From: Michael Tremer Date: Fri, 15 Oct 2010 19:18:34 +0000 (+0200) Subject: nss-softokn: New package. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98e4b7dccf63fd6c1cdf7c089e22f054b4d82e1e;p=ipfire-3.x.git nss-softokn: New package. --- diff --git a/pkgs/core/nss-softokn/nss-softokn-config.in b/pkgs/core/nss-softokn/nss-softokn-config.in new file mode 100644 index 000000000..f46ba24c1 --- /dev/null +++ b/pkgs/core/nss-softokn/nss-softokn-config.in @@ -0,0 +1,116 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss-softokn` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss-softokn` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss-softokn` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + echo $libdirs +fi + diff --git a/pkgs/core/nss-softokn/nss-softokn.nm b/pkgs/core/nss-softokn/nss-softokn.nm new file mode 100644 index 000000000..b44ab3ce6 --- /dev/null +++ b/pkgs/core/nss-softokn/nss-softokn.nm @@ -0,0 +1,131 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = nss-softokn +PKG_VER = 3.12.8 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Libraries +PKG_URL = http://www.mozilla.org/projects/security/pki/nss/ +PKG_LICENSE = MPLv1.1 or GPLv2+ or LGPLv2+ +PKG_SUMMARY = Network Security Services Softoken Module. + +PKG_BUILD_DEPS+= nspr-devel nss-util-devel perl pkg-config psmisc sqlite-devel \ + zlib-devel + +define PKG_DESCRIPTION + Network Security Services Softoken Cryptographic Module. +endef + +PKG_TARBALL = $(THISAPP)-stripped.tar.bz2 + +PKG_PACKAGES += $(PKG_NAME_REAL)-devel + +PKG_DEPS-$(PKG_NAME_REAL)-devel += nss-util-devel + +# Mozilla does no versioning :( +define PKG_FILES-$(PKG_NAME_REAL)-devel + /usr/bin/*-config + /usr/include + /usr/lib/libfreebl3.so + /usr/lib/pkgconfig +endef + +## Define some global environment variables + +export FREEBL_NO_DEPEND=1 +export FREEBL_USE_PRELINK=1 + +# Enable compiler optimizations and disable debugging code +export BUILD_OPT=1 +export XCFLAGS=$(CFLAGS) + +export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 +export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + +export NSPR_INCLUDE_DIR=/usr/include/nspr4 +export NSPR_LIB_DIR=/usr/lib + +export NSS_INCLUDE_DIR=/usr/include/nss3 +export NSS_LIB_DIR=/usr/lib + +export NSS_USE_SYSTEM_SQLITE=1 + +define STAGE_BUILD + cd $(DIR_APP) && make -C ./mozilla/security/coreconf + cd $(DIR_APP) && make -C ./mozilla/security/dbm + cd $(DIR_APP) && make -C ./mozilla/security/nss +endef + +define STAGE_INSTALL + -mkdir -pv $(BUILDROOT)/lib + -mkdir -pv $(BUILDROOT)/usr/include/nss3 + -mkdir -pv $(BUILDROOT)/usr/{bin,lib} + -mkdir -pv $(BUILDROOT)/usr/lib/pkgconfig + -mkdir -pv $(BUILDROOT)/usr/lib/nss/unsupported-tools + + install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/lib/libsoftokn3.so \ + $(BUILDROOT)/usr/lib + install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/lib/libnssdbm3.so \ + $(BUILDROOT)/usr/lib + install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/lib/libfreebl3.so \ + $(BUILDROOT)/lib + ln -svf ../../lib/libfreebl3.so $(BUILDROOT)/usr/lib/libfreebl3.so + + # Copy the binaries we ship as unsupported + install -p -v -m 755 $(DIR_APP)/mozilla/dist/*.OBJ/bin/shlibsign $(BUILDROOT)/usr/lib/nss/unsupported-tools + + sed -e "s,@libdir@,/usr/lib,g" \ + -e "s,@prefix@,/usr,g" \ + -e "s,@exec_prefix@,/usr,g" \ + -e "s,@includedir@,/usr/include/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMAJOR" $(DIR_APP)/mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \ + -e "s,@MOD_MINOR_VERSION@,$$(grep "#define.*SOFTOKEN_VMINOR" $(DIR_APP)/mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \ + -e "s,@MOD_PATCH_VERSION@,$$(grep "#define.*SOFTOKEN_VPATCH" $(DIR_APP)/mozilla/security/nss/lib/softoken/softkver.h | awk '{print $3}'),g" \ + < $(DIR_SOURCE)/nss-softokn-config.in \ + > $(BUILDROOT)/usr/bin/nss-softokn-config + chmod -v 755 $(BUILDROOT)/usr/bin/nss-softokn-config + + # XXX need to fix this + sed \ + -e "s,%libdir%,/usr/lib,g" \ + -e "s,%prefix%,/usr,g" \ + -e "s,%exec_prefix%,/usr,g" \ + -e "s,%includedir%,/usr/include/nss3,g" \ + -e "s,%NSS_VERSION%,$(PKG_VER),g" \ + -e "s,%NSPR_VERSION%,$$(nspr-config --version),g" \ + -e "s,%NSSUTIL_VERSION%,$$(nss-util-config --version),g" \ + -e "s,%SOFTOKEN_VERSION%,$(PKG_VER),g" \ + < $(DIR_SOURCE)/nss-softokn.pc.in \ + > $(BUILDROOT)/usr/lib/pkgconfig/nss-softokn.pc + + # Copy the include files we want + cp -vf $(DIR_APP)/mozilla/dist/public/nss/*.h $(BUILDROOT)/usr/include/nss3 + cp -vf $(DIR_APP)/mozilla/dist/private/nss/blapi.h \ + $(BUILDROOT)/usr/include/nss3 + chmod -v 644 $(BUILDROOT)/usr/include/nss3/*.h +endef diff --git a/pkgs/core/nss-softokn/nss-softokn.pc.in b/pkgs/core/nss-softokn/nss-softokn.pc.in new file mode 100644 index 000000000..b7fc3d116 --- /dev/null +++ b/pkgs/core/nss-softokn/nss-softokn.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS-SOFTOKN +Description: Network Security Services Softoken PKCS #11 Module +Version: %SOFTOKEN_VERSION% +Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% +Libs: -lfreebl3 -lnssdbm3 -lsoftokn3 +Cflags: -I${includedir} diff --git a/pkgs/core/nss-softokn/nss-softokn.spec b/pkgs/core/nss-softokn/nss-softokn.spec new file mode 100644 index 000000000..9f405d32e --- /dev/null +++ b/pkgs/core/nss-softokn/nss-softokn.spec @@ -0,0 +1,462 @@ +%global nspr_version 4.8.6 +%global nss_name nss +%global nss_util_version 3.12.8 +%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools +%global saved_files_dir %{_libdir}/nss/saved + +# Produce .chk files for the final stripped binaries +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \ + $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \ + $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \ +%{nil} + +Summary: Network Security Services Softoken Module +Name: nss-softokn +Version: 3.12.8 +Release: 2%{?dist} +License: MPLv1.1 or GPLv2+ or LGPLv2+ +URL: http://www.mozilla.org/projects/security/pki/nss/ +Group: System Environment/Libraries +Requires: nspr >= %{nspr_version} +Requires: nss-util >= %{nss_util_version} +Requires: nss-softokn-freebl%{_isa} >= %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: nspr-devel >= %{nspr_version} +BuildRequires: nss-util-devel >= %{nss_util_version} +BuildRequires: sqlite-devel +BuildRequires: zlib-devel +BuildRequires: pkgconfig +BuildRequires: gawk +BuildRequires: psmisc +BuildRequires: perl + +Source0: %{name}-%{version}-stripped.tar.bz2 +# The nss-softokn tar ball is a subset of nss-{version}-stripped.tar.bz2, +# Therefore we use the nss-split-softokn.sh script to keep only what we need. +# Download the nss tarball via git from the nss propect and follow these +# steps to make the tarball for nss-util out of the one for nss: +# fedpkg clone nss +# fedpkg clone nss-softokn +# cd nss-softokn +# cp ../../nss/devel/${version}-stripped.tar.bz2 . +# sh ./nss-split-softokn.sh ${version} +# A file named {name}-{version}-stripped.tar.bz2 should appear +Source1: nss-split-softokn.sh +Source2: nss-softokn.pc.in +Source3: nss-softokn-config.in + +Patch2: nss-softokn-3.12.4-prelink.patch +Patch3: nss-softokn-3.12.4-fips-fix.patch + +%description +Network Security Services Softoken Cryptographic Module + +%package freebl +Summary: Freebl library for the Network Security Services +Group: System Environment/Base +Conflicts: nss < 3.12.2.99.3-5 +Conflicts: prelink < 0.4.3 + +%description freebl +NSS Softoken Cryptographic Module Freelb Library + +Install the nss-softokn-freebl package if you need the freebl +library. + +%package freebl-devel +Summary: Header and Library files for doing development with the Freebl library for NSS +Group: System Environment/Base +Provides: nss-softokn-freebl-static = %{version}-%{release} +Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release} + +%description freebl-devel +NSS Softoken Cryptographic Module Freelb Library Development Tools + +%package devel +Summary: Development libraries for Network Security Services +Group: Development/Libraries +Requires: nss-softokn%{?_isa} = %{version}-%{release} +Requires: nspr-devel >= %{nspr_version} +Requires: nss-util-devel >= %{nss_util_version} +Requires: pkgconfig +BuildRequires: nspr-devel >= %{nspr_version} +BuildRequires: nss-util-devel >= %{nss_util_version} +# require nss at least the version when we split via subpackages +BuildRequires: nss-devel >= 3.12.2.99.3-11 + +%description devel +Header and Library files for doing development with Network Security Services. + + +%prep +%setup -q + +%patch2 -p0 -b .prelink +%patch3 -p0 -b .fipsfix + + +%build + +FREEBL_NO_DEPEND=1 +export FREEBL_NO_DEPEND + +FREEBL_USE_PRELINK=1 +export FREEBL_USE_PRELINK + +# Enable compiler optimizations and disable debugging code +BUILD_OPT=1 +export BUILD_OPT + +# Generate symbolic info for debuggers +XCFLAGS=$RPM_OPT_FLAGS +export XCFLAGS + +PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 +PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 + +export PKG_CONFIG_ALLOW_SYSTEM_LIBS +export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS + +NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` +NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` + +export NSPR_INCLUDE_DIR +export NSPR_LIB_DIR + +NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'` +NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss-util | sed 's/-L//'` + +export NSS_INCLUDE_DIR +export NSS_LIB_DIR + +NSS_USE_SYSTEM_SQLITE=1 +export NSS_USE_SYSTEM_SQLITE + +%ifarch x86_64 ppc64 ia64 s390x sparc64 +USE_64=1 +export USE_64 +%endif + +# Compile softokn plus needed support +%{__make} -C ./mozilla/security/coreconf +%{__make} -C ./mozilla/security/dbm +%{__make} -C ./mozilla/security/nss + +# Set up our package file +# The nspr_version and nss_util_version globals used here +# must match the ones nss-softokn has for its Requires. +%{__mkdir_p} ./mozilla/dist/pkgconfig +%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \ + -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ + ./mozilla/dist/pkgconfig/nss-softokn.pc + +SOFTOKEN_VMAJOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'` +SOFTOKEN_VMINOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'` +SOFTOKEN_VPATCH=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'` + +export SOFTOKEN_VMAJOR +export SOFTOKEN_VMINOR +export SOFTOKEN_VPATCH + +%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \ + > ./mozilla/dist/pkgconfig/nss-softokn-config + +chmod 755 ./mozilla/dist/pkgconfig/nss-softokn-config + + +# enable the following line to force a test failure +# find ./mozilla -name \*.chk | xargs rm -f + +# +# We can't run a subset of the tests because the tools have +# dependencies on nss libraries outside of softokn. +# Let's leave this as a place holder. +# + + +%install + +%{__rm} -rf $RPM_BUILD_ROOT + +# There is no make install target so we'll do it ourselves. + +%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 +%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} +%{__mkdir_p} $RPM_BUILD_ROOT/%{_lib} +%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} +%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir} + +# Copy the binary libraries we want +for file in libsoftokn3.so libnssdbm3.so +do + %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Because libcrypt depends on libfreebl3.so, it is special +# so we install it in /lib{64}, keeping a symbolic link to it +# back in /usr/lib{64} to keep everyone else working +for file in libfreebl3.so +do + %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib} + ln -sf ../../%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so +done + +# Make sure chk files can be found in both places +for file in libfreebl3.chk +do + ln -s ../../%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file +done + +# Copy the binaries we ship as unsupported +for file in shlibsign +do + %{__install} -p -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} +done + +# Copy the include files we want +for file in mozilla/dist/public/nss/*.h +do + %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done + +# Copy a freebl include file we also want +for file in mozilla/dist/private/nss/blapi.h +do + %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 +done + +# Copy the static freebl library +for file in libfreebl.a +do +%{__install} -p -m 644 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} +done + +# Copy the package configuration files +%{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc +%{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config + +%clean +%{__rm} -rf $RPM_BUILD_ROOT + + +%post +/sbin/ldconfig >/dev/null 2>/dev/null + +%postun +/sbin/ldconfig >/dev/null 2>/dev/null + +%files +%defattr(-,root,root) +%{_libdir}/libnssdbm3.so +%{_libdir}/libnssdbm3.chk +%{_libdir}/libsoftokn3.so +%{_libdir}/libsoftokn3.chk +# shared with nss-tools +%dir %{_libdir}/nss +%dir %{saved_files_dir} +%dir %{unsupported_tools_directory} +%{unsupported_tools_directory}/shlibsign + +%files freebl +%defattr(-,root,root) +/%{_lib}/libfreebl3.so +/%{_lib}/libfreebl3.chk +# and these symbolic links +%{_libdir}/libfreebl3.so +%{_libdir}/libfreebl3.chk + +%files freebl-devel +%defattr(-,root,root) +%{_libdir}/libfreebl.a +%{_includedir}/nss3/blapi.h + +%files devel +%defattr(-,root,root) +%{_libdir}/pkgconfig/nss-softokn.pc +%{_bindir}/nss-softokn-config + +# co-owned with nss +%dir %{_includedir}/nss3 +# +# The following headers are those exported public in +# mozilla/security/nss/lib/freebl/manifest.mn and +# mozilla/security/nss/lib/softoken/manifest.mn +# +# The following list is short because many headers, such as +# the pkcs #11 ones, have been provided by nss-util-devel +# which installed them before us. +# +%{_includedir}/nss3/blapit.h +%{_includedir}/nss3/ecl-exp.h +%{_includedir}/nss3/hasht.h +%{_includedir}/nss3/sechash.h +%{_includedir}/nss3/nsslowhash.h +%{_includedir}/nss3/secmodt.h +%{_includedir}/nss3/shsign.h + +%changelog +* Wed Sep 29 2010 jkeating - 3.12.8-2 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Elio Maldonado - 3.12.8-1 +- Update to 3.12.8 +- Adhere to static library packaging guidelines (#609613) +- Fix nss-util-devel version dependency line +- Shorten freebl and freebl subpackages descriptions + +* Sat Sep 18 2010 Elio Maldonado - 3.12.99.4-1 +- NSS 3.12.8 RC0 + +* Sat Sep 12 2010 Elio Maldonado - 3.12.7.99.3-2 +- Update the required version of nss-util to 3.12.7.99.3 + +* Sat Sep 04 2010 Elio Maldonado - 3.12.7.99.3-1 +- NSS 3.12.8 Beta 3 + +* Mon Aug 30 2010 Elio Maldonado - 3.12.7-3 +- Update BuildRequires on nspr-devel and nss-util-devel + +* Sat Aug 29 2010 Elio Maldonado - 3.12.7-2 +- Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch +- Fix rpmlint warnings about macros in comments and changelog + +* Mon Aug 16 2010 Elio Maldonado - 3.12.7-1 +- Update to 3.12.7 +- Fix build files to ensure nsslowhash.h is included in public headers + +* Tue Jun 08 2010 Elio Maldonado - 3.12.6-3 +- Retagging + +* Mon Jun 07 2010 Elio Maldonado - 3.12.6-2 +- Bump NVR to be greater than those for nss-softokn subpackages in F11 (rhbz#601407) + +* Sun Jun 06 2010 Elio Maldonado - 3.12.4-23 +- Bump release number + +* Fri Jun 04 2010 Elio Maldonado - 3.12.4-22 +- Cleanup changelog comments to avoid unwanted macro expansions + +* Wed Jun 02 2010 Elio Maldonado - 3.12.4-21 +- Retagging + +* Wed Jun 02 2010 Elio Maldonado - 3.12.4-20 +- Add %%{?_isa} to the requires in the devel packages (#596840) +- Fix typo in the package description (#598295) +- Update nspr version to 4.8.4 + +* Sat May 08 2010 Elio Maldonado - 3.12.4-19 +- Consider the system as not fips enabled when /proc/sys/crypto/fips_enabled isn't present (rhbz#590199) + +* Sat May 08 2010 Elio Maldonado - 3.12.4-18 +- Fix Conflicts line to prevent update when prelink is not yet the right version (rhbz#590199) + +* Mon Apr 19 2010 Elio Maldonado - 3.12.4-17 +- Updated prelink patch rhbz#504949 + +* Wed Apr 15 2010 Elio Maldonado - 3.12.4-16 +- allow prelink of softoken and freebl. Change the verify code to use + prelink -u if prelink is installed. Fix by Robert Relyea rhbz#504949 + +* Mon Jan 18 2010 Elio Maldonado - 3.12.4-15 +- Move libfreebl3.so and its .chk file to /lib{64} (rhbz#561544) + +* Mon Jan 18 2010 Elio Maldonado - 3.12.4-13 +- Fix in nss-softokn-spec.in +- Require nss-util >= 3.12.4 + +* Thu Dec 03 2009 Elio Maldonado - 3.12.4-12 +- Require nss-util 3.12.5 + +* Fri Nov 20 2009 Elio Maldonado - 3.12.4-11 +- export freebl devel tools (#538226) + +* Tue Sep 23 2009 Elio Maldonado - 3.12.4-10 +- Fix paths in nss-softokn-prelink so signed libraries don't get touched, rhbz#524794 + +* Thu Sep 17 2009 Elio Maldonado - 3.12.4-9 +- Add nssdbm3.so to nss-softokn-prelink.conf, rhbz#524077 + +* Thu Sep 10 2009 Elio Maldonado - 3.12.4-8 +- Retagging for a chained build + +* Thu Sep 10 2009 Elio Maldonado - 3.12.4-6 +- Don't list libraries in nss-softokn-config, dynamic linking required + +* Tue Sep 08 2009 Elio Maldonado - 3.12.4-5 +- Installing shared libraries to %%{_libdir} + +* Sun Sep 06 2009 Elio Maldonado - 3.12.4-4 +- Postuninstall scriptlet finishes quietly + +* Sat Sep 05 2009 Elio Maldonado - 3.12.4-3 +- Remove symblic links to shared libraries from devel, rhbz#521155 +- Apply the nss-nolocalsql patch +- No rpath-link in nss-softokn-config + +* Fri Sep 04 2009 serstring=Elio Maldonado - 3.12.4-2 +- Retagging to pick up the correct .cvsignore + +* Tue Sep 01 2009 Elio Maldonado - 3.12.4-1 +- Update to 3.12.4 +- Fix logic on postun +- Don't require sqlite + +* Mon Aug 31 2009 Elio Maldonado - 3.12.3.99.3-24 +- Fixed test on %postun to avoid returning 1 when nss-softokn instances still remain + +* Sun Aug 30 2009 Elio Maldonado - 3.12.3.99.3-23 +- Explicitly state via nss_util_version the nss-util version we require + +* Fri Aug 28 2009 Warren Togami - 3.12.3.99.3-22 +- caolan's nss-softokn.pc patch + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-21 +- Bump the release number for a chained build of nss-util, nss-softokn and nss + +* Thu Aug 27 2009 Elio Maldonado - 3.12.3.99.3-20 +- List freebl, nssdbm and softokn libraries in nss-softokn-config and nss-softokn.pc + +* Thu Aug 27 2009 Elio Maldonado@ - 3.12.3.99.3-19 +- Determine NSSUTIL_INCLUDE_DIR and NSSUTIL_LIB_DIR with a pkg-config query on nss-util +- Remove the release 17 hack + +* Wed Aug 27 2009 Elio maldonado - 3.12.3.99.3-18 +- fix spurious executable permissions on nss-softokn.pc + +* Thu Aug 27 2009 Adel Gadllah - 3.12.3.99.3-17 +- Add hack to fix build + +* Tue Aug 25 2009 Dennis Gilmore - 3.12.3.99.3-16 +- only have a single Requires: line in the .pc file + +* Tue Aug 25 2009 Dennis Gilmore - 3.12.3.99.3-12 +- bump to unique rpm nvr + +* Tue Aug 25 2009 Elio Maldonado - 3.12.3.99.3-10 +- Build after nss with subpackages and new nss-util + +* Thu Aug 20 2009 Dennis Gilmore 3.12.3.99.3-9 +- revert to shipping bits + +* Thu Aug 19 2009 Elio Maldonado 3.12.3.99.3-8.1 +- Disable installing until conflicts are relsoved + +* Thu Aug 19 2009 Elio Maldonado 3.12.3.99.3-8 +- Initial build diff --git a/pkgs/core/nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch b/pkgs/core/nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch new file mode 100644 index 000000000..011a148a8 --- /dev/null +++ b/pkgs/core/nss-softokn/patches/nss-softokn-3.12.4-fips-fix.patch @@ -0,0 +1,12 @@ +diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips ./mozilla/security/nss/lib/freebl/nsslowhash.c +--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.fips 2010-09-04 20:23:14.764313661 -0700 ++++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2010-09-04 20:25:52.622313780 -0700 +@@ -275,7 +275,7 @@ static int nsslow_GetFIPSEnabled(void) { + + f = fopen("/proc/sys/crypto/fips_enabled", "r"); + if (!f) +- return 1; ++ return 0; + + size = fread(&d, 1, 1, f); + fclose(f); diff --git a/pkgs/core/nss-softokn/patches/nss-softokn-3.12.4-prelink.patch b/pkgs/core/nss-softokn/patches/nss-softokn-3.12.4-prelink.patch new file mode 100644 index 000000000..5f2e46f38 --- /dev/null +++ b/pkgs/core/nss-softokn/patches/nss-softokn-3.12.4-prelink.patch @@ -0,0 +1,298 @@ +diff -up ./mozilla/security/nss/lib/freebl/Makefile.prelink ./mozilla/security/nss/lib/freebl/Makefile +--- ./mozilla/security/nss/lib/freebl/Makefile.prelink 2010-09-04 14:13:58.846327263 -0700 ++++ ./mozilla/security/nss/lib/freebl/Makefile 2010-09-04 14:15:11.544326993 -0700 +@@ -82,6 +82,12 @@ ifeq ($(FREEBL_NO_DEPEND),1) + else + MAPFILE_SOURCE = freebl.def + endif ++ifdef FREEBL_USE_PRELINK ++ DEFINES += -DFREEBL_USE_PRELINK ++endif ++ifdef FREEBL_PRELINK_COMMAND ++ DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\" ++endif + # NSS_X86 means the target is a 32-bits x86 CPU architecture + # NSS_X64 means the target is a 64-bits x64 CPU architecture + # NSS_X86_OR_X64 means the target is either x86 or x64 +diff -up ./mozilla/security/nss/lib/freebl/shvfy.c.prelink ./mozilla/security/nss/lib/freebl/shvfy.c +--- ./mozilla/security/nss/lib/freebl/shvfy.c.prelink 2010-09-04 14:16:01.518326988 -0700 ++++ ./mozilla/security/nss/lib/freebl/shvfy.c 2010-09-04 14:25:44.770326384 -0700 +@@ -48,6 +48,168 @@ + #include "stdio.h" + #include "prmem.h" + ++#ifdef FREEBL_USE_PRELINK ++#ifndef FREELB_PRELINK_COMMAND ++#define FREEBL_PRELINK_COMMAND "/usr/sbin/prelink -u -o -" ++#endif ++#include "private/pprio.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++PRFileDesc * ++bl_OpenUnPrelink(const char *shName, int *pid) ++{ ++ char *command= strdup(FREEBL_PRELINK_COMMAND); ++ char *argString = NULL; ++ char **argv = NULL; ++ char *shNameArg = NULL; ++ char *cp; ++ pid_t child; ++ int argc = 0, argNext = 0; ++ struct stat statBuf; ++ int pipefd[2] = {-1,-1}; ++ int ret; ++ ++ *pid = 0; ++ ++ /* make sure the prelink command exists first. If not, fall back to ++ * just reading the file */ ++ for (cp = command; *cp ; cp++) { ++ if (*cp == ' ') { ++ *cp++ = 0; ++ argString = cp; ++ break; ++ } ++ } ++ memset (&statBuf, 0, sizeof(statBuf)); ++ /* stat the file, follow the link */ ++ ret = stat(command, &statBuf); ++ if (ret < 0) { ++ free(command); ++ return PR_Open(shName, PR_RDONLY, 0); ++ } ++ /* file exits, make sure it's an executable */ ++ if (!S_ISREG(statBuf.st_mode) || ++ ((statBuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) { ++ free(command); ++ return PR_Open(shName, PR_RDONLY, 0); ++ } ++ ++ /* OK, the prelink command exists and looks correct, use it */ ++ /* build the arglist while we can still malloc */ ++ /* count the args if any */ ++ if (argString && *argString) { ++ /* argString may have leading spaces, strip them off*/ ++ for (cp = argString; *cp && *cp == ' '; cp++); ++ argString = cp; ++ if (*cp) { ++ /* there is at least one arg.. */ ++ argc = 1; ++ } ++ ++ /* count the rest: Note there is no provision for escaped ++ * spaces here */ ++ for (cp = argString; *cp ; cp++) { ++ if (*cp == ' ') { ++ while (*cp && *cp == ' ') cp++; ++ if (*cp) argc++; ++ } ++ } ++ } ++ ++ /* add the additional args: argv[0] (command), shName, NULL*/ ++ argc += 3; ++ argv = PORT_NewArray(char *, argc); ++ if (argv == NULL) { ++ goto loser; ++ } ++ ++ /* fill in the arglist */ ++ argv[argNext++] = command; ++ if (argString && *argString) { ++ argv[argNext++] = argString; ++ for (cp = argString; *cp; cp++) { ++ if (*cp == ' ') { ++ *cp++ = 0; ++ while (*cp && *cp == ' ') cp++; ++ if (*cp) argv[argNext++] = cp; ++ } ++ } ++ } ++ /* exec doesn't advertise taking const char **argv, do the paranoid ++ * copy */ ++ shNameArg = strdup(shName); ++ if (shNameArg == NULL) { ++ goto loser; ++ } ++ argv[argNext++] = shNameArg; ++ argv[argNext++] = 0; ++ ++ ret = pipe(pipefd); ++ if (ret < 0) { ++ goto loser; ++ } ++ ++ /* use vfork() so we don't trigger the pthread_at_fork() handlers */ ++ child = vfork(); ++ if (child < 0) goto loser; ++ if (child == 0) { ++ /* set up the file descriptors */ ++ close(0); ++ /* associate pipefd[1] with stdout */ ++ if (pipefd[1] != 1) dup2(pipefd[1], 1); ++ close(2); ++ close(pipefd[0]); ++ /* should probably close the other file descriptors? */ ++ ++ ++ execv(command, argv); ++ /* avoid at_exit() handlers */ ++ _exit(1); /* shouldn't reach here except on an error */ ++ } ++ close(pipefd[1]); ++ pipefd[1] = -1; ++ ++ /* this is safe because either vfork() as full fork() semantics, and thus ++ * already has it's own address space, or because vfork() has paused ++ * the parent util the exec or exit */ ++ free(command); ++ free(shNameArg); ++ PORT_Free(argv); ++ ++ *pid = child; ++ ++ return PR_ImportPipe(pipefd[0]); ++ ++loser: ++ if (pipefd[0] != -1) { ++ close(pipefd[0]); ++ } ++ if (pipefd[1] != -1) { ++ close(pipefd[1]); ++ } ++ free(command); ++ free(shNameArg); ++ PORT_Free(argv); ++ ++ return NULL; ++} ++ ++void ++bl_CloseUnPrelink( PRFileDesc *file, int pid) ++{ ++ /* close the file descriptor */ ++ PR_Close(file); ++ /* reap the child */ ++ if (pid) { ++ waitpid(pid, NULL, 0); ++ } ++} ++#endif + + /* #define DEBUG_SHVERIFY 1 */ + +@@ -117,6 +279,9 @@ BLAPI_SHVerify(const char *name, PRFuncP + SECStatus rv; + DSAPublicKey key; + int count; ++#ifdef FREEBL_USE_PRELINK ++ int pid = 0; ++#endif + + PRBool result = PR_FALSE; /* if anything goes wrong, + * the signature does not verify */ +@@ -197,7 +362,11 @@ BLAPI_SHVerify(const char *name, PRFuncP + checkFD = NULL; + + /* open our library file */ ++#ifdef FREEBL_USE_PRELINK ++ shFD = bl_OpenUnPrelink(shName,&pid); ++#else + shFD = PR_Open(shName, PR_RDONLY, 0); ++#endif + if (shFD == NULL) { + #ifdef DEBUG_SHVERIFY + fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n", +@@ -218,7 +387,11 @@ BLAPI_SHVerify(const char *name, PRFuncP + SHA1_Update(hashcx, buf, bytesRead); + count += bytesRead; + } ++#ifdef FREEBL_USE_PRELINK ++ bl_CloseUnPrelink(shFD, pid); ++#else + PR_Close(shFD); ++#endif + shFD = NULL; + + SHA1_End(hashcx, hash.data, &hash.len, hash.len); +diff -up ./mozilla/security/nss/lib/freebl/stubs.c.prelink ./mozilla/security/nss/lib/freebl/stubs.c +--- ./mozilla/security/nss/lib/freebl/stubs.c.prelink 2010-09-04 14:26:27.454327120 -0700 ++++ ./mozilla/security/nss/lib/freebl/stubs.c 2010-09-04 14:31:56.778327428 -0700 +@@ -69,6 +69,7 @@ + #include + #include + #include ++#include + + #define FREEBL_NO_WEAK 1 + +@@ -157,6 +158,8 @@ STUB_DECLARE(void,PR_Lock,(PRLock *lock) + STUB_DECLARE(PRLock *,PR_NewLock,(void)); + STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags, + PRIntn mode)); ++STUB_DECLARE(PRFileDesc *,PR_ImportFile,(PROsfd osfd)); ++STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd)); + STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount)); + STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset, + PRSeekWhence whence)); +@@ -295,6 +298,34 @@ PR_Open_stub(const char *name, PRIntn fl + return (PRFileDesc *)lfd; + } + ++extern PRFileDesc * ++PR_ImportFile_stub(PROsfd fd) ++{ ++ int *lfd = NULL; ++ ++ STUB_SAFE_CALL1(PR_ImportFile, fd); ++ ++ lfd = PORT_New_stub(int); ++ if (lfd != NULL) { ++ *lfd = fd; ++ } ++ return (PRFileDesc *)lfd; ++} ++ ++extern PRFileDesc * ++PR_ImportPipe_stub(PROsfd fd) ++{ ++ int *lfd = NULL; ++ ++ STUB_SAFE_CALL1(PR_ImportPipe, fd); ++ ++ lfd = PORT_New_stub(int); ++ if (lfd != NULL) { ++ *lfd = fd; ++ } ++ return (PRFileDesc *)lfd; ++} ++ + extern PRStatus + PR_Close_stub(PRFileDesc *fd) + { +@@ -492,6 +523,8 @@ freebl_InitNSPR(void *lib) + { + STUB_FETCH_FUNCTION(PR_Free); + STUB_FETCH_FUNCTION(PR_Open); ++ STUB_FETCH_FUNCTION(PR_ImportFile); ++ STUB_FETCH_FUNCTION(PR_ImportPipe); + STUB_FETCH_FUNCTION(PR_Close); + STUB_FETCH_FUNCTION(PR_Read); + STUB_FETCH_FUNCTION(PR_Seek); +diff -up ./mozilla/security/nss/lib/freebl/stubs.h.prelink ./mozilla/security/nss/lib/freebl/stubs.h +--- ./mozilla/security/nss/lib/freebl/stubs.h.prelink 2010-09-04 14:26:41.822327256 -0700 ++++ ./mozilla/security/nss/lib/freebl/stubs.h 2010-09-04 14:32:53.498540767 -0700 +@@ -78,6 +78,8 @@ + #define PR_Lock PR_Lock_stub + #define PR_NewLock PR_NewLock_stub + #define PR_Open PR_Open_stub ++#define PR_ImportFile PR_ImportFile_stub ++#define PR_ImportPipe PR_ImportPipe_stub + #define PR_Read PR_Read_stub + #define PR_Seek PR_Seek_stub + #define PR_Sleep PR_Sleep_stub