rpms/jss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Updated jss.spec to prepare for JSS 4.4.0

Browse Source
This commit is contained in:
Matthew Harmsen 2017-03-13 13:14:04 -06:00
parent 032e03cc44
commit 4404ece120
1 changed files with 86 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
jss.spec
View File

@ -1,15 +1,28 @@
%global majorrel `uname -r | cut -f1 -d.`
%global minorrel `uname -r | cut -f2 -d.`
Name: jss Name: jss
Version: 4.2.6 Version: 4.4.0
Release: 44%{?dist} Release: 1%{?dist}
Summary: Java Security Services (JSS) Summary: Java Security Services (JSS)
Group: System Environment/Libraries Group: System Environment/Libraries
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/jss/ URL: http://www.mozilla.org/projects/security/pki/jss/
# The source for this package was pulled from upstream's cvs. Use the # The source for this package was pulled from upstream's hg. Use the
# following commands to generate the tarball: # following commands to generate the tarball:
# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot export -r JSS_4_2_6_RTM -d jss-4.2.6 -N mozilla/security/coreconf mozilla/security/jss # hg clone --rev JSS_4_4_0_RTM https://hg.mozilla.org/projects/jss jss-4.4.0/jss
# tar -czvf jss-4.2.6.tar.gz jss-4.2.6 # rm -rf jss-4.4.0/jss/.hg
# if the tarball is Beta, set this define in 'org/mozilla/jss/util/jssver.h':
# #define JSS_BETA PR_TRUE
# else if tarball is non-Beta:
# #define JSS_BETA PR_FALSE
# tar -czvf jss-4.4.0.tar.gz jss-4.4.0
#
# For now util the JSS_4_4_0_RTM tag is created I actually used:
# hg clone --rev b1c6660e7e71 https://hg.mozilla.org/projects/jss jss-4.4.0/jss
# This is from upstream tip
#
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/%{name}-%{version}.tar.gz Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/%{name}-%{version}.tar.gz
Source1: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/MPL-1.1.txt Source1: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/MPL-1.1.txt
Source2: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/gpl.txt Source2: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}-%{release}/gpl.txt
@ -25,42 +38,6 @@ BuildRequires: perl
Requires: java-headless Requires: java-headless
Requires: nss >= 3.21.0 Requires: nss >= 3.21.0
Patch1: jss-key_pair_usage_with_op_flags.patch
Patch2: jss-javadocs-param.patch
Patch3: jss-ipv6.patch
Patch4: jss-ECC-pop.patch
Patch5: jss-loadlibrary.patch
Patch6: jss-ocspSettings.patch
Patch7: jss-ECC_keygen_byCurveName.patch
Patch8: jss-VerifyCertificate.patch
Patch9: jss-bad-error-string-pointer.patch
Patch10: jss-VerifyCertificateReturnCU.patch
#Patch11: jss-slots-not-freed.patch
Patch12: jss-ECC-HSM-FIPS.patch
Patch13: jss-eliminate-native-compiler-warnings.patch
Patch14: jss-eliminate-java-compiler-warnings.patch
Patch15: jss-PKCS12-FIPS.patch
Patch16: jss-eliminate-native-coverity-defects.patch
Patch17: jss-PBE-PKCS5-V2-secure-P12.patch
Patch18: jss-wrapInToken.patch
Patch19: jss-HSM-manufacturerID.patch
Patch20: jss-ECC-Phase2KeyArchivalRecovery.patch
Patch21: jss-undo-JCA-deprecations.patch
Patch22: jss-undo-BadPaddingException-deprecation.patch
Patch23: jss-fixed-build-issue-on-F17-or-newer.patch
Patch24: jss-SHA-OID-fix.patch
Patch25: jss-RC4-strengh-verify.patch
Patch26: jss-support-TLS1_1-TLS1_2.patch
Patch27: jss-WindowsCompileFix.patch
Patch28: jss-WindowsLoadLibrary.patch
Patch29: jss-Fixed-build-failures.patch
Patch30: jss-VerifyCertificate-enhancement.patch
Patch31: jss-lunasaUnwrap.patch
Patch32: jss-symkey-enhancements.patch
Patch33: jss-crmf-envelopedData.patch
Patch34: jss-unwrap-AES-sym-keys-on-token.patch
%description %description
Java Security Services (JSS) is a java native interface which provides a bridge Java Security Services (JSS) is a java native interface which provides a bridge
for java-based applications to use native Network Security Services (NSS). for java-based applications to use native Network Security Services (NSS).
@ -75,48 +52,18 @@ Requires: jss = %{version}-%{release}
This package contains the API documentation for JSS. This package contains the API documentation for JSS.
%prep %prep
%setup -q %setup -q -n %{name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
#%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p2
%build %build
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java [ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
[ -z "$USE_INSTALLED_NSPR" ] && export USE_INSTALLED_NSPR=1
[ -z "$USE_INSTALLED_NSS" ] && export USE_INSTALLED_NSS=1
# Enable compiler optimizations and disable debugging code # Enable compiler optimizations and disable debugging code
BUILD_OPT=1 # NOTE: If you ever need to create a debug build with optimizations disabled
export BUILD_OPT # just comment out this line and change in the %%install section below the
# line that copies jars xpclass.jar to be xpclass_dbg.jar
export BUILD_OPT=1
# Generate symbolic info for debuggers # Generate symbolic info for debuggers
XCFLAGS="-g $RPM_OPT_FLAGS" XCFLAGS="-g $RPM_OPT_FLAGS"
@ -144,26 +91,21 @@ USE_64=1
export USE_64 export USE_64
%endif %endif
%if 0%{?fedora} >= 16 cp -p jss/coreconf/Linux.mk jss/coreconf/Linux%{majorrel}.%{minorrel}.mk
cp -p mozilla/security/coreconf/Linux2.6.mk mozilla/security/coreconf/Linux3.1.mk sed -i -e 's;LINUX2_1;LINUX%{majorrel}_%{minorrel};' jss/coreconf/Linux%{majorrel}.%{minorrel}.mk
sed -i -e 's;LINUX2_1;LINUX3_1;' mozilla/security/coreconf/Linux3.1.mk
cp -p mozilla/security/coreconf/Linux3.1.mk mozilla/security/coreconf/Linux3.2.mk
sed -i -e 's;LINUX3_1;LINUX3_2;' mozilla/security/coreconf/Linux3.2.mk
cp -p mozilla/security/coreconf/Linux3.2.mk mozilla/security/coreconf/Linux3.6.mk
sed -i -e 's;LINUX3_1;LINUX3_6;' mozilla/security/coreconf/Linux3.6.mk
%endif
# The Makefile is not thread-safe # The Makefile is not thread-safe
make -C mozilla/security/coreconf make -C jss/coreconf
make -C mozilla/security/jss make -C jss
make -C mozilla/security/jss javadoc make -C jss javadoc
%check
%install %install
rm -rf $RPM_BUILD_ROOT docdir rm -rf $RPM_BUILD_ROOT docdir
# Copy the license files here so we can include them in %doc # Copy the license files here so we can include them in %%doc
cp -p %{SOURCE1} . cp -p %{SOURCE1} .
cp -p %{SOURCE2} . cp -p %{SOURCE2} .
cp -p %{SOURCE3} . cp -p %{SOURCE3} .
@ -171,31 +113,23 @@ cp -p %{SOURCE3} .
# There is no install target so we'll do it by hand # There is no install target so we'll do it by hand
# jars # jars
%if 0%{?fedora} >= 16
install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir} install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
install -m 644 mozilla/dist/xpclass.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar # NOTE: if doing a debug no opt build change xpclass.jar to xpclass_debug.jar
%else install -m 644 dist/xpclass.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar
install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss
install -m 644 mozilla/dist/xpclass.jar ${RPM_BUILD_ROOT}%{_libdir}/jss/jss4-%{version}.jar
ln -fs jss4-%{version}.jar $RPM_BUILD_ROOT%{_libdir}/jss/jss4.jar
install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
ln -fs %{_libdir}/jss/jss4.jar $RPM_BUILD_ROOT%{_jnidir}/jss4.jar
%endif
# We have to use the name libjss4.so because this is dynamically # We have to use the name libjss4.so because this is dynamically
# loaded by the jar file. # loaded by the jar file.
install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss
install -m 0755 mozilla/dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/ install -m 0755 dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/
%if 0%{?fedora} >= 16
pushd ${RPM_BUILD_ROOT}%{_libdir}/jss pushd ${RPM_BUILD_ROOT}%{_libdir}/jss
ln -fs %{_jnidir}/jss4.jar jss4.jar ln -fs %{_jnidir}/jss4.jar jss4.jar
popd popd
%endif
# javadoc # javadoc
install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
cp -rp mozilla/dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} cp -rp dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
cp -p jss/jss.html $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -203,9 +137,10 @@ rm -rf $RPM_BUILD_ROOT
# No ldconfig is required since this library is loaded by Java itself. # No ldconfig is required since this library is loaded by Java itself.
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc mozilla/security/jss/jss.html MPL-1.1.txt gpl.txt lgpl.txt %doc jss/jss.html MPL-1.1.txt gpl.txt lgpl.txt
%{_libdir}/jss/* %{_libdir}/jss/*
%{_jnidir}/* %{_jnidir}/*
%{_libdir}/jss/lib*.so
%files javadoc %files javadoc
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -214,6 +149,50 @@ rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Sat Mar 11 2017 Elio Maldonado <emaldona@redhat.com> - 4.4.0-0.1
- Experimental build to rebase to jss-4.4.0
- ## JSS 4.4.0 includes the following patches ported from downstream:
- Mozilla Bugzilla #507536 - Add IPv6 functionality to JSS
- Mozilla Bugzilla #1307872 - Expose NSS calls for OCSP settings
- Mozilla Bugzilla #1307882 - RFE ecc - add ecc curve name support in JSS and
CS interface
- Mozilla Bugzilla #1307993 - Expose updated certificate verification function
in JSS
- Mozilla Bugzilla #1308000 - Incorrect socket accept error message due to bad
pointer arithmetic
- Mozilla Bugzilla #1308001 - Verification should fail when a revoked
certificate is added
- Mozilla Bugzilla #1308004 - Warnings should be cleaned up in JSS build
- Mozilla Bugzilla #1308006 - DRM failed to recovery keys when in FIPS mode
(HSM + NSS)
- Mozilla Bugzilla #1308008 - Defects revealed by Coverity scan
- Mozilla Bugzilla #1308009 - Add support for PKCS5v2; support for secure PKCS12
- Mozilla Bugzilla #1308012 - DRM: during archiving and recovering, wrapping
unwrapping keys should be done in the token
- Mozilla Bugzilla #1308013 - JSS - HSM token name was mistaken for
manufacturer identifier
- Mozilla Bugzilla #1308017 - Un-deprecate previously deprecated methods in
JSS 4.2.6
- Mozilla Bugzilla #1308019 - Provide Tomcat support for TLS v1.1 and
TLS v1.2 via NSS through JSS
- Mozilla Bugzilla #1308026 - JSS certificate validation does not pass up exact
error from NSS
- Mozilla Bugzilla #1308027 - Merge pki-symkey into jss
- Mozilla Bugzilla #1308029 - Resolve Javadoc build issues
- Mozilla Bugzilla #1308047 - support ECC encryption key archival and recovery
- Mozilla Bugzilla #1313122 - Remove bypass tests as latest NSS has removed
PKCS#11 bypass support
- Mozilla Bugzilla #1328675 - Simple problem unwrapping AES sym keys on token
- Mozilla Bugzilla #1345174 - Cannot create system certs when using LunaSA HSM
in FIPS Mode and ECC algorithms
- Mozilla Bugzilla #1345613 - expose AES KeyWrap and add some useful OID
functions
- Mozilla Bugzilla #1346410 - Load JSS libraries appropriately
- ## JSS 4.4.0 includes the following changes for building and testing:
- Mozilla Bugzilla #1331765 - Simplify JSS Makefile build and test
- Mozilla Bugzilla #1346420 - Document steps required to use the proper
libjss4.so when running certain HMAC Algorithms tests
* Wed Feb 22 2017 Jack Magne <jmagne@redhat.com> - 4.2.6-44 * Wed Feb 22 2017 Jack Magne <jmagne@redhat.com> - 4.2.6-44
- Bugzilla Bug #1425971 - Simple problem unwrapping AES sym keys on token - Bugzilla Bug #1425971 - Simple problem unwrapping AES sym keys on token