# # spec file for package mozilla-nss (Version 3.12.3) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: mozilla-nss BuildRequires: gcc-c++ mozilla-nspr-devel zlib-devel %if %suse_version == 1030 BuildRequires: sqlite-devel %endif %if %suse_version > 1030 BuildRequires: sqlite3-devel %endif License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Version: 3.12.3 Release: 1 # bug437293 %ifarch ppc64 Obsoletes: mozilla-nss-64bit %endif # Summary: Network (Netscape) Security Services Url: http://www.mozilla.org/projects/security/pki/nss/ Group: System/Libraries # cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r NSS Source: nss-%{version}.tar.bz2 Source1: nss.pc.in Source2: addon-certs.txt Source3: nss-config.in Patch1: nss-opt.patch Patch2: nss-sqlitename.patch Patch3: system-nspr.patch Patch4: char.patch Patch5: nss-no-rpath.patch Patch6: nss-noexec.patch Patch7: bmo488646-oscp-test.patch Patch8: bmo485145-libjar.patch.bz2 # Remove remnant traces from the package split. Provides: libnss3 = %{version}-%{release} Obsoletes: libnss3 <= %{version}-%{release} %define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr) PreReq: mozilla-nspr >= %nspr_ver PreReq: libfreebl3 >= %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %define nssdbdir %{_sysconfdir}/pki/nssdb %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Authors: -------- Mozilla Foundation %package devel License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Summary: Network (Netscape) Security Services development files Group: Development/Libraries/Other Requires: mozilla-nspr-devel Requires: mozilla-nss = %{version}-%{release} Requires: libfreebl3 = %{version}-%{release} # bug437293 %ifarch ppc64 Obsoletes: mozilla-nss-devel-64bit %endif %description devel Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Authors: -------- Mozilla Foundation %package tools License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Summary: Tools for developing, debugging, and managing applications that use NSS. Group: System/Management PreReq: mozilla-nss >= %{version} Requires(post): coreutils %description tools The NSS Security Tools allow developers to test, debug, and manage applications that use NSS. Authors: -------- Mozilla Foundation %package -n libfreebl3 License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Summary: Freebl library for the Network Security Services Group: System/Libraries %description -n libfreebl3 Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This package installs the freebl library from NSS. Authors: -------- Mozilla Foundation %prep %setup -n nss-%{version} -q cd mozilla %patch1 %patch2 %patch3 %patch4 %patch5 %patch6 %patch7 %patch8 # additional CA certificates #cd security/nss/lib/ckfw/builtins #cat %{SOURCE2} >> certdata.txt #make generate %build export FREEBL_NO_DEPEND=1 cd mozilla/security/nss export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export LIBDIR=%{_libdir} %ifarch x86_64 s390x ppc64 ia64 export USE_64=1 %endif %if %suse_version > 1020 export NSS_USE_SYSTEM_SQLITE=1 %endif MAKE_FLAGS="BUILD_OPT=1 NSS_ENABLE_ECC=1" make nss_build_all $MAKE_FLAGS # run testsuite export BUILD_OPT=1 export HOST="localhost" export DOMSUF=" " export USE_IP=TRUE export IP_ADDRESS="127.0.0.1" cd tests ./all.sh if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then echo "Testsuite FAILED" exit 1 fi %install mkdir -p $RPM_BUILD_ROOT%{_libdir}/nss mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3 mkdir -p $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT/%{_lib} pushd mozilla/dist/Linux* # copy headers cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3 # copy dynamic libs cp -L lib/libnss3.so \ lib/libnssdbm3.so \ lib/libnssutil3.so \ lib/libnssckbi.so \ lib/libsmime3.so \ lib/libsoftokn3.so \ lib/libsoftokn3.chk \ lib/libssl3.so \ $RPM_BUILD_ROOT%{_libdir} cp -L lib/libfreebl3.so \ lib/libfreebl3.chk \ $RPM_BUILD_ROOT/%{_lib} %if %suse_version < 1030 cp -L lib/libnsssqlite3.so \ $RPM_BUILD_ROOT%{_libdir} %endif # copy static libs cp -L lib/libcrmf.a \ lib/libnssb.a \ lib/libnssckfw.a \ $RPM_BUILD_ROOT%{_libdir} # copy tools cp -L bin/certutil \ bin/cmsutil \ bin/crlutil \ bin/modutil \ bin/pk12util \ bin/signtool \ bin/signver \ bin/ssltap \ $RPM_BUILD_ROOT%{_bindir} # copy unsupported tools cp -L bin/atob \ bin/btoa \ bin/derdump \ bin/ocspclnt \ bin/pp \ bin/selfserv \ bin/shlibsign \ bin/strsclnt \ bin/symkeyutil \ bin/tstclnt \ bin/vfyserv \ bin/vfychain \ $RPM_BUILD_ROOT%{_libdir}/nss # prepare pkgconfig file mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/ sed "s:%%LIBDIR%%:%{_libdir}:g s:%%VERSION%%:%{version}:g s:%%NSPR_VERSION%%:%{nspr_ver}:g" \ %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc # prepare nss-config file popd NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ -e "s,@includedir@,%{_includedir}/nss3,g" \ -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ > $RPM_BUILD_ROOT/%{_bindir}/nss-config chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config %post /sbin/ldconfig # sign # removal of libfreebl3.so is a special needed case: # with this package it moves to %_lib and therefore is still # installed when %post runs disturbing the shlibsign tool rm -f %{_libdir}/libfreebl3.so rm -f %{_libdir}/libsoftokn3.chk rm -f /%{_lib}/libfreebl3.chk %{_libdir}/nss/shlibsign -i %{_libdir}/libsoftokn3.so %{_libdir}/nss/shlibsign -i /%{_lib}/libfreebl3.so # sign existing baselibs as well (FIXME other multiarchs) %ifarch x86_64 if [ -e /lib/libfreebl3.so ]; then rm -f /lib/libfreebl3.chk %{_libdir}/nss/shlibsign -i /lib/libfreebl3.so fi if [ -e /usr/lib/libsoftokn3.so ]; then rm -f /usr/lib/libsoftokn3.chk %{_libdir}/nss/shlibsign -i /usr/lib/libsoftokn3.so fi %endif %postun -p /sbin/ldconfig %post -n libfreebl3 -p /sbin/ldconfig %postun -n libfreebl3 -p /sbin/ldconfig %post tools if [ ! -d "%{nssdbdir}" ] ; then mkdir -p "%{nssdbdir}" fi if [ ! -f "%{nssdbdir}/pkcs11.txt" ] ; then modutil -force -dbdir "sql:%{nssdbdir}" -create chmod 644 "%{nssdbdir}"/* fi %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-, root, root) %{_libdir}/libnss3.so %{_libdir}/libnssckbi.so %{_libdir}/libnssdbm3.so %{_libdir}/libnssutil3.so %{_libdir}/libsmime3.so %{_libdir}/libsoftokn3.so %{_libdir}/libssl3.so %if %suse_version < 1030 %{_libdir}/libnsssqlite3.so %endif %{_libdir}/nss/shlibsign %ghost %verify(not md5 mtime size) %{_libdir}/libsoftokn3.chk %ghost %verify(not md5 mtime size) /%{_lib}/libfreebl3.chk %files devel %defattr(644, root, root, 755) %{_includedir}/nss3/ %{_libdir}/*.a %{_libdir}/pkgconfig/* %attr(755,root,root) %{_bindir}/nss-config %files tools %defattr(-, root, root) %{_bindir}/* %{_libdir}/nss/ %exclude %{_libdir}/nss/shlibsign %exclude %{_bindir}/nss-config %files -n libfreebl3 %defattr(-, root, root) /%{_lib}/libfreebl3.so %changelog * Mon Apr 20 2009 wr@rosenauer.org - update to version 3.12.3 RTM * default behaviour changed slightly but can be set up backward compatible using environment variables https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables * New Korean SEED cipher * Some new functions in the nss library: CERT_RFC1485_EscapeAndQuote (see cert.h) CERT_CompareCerts (see cert.h) CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h) PK11_GetSymKeyHandle (see pk11pqg.h) UTIL_SetForkState (see secoid.h) NSS_GetAlgorithmPolicy (see secoid.h) NSS_SetAlgorithmPolicy (see secoid.h) - created libfreebl3 subpackage and build it w/o nspr and nss deps - added patch to make all ASM noexecstack - create the softokn3 and freebl3 checksums at installation time (moved shlibsign to the main package to achieve that) - applied upstream patch to avoid OSCP test failures (bmo#488646) - applied upstream patch to fix libjar crashes (bmo#485145) * Wed Feb 04 2009 wr@rosenauer.org - update to version 3.12.2 RTM (with CKBI 1.73) as in FF 3.0.6 * Tue Jan 13 2009 wr@rosenauer.org - update to version 3.12.2rc1 (as used by FF 3.0.5) * NSS is now using system zlib (bmo#302670) - create a system wide, sql based NSS database in /etc/pki/nssdb (let previously created /etc/ssl/nssdb untouched) * Wed Jan 07 2009 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Thu Oct 23 2008 maw@suse.de - Review and approve changes. * Thu Aug 21 2008 wr@rosenauer.org - run testsuite (bnc#418233) * Tue Jun 17 2008 maw@suse.de - Merge changes from the build service (thanks, Wolfgang) (bnc#400001 and SWAMP#18164). * Wed May 28 2008 wr@rosenauer.org - update to 3.12.0rc4 (20080528) (featuring FF3.0) * Tue Apr 29 2008 maw@suse.de - Prerequire coretools in the -tools subpackage (bnc#379540) - Require sqlite3-devel to build. * Mon Apr 14 2008 maw@suse.de - Merge some fixes from the build service's version. * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Mon Mar 31 2008 maw@suse.de - Undo the shared library package split, per discussion in opensuse-packaging. * Mon Mar 31 2008 wr@rosenauer.org - new snapshot still based on 3.12.0 Beta 3 (20080330) * Tue Mar 25 2008 maw@suse.de - Merge changes from the build service (thanks, Wolfgang) - Update to a new snapshot of nss based on 3.12.0 Beta 2: + Update build requirements accordingly + Add nss-sqlitename.patch and nss-no-rpath.patch - Split out a shared library subpackage. * Mon Dec 10 2007 rguenther@suse.de - disable use of freebl/mpi/mp_comba.c. [#346256] * Sun Sep 16 2007 coolo@suse.de - fixing errors in %%post during installation * Thu Sep 13 2007 jberkman@novell.com - merge -tools package into main package - create system-wide nssdb for system configuration of smart cards, as used by pam_pkcs11, krb5 pkinit, and others * Thu Jul 26 2007 maw@suse.de - Update to version 3.11.7 (from the build service) - Bug fixes. * Mon Jun 11 2007 ro@suse.de - use string[0] instead of string in char.patch * Mon Jun 11 2007 ro@suse.de - update to NSS 3.11.6 (pull in from wr from opensuse BS) * Thu Feb 22 2007 maw@suse.de - Update to NSS 3.11.5 (thanks, Wolfgang) * Sun Oct 01 2006 wr@rosenauer.org - update to NSS 3.11.3 - requires NSPR 4.6.3 (pkgconfig) * Wed Sep 06 2006 stark@suse.de - update to NSS_3_11_20060905_TAG to be in sync with Gecko 1.8.1 * Mon Aug 07 2006 stark@suse.de - enabled usage of ECC * Sat Aug 05 2006 stark@suse.de - update to NSS_3_11_20060731_TAG to be in sync with Gecko 1.8.1 * Fri Jul 28 2006 stark@suse.de - fixed usage of uninitialized pointers (uninit.patch) - requires NSPR 4.6.2 * Sat Jul 01 2006 stark@suse.de - update to 3.11.2 RTM version * ECC not enabled but defines needed symbols * Thu Jun 08 2006 stark@suse.de - update to 3.11.2 beta * enabled ECC (needed since MOZILLA_1_8_BRANCH) * Mon May 15 2006 stark@suse.de - update to 3.11.1 RTM version including: * TLS server name indication extension support * implement RFC 3546 (TLS v1.0 extensions) * fixed bugs found by Coverity * Mon Jan 30 2006 stark@suse.de - removed additional CA certs - removed zip from BuildRequires * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Wed Jan 11 2006 stark@suse.de - install nss-config executable * Fri Dec 16 2005 stark@suse.de - marked libfreebl3.so noexec stack * Fri Dec 16 2005 stark@suse.de - update to 3.11 RTM version - provide nss-config file - added static libs - moved include files to /usr/include/nss3 - only ship a subset of the tools * Sat Nov 26 2005 stark@suse.de - update to 3.11rc1 - fixed PC file for 64bit archs * Tue Nov 15 2005 stark@suse.de - update to current 3.10.2 snapshot (20051114) * Wed Nov 02 2005 stark@suse.de - added tools subpackage which provides all NSS related tools for managing and debugging NSS stuff * Tue Oct 11 2005 stark@suse.de - update to current 3.10.2 snapshot * Mon Sep 26 2005 stark@suse.de - prerequire the correct NSPR version * Thu Sep 22 2005 stark@suse.de - update to NSS_3_10_2_BETA1 * Tue Jul 05 2005 stark@suse.de - use RPM_OPT_FLAGS - fixed requirements for devel package * Wed Jun 08 2005 stark@suse.de - added pkgconfig file - fixed permission for include directory - fixed compiler/abuild warning - included correct header files * Mon May 09 2005 stark@suse.de - update to 3.10 RTM version * Wed Apr 27 2005 stark@suse.de - don't package static libs - copy NSPR static libs from new location * Thu Apr 07 2005 stark@suse.de - update to 3.10beta3 * Fri Apr 01 2005 stark@suse.de - don't parallelize build * Thu Mar 31 2005 stark@suse.de - fixed build on other archs - update to 3.10beta2 * Sat Mar 19 2005 stark@suse.de - update to 3.10beta1 * Tue Mar 08 2005 stark@suse.de - initial standalone package