mozilla-nss/mozilla-nss.spec

#
# spec file for package mozilla-nss (Version 3.12.3)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2006-2009 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild


Name:           mozilla-nss
BuildRequires:  gcc-c++ mozilla-nspr-devel zlib-devel
%if %suse_version == 1030
BuildRequires:  sqlite-devel
%endif
%if %suse_version > 1030
BuildRequires:  sqlite3-devel
%endif
License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
Version:        3.12.3
Release:        5
# bug437293
%ifarch ppc64
Obsoletes:      mozilla-nss-64bit
%endif
#
Summary:        Network (Netscape) Security Services
Url:            http://www.mozilla.org/projects/security/pki/nss/
Group:          System/Libraries
# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r <RTM_TAG> NSS
Source:         nss-%{version}.tar.bz2
Source1:        nss.pc.in
Source2:        addon-certs.txt
Source3:        nss-config.in
Source4:        PayPalEE.cert
Source5:        PayPalICA.cert
Patch1:         nss-opt.patch
Patch2:         nss-sqlitename.patch
Patch3:         system-nspr.patch
Patch4:         char.patch
Patch5:         nss-no-rpath.patch
Patch6:         nss-noexec.patch
Patch7:         bmo488646-oscp-test.patch
Patch8:         bmo485145-libjar.patch.bz2
Patch9:         malloc.patch
# Remove remnant traces from the package split.
Provides:       libnss3 = %{version}-%{release}
Obsoletes:      libnss3 <= %{version}-%{release}
%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
PreReq:         mozilla-nspr >= %nspr_ver
PreReq:         libfreebl3 >= %{version}
Requires(post): coreutils
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define nssdbdir %{_sysconfdir}/pki/nssdb
%define run_testsuite 1

%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v2 and v3,
TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.



Authors:
--------
    Mozilla Foundation <drivers@mozilla.org>

%package devel
License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
Summary:        Network (Netscape) Security Services development files
Group:          Development/Libraries/Other
Requires:       mozilla-nspr-devel 
Requires:       mozilla-nss = %{version}-%{release}
Requires:       libfreebl3 = %{version}-%{release}
# bug437293
%ifarch ppc64
Obsoletes:      mozilla-nss-devel-64bit
%endif

%description devel
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v2 and v3,
TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.



Authors:
--------
    Mozilla Foundation <drivers@mozilla.org>

%package tools
License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
Summary:        Tools for developing, debugging, and managing applications that use NSS
Group:          System/Management
PreReq:         mozilla-nss >= %{version}

%description tools
The NSS Security Tools allow developers to test, debug, and manage
applications that use NSS.



Authors:
--------
    Mozilla Foundation <drivers@mozilla.org>

%package -n libfreebl3
License:        GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL)
Summary:        Freebl library for the Network Security Services
Group:          System/Libraries

%description -n libfreebl3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v2 and v3,
TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

This package installs the freebl library from NSS.



Authors:
--------
    Mozilla Foundation

%prep
%setup -n nss-%{version} -q
cd mozilla
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%patch7
%patch8
%if %suse_version > 1110
%patch9
%endif
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
#cat %{SOURCE2} >> certdata.txt
#make generate

%build
export FREEBL_NO_DEPEND=1
cd mozilla/security/nss
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" 
export LIBDIR=%{_libdir}
%ifarch x86_64 s390x ppc64 ia64
export USE_64=1
%endif
%if %suse_version > 1020
export NSS_USE_SYSTEM_SQLITE=1
%endif
MAKE_FLAGS="BUILD_OPT=1 NSS_ENABLE_ECC=1"
make nss_build_all $MAKE_FLAGS
# run testsuite
%if %run_testsuite
export BUILD_OPT=1
export HOST="localhost"
export DOMSUF=" "
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
cd tests
# fix testsuite's certs
cp %{SOURCE4} %{SOURCE5} libpkix/certs/
./all.sh
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
  echo "Testsuite FAILED"
  exit 1
fi
%endif

%install
mkdir -p $RPM_BUILD_ROOT%{_libdir}/nss
mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
pushd mozilla/dist/Linux*
# copy headers
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
# copy dynamic libs
cp -L  lib/libnss3.so \
       lib/libnssdbm3.so \
       lib/libnssutil3.so \
       lib/libnssckbi.so \
       lib/libsmime3.so \
       lib/libsoftokn3.so \
       lib/libsoftokn3.chk \
       lib/libssl3.so \
       $RPM_BUILD_ROOT%{_libdir}
cp -L  lib/libfreebl3.so \
       lib/libfreebl3.chk \
       $RPM_BUILD_ROOT/%{_lib}
%if %suse_version < 1030
cp -L  lib/libnsssqlite3.so \
       $RPM_BUILD_ROOT%{_libdir}
%endif
# copy static libs
cp -L  lib/libcrmf.a \
       lib/libnssb.a \
       lib/libnssckfw.a \
       $RPM_BUILD_ROOT%{_libdir}
# copy tools
cp -L  bin/certutil \
       bin/cmsutil \
       bin/crlutil \
       bin/modutil \
       bin/pk12util \
       bin/signtool \
       bin/signver \
       bin/ssltap \
       $RPM_BUILD_ROOT%{_bindir}
# copy unsupported tools
cp -L  bin/atob \
       bin/btoa \
       bin/derdump \
       bin/ocspclnt \
       bin/pp \
       bin/selfserv \
       bin/shlibsign \
       bin/strsclnt \
       bin/symkeyutil \
       bin/tstclnt \
       bin/vfyserv \
       bin/vfychain \
       $RPM_BUILD_ROOT%{_libdir}/nss
# prepare pkgconfig file
mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
sed "s:%%LIBDIR%%:%{_libdir}:g
s:%%VERSION%%:%{version}:g
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
  %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
# prepare nss-config file
popd
NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
                     -e "s,@prefix@,%{_prefix},g" \
                     -e "s,@exec_prefix@,%{_prefix},g" \
                     -e "s,@includedir@,%{_includedir}/nss3,g" \
                     -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
                     -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
                     -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
                     > $RPM_BUILD_ROOT/%{_bindir}/nss-config
chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
# create shlib sigs after extracting debuginfo
%define __spec_install_post \
  %{?__debug_package:%{__debug_install_post}} \
  %{__arch_install_post} \
  %{__os_install_post} \
  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \
  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
%{nil}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post -n libfreebl3 -p /sbin/ldconfig

%postun -n libfreebl3 -p /sbin/ldconfig

%post tools
if [ ! -d "%{nssdbdir}" ] ; then
    mkdir -p "%{nssdbdir}"
fi
if [ ! -f "%{nssdbdir}/pkcs11.txt" ] ; then
    modutil -force -dbdir "sql:%{nssdbdir}" -create
    chmod 644 "%{nssdbdir}"/*
fi

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-, root, root)
%{_libdir}/libnss3.so
%{_libdir}/libnssckbi.so
%{_libdir}/libnssdbm3.so
%{_libdir}/libnssutil3.so
%{_libdir}/libsmime3.so
%{_libdir}/libsoftokn3.so
%{_libdir}/libssl3.so
%if %suse_version < 1030
%{_libdir}/libnsssqlite3.so
%endif
%{_libdir}/nss/shlibsign
%{_libdir}/libsoftokn3.chk
/%{_lib}/libfreebl3.chk

%files devel
%defattr(644, root, root, 755)
%{_includedir}/nss3/
%{_libdir}/*.a
%{_libdir}/pkgconfig/*
%attr(755,root,root) %{_bindir}/nss-config

%files tools
%defattr(-, root, root)
%{_bindir}/*
%{_libdir}/nss/
%exclude %{_libdir}/nss/shlibsign
%exclude %{_bindir}/nss-config

%files -n libfreebl3
%defattr(-, root, root)
/%{_lib}/libfreebl3.so

%changelog
* Sat Jun 06 2009 wr@rosenauer.org
- Temporary testsuite fix for Factory (bnc#509308) (malloc.patch)
- remove the post scriptlet which created the *.chk files and
  use a RPM feature to create them after debuginfo stuff
* Tue Jun 02 2009 wr@rosenauer.org
- updated builtin root certs by updating to
  NSS_3_12_3_WITH_CKBI_1_75_RTM tag which is supposed to be the
  base for Firefox 3.5.0
- PreReq coreutils in the main package already as "rm" is used
  in its %%post script
- disable testsuite for this moment as it crashes on Factory
  currently for an unknown reason
* Thu May 21 2009 wr@rosenauer.org
- renew Paypal certs to fix testsuite errors (bmo#491163)
* Mon Apr 20 2009 wr@rosenauer.org
- update to version 3.12.3 RTM
  * default behaviour changed slightly but can be set up
  backward compatible using environment variables
  https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables
  * New Korean SEED cipher
  * Some new functions in the nss library:
  CERT_RFC1485_EscapeAndQuote (see cert.h)
  CERT_CompareCerts (see cert.h)
  CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h)
  PK11_GetSymKeyHandle (see pk11pqg.h)
  UTIL_SetForkState (see secoid.h)
  NSS_GetAlgorithmPolicy (see secoid.h)
  NSS_SetAlgorithmPolicy (see secoid.h)
- created libfreebl3 subpackage and build it w/o nspr and nss deps
- added patch to make all ASM noexecstack
- create the softokn3 and freebl3 checksums at installation time
  (moved shlibsign to the main package to achieve that)
- applied upstream patch to avoid OSCP test failures (bmo#488646)
- applied upstream patch to fix libjar crashes (bmo#485145)
* Wed Feb 04 2009 wr@rosenauer.org
- update to version 3.12.2 RTM (with CKBI 1.73) as in FF 3.0.6
* Tue Jan 13 2009 wr@rosenauer.org
- update to version 3.12.2rc1 (as used by FF 3.0.5)
  * NSS is now using system zlib (bmo#302670)
- create a system wide, sql based NSS database in /etc/pki/nssdb
  (let previously created /etc/ssl/nssdb untouched)
* Wed Jan 07 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Thu Oct 23 2008 maw@suse.de
- Review and approve changes.
* Thu Aug 21 2008 wr@rosenauer.org
- run testsuite (bnc#418233)
* Tue Jun 17 2008 maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
  (bnc#400001 and SWAMP#18164).
* Wed May 28 2008 wr@rosenauer.org
- update to 3.12.0rc4 (20080528) (featuring FF3.0)
* Tue Apr 29 2008 maw@suse.de
- Prerequire coretools in the -tools subpackage (bnc#379540)
- Require sqlite3-devel to build.
* Mon Apr 14 2008 maw@suse.de
- Merge some fixes from the build service's version.
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Mon Mar 31 2008 maw@suse.de
- Undo the shared library package split, per discussion in
  opensuse-packaging.
* Mon Mar 31 2008 wr@rosenauer.org
- new snapshot still based on 3.12.0 Beta 3 (20080330)
* Tue Mar 25 2008 maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
- Update to a new snapshot of nss based on 3.12.0 Beta 2:
  + Update build requirements accordingly
  + Add nss-sqlitename.patch and nss-no-rpath.patch
- Split out a shared library subpackage.
* Mon Dec 10 2007 rguenther@suse.de
- disable use of freebl/mpi/mp_comba.c.  [#346256]
* Sun Sep 16 2007 coolo@suse.de
- fixing errors in %%post during installation
* Thu Sep 13 2007 jberkman@novell.com
- merge -tools package into main package
- create system-wide nssdb for system configuration of smart cards,
  as used by pam_pkcs11, krb5 pkinit, and others
* Thu Jul 26 2007 maw@suse.de
- Update to version 3.11.7 (from the build service)
- Bug fixes.
* Mon Jun 11 2007 ro@suse.de
- use string[0] instead of string in char.patch
* Mon Jun 11 2007 ro@suse.de
- update to NSS 3.11.6 (pull in from wr from opensuse BS)
* Thu Feb 22 2007 maw@suse.de
- Update to NSS 3.11.5 (thanks, Wolfgang)
* Sun Oct 01 2006 wr@rosenauer.org
- update to NSS 3.11.3
- requires NSPR 4.6.3 (pkgconfig)
* Wed Sep 06 2006 stark@suse.de
- update to NSS_3_11_20060905_TAG to be in sync with
  Gecko 1.8.1
* Mon Aug 07 2006 stark@suse.de
- enabled usage of ECC
* Sat Aug 05 2006 stark@suse.de
- update to NSS_3_11_20060731_TAG to be in sync with
  Gecko 1.8.1
* Fri Jul 28 2006 stark@suse.de
- fixed usage of uninitialized pointers (uninit.patch)
- requires NSPR 4.6.2
* Sat Jul 01 2006 stark@suse.de
- update to 3.11.2 RTM version
  * ECC not enabled but defines needed symbols
* Thu Jun 08 2006 stark@suse.de
- update to 3.11.2 beta
  * enabled ECC (needed since MOZILLA_1_8_BRANCH)
* Mon May 15 2006 stark@suse.de
- update to 3.11.1 RTM version
  including:
  * TLS server name indication extension support
  * implement RFC 3546 (TLS v1.0 extensions)
  * fixed bugs found by Coverity
* Mon Jan 30 2006 stark@suse.de
- removed additional CA certs
- removed zip from BuildRequires
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Jan 11 2006 stark@suse.de
- install nss-config executable
* Fri Dec 16 2005 stark@suse.de
- marked libfreebl3.so noexec stack
* Fri Dec 16 2005 stark@suse.de
- update to 3.11 RTM version
- provide nss-config file
- added static libs
- moved include files to /usr/include/nss3
- only ship a subset of the tools
* Sat Nov 26 2005 stark@suse.de
- update to 3.11rc1
- fixed PC file for 64bit archs
* Tue Nov 15 2005 stark@suse.de
- update to current 3.10.2 snapshot (20051114)
* Wed Nov 02 2005 stark@suse.de
- added tools subpackage which provides all NSS related
  tools for managing and debugging NSS stuff
* Tue Oct 11 2005 stark@suse.de
- update to current 3.10.2 snapshot
* Mon Sep 26 2005 stark@suse.de
- prerequire the correct NSPR version
* Thu Sep 22 2005 stark@suse.de
- update to NSS_3_10_2_BETA1
* Tue Jul 05 2005 stark@suse.de
- use RPM_OPT_FLAGS
- fixed requirements for devel package
* Wed Jun 08 2005 stark@suse.de
- added pkgconfig file
- fixed permission for include directory
- fixed compiler/abuild warning
- included correct header files
* Mon May 09 2005 stark@suse.de
- update to 3.10 RTM version
* Wed Apr 27 2005 stark@suse.de
- don't package static libs
- copy NSPR static libs from new location
* Thu Apr 07 2005 stark@suse.de
- update to 3.10beta3
* Fri Apr 01 2005 stark@suse.de
- don't parallelize build
* Thu Mar 31 2005 stark@suse.de
- fixed build on other archs
- update to 3.10beta2
* Sat Mar 19 2005 stark@suse.de
- update to 3.10beta1
* Tue Mar 08 2005 stark@suse.de
- initial standalone package