rpms/nss
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Indicate the provenance of stripped source tarball (#688015)

Browse Source 
- Add the code stripping script to the sources
This commit is contained in:
Elio Maldonado 2011-07-23 20:16:38 -07:00
parent e2ce6e022c
commit a7fb38e80b
2 changed files with 144 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
mozilla-crypto-strip.sh Executable file
View File

@ -0,0 +1,128 @@
#!/bin/sh
set -e
if test -z $1
then
echo "usage: $0 <input-tarball>"
exit
fi
ORIGDIR=`pwd`
WORKDIR=nss_ecc_strip_working_dir
EXTENSION=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\2#'`
BASE=`echo $1 | sed -r 's#^(.*)(.tar.bz2|.tbz2|.tar.gz|.tgz)$#\1#'`
COMPRESS=""
if test "x$EXTENSION" = "x.tar.bz2" || test "x$EXTENSION" = "x.tbz2"
then
COMPRESS="j"
fi
if test "x$EXTENSION" = "x.tar.gz" || test "x$EXTENSION" = "x.tgz"
then
COMPRESS="z"
fi
if test "x$COMPRESS" = "x"
then
echo "unable to process, input file $1 has unsupported extension"
exit
fi
echo "== extension is $EXTENSION - ok"
echo "== new extension will be $JEXTENSION"
echo "== cleaning old workdir $WORKDIR"
rm -rf $WORKDIR
mkdir $WORKDIR
echo "== extracting input archive $1"
tar -x -$COMPRESS -C $WORKDIR -f $1
echo "changing into $WORKDIR"
pushd $WORKDIR
DIRCOUNT=`ls -1 | wc -l`
if test $DIRCOUNT -ne 1
then
echo "unable to process, $1 contains more than one toplevel directory"
exit
fi
TOPDIR=`ls -1`
if test "x$TOPDIR" != "xmozilla"
then
# try to deal with a single additional subdirectory above "mozilla"
echo "== skipping toplevel directory $TOPDIR"
cd $TOPDIR
fi
DIRCOUNT=`ls -1 | wc -l`
if test $DIRCOUNT -ne 1
then
echo "unable to process, $1 contains more than one second level directory"
exit
fi
SINGLEDIR=`ls -1`
if test "x$SINGLEDIR" != "xmozilla"
then
echo "unable to process, first or second level directory is not mozilla"
exit
fi
echo "== input archive accepted, now processing"
REALFREEBLDIR=mozilla/security/nss/lib/freebl
FREEBLDIR=./$REALFREEBLDIR
rm -rf ./mozilla/security/nss/cmd/ecperf
mv ${FREEBLDIR}/ecl/ecl-exp.h ${FREEBLDIR}/save
rm -rf ${FREEBLDIR}/ecl/tests
rm -rf ${FREEBLDIR}/ecl/CVS
for i in ${FREEBLDIR}/ecl/* ; do
echo clobbering $i
> $i
done
mv ${FREEBLDIR}/save ${FREEBLDIR}/ecl/ecl-exp.h
for j in ${FREEBLDIR}/ec.*; do
echo unifdef $j
cat $j | \
awk 'BEGIN {ech=1; prt=0;} \
/^#[ \t]*ifdef.*NSS_ENABLE_ECC/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
/^#[ \t]*endif/ {if(ech < 1) ech++;} \
{if (prt && (ech<=0)) {;print $0}; } \
{if (ech>0) {prt=0;} } \
/^#[ \t]*else/ {if (ech == 0) prt=1;}' > $j.hobbled && \
mv $j.hobbled $j
done
echo "== returning to original directory"
popd
JCOMPRESS=j
JEXTENSION=.tar.bz2
NEWARCHIVE=$BASE-stripped$JEXTENSION
echo "== finally producing new archive $NEWARCHIVE"
tar -c -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $TOPDIR
echo "== all done, listing of old and new archive:"
ls -l $1
ls -l $NEWARCHIVE
LISTING_DIR=""
if test "x$TOPDIR" != "xmozilla"
then
LISTING_DIR="$TOPDIR/$REALFREEBLDIR/ecl"
else
LISTING_DIR="$REALFREEBLDIR/ecl"
fi
echo "== FYI, producing listing of stripped dir in new archive"
tar -t -v -$JCOMPRESS -C $WORKDIR -f $NEWARCHIVE $LISTING_DIR

18
nss.spec
View File

@ -6,7 +6,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.12.10 Version: 3.12.10
Release: 5%{?dist} Release: 6%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -26,6 +26,17 @@ BuildRequires: psmisc
BuildRequires: perl BuildRequires: perl
Source0: %{name}-%{version}-stripped.tar.bz2 Source0: %{name}-%{version}-stripped.tar.bz2
# The stripped tar ball is a subset of the upstream sources with
# patent-encumbered cryptographic algorithms removed.
# Use this script to remove them and create the stripped archive.
# 1. Download the sources nss-{version}.tar.gz found within
# http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
# in a subdirectory named NSS_${major}_${minor}_${maint}_RTM/src
# 2. In the download directory execute
# ./mozilla-crypto-strip.sh ${name}-${version}.tar.gz
# to produce ${name}-${version}-stripped.tar.bz2
# for uploading to the lookaside cache.
Source100: mozilla-crypto-strip.sh
Source1: nss.pc.in Source1: nss.pc.in
Source2: nss-config.in Source2: nss-config.in
@ -297,7 +308,7 @@ cd ../../../../
killall $RANDSERV || : killall $RANDSERV || :
TEST_FAILURES=`grep -c FAILED ./mozilla/tests_results/security/localhost.1/output.log` || : TEST_FAILURES=`grep -c FAILED ./mozilla/tests_results/security/localhost.1/output.log` || :
# test suite is failing on arm and has for awhile lets run the test suite but make it non fatal on arm # test suite is failing on arm and has for awhile let's run the test suite but make it non fatal on arm
%ifnarch %{arm} %ifnarch %{arm}
if [ $TEST_FAILURES -ne 0 ]; then if [ $TEST_FAILURES -ne 0 ]; then
echo "error: test suite returned failure(s)" echo "error: test suite returned failure(s)"
@ -533,6 +544,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog %changelog
* Sat Jul 23 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-6
- Indicate the provenance of stripped source tarball (#688015)
* Mon Jun 27 2011 Michael Schwendt <mschwendt@fedoraproject.org> - 3.12.10-5 * Mon Jun 27 2011 Michael Schwendt <mschwendt@fedoraproject.org> - 3.12.10-5
- Provide virtual -static package to meet guidelines (#609612). - Provide virtual -static package to meet guidelines (#609612).