diff --git a/nss-3.71-fips-module-name.patch b/nss-3.71-fips-module-name.patch index 8e4ea8d..a1ec103 100644 --- a/nss-3.71-fips-module-name.patch +++ b/nss-3.71-fips-module-name.patch @@ -87,7 +87,7 @@ new file mode 100644 +# Listing it here in REQUIRES makes it appear twice in the cc command line. +REQUIRES = dbm seccmd + -+ROGRAM = validation ++PROGRAM = validation + +# USE_STATIC_LIBS = 1 diff --git a/cmd/validation/validation.c b/cmd/validation/validation.c diff --git a/nss.spec b/nss.spec index 848604f..84bdc0b 100644 --- a/nss.spec +++ b/nss.spec @@ -4,7 +4,7 @@ # - increment %%{nspr_version}, when updating the NSS part only # - put the nss_release number here next to nspr, as they both # need to be updated on a given release -%global nss_release 1 +%global nss_release 2 %global nspr_release %[%nss_release+2] %global nss_version 3.71.0 # only need to update this as we added new @@ -378,7 +378,7 @@ export NSS_FIPS_VERSION="%{name}\ %{version}-$(date +%Y%m%d)" %if %{defined centos} export NSS_FIPS_MODULE_ID="Centos\ %rhel\ ${NSS_FIPS_VERSION}\ unvalidated" %else -if [ grep "Red Hat" /etc/system-release ]; then +if grep "Red Hat" /etc/system-release; then export NSS_FIPS_MODULE_ID="Red\ Hat\ Enterprise\ Linux\ %rhel\ ${NSS_FIPS_VERSION}" else export NSS_FIPS_MODULE_ID="Generic\ Enterprise\ Linux\ %rhel\ ${NSS_FIPS_VERSION}\ unvalidated" @@ -722,7 +722,7 @@ do done # Copy the binaries we ship as unsupported -for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain +for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt validation vfyserv vfychain do install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} done @@ -769,7 +769,7 @@ for f in nss-config setup-nsssysinit; do install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 done # Copy the man pages for the nss tools -for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do +for f in certutil cmsutil crlutil derdump modutil nss-policy-check pk12util signtool signver ssltap vfychain vfyserv; do install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 done %if %{defined rhel} @@ -861,6 +861,7 @@ update-crypto-policies &> /dev/null || : %{unsupported_tools_directory}/strsclnt %{unsupported_tools_directory}/symkeyutil %{unsupported_tools_directory}/tstclnt +%{unsupported_tools_directory}/validation %{unsupported_tools_directory}/vfyserv %{unsupported_tools_directory}/vfychain # instead of %%{_mandir}/man*/* let's list them explicitly @@ -869,6 +870,7 @@ update-crypto-policies &> /dev/null || : %doc %{_mandir}/man1/cmsutil.1* %doc %{_mandir}/man1/crlutil.1* %doc %{_mandir}/man1/modutil.1* +%doc %{_mandir}/man1/nss-policy-check.1* %doc %{_mandir}/man1/pk12util.1* %doc %{_mandir}/man1/signver.1* # unsupported tools @@ -1079,6 +1081,10 @@ update-crypto-policies &> /dev/null || : %changelog +* Tue Oct 19 2021 Bob Relyea - 3.71.0-2 +- make sure validation is built +- fix syntax on FIPS module name + * Tue Oct 5 2021 Bob Relyea - 3.71.0-1 - rebase to NSS-3.71