rpms/firefox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

flatpak: Enable loading system trust store on the host

Browse Source 
This directs the libnssckbi.so symlink to p11-kit-client.so, instead
of p11-kit-trust.so, so Firefox flatpak can access the system trust
store on the host.  Since the /usr filesystem is read-only, this
creates the link in /app/lib64, which is added to LD_LIBRARY_PATH
inside flatpak.  A symlink to libnss3.so also needs to be created in
the same directory, to trick the directory search order in
ListPossibleLoadableRootsLocations:
https://hg.mozilla.org/mozilla-central/file/8e850fd29a957f505e0355c1326279e06e9040bb/security/manager/ssl/nsNSSComponent.cpp#l970

Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2021-06-23 10:47:12 +02:00
parent 7edb7c195a
commit e4a12e3825
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
firefox.spec
View File

@ -152,7 +152,7 @@ ExcludeArch: armv7hl
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 89.0.2 Version: 89.0.2
Release: 2%{?pre_tag}%{?dist} Release: 3%{?pre_tag}%{?dist}
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
@ -921,6 +921,17 @@ rm -rf %{buildroot}%{mozappdir}/gtk2/
rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozjs.so rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozjs.so
rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozalloc.so rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozalloc.so
rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libxul.so rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libxul.so
# Create a symlink to replace libnssckbi.so with p11-kit-client.so
# instead of p11-kit-trust.so, so that Firefox can see the system
# trust store on the host through the p11-kit RPC protocol. A symlink
# to libnss3.so is also needed, because Firefox tries to load
# libnssckbi.so from the same directory where libnss3.so is loaded (as
# of Firefox 89).
%if 0%{?flatpak}
ln -sf /usr/lib64/libnss3.so %{buildroot}%{_libdir}/libnss3.so
ln -sf /usr/lib64/pkcs11/p11-kit-client.so %{buildroot}%{_libdir}/libnssckbi.so
%endif
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# Moves defaults/preferences to browser/defaults/preferences # Moves defaults/preferences to browser/defaults/preferences
@ -1029,6 +1040,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#--------------------------------------------------------------------- #---------------------------------------------------------------------
%changelog %changelog
* Mon Jul 12 2021 Daiki Ueno <dueno@redhat.com> - 89.0.2-3
- flatpak: Enable loading system trust store on the host (rhbz#1766340)
* Wed Jun 30 2021 Martin Stransky <stransky@redhat.com> - 89.0.2-2 * Wed Jun 30 2021 Martin Stransky <stransky@redhat.com> - 89.0.2-2
- Added fix for mozbz#1715254 (rhbz#1976892). - Added fix for mozbz#1715254 (rhbz#1976892).