:00
|
|
|
This package contains the integrated CA root certificates from the
|
2009-12-21 14:21:30 +01:00
|
|
|
Mozilla project.
|
|
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
%prep
|
2019-08-30 08:37:13 +02:00
|
|
|
%setup -q -n nss-%{version}
|
2013-06-12 10:21:54 +02:00
|
|
|
cd nss
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 1 -p1
|
|
|
|
|
%patch -P 2 -p1
|
|
|
|
|
%patch -P 3 -p1
|
|
|
|
|
%patch -P 4 -p1
|
2019-08-30 08:37:13 +02:00
|
|
|
%if 0%{?suse_version} > 1110
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 5 -p1
|
2009-06-09 17:44:32 +02:00
|
|
|
%endif
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 6 -p1
|
|
|
|
|
%patch -P 7 -p1
|
2020-06-27 23:18:50 +02:00
|
|
|
# FIPS patches
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 9 -p1
|
|
|
|
|
%patch -P 10 -p1
|
|
|
|
|
%patch -P 11 -p1
|
|
|
|
|
%patch -P 12 -p1
|
|
|
|
|
%patch -P 13 -p1
|
|
|
|
|
%patch -P 14 -p1
|
|
|
|
|
%patch -P 15 -p1
|
|
|
|
|
%patch -P 16 -p1
|
|
|
|
|
%patch -P 17 -p1
|
|
|
|
|
%patch -P 18 -p1
|
|
|
|
|
%patch -P 19 -p1
|
|
|
|
|
%patch -P 20 -p1
|
|
|
|
|
%patch -P 21 -p1
|
|
|
|
|
%patch -P 22 -p1
|
|
|
|
|
%patch -P 24 -p1
|
|
|
|
|
%patch -P 25 -p1
|
|
|
|
|
%patch -P 26 -p1
|
|
|
|
|
%patch -P 27 -p1
|
|
|
|
|
%patch -P 37 -p1
|
|
|
|
|
%patch -P 38 -p1
|
|
|
|
|
%patch -P 40 -p1
|
|
|
|
|
%patch -P 41 -p1
|
|
|
|
|
%patch -P 44 -p1
|
2023-07-05 13:49:19 +02:00
|
|
|
# Libjitter only for SLE15 SP4+
|
|
|
|
|
%if 0%{?sle_version} >= 150400
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 45 -p1
|
2023-07-05 13:49:19 +02:00
|
|
|
%endif
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 46 -p1
|
|
|
|
|
%patch -P 47 -p1
|
|
|
|
|
%patch -P 48 -p1
|
2023-12-27 13:13:11 +01:00
|
|
|
%ifarch s390x
|
|
|
|
|
# slow test on s390x, permit more time
|
2024-02-25 22:22:38 +01:00
|
|
|
%patch -P 49 -p1
|
2023-12-27 13:13:11 +01:00
|
|
|
%endif
|
2024-05-24 11:22:57 +02:00
|
|
|
%patch -P 50 -p1
|
2020-09-25 08:58:55 +02:00
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
# additional CA certificates
|
|
|
|
|
#cd security/nss/lib/ckfw/builtins
|
|
|
|
|
#cat %{SOURCE2} >> certdata.txt
|
|
|
|
|
#make generate
|
|
|
|
|
|
|
|
|
|
%build
|
2020-02-25 14:41:19 +01:00
|
|
|
%ifarch %arm
|
|
|
|
|
# LTO fails on neon errors
|
|
|
|
|
%global _lto_cflags %{nil}
|
|
|
|
|
%else
|
2019-07-22 09:16:21 +02:00
|
|
|
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
|
2020-02-25 14:41:19 +01:00
|
|
|
%endif
|
2023-05-31 17:04:59 +02:00
|
|
|
cd nss
|
|
|
|
|
cat > ../obsenv.sh <<EOF
|
2020-06-27 23:18:50 +02:00
|
|
|
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
|
|
|
|
|
export CC=gcc-9
|
|
|
|
|
# Yes, they use both...
|
|
|
|
|
export CXX=g++-9
|
|
|
|
|
export CCC=g++-9
|
|
|
|
|
%endif
|
2022-01-24 09:20:50 +01:00
|
|
|
export NSS_ALLOW_SSLKEYLOGFILE=1
|
2020-04-29 23:43:25 +02:00
|
|
|
export NSS_ENABLE_WERROR=0
|
2018-01-20 21:25:21 +01:00
|
|
|
export NSS_NO_PKCS11_BYPASS=1
|
2010-11-09 11:00:46 +01:00
|
|
|
export FREEBL_NO_DEPEND=1
|
2014-02-25 13:02:07 +01:00
|
|
|
export FREEBL_LOWHASH=1
|
2007-01-16 00:25:44 +01:00
|
|
|
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
|
|
|
|
|
export NSPR_LIB_DIR=`nspr-config --libdir`
|
2018-10-14 20:31:34 +02:00
|
|
|
export OPT_FLAGS="%{optflags} -fno-strict-aliasing -fPIE -pie"
|
2007-01-16 00:25:44 +01:00
|
|
|
export LIBDIR=%{_libdir}
|
2018-06-19 17:07:03 +02:00
|
|
|
%ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64 riscv64
|
2007-01-16 00:25:44 +01:00
|
|
|
export USE_64=1
|
|
|
|
|
%endif
|
2021-02-24 09:07:17 +01:00
|
|
|
export NSS_DISABLE_GTESTS=1
|
2008-03-26 16:24:30 +01:00
|
|
|
export NSS_USE_SYSTEM_SQLITE=1
|
2022-06-28 08:46:22 +02:00
|
|
|
export NSS_ENABLE_FIPS_INDICATORS=1
|
|
|
|
|
export NSS_FIPS_MODULE_ID="\"SUSE Linux Enterprise NSS %{version}-%{release}\""
|
2013-02-28 23:53:05 +01:00
|
|
|
#export SQLITE_LIB_NAME=nsssqlite3
|
2023-05-31 17:04:59 +02:00
|
|
|
export MAKE_FLAGS="BUILD_OPT=1"
|
2024-03-16 22:37:01 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
# Set the policy file location
|
|
|
|
|
# if set NSS will always check for the policy file and load if it exists
|
2024-03-19 14:39:57 +01:00
|
|
|
#export POLICY_FILE="nss.config"
|
2024-03-16 22:37:01 +01:00
|
|
|
# location of the policy file
|
2024-03-19 14:39:57 +01:00
|
|
|
#export POLICY_PATH="/etc/crypto-policies/back-ends"
|
2024-03-16 22:37:01 +01:00
|
|
|
%endif
|
2023-05-31 17:04:59 +02:00
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
source ../obsenv.sh
|
|
|
|
|
|
|
|
|
|
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE99}")"
|
|
|
|
|
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
|
|
|
|
|
TIME="\"$(date -d "${modified}" "+%%R")\""
|
|
|
|
|
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
|
|
|
|
|
|
2020-06-27 23:18:50 +02:00
|
|
|
make %{?_smp_mflags} nss_build_all $MAKE_FLAGS
|
2023-05-31 17:04:59 +02:00
|
|
|
|
|
|
|
|
%check
|
|
|
|
|
cd nss
|
2008-10-23 22:36:47 +02:00
|
|
|
# run testsuite
|
2010-07-09 20:06:01 +02:00
|
|
|
%if 0%{?run_testsuite}
|
2023-05-31 17:04:59 +02:00
|
|
|
cat > ../obstestenv.sh <<EOF
|
2008-10-23 22:36:47 +02:00
|
|
|
export BUILD_OPT=1
|
|
|
|
|
export HOST="localhost"
|
2022-06-28 08:46:22 +02:00
|
|
|
export DOMSUF="localdomain"
|
2008-10-23 22:36:47 +02:00
|
|
|
export USE_IP=TRUE
|
|
|
|
|
export IP_ADDRESS="127.0.0.1"
|
2024-03-16 22:37:01 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
# This is necessary because the test suite tests algorithms that are
|
|
|
|
|
# disabled by the system policy.
|
|
|
|
|
export NSS_IGNORE_SYSTEM_POLICY=1
|
|
|
|
|
%endif
|
2023-05-31 17:04:59 +02:00
|
|
|
EOF
|
|
|
|
|
source ../obsenv.sh
|
|
|
|
|
source ../obstestenv.sh
|
2008-10-23 22:36:47 +02:00
|
|
|
cd tests
|
|
|
|
|
./all.sh
|
2009-03-26 23:25:02 +01:00
|
|
|
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
|
2008-10-23 22:36:47 +02:00
|
|
|
echo "Testsuite FAILED"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2009-06-02 12:26:37 +02:00
|
|
|
%endif
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
|
%install
|
2013-06-12 10:21:54 +02:00
|
|
|
cd nss
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
mkdir -p %{buildroot}%{_libdir}
|
|
|
|
|
mkdir -p %{buildroot}%{_libexecdir}/nss
|
|
|
|
|
mkdir -p %{buildroot}%{_includedir}/nss3
|
|
|
|
|
mkdir -p %{buildroot}%{_bindir}
|
|
|
|
|
mkdir -p %{buildroot}%{_sbindir}
|
|
|
|
|
mkdir -p %{buildroot}%{nssdbdir}
|
2013-06-11 17:41:13 +02:00
|
|
|
pushd ../dist/Linux*
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy headers
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
cp -rL ../public/nss/*.h %{buildroot}%{_includedir}/nss3
|
2015-09-24 11:37:13 +02:00
|
|
|
# copy some freebl include files we also want
|
2020-02-28 10:07:15 +01:00
|
|
|
for file in blapi.h alghmac.h cmac.h
|
2015-09-24 11:37:13 +02:00
|
|
|
do
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
cp -L ../private/nss/$file %{buildroot}/%{_includedir}/nss3
|
2015-09-24 11:37:13 +02:00
|
|
|
done
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy dynamic libs
|
|
|
|
|
cp -L lib/libnss3.so \
|
2008-03-26 16:24:30 +01:00
|
|
|
lib/libnssdbm3.so \
|
2009-08-08 01:32:03 +02:00
|
|
|
lib/libnssdbm3.chk \
|
2008-03-26 16:24:30 +01:00
|
|
|
lib/libnssutil3.so \
|
2007-01-16 00:25:44 +01:00
|
|
|
lib/libnssckbi.so \
|
2010-03-15 16:05:35 +01:00
|
|
|
lib/libnsssysinit.so \
|
2007-01-16 00:25:44 +01:00
|
|
|
lib/libsmime3.so \
|
|
|
|
|
lib/libsoftokn3.so \
|
|
|
|
|
lib/libsoftokn3.chk \
|
|
|
|
|
lib/libssl3.so \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_libdir}
|
2009-04-29 00:40:53 +02:00
|
|
|
cp -L lib/libfreebl3.so \
|
|
|
|
|
lib/libfreebl3.chk \
|
2016-07-31 12:48:39 +02:00
|
|
|
lib/libfreeblpriv3.so \
|
|
|
|
|
lib/libfreeblpriv3.chk \
|
2020-11-30 11:24:31 +01:00
|
|
|
%{buildroot}/%{_libdir}
|
2013-02-28 23:53:05 +01:00
|
|
|
#cp -L lib/libnsssqlite3.so \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
# %{buildroot}%{_libdir}
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy static libs
|
|
|
|
|
cp -L lib/libcrmf.a \
|
2015-09-24 19:37:48 +02:00
|
|
|
lib/libfreebl.a \
|
2007-01-16 00:25:44 +01:00
|
|
|
lib/libnssb.a \
|
|
|
|
|
lib/libnssckfw.a \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_libdir}
|
2007-01-16 00:25:44 +01:00
|
|
|
# copy tools
|
|
|
|
|
cp -L bin/certutil \
|
2008-03-26 16:24:30 +01:00
|
|
|
bin/cmsutil \
|
|
|
|
|
bin/crlutil \
|
2018-10-21 09:59:26 +02:00
|
|
|
bin/nss-policy-check \
|
2007-01-16 00:25:44 +01:00
|
|
|
bin/modutil \
|
|
|
|
|
bin/pk12util \
|
|
|
|
|
bin/signtool \
|
2008-03-26 16:24:30 +01:00
|
|
|
bin/signver \
|
2007-01-16 00:25:44 +01:00
|
|
|
bin/ssltap \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_bindir}
|
2023-02-15 00:11:03 +01:00
|
|
|
# copy man-pages
|
|
|
|
|
mkdir -p %{buildroot}%{_mandir}/man1/
|
|
|
|
|
cp -L %{_builddir}/nss-%{version}/nss/doc/nroff/* %{buildroot}%{_mandir}/man1/
|
2023-07-29 09:24:59 +02:00
|
|
|
# Fix conflict with perl-PAR-Packer which has a pp-exe in _bindir
|
|
|
|
|
mkdir -p %{buildroot}%{_mandir}/man7/
|
|
|
|
|
mv %{buildroot}%{_mandir}/man1/pp.1 %{buildroot}%{_mandir}/man7/pp.7
|
2008-03-26 16:24:30 +01:00
|
|
|
# copy unsupported tools
|
|
|
|
|
cp -L bin/atob \
|
|
|
|
|
bin/btoa \
|
|
|
|
|
bin/derdump \
|
|
|
|
|
bin/ocspclnt \
|
|
|
|
|
bin/pp \
|
|
|
|
|
bin/selfserv \
|
|
|
|
|
bin/shlibsign \
|
|
|
|
|
bin/strsclnt \
|
|
|
|
|
bin/symkeyutil \
|
|
|
|
|
bin/tstclnt \
|
|
|
|
|
bin/vfyserv \
|
|
|
|
|
bin/vfychain \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{buildroot}%{_libexecdir}/nss
|
2007-01-16 00:25:44 +01:00
|
|
|
# prepare pkgconfig file
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
mkdir -p %{buildroot}%{_libdir}/pkgconfig/
|
2007-01-16 00:25:44 +01:00
|
|
|
sed "s:%%LIBDIR%%:%{_libdir}:g
|
2009-04-29 00:40:53 +02:00
|
|
|
s:%%VERSION%%:%{version}:g
|
|
|
|
|
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
%{SOURCE1} > %{buildroot}%{_libdir}/pkgconfig/nss.pc
|
2022-03-27 21:24:54 +02:00
|
|
|
sed "s:%%LIBDIR%%:%{_libdir}:g
|
|
|
|
|
s:%%VERSION%%:%{version}:g
|
|
|
|
|
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
|
|
|
|
|
%{SOURCE11} > %{buildroot}%{_libdir}/pkgconfig/nss-util.pc
|
2007-01-16 00:25:44 +01:00
|
|
|
# prepare nss-config file
|
|
|
|
|
popd
|
2014-07-05 15:02:10 +02:00
|
|
|
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | gawk '{print $3}'`
|
|
|
|
|
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | gawk '{print $3}'`
|
|
|
|
|
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | gawk '{print $3}'`
|
2007-01-16 00:25:44 +01:00
|
|
|
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
-e "s,@prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@exec_prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
|
|
|
|
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
|
|
|
|
|
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
|
|
|
|
|
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
> %{buildroot}/%{_bindir}/nss-config
|
|
|
|
|
chmod 755 %{buildroot}/%{_bindir}/nss-config
|
2022-03-27 21:24:54 +02:00
|
|
|
NSSUTIL_VMAJOR=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
|
|
|
|
|
NSSUTIL_VMINOR=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
|
|
|
|
|
NSSUTIL_VPATCH=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
|
|
|
|
|
cat %{SOURCE13} | sed -e "s,@libdir@,%{_libdir},g" \
|
|
|
|
|
-e "s,@prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@exec_prefix@,%{_prefix},g" \
|
|
|
|
|
-e "s,@includedir@,%{_includedir}/nss3,g" \
|
|
|
|
|
-e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \
|
|
|
|
|
-e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \
|
|
|
|
|
-e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \
|
|
|
|
|
> %{buildroot}/%{_bindir}/nss-util-config
|
|
|
|
|
chmod 755 %{buildroot}/%{_bindir}/nss-util-config
|
2010-03-15 16:05:35 +01:00
|
|
|
# setup-nsssysinfo.sh
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
install -m 744 %{SOURCE6} %{buildroot}%{_sbindir}/
|
2010-09-27 00:45:55 +02:00
|
|
|
# create empty NSS database
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/modutil -force -dbdir "sql:%{buildroot}%{nssdbdir}" -create
|
|
|
|
|
#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/certutil -N -d "sql:%{buildroot}%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
|
|
|
|
|
#chmod 644 "%{buildroot}%{nssdbdir}"/*
|
2010-09-27 00:45:55 +02:00
|
|
|
#sed "s:%{buildroot}::g
|
|
|
|
|
#s/^library=$/library=libnsssysinit.so/
|
|
|
|
|
#/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
# %{buildroot}%{nssdbdir}/pkcs11.txt > %{buildroot}%{nssdbdir}/pkcs11.txt.sed
|
|
|
|
|
# mv %{buildroot}%{nssdbdir}/pkcs11.txt{.sed,}
|
2010-06-03 22:48:06 +02:00
|
|
|
# copy empty NSS database
|
- update to NSS 3.30.2
New Functionality
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust
are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY,
set to true. Applications that need to distinguish them from other
other root CAs, may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS
alerts that are sent or received.
New Functions
* CERT_CompareAVA - performs a comparison of two CERTAVA structures,
and returns a SECComparison result.
* PK11_HasAttributeSet - allows to check if a PKCS#11 object in a
given slot has a specific boolean attribute set.
* SSL_AlertReceivedCallback - register a callback function, that will
be called whenever an SSL/TLS alert is received
* SSL_AlertSentCallback - register a callback function, that will be
called whenever an SSL/TLS alert is sent
* SSL_SetSessionTicketKeyPair - configures an asymmetric key pair,
for use in wrapping session ticket keys, used by the server. This
function currently only accepts an RSA public/private key pair.
New Macros
* PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256
cipher family identifiers corresponding to the PKCS#5 v2.1 AES
based encryption schemes used in the PKCS#12 support in NSS
* CKA_NSS_MOZILLA_CA_POLICY - identifier for a boolean PKCS#11
attribute, that should be set to true, if a CA is present because
of it's acceptance according to the Mozilla CA Policy
Notable Changes
* The TLS server code has been enhanced to support session tickets
when no RSA certificate (e.g. only an ECDSA certificate) is configured.
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=241
2017-04-26 23:50:12 +02:00
|
|
|
install -m 644 %{SOURCE7} %{buildroot}%{nssdbdir}
|
|
|
|
|
install -m 644 %{SOURCE8} %{buildroot}%{nssdbdir}
|
|
|
|
|
install -m 644 %{SOURCE9} %{buildroot}%{nssdbdir}
|
2009-06-09 17:44:32 +02:00
|
|
|
# create shlib sigs after extracting debuginfo
|
|
|
|
|
%define __spec_install_post \
|
|
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
|
|
%{__arch_install_post} \
|
2019-08-30 08:37:13 +02:00
|
|
|
%__os_install_post \
|
2020-11-30 11:24:31 +01:00
|
|
|
LD_LIBRARY_PATH=:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libsoftokn3.so \
|
|
|
|
|
LD_LIBRARY_PATH=:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libnssdbm3.so \
|
|
|
|
|
LD_LIBRARY_PATH=:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_libdir}/libfreebl3.so \
|
|
|
|
|
LD_LIBRARY_PATH=:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_libdir}/libfreeblpriv3.so \
|
2009-06-09 17:44:32 +02:00
|
|
|
%{nil}
|
2007-09-14 00:46:20 +02:00
|
|
|
|
2009-06-09 17:44:32 +02:00
|
|
|
%post -p /sbin/ldconfig
|
2008-04-03 01:00:13 +02:00
|
|
|
%postun -p /sbin/ldconfig
|
2009-04-29 00:40:53 +02:00
|
|
|
%post -n libfreebl3 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libfreebl3 -p /sbin/ldconfig
|
2010-03-15 16:05:35 +01:00
|
|
|
%post -n libsoftokn3 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libsoftokn3 -p /sbin/ldconfig
|
2021-02-24 09:07:17 +01:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%post sysinit
|
|
|
|
|
/sbin/ldconfig
|
|
|
|
|
# make sure the current config is enabled
|
|
|
|
|
%{_sbindir}/setup-nsssysinit.sh on
|
|
|
|
|
|
|
|
|
|
%preun sysinit
|
|
|
|
|
if [ $1 = 0 ]; then
|
|
|
|
|
%{_sbindir}/setup-nsssysinit.sh off
|
2007-09-14 00:46:20 +02:00
|
|
|
fi
|
2007-01-16 00:25:44 +01:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%postun sysinit -p /sbin/ldconfig
|
|
|
|
|
|
2024-03-16 22:37:01 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
%posttrans
|
|
|
|
|
update-crypto-policies &> /dev/null || :
|
|
|
|
|
%endif
|
|
|
|
|
|
2007-01-16 00:25:44 +01:00
|
|
|
%files
|
2009-04-29 00:40:53 +02:00
|
|
|
%{_libdir}/libnss3.so
|
|
|
|
|
%{_libdir}/libnssutil3.so
|
|
|
|
|
%{_libdir}/libsmime3.so
|
|
|
|
|
%{_libdir}/libssl3.so
|
2007-01-16 00:25:44 +01:00
|
|
|
|
|
|
|
|
%files devel
|
|
|
|
|
%defattr(644, root, root, 755)
|
|
|
|
|
%{_includedir}/nss3/
|
|
|
|
|
%{_libdir}/*.a
|
|
|
|
|
%{_libdir}/pkgconfig/*
|
|
|
|
|
%attr(755,root,root) %{_bindir}/nss-config
|
2022-03-27 21:24:54 +02:00
|
|
|
%attr(755,root,root) %{_bindir}/nss-util-config
|
2007-01-16 00:25:44 +01:00
|
|
|
|
2008-03-26 16:24:30 +01:00
|
|
|
%files tools
|
|
|
|
|
%{_bindir}/*
|
2010-03-15 16:05:35 +01:00
|
|
|
%exclude %{_sbindir}/setup-nsssysinit.sh
|
2009-07-29 17:52:36 +02:00
|
|
|
%{_libexecdir}/nss/
|
2023-02-15 00:11:03 +01:00
|
|
|
%{_mandir}/*/*
|
2008-03-26 16:24:30 +01:00
|
|
|
%exclude %{_bindir}/nss-config
|
2022-03-27 21:24:54 +02:00
|
|
|
%exclude %{_bindir}/nss-util-config
|
2009-04-29 00:40:53 +02:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%files sysinit
|
|
|
|
|
%dir %{_sysconfdir}/pki
|
|
|
|
|
%dir %{_sysconfdir}/pki/nssdb
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/pki/nssdb/*
|
|
|
|
|
%{_libdir}/libnsssysinit.so
|
|
|
|
|
%{_sbindir}/setup-nsssysinit.sh
|
|
|
|
|
|
2009-04-29 00:40:53 +02:00
|
|
|
%files -n libfreebl3
|
2020-11-30 11:24:31 +01:00
|
|
|
%{_libdir}/libfreebl3.so
|
|
|
|
|
%{_libdir}/libfreeblpriv3.so
|
|
|
|
|
%{_libdir}/libfreebl3.chk
|
|
|
|
|
%{_libdir}/libfreeblpriv3.chk
|
2009-05-28 01:43:25 +02:00
|
|
|
|
2010-03-15 16:05:35 +01:00
|
|
|
%files -n libsoftokn3
|
|
|
|
|
%{_libdir}/libsoftokn3.so
|
|
|
|
|
%{_libdir}/libnssdbm3.so
|
2019-08-03 10:03:51 +02:00
|
|
|
%{_libdir}/libsoftokn3.chk
|
2010-03-15 16:05:35 +01:00
|
|
|
%{_libdir}/libnssdbm3.chk
|
|
|
|
|
|
2009-12-21 14:21:30 +01:00
|
|
|
%files certs
|
|
|
|
|
%{_libdir}/libnssckbi.so
|
|
|
|
|
|
2007-02-22 14:30:50 +01:00
|
|
|
%changelog
|
