Related: rhbz#2008320

- Fix typo that prevented the validation program from building.
- add the validation program to nss-tools.
- Fix issue with NSS_FIPS_MODULE_ID where it wasn't detecting builds on RHEL9

nss-3.71-fips-module-name.patch

@@ -87,7 +87,7 @@ new file mode 100644
 +# Listing it here in REQUIRES makes it appear twice in the cc command line.
 +REQUIRES = dbm seccmd
 +
-+ROGRAM = validation
++PROGRAM = validation
 +
 +# USE_STATIC_LIBS = 1
 diff --git a/cmd/validation/validation.c b/cmd/validation/validation.c

nss.spec

@@ -4,7 +4,7 @@
 # - increment %%{nspr_version}, when updating the NSS part only
 # - put the nss_release number here next to nspr, as they both
 #   need to be updated on a given release
-%global nss_release 1
+%global nss_release 2
 %global nspr_release %[%nss_release+2]
 %global nss_version 3.71.0
 # only need to update this as we added new
@@ -378,7 +378,7 @@ export NSS_FIPS_VERSION="%{name}\ %{version}-$(date +%Y%m%d)"
 %if %{defined centos}
   export NSS_FIPS_MODULE_ID="Centos\ %rhel\ ${NSS_FIPS_VERSION}\ unvalidated"
 %else
-if  [ grep "Red Hat" /etc/system-release ]; then
+if grep "Red Hat" /etc/system-release; then
   export NSS_FIPS_MODULE_ID="Red\ Hat\ Enterprise\ Linux\ %rhel\ ${NSS_FIPS_VERSION}"
 else
   export NSS_FIPS_MODULE_ID="Generic\ Enterprise\ Linux\ %rhel\ ${NSS_FIPS_VERSION}\ unvalidated"
@@ -722,7 +722,7 @@ do
 done
 
 # Copy the binaries we ship as unsupported
-for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
+for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt validation vfyserv vfychain
 do
   install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 done
@@ -769,7 +769,7 @@ for f in nss-config setup-nsssysinit; do
    install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
 done
 # Copy the man pages for the nss tools
-for f in certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv; do
+for f in certutil cmsutil crlutil derdump modutil nss-policy-check pk12util signtool signver ssltap vfychain vfyserv; do
   install -c -m 644 ./dist/docs/nroff/${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
 done
 %if %{defined rhel}
@@ -861,6 +861,7 @@ update-crypto-policies &> /dev/null || :
 %{unsupported_tools_directory}/strsclnt
 %{unsupported_tools_directory}/symkeyutil
 %{unsupported_tools_directory}/tstclnt
+%{unsupported_tools_directory}/validation
 %{unsupported_tools_directory}/vfyserv
 %{unsupported_tools_directory}/vfychain
 # instead of %%{_mandir}/man*/* let's list them explicitly
@@ -869,6 +870,7 @@ update-crypto-policies &> /dev/null || :
 %doc %{_mandir}/man1/cmsutil.1*
 %doc %{_mandir}/man1/crlutil.1*
 %doc %{_mandir}/man1/modutil.1*
+%doc %{_mandir}/man1/nss-policy-check.1*
 %doc %{_mandir}/man1/pk12util.1*
 %doc %{_mandir}/man1/signver.1*
 # unsupported tools
@@ -1079,6 +1081,10 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Tue Oct 19 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-2
+- make sure validation is built
+- fix syntax on FIPS module name
+
 * Tue Oct 5 2021 Bob Relyea <rrelyea@redhat.com> - 3.71.0-1
 - rebase to NSS-3.71