Related: rhbz#2008320

- Fix typo that prevented the validation program from building. - add the validation program to nss-tools. - Fix issue with NSS_FIPS_MODULE_ID where it wasn't detecting builds on RHEL9
2021-10-19 20:11:17 -07:00 · 2021-10-19 20:11:17 -07:00 · af61b61e84
parent c9c633332d
commit af61b61e84
2 changed files with 11 additions and 5 deletions
--- a/nss-3.71-fips-module-name.patch
+++ b/nss-3.71-fips-module-name.patch
@ -87,7 +87,7 @@ new file mode 100644
 +# Listing it here in REQUIRES makes it appear twice in the cc command line.
 +REQUIRES = dbm seccmd
 +
-+ROGRAM = validation
+PROGRAM = validation
 +
 +# USE_STATIC_LIBS = 1
 diff --git a/cmd/validation/validation.c b/cmd/validation/validation.c
--- a/nss.spec
+++ b/nss.spec
@ -4,7 +4,7 @@
 # - increment %%{nspr_version}, when updating the NSS part only
 # - put the nss_release number here next to nspr, as they both
 #   need to be updated on a given release
-%global nss_release 1
+%global nss_release 2
 %global nspr_release %[%nss_release+2]
 %global nss_version 3.71.0
 # only need to update this as we added new
@ -378,7 +378,7 @@ export NSS_FIPS_VERSION="%{name}\ %{version}-$(date +%Y%m%d)"
 %if %{defined centos}
  export NSS_FIPS_MODULE_ID="Centos\ %rhel\ ${NSS_FIPS_VERSION}\ unvalidated"
 %else
-if  [ grep "Red Hat" /etc/system-release ]; then
+if grep "Red Hat" /etc/system-release; then
  export NSS_FIPS_MODULE_ID="Red\ Hat\ Enterprise\ Linux\ %rhel\ ${NSS_FIPS_VERSION}"
 else
  export NSS_FIPS_MODULE_ID="Generic\ Enterprise\ Linux\ %rhel\ ${NSS_FIPS_VERSION}\ unvalidated"
@ -722,7 +722,7 @@ do
 done

 # Copy the binaries we ship as unsupported
-for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
+for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt validation vfyserv vfychain
 do
  install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 done
@ -769,7 +769,7 @@ for f in nss-config setup-nsssysinit; do
   install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
 done
 # Copy the man pages for the nss tools
-for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do
+for f in certutil cmsutil crlutil derdump modutil nss-policy-check pk12util signtool signver ssltap vfychain vfyserv; do
  install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
 done
 %if %{defined rhel}
@ -861,6 +861,7 @@ update-crypto-policies &> /dev/null || :
 %{unsupported_tools_directory}/strsclnt
 %{unsupported_tools_directory}/symkeyutil
 %{unsupported_tools_directory}/tstclnt
+%{unsupported_tools_directory}/validation
 %{unsupported_tools_directory}/vfyserv
 %{unsupported_tools_directory}/vfychain
 # instead of %%{_mandir}/man*/* let's list them explicitly
@ -869,6 +870,7 @@ update-crypto-policies &> /dev/null || :
 %doc %{_mandir}/man1/cmsutil.1*
 %doc %{_mandir}/man1/crlutil.1*
 %doc %{_mandir}/man1/modutil.1*
+%doc %{_mandir}/man1/nss-policy-check.1*
 %doc %{_mandir}/man1/pk12util.1*
 %doc %{_mandir}/man1/signver.1*
 # unsupported tools
@ -1079,6 +1081,10 @@ update-crypto-policies &> /dev/null || :


 %changelog
+* Tue Oct 19 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-2
+- make sure validation is built
+- fix syntax on FIPS module name
+
 * Tue Oct 5 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-1
 - rebase to NSS-3.71