diff --git a/jss.spec b/jss.spec index 04ed076..0047f4b 100644 --- a/jss.spec +++ b/jss.spec @@ -1,15 +1,28 @@ +%global majorrel `uname -r | cut -f1 -d.` +%global minorrel `uname -r | cut -f2 -d.` + Name: jss -Version: 4.2.6 -Release: 44%{?dist} +Version: 4.4.0 +Release: 1%{?dist} Summary: Java Security Services (JSS) Group: System Environment/Libraries License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/jss/ -# The source for this package was pulled from upstream's cvs. Use the +# The source for this package was pulled from upstream's hg. Use the # following commands to generate the tarball: -# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export -r JSS_4_2_6_RTM -d jss-4.2.6 -N mozilla/security/coreconf mozilla/security/jss -# tar -czvf jss-4.2.6.tar.gz jss-4.2.6 +# hg clone --rev JSS_4_4_0_RTM https://hg.mozilla.org/projects/jss jss-4.4.0/jss +# rm -rf jss-4.4.0/jss/.hg +# if the tarball is Beta, set this define in 'org/mozilla/jss/util/jssver.h': +# #define JSS_BETA PR_TRUE +# else if tarball is non-Beta: +# #define JSS_BETA PR_FALSE +# tar -czvf jss-4.4.0.tar.gz jss-4.4.0 +# +# For now util the JSS_4_4_0_RTM tag is created I actually used: +# hg clone --rev b1c6660e7e71 https://hg.mozilla.org/projects/jss jss-4.4.0/jss +# This is from upstream tip +# Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/%{name}-%{version}.tar.gz Source1: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/MPL-1.1.txt Source2: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/gpl.txt @@ -25,42 +38,6 @@ BuildRequires: perl Requires: java-headless Requires: nss >= 3.21.0 -Patch1: jss-key_pair_usage_with_op_flags.patch -Patch2: jss-javadocs-param.patch -Patch3: jss-ipv6.patch -Patch4: jss-ECC-pop.patch -Patch5: jss-loadlibrary.patch -Patch6: jss-ocspSettings.patch -Patch7: jss-ECC_keygen_byCurveName.patch -Patch8: jss-VerifyCertificate.patch -Patch9: jss-bad-error-string-pointer.patch -Patch10: jss-VerifyCertificateReturnCU.patch -#Patch11: jss-slots-not-freed.patch -Patch12: jss-ECC-HSM-FIPS.patch -Patch13: jss-eliminate-native-compiler-warnings.patch -Patch14: jss-eliminate-java-compiler-warnings.patch -Patch15: jss-PKCS12-FIPS.patch -Patch16: jss-eliminate-native-coverity-defects.patch -Patch17: jss-PBE-PKCS5-V2-secure-P12.patch -Patch18: jss-wrapInToken.patch -Patch19: jss-HSM-manufacturerID.patch -Patch20: jss-ECC-Phase2KeyArchivalRecovery.patch -Patch21: jss-undo-JCA-deprecations.patch -Patch22: jss-undo-BadPaddingException-deprecation.patch -Patch23: jss-fixed-build-issue-on-F17-or-newer.patch -Patch24: jss-SHA-OID-fix.patch -Patch25: jss-RC4-strengh-verify.patch -Patch26: jss-support-TLS1_1-TLS1_2.patch -Patch27: jss-WindowsCompileFix.patch -Patch28: jss-WindowsLoadLibrary.patch -Patch29: jss-Fixed-build-failures.patch -Patch30: jss-VerifyCertificate-enhancement.patch -Patch31: jss-lunasaUnwrap.patch -Patch32: jss-symkey-enhancements.patch -Patch33: jss-crmf-envelopedData.patch -Patch34: jss-unwrap-AES-sym-keys-on-token.patch - - %description Java Security Services (JSS) is a java native interface which provides a bridge for java-based applications to use native Network Security Services (NSS). @@ -75,48 +52,18 @@ Requires: jss = %{version}-%{release} This package contains the API documentation for JSS. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -#%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p2 +%setup -q -n %{name}-%{version} %build [ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java +[ -z "$USE_INSTALLED_NSPR" ] && export USE_INSTALLED_NSPR=1 +[ -z "$USE_INSTALLED_NSS" ] && export USE_INSTALLED_NSS=1 # Enable compiler optimizations and disable debugging code -BUILD_OPT=1 -export BUILD_OPT +# NOTE: If you ever need to create a debug build with optimizations disabled +# just comment out this line and change in the %%install section below the +# line that copies jars xpclass.jar to be xpclass_dbg.jar +export BUILD_OPT=1 # Generate symbolic info for debuggers XCFLAGS="-g $RPM_OPT_FLAGS" @@ -144,26 +91,21 @@ USE_64=1 export USE_64 %endif -%if 0%{?fedora} >= 16 -cp -p mozilla/security/coreconf/Linux2.6.mk mozilla/security/coreconf/Linux3.1.mk -sed -i -e 's;LINUX2_1;LINUX3_1;' mozilla/security/coreconf/Linux3.1.mk - -cp -p mozilla/security/coreconf/Linux3.1.mk mozilla/security/coreconf/Linux3.2.mk -sed -i -e 's;LINUX3_1;LINUX3_2;' mozilla/security/coreconf/Linux3.2.mk - -cp -p mozilla/security/coreconf/Linux3.2.mk mozilla/security/coreconf/Linux3.6.mk -sed -i -e 's;LINUX3_1;LINUX3_6;' mozilla/security/coreconf/Linux3.6.mk -%endif +cp -p jss/coreconf/Linux.mk jss/coreconf/Linux%{majorrel}.%{minorrel}.mk +sed -i -e 's;LINUX2_1;LINUX%{majorrel}_%{minorrel};' jss/coreconf/Linux%{majorrel}.%{minorrel}.mk # The Makefile is not thread-safe -make -C mozilla/security/coreconf -make -C mozilla/security/jss -make -C mozilla/security/jss javadoc +make -C jss/coreconf +make -C jss +make -C jss javadoc + +%check + %install rm -rf $RPM_BUILD_ROOT docdir -# Copy the license files here so we can include them in %doc +# Copy the license files here so we can include them in %%doc cp -p %{SOURCE1} . cp -p %{SOURCE2} . cp -p %{SOURCE3} . @@ -171,31 +113,23 @@ cp -p %{SOURCE3} . # There is no install target so we'll do it by hand # jars -%if 0%{?fedora} >= 16 install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir} -install -m 644 mozilla/dist/xpclass.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar -%else -install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss -install -m 644 mozilla/dist/xpclass.jar ${RPM_BUILD_ROOT}%{_libdir}/jss/jss4-%{version}.jar -ln -fs jss4-%{version}.jar $RPM_BUILD_ROOT%{_libdir}/jss/jss4.jar - -install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir} -ln -fs %{_libdir}/jss/jss4.jar $RPM_BUILD_ROOT%{_jnidir}/jss4.jar -%endif +# NOTE: if doing a debug no opt build change xpclass.jar to xpclass_debug.jar +install -m 644 dist/xpclass.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar # We have to use the name libjss4.so because this is dynamically # loaded by the jar file. install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss -install -m 0755 mozilla/dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/ -%if 0%{?fedora} >= 16 +install -m 0755 dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/ pushd ${RPM_BUILD_ROOT}%{_libdir}/jss ln -fs %{_jnidir}/jss4.jar jss4.jar popd -%endif # javadoc install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} -cp -rp mozilla/dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} +cp -rp dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} +cp -p jss/jss.html $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} +cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} %clean rm -rf $RPM_BUILD_ROOT @@ -203,9 +137,10 @@ rm -rf $RPM_BUILD_ROOT # No ldconfig is required since this library is loaded by Java itself. %files %defattr(-,root,root,-) -%doc mozilla/security/jss/jss.html MPL-1.1.txt gpl.txt lgpl.txt +%doc jss/jss.html MPL-1.1.txt gpl.txt lgpl.txt %{_libdir}/jss/* %{_jnidir}/* +%{_libdir}/jss/lib*.so %files javadoc %defattr(-,root,root,-) @@ -214,6 +149,50 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sat Mar 11 2017 Elio Maldonado - 4.4.0-0.1 +- Experimental build to rebase to jss-4.4.0 +- ## JSS 4.4.0 includes the following patches ported from downstream: +- Mozilla Bugzilla #507536 - Add IPv6 functionality to JSS +- Mozilla Bugzilla #1307872 - Expose NSS calls for OCSP settings +- Mozilla Bugzilla #1307882 - RFE ecc - add ecc curve name support in JSS and + CS interface +- Mozilla Bugzilla #1307993 - Expose updated certificate verification function + in JSS +- Mozilla Bugzilla #1308000 - Incorrect socket accept error message due to bad + pointer arithmetic +- Mozilla Bugzilla #1308001 - Verification should fail when a revoked + certificate is added +- Mozilla Bugzilla #1308004 - Warnings should be cleaned up in JSS build +- Mozilla Bugzilla #1308006 - DRM failed to recovery keys when in FIPS mode + (HSM + NSS) +- Mozilla Bugzilla #1308008 - Defects revealed by Coverity scan +- Mozilla Bugzilla #1308009 - Add support for PKCS5v2; support for secure PKCS12 +- Mozilla Bugzilla #1308012 - DRM: during archiving and recovering, wrapping + unwrapping keys should be done in the token +- Mozilla Bugzilla #1308013 - JSS - HSM token name was mistaken for + manufacturer identifier +- Mozilla Bugzilla #1308017 - Un-deprecate previously deprecated methods in + JSS 4.2.6 +- Mozilla Bugzilla #1308019 - Provide Tomcat support for TLS v1.1 and + TLS v1.2 via NSS through JSS +- Mozilla Bugzilla #1308026 - JSS certificate validation does not pass up exact + error from NSS +- Mozilla Bugzilla #1308027 - Merge pki-symkey into jss +- Mozilla Bugzilla #1308029 - Resolve Javadoc build issues +- Mozilla Bugzilla #1308047 - support ECC encryption key archival and recovery +- Mozilla Bugzilla #1313122 - Remove bypass tests as latest NSS has removed + PKCS#11 bypass support +- Mozilla Bugzilla #1328675 - Simple problem unwrapping AES sym keys on token +- Mozilla Bugzilla #1345174 - Cannot create system certs when using LunaSA HSM + in FIPS Mode and ECC algorithms +- Mozilla Bugzilla #1345613 - expose AES KeyWrap and add some useful OID + functions +- Mozilla Bugzilla #1346410 - Load JSS libraries appropriately +- ## JSS 4.4.0 includes the following changes for building and testing: +- Mozilla Bugzilla #1331765 - Simplify JSS Makefile build and test +- Mozilla Bugzilla #1346420 - Document steps required to use the proper + libjss4.so when running certain HMAC Algorithms tests + * Wed Feb 22 2017 Jack Magne - 4.2.6-44 - Bugzilla Bug #1425971 - Simple problem unwrapping AES sym keys on token