diff --git a/cert8.db.xml b/cert8.db.xml
deleted file mode 100644
index e82948d..0000000
--- a/cert8.db.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-
-
-
-]>
-
-
-
-
- &date;
- Network Security Services
- nss
- &version;
-
-
-
- cert8.db
- 5
-
-
-
- cert8.db
- Legacy NSS certificate database
-
-
-
- Description
- cert8.db is an NSS certificate database.
- This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
-
-
-
-
- Files
- /etc/pki/nssdb/cert8.db
-
-
-
- See also
- cert9.db(5), key4.db(5), pkcs11.txt(5),
-
-
-
- Authors
- The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
- Authors: Elio Maldonado <emaldona@redhat.com>.
-
-
-
-
- LICENSE
- Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-
-
-
-
-
diff --git a/key3.db.xml b/key3.db.xml
deleted file mode 100644
index 444d7aa..0000000
--- a/key3.db.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-
-
-
-]>
-
-
-
-
- &date;
- Network Security Services
- nss
- &version;
-
-
-
- key3.db
- 5
-
-
-
- key3.db
- Legacy NSS certificate database
-
-
-
- Description
- key3.db is an NSS certificate database.
- This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
-
-
-
-
- Files
- /etc/pki/nssdb/key3.db
-
-
-
- See also
- cert9.db(5), key4.db(5), pkcs11.txt(5),
-
-
-
- Authors
- The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
- Authors: Elio Maldonado <emaldona@redhat.com>.
-
-
-
-
- LICENSE
- Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-
-
-
-
-
diff --git a/nss.spec b/nss.spec
index 19777dc..3c5aa6a 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,7 +4,7 @@
# - increment %%{nspr_version}, when updating the NSS part only
# - put the nss_release number here next to nspr, as they both
# need to be updated on a given release
-%global nss_release 3
+%global nss_release 4
%global nspr_release %[ %nss_release+2]
%global nss_version 3.71.0
# only need to update this as we added new
@@ -90,21 +90,25 @@ Source6: nss-softokn-dracut-module-setup.sh
Source7: nss-softokn-dracut.conf
Source8: nss.pc.in
Source9: nss-config.in
+%if %{with dbm}
Source10: blank-cert8.db
Source11: blank-key3.db
Source12: blank-secmod.db
+%endif
Source13: blank-cert9.db
Source14: blank-key4.db
Source15: system-pkcs11.txt
Source16: setup-nsssysinit.sh
Source20: nss-config.xml
Source21: setup-nsssysinit.xml
-Source22: pkcs11.txt.xml
+%if %{with dbm}
Source23: cert8.db.xml
-Source24: cert9.db.xml
Source25: key3.db.xml
-Source26: key4.db.xml
Source27: secmod.db.xml
+%endif
+Source22: pkcs11.txt.xml
+Source24: cert9.db.xml
+Source26: key4.db.xml
Source28: nss-p11-kit.config
Source100: nspr-%{nspr_archive_version}.tar.gz
@@ -540,20 +544,22 @@ date +"%e %B %Y" | tr -d '\n' > date.xml
echo -n %{nss_version} > version.xml
# configuration files and setup script
-for m in %{SOURCE20} %{SOURCE21} %{SOURCE22}; do
+for m in %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE24} %{SOURCE26}; do
cp ${m} .
done
-for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml; do
+for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml cert9.db.xml key4.db.xml; do
xmlto man ${m}
done
-# nss databases considered to be configuration files
-for m in %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}; do
+%if %{with dbm}
+# nss dbm databases
+for m in %{SOURCE23} %{SOURCE25} %{SOURCE27}; do
cp ${m} .
done
-for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml; do
+for m in cert8.db.xml key3.db.xml secmod.db.xml; do
xmlto man ${m}
done
+%endif
%check
@@ -704,9 +710,11 @@ done
# Install the empty NSS db files
# Legacy db
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
+%if %{with dbm}
install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
+%endif
# Shared db
install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
@@ -782,13 +790,15 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tool
%endif
# Copy the man pages for the configuration files
-for f in pkcs11.txt; do
+for f in pkcs11.txt cert9.db key4.db; do
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
done
-# Copy the man pages for the nss databases
-for f in cert8.db cert9.db key3.db key4.db secmod.db; do
+# Copy the man pages for the nss dbm databases
+%if %{with dbm}
+for f in cert8.db key3.db secmod.db; do
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
done
+%endif
# Copy the crypto-policies configuration file
install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
@@ -823,16 +833,20 @@ update-crypto-policies &> /dev/null || :
%{_libdir}/libssl3.so
%{_libdir}/libsmime3.so
%dir %{_sysconfdir}/pki/nssdb
+%if %{with dbm}
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db
+%endif
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
+%if %{with dbm}
%doc %{_mandir}/man5/cert8.db.5*
%doc %{_mandir}/man5/key3.db.5*
%doc %{_mandir}/man5/secmod.db.5*
+%endif
%doc %{_mandir}/man5/cert9.db.5*
%doc %{_mandir}/man5/key4.db.5*
%doc %{_mandir}/man5/pkcs11.txt.5*
diff --git a/secmod.db.xml b/secmod.db.xml
deleted file mode 100644
index afc9dce..0000000
--- a/secmod.db.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-
-
-
-]>
-
-
-
-
- &date;
- Network Security Services
- nss
- &version;
-
-
-
- secmod.db
- 5
-
-
-
- secmod.db
- Legacy NSS security modules database
-
-
-
- Description
- secmod.db is an NSS security modules database.
- The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
-
- The command line utility modutil is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
-
- For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
-
-
-
-
- Files
- /etc/pki/nssdb/secmod.db
-
-
-
- See also
- modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)
-
-
-
- Authors
- The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
- Authors: Elio Maldonado <emaldona@redhat.com>.
-
-
-
-
- LICENSE
- Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-
-
-
-
-
diff --git a/sources b/sources
index ee7146c..8d9b1e3 100644
--- a/sources
+++ b/sources
@@ -1,7 +1,4 @@
-SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
-SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
-SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
SHA512 (nspr-4.32.tar.gz) = da9b65b374783d20a2e589211b411816d899e296e91175d376e59df1919144c1808c155a234d6ceefdf7b8ae8f47cec98d92a5aa3150a579513251860e50dcb7
SHA512 (nss-3.71.tar.gz) = a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2