From a7fb38e80b5f590c743fe3c4add2472dbc06e051 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Sat, 23 Jul 2011 20:16:38 -0700 Subject: [PATCH] - Indicate the provenance of stripped source tarball (#688015) - Add the code stripping script to the sources --- mozilla-crypto-strip.sh | 128 ++++++++++++++++++++++++++++++++++++++++ nss.spec | 18 +++++- 2 files changed, 144 insertions(+), 2 deletions(-) create mode 100755 mozilla-crypto-strip.sh diff --git a/mozilla-crypto-strip.sh b/mozilla-crypto-strip.sh new file mode 100755 index 0000000..4edcbf0 --- /dev/null +++ b/mozilla-crypto-strip.sh @@ -0,0 +1,128 @@ +#!/bin/sh +set -e + +if test -z $1 +then + echo "usage: $0 " + exit +fi + +ORIGDIR=`pwd` +WORKDIR=nss_ecc_strip_working_dir +EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'` +BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'` +COMPRESS="" + +if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2" +then + COMPRESS="j" +fi + +if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz" +then + COMPRESS="z" +fi + +if test "x$COMPRESS" = "x" +then + echo "unable to process, input file $1 has unsupported extension" + exit +fi + +echo "== extension is $EXTENSION - ok" +echo "== new extension will be $JEXTENSION" +echo "== cleaning old workdir $WORKDIR" + +rm -rf $WORKDIR +mkdir $WORKDIR + +echo "== extracting input archive $1" +tar -x -$COMPRESS -C $WORKDIR -f $1 + +echo "changing into $WORKDIR" +pushd $WORKDIR + +DIRCOUNT=`ls -1 | wc -l` +if test $DIRCOUNT -ne 1 +then + echo "unable to process, $1 contains more than one toplevel directory" + exit +fi + +TOPDIR=`ls -1` +if test "x$TOPDIR" != "xmozilla" +then + # try to deal with a single additional subdirectory above "mozilla" + echo "== skipping toplevel directory $TOPDIR" + cd $TOPDIR +fi + +DIRCOUNT=`ls -1 | wc -l` +if test $DIRCOUNT -ne 1 +then + echo "unable to process, $1 contains more than one second level directory" + exit +fi + +SINGLEDIR=`ls -1` +if test "x$SINGLEDIR" != "xmozilla" +then + echo "unable to process, first or second level directory is not mozilla" + exit +fi + +echo "== input archive accepted, now processing" + +REALFREEBLDIR=mozilla/security/nss/lib/freebl +FREEBLDIR=./$REALFREEBLDIR + +rm -rf ./mozilla/security/nss/cmd/ecperf + +mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save +rm -rf ${FREEBLDIR}/ecl/tests +rm -rf ${FREEBLDIR}/ecl/CVS +for i in ${FREEBLDIR}/ecl/* ; do +echo clobbering $i + > $i +done +mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h + +for j in ${FREEBLDIR}/ec.*; do + echo unifdef $j + cat $j | \ + awk 'BEGIN {ech=1; prt=0;} \ + /^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \ + /^#[ \t]*if/ {if(ech < 1) ech--;} \ + {if(ech>0) {;print $0};} \ + /^#[ \t]*endif/ {if(ech < 1) ech++;} \ + {if (prt && (ech<=0)) {;print $0}; } \ + {if (ech>0) {prt=0;} } \ + /^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \ + mv $j.hobbled $j +done + +echo "== returning to original directory" +popd + +JCOMPRESS=j +JEXTENSION=.tar.bz2 +NEWARCHIVE=$BASE-stripped$JEXTENSION +echo "== finally producing new archive $NEWARCHIVE" +tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR + +echo "== all done, listing of old and new archive:" +ls -l $1 +ls -l $NEWARCHIVE + +LISTING_DIR="" +if test "x$TOPDIR" != "xmozilla" +then + LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl" +else + LISTING_DIR="$REALFREEBLDIR/ecl" +fi + +echo "== FYI, producing listing of stripped dir in new archive" +tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR + + diff --git a/nss.spec b/nss.spec index 1f8e089..01c7a3b 100644 --- a/nss.spec +++ b/nss.spec @@ -6,7 +6,7 @@ Summary: Network Security Services Name: nss Version: 3.12.10 -Release: 5%{?dist} +Release: 6%{?dist} License: MPLv1.1 or GPLv2+ or LGPLv2+ URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -26,6 +26,17 @@ BuildRequires: psmisc BuildRequires: perl Source0: %{name}-%{version}-stripped.tar.bz2 +# The stripped tar ball is a subset of the upstream sources with +# patent-encumbered cryptographic algorithms removed. +# Use this script to remove them and create the stripped archive. +# 1. Download the sources nss-{version}.tar.gz found within +# http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ +# in a subdirectory named NSS_${major}_${minor}_${maint}_RTM/src +# 2. In the download directory execute +# ./mozilla-crypto-strip.sh ${name}-${version}.tar.gz +# to produce ${name}-${version}-stripped.tar.bz2 +# for uploading to the lookaside cache. +Source100: mozilla-crypto-strip.sh Source1: nss.pc.in Source2: nss-config.in @@ -297,7 +308,7 @@ cd ../../../../ killall $RANDSERV || : TEST_FAILURES=`grep -c FAILED ./mozilla/tests_results/security/localhost.1/output.log` || : -# test suite is failing on arm and has for awhile lets run the test suite but make it non fatal on arm +# test suite is failing on arm and has for awhile let's run the test suite but make it non fatal on arm %ifnarch %{arm} if [ $TEST_FAILURES -ne 0 ]; then echo "error: test suite returned failure(s)" @@ -533,6 +544,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h %changelog +* Sat Jul 23 2011 Elio Maldonado - 3.12.10-6 +- Indicate the provenance of stripped source tarball (#688015) + * Mon Jun 27 2011 Michael Schwendt - 3.12.10-5 - Provide virtual -static package to meet guidelines (#609612).