add packaging

Change-Id: Ie1bd55e7a7f46febd91c2f69e6371e7666c0ae4e

diff --git a/packaging/cert9.db b/packaging/cert9.db
new file mode 100644 (file)
index 0000000..1763264
Binary files /dev/null and b/packaging/cert9.db differ

diff --git a/packaging/key4.db b/packaging/key4.db
new file mode 100644 (file)
index 0000000..987ffe0
Binary files /dev/null and b/packaging/key4.db differ

diff --git a/packaging/nss-config.in b/packaging/nss-config.in
new file mode 100644 (file)
index 0000000..78df755
--- /dev/null
+++ b/packaging/nss-config.in
@@ -0,0 +1,143 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+       cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+       [--prefix[=DIR]]
+       [--exec-prefix[=DIR]]
+       [--includedir[=DIR]]
+       [--libdir[=DIR]]
+       [--version]
+       [--libs]
+       [--cflags]
+Dynamic Libraries:
+       nss
+       ssl
+       smime
+EOF
+       exit $1
+}
+
+if test $# -eq 0; then
+       usage 1 1>&2
+fi
+
+lib_ssl=yes
+lib_smime=yes
+lib_nss=yes
+lib_nssutil=yes
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      ;;
+    --prefix)
+      echo_prefix=yes
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      ;;
+    --exec-prefix)
+      echo_exec_prefix=yes
+      ;;
+    --includedir=*)
+      includedir=$optarg
+      ;;
+    --includedir)
+      echo_includedir=yes
+      ;;
+    --libdir=*)
+      libdir=$optarg
+      ;;
+    --libdir)
+      echo_libdir=yes
+      ;;
+    --version)
+      echo ${major_version}.${minor_version}.${patch_version}
+      ;;
+    --cflags)
+      echo_cflags=yes
+      ;;
+    --libs)
+      echo_libs=yes
+      ;;
+    ssl)
+      lib_ssl=yes
+      ;;
+    smime)
+      lib_smime=yes
+      ;;
+    nss)
+      lib_nss=yes
+      ;;
+    nssutil)
+      lib_nssutil=yes
+      ;;
+    *)
+      usage 1 1>&2
+      ;;
+  esac
+  shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+    exec_prefix=@exec_prefix@
+fi
+if test -z "$includedir"; then
+    includedir=@includedir@
+fi
+if test -z "$libdir"; then
+    libdir=@libdir@
+fi
+
+if test "$echo_prefix" = "yes"; then
+    echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+    echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+    echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+    echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+      if test -n "$lib_ssl"; then
+       libdirs="$libdirs -lssl${major_version}"
+      fi
+      if test -n "$lib_smime"; then
+       libdirs="$libdirs -lsmime${major_version}"
+      fi
+      if test -n "$lib_nss"; then
+       libdirs="$libdirs -lnss${major_version}"
+      fi
+      if test -n "$lib_nssutil"; then
+        libdirs="$libdirs -lnssutil${major_version}"
+      fi
+      echo $libdirs
+fi

diff --git a/packaging/nss-rpmlintrc b/packaging/nss-rpmlintrc
new file mode 100644 (file)
index 0000000..213f56b
--- /dev/null
+++ b/packaging/nss-rpmlintrc
@@ -0,0 +1,5 @@
+addFilter("shlib-policy-name-error")
+addFilter("shlib-policy-missing-lib")
+addFilter("shlib-policy-missing-suffix")
+addFilter("shlib-unversioned-lib")
+addFilter("shlib-fixed-dependency")

diff --git a/packaging/nss.pc.in b/packaging/nss.pc.in
new file mode 100644 (file)
index 0000000..3fac988
--- /dev/null
+++ b/packaging/nss.pc.in
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=%LIBDIR%
+includedir=${prefix}/include/nss3
+
+Name: NSS
+Description: Network Security Services
+Version: %VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}

diff --git a/packaging/nss.spec b/packaging/nss.spec
index ed190e2..f569892 100644 (file)
--- a/packaging/nss.spec
+++ b/packaging/nss.spec
@@ -1,12 +1,17 @@
 %global nss_softokn_fips_version 3.12.4
 
 Name:           nss
+BuildRequires:  gcc-c++
+BuildRequires:  nspr-devel
+BuildRequires:  pkg-config
+BuildRequires:  sqlite3-devel
+BuildRequires:  zlib-devel
 Version:        3.13.6
 Release:        0
-License:        MPL-1.1 or GPL-2.0+ or LGPL-2.1+
 Summary:        Network Security Services
-Url:            http://www.mozilla.org/projects/security/pki/nss/
+License:        MPL-1.1 or GPL-2.0+ or LGPL-2.1+
 Group:          System/Libraries
+Url:            http://www.mozilla.org/projects/security/pki/nss/
 # cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r <RTM_TAG> NSS
 Source:         nss-%{version}.tar.bz2
 Source1:        nss.pc.in
@@ -23,17 +28,12 @@ Patch3:         char.patch
 Patch4:         nss-no-rpath.patch
 Patch5:         renegotiate-transitional.patch
 Patch6:         malloc.patch
-BuildRequires:  gcc-c++
-BuildRequires:  nspr-devel
-BuildRequires:  pkg-config
-BuildRequires:  sqlite3-devel
-BuildRequires:  zlib-devel
-Requires:       nss-certs
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define nspr_ver %(rpm -q --queryformat '%{VERSION}' nspr)
 Requires(pre):  nspr >= %nspr_ver
 Requires(pre):  libfreebl3 >= %{nss_softokn_fips_version}
 Requires(pre):  libsoftokn3 >= %{nss_softokn_fips_version}
+Requires:       nss-certs
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define nssdbdir %{_sysconfdir}/pki/nssdb
 %define run_testsuite 0
 
@@ -44,13 +44,14 @@ applications. Applications built with NSS can support SSL v2 and v3,
 TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
 certificates, and other security standards.
 
+
 %package devel
 Summary:        Network (Netscape) Security Services development files
 Group:          Development/Libraries/Other
 Requires:       libfreebl3
 Requires:       libsoftokn3
 Requires:       nspr-devel
-Requires:       nss = %{version}
+Requires:       nss = %{version}-%{release}
 
 %description devel
 Network Security Services (NSS) is a set of libraries designed to
@@ -59,6 +60,7 @@ applications. Applications built with NSS can support SSL v2 and v3,
 TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
 certificates, and other security standards.
 
+
 %package tools
 Summary:        Tools for developing, debugging, and managing applications that use NSS
 Group:          System/Management
@@ -68,6 +70,7 @@ Requires(pre):  nss >= %{version}
 The NSS Security Tools allow developers to test, debug, and manage
 applications that use NSS.
 
+
 %package sysinit
 Summary:        System NSS Initialization
 Group:          System/Management
@@ -80,6 +83,7 @@ NSS globally on the system. This module loads the system defined
 PKCS #11 modules for NSS and chains with other NSS modules to load
 any system or user configured modules.
 
+
 %package -n libfreebl3
 Summary:        Freebl library for the Network Security Services
 Group:          System/Libraries
@@ -93,10 +97,11 @@ certificates, and other security standards.
 
 This package installs the freebl library from NSS.
 
+
 %package -n libsoftokn3
 Summary:        Network Security Services Softoken Module
 Group:          System/Libraries
-Requires:       libfreebl3 = %{version}
+Requires:       libfreebl3 = %{version}-%{release}
 
 %description -n libsoftokn3
 Network Security Services (NSS) is a set of libraries designed to
@@ -107,6 +112,7 @@ certificates, and other security standards.
 
 Network Security Services Softoken Cryptographic Module
 
+
 %package certs
 Summary:        CA certificates for NSS
 Group:          Productivity/Networking/Security
@@ -115,6 +121,7 @@ Group:          Productivity/Networking/Security
 This package contains the integrated CA root certificates from the
 Mozilla project.
 
+
 %prep
 %setup -n nss-%{version} -q
 cd mozilla
@@ -135,7 +142,7 @@ cd mozilla/security/nss
 export FREEBL_NO_DEPEND=1
 export NSPR_INCLUDE_DIR=`nspr-config --includedir`
 export NSPR_LIB_DIR=`nspr-config --libdir`
-export OPT_FLAGS="%{optflags} -fno-strict-aliasing"
+export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 export LIBDIR=%{_libdir}
 %ifarch x86_64 s390x ppc64 ia64
 export USE_64=1
@@ -159,16 +166,16 @@ fi
 %endif
 
 %install
-mkdir -p %{buildroot}%{_libdir}
-mkdir -p %{buildroot}%{_libexecdir}/nss
-mkdir -p %{buildroot}%{_includedir}/nss3
-mkdir -p %{buildroot}%{_bindir}
-mkdir -p %{buildroot}%{_sbindir}
-mkdir -p %{buildroot}/%{_lib}
-mkdir -p %{buildroot}%{nssdbdir}
+mkdir -p $RPM_BUILD_ROOT%{_libdir}
+mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss
+mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3
+mkdir -p $RPM_BUILD_ROOT%{_bindir}
+mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+mkdir -p $RPM_BUILD_ROOT/%{_lib}
+mkdir -p $RPM_BUILD_ROOT%{nssdbdir}
 pushd mozilla/dist/Linux*
 # copy headers
-cp -rL ../public/nss/*.h %{buildroot}%{_includedir}/nss3
+cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3
 # copy dynamic libs
 cp -L  lib/libnss3.so \
        lib/libnssdbm3.so \
@@ -180,15 +187,15 @@ cp -L  lib/libnss3.so \
        lib/libsoftokn3.so \
        lib/libsoftokn3.chk \
        lib/libssl3.so \
-       %{buildroot}%{_libdir}
+       $RPM_BUILD_ROOT%{_libdir}
 cp -L  lib/libfreebl3.so \
        lib/libfreebl3.chk \
-       %{buildroot}/%{_lib}
+       $RPM_BUILD_ROOT/%{_lib}
 # copy static libs
 cp -L  lib/libcrmf.a \
        lib/libnssb.a \
        lib/libnssckfw.a \
-       %{buildroot}%{_libdir}
+       $RPM_BUILD_ROOT%{_libdir}
 # copy tools
 cp -L  bin/certutil \
        bin/cmsutil \
@@ -198,7 +205,7 @@ cp -L  bin/certutil \
        bin/signtool \
        bin/signver \
        bin/ssltap \
-       %{buildroot}%{_bindir}
+       $RPM_BUILD_ROOT%{_bindir}
 # copy unsupported tools
 cp -L  bin/atob \
        bin/btoa \
@@ -212,13 +219,13 @@ cp -L  bin/atob \
        bin/tstclnt \
        bin/vfyserv \
        bin/vfychain \
-       %{buildroot}%{_libexecdir}/nss
+       $RPM_BUILD_ROOT%{_libexecdir}/nss
 # prepare pkgconfig file
-mkdir -p %{buildroot}%{_libdir}/pkgconfig/
+mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/
 sed "s:%%LIBDIR%%:%{_libdir}:g
 s:%%VERSION%%:%{version}:g
 s:%%NSPR_VERSION%%:%{nspr_ver}:g" \
-  %{SOURCE1} > %{buildroot}%{_libdir}/pkgconfig/nss.pc
+  %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc
 # prepare nss-config file
 popd
 NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
@@ -231,31 +238,31 @@ cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \
                      -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
                      -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
                      -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
-                     > %{buildroot}/%{_bindir}/nss-config
-chmod 755 %{buildroot}/%{_bindir}/nss-config
+                     > $RPM_BUILD_ROOT/%{_bindir}/nss-config
+chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
 # setup-nsssysinfo.sh
-install -m 744 %{SOURCE6} %{buildroot}%{_sbindir}/
+install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/
 # create empty NSS database
-#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/modutil -force -dbdir "sql:%{buildroot}%{nssdbdir}" -create
-#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/certutil -N -d "sql:%{buildroot}%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
-#chmod 644 "%{buildroot}%{nssdbdir}"/*
+#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create
+#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null
+#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/*
 #sed "s:%{buildroot}::g
 #s/^library=$/library=libnsssysinit.so/
 #/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \
-#  %{buildroot}%{nssdbdir}/pkcs11.txt > %{buildroot}%{nssdbdir}/pkcs11.txt.sed
-#  mv %{buildroot}%{nssdbdir}/pkcs11.txt{.sed,}
+#  $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed
+#  mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,}
 # copy empty NSS database
-install -m 644 %{SOURCE7} %{buildroot}%{nssdbdir}
-install -m 644 %{SOURCE8} %{buildroot}%{nssdbdir}
-install -m 644 %{SOURCE9} %{buildroot}%{nssdbdir}
+install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir}
+install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir}
+install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir}
 # create shlib sigs after extracting debuginfo
 %define __spec_install_post \
   %{?__debug_package:%{__debug_install_post}} \
   %{__arch_install_post} \
   %{__os_install_post} \
-  LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libsoftokn3.so \
-  LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libnssdbm3.so \
-  LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_lib}/libfreebl3.so \
+  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \
+  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \
+  LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
 %{nil}
 
 %post -p /sbin/ldconfig
@@ -282,6 +289,9 @@ fi
 
 %postun sysinit -p /sbin/ldconfig
 
+%clean
+rm -rf $RPM_BUILD_ROOT
+
 %files
 %defattr(-, root, root)
 %{_libdir}/libnss3.so

diff --git a/packaging/pkcs11.txt b/packaging/pkcs11.txt
new file mode 100644 (file)
index 0000000..8581180
--- /dev/null
+++ b/packaging/pkcs11.txt
@@ -0,0 +1,4 @@
+library=libnsssysinit.so
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

diff --git a/packaging/setup-nsssysinit.sh b/packaging/setup-nsssysinit.sh
new file mode 100644 (file)
index 0000000..71cb631
--- /dev/null
+++ b/packaging/setup-nsssysinit.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Turns on or off the nss-sysinit module db by editing the
+# global PKCS #11 congiguration file.
+#
+# This script can be invoked by the user as super user.
+# It is invoked at nss-sysinit post install time with argument on
+# and at nss-sysinit pre uninstall with argument off.
+#
+usage()
+{
+  cat <<EOF
+Usage: setup-nsssysinit [on|off]
+  on  - turns on nsssysinit
+  off - turns off nsssysinit
+EOF
+  exit $1
+}
+
+# validate
+if test $# -eq 0; then
+  usage 1 1>&2
+fi
+
+# the system-wide configuration file
+p11conf="/etc/pki/nssdb/pkcs11.txt"
+# must exist, otherwise report it and exit with failure
+if [ ! -f $p11conf ]; then
+  echo "Could not find ${p11conf}"
+  exit 1
+fi
+
+on="1"
+case "$1" in
+  on | ON )
+    cat ${p11conf} | \
+     sed -e 's/^library=$/library=libnsssysinit.so/' \
+         -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
+    ${p11conf}.on
+    mv ${p11conf}.on ${p11conf}
+    ;;
+  off | OFF )
+    if [ ! `grep "^library=libnsssysinit" ${p11conf}` ]; then
+      exit 0
+    fi
+    cat ${p11conf} | \
+    sed -e 's/^library=libnsssysinit.so/library=/' \
+        -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
+        ${p11conf}.off
+    mv ${p11conf}.off ${p11conf}
+    ;;
+  * )
+    usage 1 1>&2
+    ;;
+esac