File mozilla-nss.spec of Package mozilla-nss.2166

Overview Repositories Revisions Requests Users Attributes Meta

File mozilla-nss.spec of Package mozilla-nss.2166

#
# spec file for package mozilla-nss
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2006-2014 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

%global nss_softokn_fips_version 3.19.2

Name:           mozilla-nss
BuildRequires:  gcc-c++
BuildRequires:  mozilla-nspr-devel >= 4.10.10
BuildRequires:  pkg-config
BuildRequires:  sqlite-devel
BuildRequires:  zlib-devel
Version:        3.20.2
Release:        0
# bug437293
%ifarch ppc64
Obsoletes:      mozilla-nss-64bit
%endif
#
Summary:        Network Security Services
License:        MPL-2.0
Group:          System/Libraries
Url:            http://www.mozilla.org/projects/security/pki/nss/
# hg clone https://hg.mozilla.org/projects/nss nss-3.20.2/nss ; cd nss-3.20.2/nss ; hg up NSS_3_20_2_RTM
Source:         nss-%{version}.tar.xz
Source1:        nss.pc.in
Source2:        addon-certs.txt
Source3:        nss-config.in
Source4:        %{name}-rpmlintrc
Source5:        baselibs.conf
Source6:        setup-nsssysinit.sh
Source7:        cert9.db
Source8:        key4.db
Source9:        pkcs11.txt
#Source10:       PayPalEE.cert
Patch1:         nss-opt.patch
Patch2:         system-nspr.patch
Patch4:         nss-no-rpath.patch
Patch5:         renegotiate-transitional.patch
Patch6:         malloc.patch
Patch7:         nss-disable-ocsp-test.patch
Patch8:         nss-sqlitename.patch
Patch50:        nss-CC-mpi_zeroize.patch
Patch51:        nss-CC-zeroize.patch
Patch52:        nss-missing_alloc_check_DH_KEA_Derive.patch
Patch53:        nss-ECDSA-selftest-fix.patch
Patch54:        nss-CC-constructor_selftests.patch
Patch55:        nss-CC-approved_crypto-non-EC.patch
Patch56:        nss-CC-approved_crypto-ECs.patch
Patch57:        nss-CC-drbg_continuous_selftests.patch
Patch58:        nss-CC-drbg_fork_reseeds.patch
Patch59:        nss-CC-ctr.patch
Patch60:        nss-GCM-ctr.patch
Patch61:        nss-CC-rng_selection.patch
Patch62:        nss-CC-runtime_algorithm_selection.patch
Patch63:        nss-CC-RSA_keygen_FIPS186-4.patch
Patch64:        nss-CC-internals_access.patch
Patch65:        nss-CC-DSA_2k_selftest.patch
Patch66:        nss-CC-DH_selftest.patch
Patch67:        nss-CC-ECDH_selftest.patch
Patch80:        nss-CAVS-fixes.patch
Patch81:        nss-CAVS-helper_sripts_fixes.patch
Patch90:        nss-fix_mpi_division.patch
Patch91:        nss-UAF_in_DHE_handshakes.patch
Patch92:        nss-ASN.1_decoder_BO.patch
Patch93:        nss-UAF_in_DER_decoder.patch

%define nspr_ver %(rpm -q --queryformat '%{VERSION}' mozilla-nspr)
PreReq:         mozilla-nspr >= %nspr_ver
PreReq:         libfreebl3 >= %{nss_softokn_fips_version}
PreReq:         libsoftokn3 >= %{nss_softokn_fips_version}
%if %{_lib} == lib64
Requires:       libnssckbi.so()(64bit)
%else
Requires:       libnssckbi.so
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define nssdbdir %{_sysconfdir}/pki/nssdb
%ifnarch %sparc
%if ! 0%{?qemu_user_space_build}
%define run_testsuite 1
%endif
%endif

%description
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

%package devel
Summary:        Network (Netscape) Security Services development files
Group:          Development/Libraries/Other
Requires:       libfreebl3
Requires:       libsoftokn3
Requires:       mozilla-nspr-devel >= %{nspr_ver}
Requires:       mozilla-nss = %{version}-%{release}
# bug437293
%ifarch ppc64
Obsoletes:      mozilla-nss-devel-64bit
%endif

%description devel
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

%package tools
Summary:        Tools for developing, debugging, and managing applications that use NSS
Group:          System/Management
PreReq:         mozilla-nss >= %{version}

%description tools
The NSS Security Tools allow developers to test, debug, and manage
applications that use NSS.

%package sysinit
Summary:        System NSS Initialization
Group:          System/Management
Requires:       mozilla-nss >= %{version}
Requires(post): coreutils

%description sysinit
Default Operation System module that manages applications loading
NSS globally on the system. This module loads the system defined
PKCS #11 modules for NSS and chains with other NSS modules to load
any system or user configured modules.

%package -n libfreebl3
Summary:        Freebl library for the Network Security Services
Group:          System/Libraries

%description -n libfreebl3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

This package installs the freebl library from NSS.

%package -n libfreebl3-hmac
Summary:        Freebl library for the Network Security Services
Group:          System/Libraries
Requires:       libfreebl3 = %{version}-%{release}

%description -n libfreebl3-hmac
Checksums for libraries contained in the libfreebl3 package
used in the FIPS 140-2 mode.

%package -n libsoftokn3
Summary:        Network Security Services Softoken Module
Group:          System/Libraries
Requires:       libfreebl3 = %{version}-%{release}

%description -n libsoftokn3
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

Network Security Services Softoken Cryptographic Module

%package -n libsoftokn3-hmac
Summary:        Network Security Services Softoken Module
Group:          System/Libraries
Requires:       libsoftokn3 = %{version}-%{release}

%description -n libsoftokn3-hmac
Checksums for libraries contained in the libsoftokn3 package
used in the FIPS 140-2 mode.

%package certs
Summary:        CA certificates for NSS
Group:          Productivity/Networking/Security

%description certs
This package contains the integrated CA root certificates from the
Mozilla project.

%package cavs
Summary:        Tools for developing, debugging, and managing applications that use NSS
Group:          System/Management
Requires:       %{name} = %{version}-%{release}

%description cavs
FIPS140 CAVS tests related parts of the mozilla-nss package

%prep
%setup -n nss-%{version} -q
cd nss
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%if %{suse_version} > 1110
%patch6 -p1
%endif
%patch7 -p1
%patch8 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1
%patch61 -p1
%patch62 -p1
%patch63 -p1
%patch64 -p1
%patch65 -p1
%patch66 -p1
%patch67 -p1
%patch80 -p1
%patch81 -p1
%patch90 -p1
%patch91 -p1
%patch92 -p1
%patch93 -p1
# additional CA certificates
# additional CA certificates
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
#cat %{SOURCE2} >> certdata.txt
#make generate

%build
cd nss
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\""
find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +

export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export NSPR_INCLUDE_DIR=`nspr-config --includedir`
export NSPR_LIB_DIR=`nspr-config --libdir`
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
export LIBDIR=%{_libdir}
%ifarch x86_64 s390x ppc64 ppc64le ia64 aarch64
export USE_64=1
%endif
export NSS_USE_SYSTEM_SQLITE=1
#export SQLITE_LIB_NAME=nsssqlite3
MAKE_FLAGS="BUILD_OPT=1 NSS_ENABLE_ECC=1"
make nss_build_all $MAKE_FLAGS
# run testsuite
%if 0%{?run_testsuite}
export BUILD_OPT=1
export HOST="localhost"
export DOMSUF=" "
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
cd tests
# lowhash selftests hang in FIPS mode when building in a VM blocked on trying
# to read drained /dev/random, disable to make sure tests continue
sed -i.orig '66s/fips_mode in 0 1/fips_mode in 0/' lowhash/lowhash.sh
./all.sh
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
  echo "Testsuite FAILED"
  exit 1
fi
%endif

%install
cd nss
mkdir -p $RPM_BUILD_ROOT%{_libdir}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss/cavs
mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT%{nssdbdir}
pushd ../dist/Linux*
# copy headers
cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
# copy dynamic libs
# these checkusm files were generated *before* stripping, and would break final
# checksum generation if present:
#       lib/libnssdbm3.chk \
#       lib/libsoftokn3.chk \
#       lib/libfreebl3.chk \
cp -L  lib/libnss3.so \
       lib/libnssdbm3.so \
       lib/libnssutil3.so \
       lib/libnssckbi.so \
       lib/libnsssysinit.so \
       lib/libsmime3.so \
       lib/libsoftokn3.so \
       lib/libssl3.so \
       $RPM_BUILD_ROOT%{_libdir}
cp -L  lib/libfreebl3.so \
       $RPM_BUILD_ROOT/%{_lib}
%if %suse_version < 1030
cp -L  lib/libnsssqlite3.so \
       $RPM_BUILD_ROOT%{_libdir}
%endif
# copy static libs
cp -L  lib/libcrmf.a \
       lib/libnssb.a \
       lib/libnssckfw.a \
       $RPM_BUILD_ROOT%{_libdir}
# copy tools
cp -L  bin/certutil \
       bin/cmsutil \
       bin/crlutil \
       bin/modutil \
       bin/pk12util \
       bin/signtool \
       bin/signver \
       bin/ssltap \
       $RPM_BUILD_ROOT%{_bindir}
# copy unsupported tools
cp -L  bin/atob \
       bin/btoa \
       bin/derdump \
       bin/ocspclnt \
       bin/pp \
       bin/selfserv \
       bin/shlibsign \
       bin/strsclnt \
       bin/symkeyutil \
       bin/tstclnt \
       bin/vfyserv \
       bin/vfychain \
       $RPM_BUILD_ROOT%{_libexecdir}/nss
# copy CAVS tools
pwd
ls ..
ls ../..
cp -L  bin/fipstest \
       bin/pk11gcmtest \
       ../../nss/cmd/fipstest/aes.sh \
       ../../nss/cmd/fipstest/dsa.sh \
       ../../nss/cmd/fipstest/ecdsa.sh \
       ../../nss/cmd/fipstest/hmac.sh \
       ../../nss/cmd/fipstest/rng.sh \
       ../../nss/cmd/fipstest/rsa.sh \
       ../../nss/cmd/fipstest/sha.sh \
       ../../nss/cmd/fipstest/tdea.sh \
       ../../nss/cmd/pk11gcmtest/gcm.sh \
       $RPM_BUILD_ROOT%{_libexecdir}/nss/cavs
chmod 0755 $RPM_BUILD_ROOT%{_libexecdir}/nss/cavs/*
# prepare pkgconfig file
mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
sed "s:%%LIBDIR%%:%{_libdir}:g
s:%%VERSION%%:%{version}:g
s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
  %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
# prepare nss-config file
popd
NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
                     -e "s,@prefix@,%{_prefix},g" \
                     -e "s,@exec_prefix@,%{_prefix},g" \
                     -e "s,@includedir@,%{_includedir}/nss3,g" \
                     -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
                     -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
                     -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
                     > $RPM_BUILD_ROOT/%{_bindir}/nss-config
chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
# setup-nsssysinfo.sh
install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/
# create empty NSS database
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/*
#sed "s:%{buildroot}::g
#s/^library=$/library=libnsssysinit.so/
#/^NSS/s/$Flags=internal$$,[^m]$/\1,moduleDBOnly\2/" \
#  $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed
#  mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,}
# copy empty NSS database
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir}
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir}
# create shlib sigs after extracting debuginfo
%define __spec_install_post \
  %{?__debug_package:%{__debug_install_post}} \
  %{__arch_install_post} \
  %{__os_install_post} \
  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \
  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \
  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
%{nil}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post -n libfreebl3 -p /sbin/ldconfig

%postun -n libfreebl3 -p /sbin/ldconfig

%post -n libsoftokn3 -p /sbin/ldconfig

%postun -n libsoftokn3 -p /sbin/ldconfig

%post sysinit
/sbin/ldconfig
# make sure the current config is enabled
%{_sbindir}/setup-nsssysinit.sh on

%preun sysinit
if [ $1 = 0 ]; then
  %{_sbindir}/setup-nsssysinit.sh off
fi

%postun sysinit -p /sbin/ldconfig

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-, root, root)
%{_libdir}/libnss3.so
%{_libdir}/libnssutil3.so
%{_libdir}/libsmime3.so
%{_libdir}/libssl3.so
#%{_libdir}/libnsssqlite3.so

%files devel
%defattr(644, root, root, 755)
%{_includedir}/nss3/
%{_libdir}/*.a
%{_libdir}/pkgconfig/*
%attr(755,root,root) %{_bindir}/nss-config

%files tools
%defattr(-, root, root)
%{_bindir}/*
%exclude %{_sbindir}/setup-nsssysinit.sh
%{_libexecdir}/nss/
%exclude %{_libexecdir}/nss/cavs/
%exclude %{_bindir}/nss-config

%files sysinit
%defattr(-, root, root)
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/*
%{_libdir}/libnsssysinit.so
%{_sbindir}/setup-nsssysinit.sh

%files -n libfreebl3
%defattr(-, root, root)
/%{_lib}/libfreebl3.so

%files -n libfreebl3-hmac
%defattr(-, root, root)
/%{_lib}/libfreebl3.chk

%files -n libsoftokn3
%defattr(-, root, root)
%{_libdir}/libsoftokn3.so
%{_libdir}/libnssdbm3.so

%files -n libsoftokn3-hmac
%defattr(-, root, root)
%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssdbm3.chk

%files certs
%defattr(-, root, root)
%{_libdir}/libnssckbi.so

%files cavs
%defattr(-, root, root)
%dir %{_libexecdir}/nss/cavs
%{_libexecdir}/nss/cavs/*

%changelog

Places

File mozilla-nss.spec of Package mozilla-nss.2166

Places