From fe660b59be2a9ac40527bf904fdcd2511802d30d Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Mon, 5 Nov 2012 13:25:06 -0800 Subject: [PATCH] add packaging Change-Id: Ie1bd55e7a7f46febd91c2f69e6371e7666c0ae4e --- packaging/cert9.db | Bin 0 -> 9216 bytes packaging/key4.db | Bin 0 -> 11264 bytes packaging/nss-config.in | 143 ++++++++++++++++++++++++++++++++++++++++++ packaging/nss-rpmlintrc | 5 ++ packaging/nss.pc.in | 11 ++++ packaging/nss.spec | 92 +++++++++++++++------------ packaging/pkcs11.txt | 4 ++ packaging/setup-nsssysinit.sh | 55 ++++++++++++++++ 8 files changed, 269 insertions(+), 41 deletions(-) create mode 100644 packaging/cert9.db create mode 100644 packaging/key4.db create mode 100644 packaging/nss-config.in create mode 100644 packaging/nss-rpmlintrc create mode 100644 packaging/nss.pc.in create mode 100644 packaging/pkcs11.txt create mode 100644 packaging/setup-nsssysinit.sh diff --git a/packaging/cert9.db b/packaging/cert9.db new file mode 100644 index 0000000000000000000000000000000000000000..1763264e7842df0b349d57432012b11a394513ba GIT binary patch literal 9216 zcmeHLO>fgc5Vh+h1tiW9;*dQy5{Lb;UH5{TrbbFBX&VxW9#CZ`t`rEZXcCEkfW(1+ z#DzP*hzmQ}*YV14&yJ^yj9p&ed`cEfIW@<1oqfg}$8q&p zJ?i?RI#$KixO*6h-ftRjHOaorKhN}2eUU5|*SNm8 zn$J&{>1;Z_5GB;rYVK32S$jxfn`;%Y3T&zZPpEPG{BP>*vwd3y9;5)h|6S+EagMxS z6{4@o-EOv8?)PAkq_eEtGn8PfJBT~Om<>Az$1$Vfe@MZOgzZcx>~zq3(;1wz*YPVC>Z7WU`w}2G09ydI0J-BVP`(O? z(m>)hkS1mzRWOjIXdungKoZbEQZa`R#lTe>7$r8Pr^^(ZYI18MabNK44T$qHsGcv(U$ggiD~wUbgilOW-f6pBZ5Z#iVA zSYL&EZTtSO{Oeh075L8-p!a`$>!;&=^L}`TUQI)LSOqpnf&E6K*=)Jz_|P@}m`o?- zCiSt|r1tuU@jC_|Z7WMZ+tE8U*?w6E!w3wsB+X`J#G_jb@ZDul?ZaB5`Ml-6&p*8_ z(+}BrQ8H}bVwmUNyBvax_TPWN^EzIm`K*}wbUt5ZH)Y-Wt-87MZrMoK_x}d1bla*` fVBHGX{r|cZwR~2A%~8NU|C@8KY^PR%bt~`(>auiN literal 0 HcmV?d00001 diff --git a/packaging/key4.db b/packaging/key4.db new file mode 100644 index 0000000000000000000000000000000000000000..987ffe0807602dd96217bc6d6053dca551027bb9 GIT binary patch literal 11264 zcmeHL&ubGw6yDiQHr2M^!4j$lCI_KW(V5-NHU*KUX4<5W#5WS1&-T%OY2Ty_?^x(X=yKYJlB)u4!B|H1=oA4lV$w)4tBsen|VgB92b zwafRvgP))*T`JJN0`UDO%DAG8Yacw8J2r{MlSy)Su;G+zZn$0uk(w*yv&B3uW=AIT z6zpvUc}o&HP_59J!o;G&VGY&}5()g2sWSESe#tVqS}k3^+LR@&F5GK*JgE za0W!20TX9H#TjsM24tMgL+h94)rZW6hmqMpW&@cGWHyl5KxPA(O^h-z%ETxWqfCsl zvDe048+&c+wY^^Cw2^ZVJy9Qy0vR|`gF&o;BQ>yEi;2VFVD=&Kn&@q!w~5}O6J0z< z@Uc)Si$QJ+m9kJN3$t37)xzhJ#@IBnrI9U-vGZ=)w9GV6`Ve@12m|vWWbh#j(T6Zj zAA*2B1Qk7qqWCZjLwS5_7-k1yc36&pK{)~j

y*BVfQQU{H>L0k42fyf9}Vv9Q9# z@gd9}AHo#!VI_oa2p4`soCuz8IV`6P+CwS%{cr!jQ$|V! zI$eQYbyJC{eTufOz0r=TKh;-ipL(m)MC)r5#Gm%A0{#*YP`4OcWJK5F@gzBi8(j03 zoN6Upp6>7qoR}KTpQYFdtI5!T4u}<+ks6L7#~I|PIc2vNx^!*fz|Iy9Gc^{`<9m~& z-80PIm{j1lH2QTNuA;H`@gLh zMFvX+I$Hs`{_pJPC##nVY)1k4{%=P;87md&Yz1)tUwf>GpFE@jQh|R?j-1yAP}%U;o}qdZI*Q{gK^?cgY8t z>*p`b?s&2 +fi + +lib_ssl=yes +lib_smime=yes +lib_nss=yes +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + ssl) + lib_ssl=yes + ;; + smime) + lib_smime=yes + ;; + nss) + lib_nss=yes + ;; + nssutil) + lib_nssutil=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=@exec_prefix@ +fi +if test -z "$includedir"; then + includedir=@includedir@ +fi +if test -z "$libdir"; then + libdir=@libdir@ +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_ssl"; then + libdirs="$libdirs -lssl${major_version}" + fi + if test -n "$lib_smime"; then + libdirs="$libdirs -lsmime${major_version}" + fi + if test -n "$lib_nss"; then + libdirs="$libdirs -lnss${major_version}" + fi + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi diff --git a/packaging/nss-rpmlintrc b/packaging/nss-rpmlintrc new file mode 100644 index 0000000..213f56b --- /dev/null +++ b/packaging/nss-rpmlintrc @@ -0,0 +1,5 @@ +addFilter("shlib-policy-name-error") +addFilter("shlib-policy-missing-lib") +addFilter("shlib-policy-missing-suffix") +addFilter("shlib-unversioned-lib") +addFilter("shlib-fixed-dependency") diff --git a/packaging/nss.pc.in b/packaging/nss.pc.in new file mode 100644 index 0000000..3fac988 --- /dev/null +++ b/packaging/nss.pc.in @@ -0,0 +1,11 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=%LIBDIR% +includedir=${prefix}/include/nss3 + +Name: NSS +Description: Network Security Services +Version: %VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 +Cflags: -I${includedir} diff --git a/packaging/nss.spec b/packaging/nss.spec index ed190e2..f569892 100644 --- a/packaging/nss.spec +++ b/packaging/nss.spec @@ -1,12 +1,17 @@ %global nss_softokn_fips_version 3.12.4 Name: nss +BuildRequires: gcc-c++ +BuildRequires: nspr-devel +BuildRequires: pkg-config +BuildRequires: sqlite3-devel +BuildRequires: zlib-devel Version: 3.13.6 Release: 0 -License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Summary: Network Security Services -Url: http://www.mozilla.org/projects/security/pki/nss/ +License: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Group: System/Libraries +Url: http://www.mozilla.org/projects/security/pki/nss/ # cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r NSS Source: nss-%{version}.tar.bz2 Source1: nss.pc.in @@ -23,17 +28,12 @@ Patch3: char.patch Patch4: nss-no-rpath.patch Patch5: renegotiate-transitional.patch Patch6: malloc.patch -BuildRequires: gcc-c++ -BuildRequires: nspr-devel -BuildRequires: pkg-config -BuildRequires: sqlite3-devel -BuildRequires: zlib-devel -Requires: nss-certs -BuildRoot: %{_tmppath}/%{name}-%{version}-build %define nspr_ver %(rpm -q --queryformat '%{VERSION}' nspr) Requires(pre): nspr >= %nspr_ver Requires(pre): libfreebl3 >= %{nss_softokn_fips_version} Requires(pre): libsoftokn3 >= %{nss_softokn_fips_version} +Requires: nss-certs +BuildRoot: %{_tmppath}/%{name}-%{version}-build %define nssdbdir %{_sysconfdir}/pki/nssdb %define run_testsuite 0 @@ -44,13 +44,14 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. + %package devel Summary: Network (Netscape) Security Services development files Group: Development/Libraries/Other Requires: libfreebl3 Requires: libsoftokn3 Requires: nspr-devel -Requires: nss = %{version} +Requires: nss = %{version}-%{release} %description devel Network Security Services (NSS) is a set of libraries designed to @@ -59,6 +60,7 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. + %package tools Summary: Tools for developing, debugging, and managing applications that use NSS Group: System/Management @@ -68,6 +70,7 @@ Requires(pre): nss >= %{version} The NSS Security Tools allow developers to test, debug, and manage applications that use NSS. + %package sysinit Summary: System NSS Initialization Group: System/Management @@ -80,6 +83,7 @@ NSS globally on the system. This module loads the system defined PKCS #11 modules for NSS and chains with other NSS modules to load any system or user configured modules. + %package -n libfreebl3 Summary: Freebl library for the Network Security Services Group: System/Libraries @@ -93,10 +97,11 @@ certificates, and other security standards. This package installs the freebl library from NSS. + %package -n libsoftokn3 Summary: Network Security Services Softoken Module Group: System/Libraries -Requires: libfreebl3 = %{version} +Requires: libfreebl3 = %{version}-%{release} %description -n libsoftokn3 Network Security Services (NSS) is a set of libraries designed to @@ -107,6 +112,7 @@ certificates, and other security standards. Network Security Services Softoken Cryptographic Module + %package certs Summary: CA certificates for NSS Group: Productivity/Networking/Security @@ -115,6 +121,7 @@ Group: Productivity/Networking/Security This package contains the integrated CA root certificates from the Mozilla project. + %prep %setup -n nss-%{version} -q cd mozilla @@ -135,7 +142,7 @@ cd mozilla/security/nss export FREEBL_NO_DEPEND=1 export NSPR_INCLUDE_DIR=`nspr-config --includedir` export NSPR_LIB_DIR=`nspr-config --libdir` -export OPT_FLAGS="%{optflags} -fno-strict-aliasing" +export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export LIBDIR=%{_libdir} %ifarch x86_64 s390x ppc64 ia64 export USE_64=1 @@ -159,16 +166,16 @@ fi %endif %install -mkdir -p %{buildroot}%{_libdir} -mkdir -p %{buildroot}%{_libexecdir}/nss -mkdir -p %{buildroot}%{_includedir}/nss3 -mkdir -p %{buildroot}%{_bindir} -mkdir -p %{buildroot}%{_sbindir} -mkdir -p %{buildroot}/%{_lib} -mkdir -p %{buildroot}%{nssdbdir} +mkdir -p $RPM_BUILD_ROOT%{_libdir} +mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/nss +mkdir -p $RPM_BUILD_ROOT%{_includedir}/nss3 +mkdir -p $RPM_BUILD_ROOT%{_bindir} +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT/%{_lib} +mkdir -p $RPM_BUILD_ROOT%{nssdbdir} pushd mozilla/dist/Linux* # copy headers -cp -rL ../public/nss/*.h %{buildroot}%{_includedir}/nss3 +cp -rL ../public/nss/*.h $RPM_BUILD_ROOT%{_includedir}/nss3 # copy dynamic libs cp -L lib/libnss3.so \ lib/libnssdbm3.so \ @@ -180,15 +187,15 @@ cp -L lib/libnss3.so \ lib/libsoftokn3.so \ lib/libsoftokn3.chk \ lib/libssl3.so \ - %{buildroot}%{_libdir} + $RPM_BUILD_ROOT%{_libdir} cp -L lib/libfreebl3.so \ lib/libfreebl3.chk \ - %{buildroot}/%{_lib} + $RPM_BUILD_ROOT/%{_lib} # copy static libs cp -L lib/libcrmf.a \ lib/libnssb.a \ lib/libnssckfw.a \ - %{buildroot}%{_libdir} + $RPM_BUILD_ROOT%{_libdir} # copy tools cp -L bin/certutil \ bin/cmsutil \ @@ -198,7 +205,7 @@ cp -L bin/certutil \ bin/signtool \ bin/signver \ bin/ssltap \ - %{buildroot}%{_bindir} + $RPM_BUILD_ROOT%{_bindir} # copy unsupported tools cp -L bin/atob \ bin/btoa \ @@ -212,13 +219,13 @@ cp -L bin/atob \ bin/tstclnt \ bin/vfyserv \ bin/vfychain \ - %{buildroot}%{_libexecdir}/nss + $RPM_BUILD_ROOT%{_libexecdir}/nss # prepare pkgconfig file -mkdir -p %{buildroot}%{_libdir}/pkgconfig/ +mkdir -p $RPM_BUILD_ROOT%{_libdir}/pkgconfig/ sed "s:%%LIBDIR%%:%{_libdir}:g s:%%VERSION%%:%{version}:g s:%%NSPR_VERSION%%:%{nspr_ver}:g" \ - %{SOURCE1} > %{buildroot}%{_libdir}/pkgconfig/nss.pc + %{SOURCE1} > $RPM_BUILD_ROOT%{_libdir}/pkgconfig/nss.pc # prepare nss-config file popd NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` @@ -231,31 +238,31 @@ cat %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ - > %{buildroot}/%{_bindir}/nss-config -chmod 755 %{buildroot}/%{_bindir}/nss-config + > $RPM_BUILD_ROOT/%{_bindir}/nss-config +chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config # setup-nsssysinfo.sh -install -m 744 %{SOURCE6} %{buildroot}%{_sbindir}/ +install -m 744 %{SOURCE6} $RPM_BUILD_ROOT%{_sbindir}/ # create empty NSS database -#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/modutil -force -dbdir "sql:%{buildroot}%{nssdbdir}" -create -#LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_bindir}/certutil -N -d "sql:%{buildroot}%{nssdbdir}" -f /dev/null 2>&1 > /dev/null -#chmod 644 "%{buildroot}%{nssdbdir}"/* +#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/modutil -force -dbdir "sql:$RPM_BUILD_ROOT%{nssdbdir}" -create +#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_bindir}/certutil -N -d "sql:$RPM_BUILD_ROOT%{nssdbdir}" -f /dev/null 2>&1 > /dev/null +#chmod 644 "$RPM_BUILD_ROOT%{nssdbdir}"/* #sed "s:%{buildroot}::g #s/^library=$/library=libnsssysinit.so/ #/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/" \ -# %{buildroot}%{nssdbdir}/pkcs11.txt > %{buildroot}%{nssdbdir}/pkcs11.txt.sed -# mv %{buildroot}%{nssdbdir}/pkcs11.txt{.sed,} +# $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt > $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt.sed +# mv $RPM_BUILD_ROOT%{nssdbdir}/pkcs11.txt{.sed,} # copy empty NSS database -install -m 644 %{SOURCE7} %{buildroot}%{nssdbdir} -install -m 644 %{SOURCE8} %{buildroot}%{nssdbdir} -install -m 644 %{SOURCE9} %{buildroot}%{nssdbdir} +install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{nssdbdir} +install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{nssdbdir} +install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{nssdbdir} # create shlib sigs after extracting debuginfo %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libsoftokn3.so \ - LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}%{_libdir}/libnssdbm3.so \ - LD_LIBRARY_PATH=%{buildroot}/%{_lib}:%{buildroot}%{_libdir} %{buildroot}%{_libexecdir}/nss/shlibsign -i %{buildroot}/%{_lib}/libfreebl3.so \ + LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libsoftokn3.so \ + LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT%{_libdir}/libnssdbm3.so \ + LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib}:$RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libexecdir}/nss/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \ %{nil} %post -p /sbin/ldconfig @@ -282,6 +289,9 @@ fi %postun sysinit -p /sbin/ldconfig +%clean +rm -rf $RPM_BUILD_ROOT + %files %defattr(-, root, root) %{_libdir}/libnss3.so diff --git a/packaging/pkcs11.txt b/packaging/pkcs11.txt new file mode 100644 index 0000000..8581180 --- /dev/null +++ b/packaging/pkcs11.txt @@ -0,0 +1,4 @@ +library=libnsssysinit.so +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) diff --git a/packaging/setup-nsssysinit.sh b/packaging/setup-nsssysinit.sh new file mode 100644 index 0000000..71cb631 --- /dev/null +++ b/packaging/setup-nsssysinit.sh @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Turns on or off the nss-sysinit module db by editing the +# global PKCS #11 congiguration file. +# +# This script can be invoked by the user as super user. +# It is invoked at nss-sysinit post install time with argument on +# and at nss-sysinit pre uninstall with argument off. +# +usage() +{ + cat <&2 +fi + +# the system-wide configuration file +p11conf="/etc/pki/nssdb/pkcs11.txt" +# must exist, otherwise report it and exit with failure +if [ ! -f $p11conf ]; then + echo "Could not find ${p11conf}" + exit 1 +fi + +on="1" +case "$1" in + on | ON ) + cat ${p11conf} | \ + sed -e 's/^library=$/library=libnsssysinit.so/' \ + -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \ + ${p11conf}.on + mv ${p11conf}.on ${p11conf} + ;; + off | OFF ) + if [ ! `grep "^library=libnsssysinit" ${p11conf}` ]; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=libnsssysinit.so/library=/' \ + -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \ + ${p11conf}.off + mv ${p11conf}.off ${p11conf} + ;; + * ) + usage 1 1>&2 + ;; +esac -- 2.7.4