diff --git a/nss-config.xml b/nss-config.xml
new file mode 100644
index 0000000..f9518c9
--- /dev/null
+++ b/nss-config.xml
@@ -0,0 +1,132 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ nss-config
+ 1
+
+
+
+ nss-config
+ Return meta information about nss libraries
+
+
+
+
+ nss-config
+
+
+
+
+
+
+
+
+
+
+
+ Description
+
+ nss-config is a shell scrip
+ tool which can be used to obtain gcc options for building client pacakges of nspt.
+
+
+
+
+ Options
+
+
+
+
+ Returns the top level system directory under which the nss libraries are installed.
+
+
+
+
+ returns the top level system directory under which any nss binaries would be installed.
+
+
+
+ count
+ returns the path to the directory were the nss libraries are installed.
+
+
+
+
+ returns the upstream version of nss in the form major_version-minor_version-patch_version.
+
+
+
+
+ returns the compiler linking flags.
+
+
+
+
+ returns the compiler include flags.
+
+
+
+
+ returns the path to the directory were the nss libraries are installed.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for both include path and linkage flags:
+
+
+ /usr/bin/nss-config --cflags --libs
+
+
+
+
+
+
+
+
+ Files
+
+ /usr/bin/nss-config
+
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/nss.spec b/nss.spec
index 3998a4e..ddca02b 100644
--- a/nss.spec
+++ b/nss.spec
@@ -3,6 +3,7 @@
%global nss_softokn_fips_version 3.12.9
%global nss_softokn_version 3.15
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
+%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv"
# solution taken from icedtea-web.spec
%define multilib_arches ppc64 sparc64 x86_64
@@ -19,7 +20,7 @@
Summary: Network Security Services
Name: nss
Version: 3.15
-Release: 4%{?dist}
+Release: 5%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -74,6 +75,8 @@ Source12: %{name}-pem-20130405.tar.bz2
Source17: TestCA.ca.cert
Source18: TestUser50.cert
Source19: TestUser51.cert
+Source20: nss-config.xml
+Source21: setup-nsssysinit.xml
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch
@@ -147,6 +150,7 @@ Requires: nss-util-devel
Requires: nss-softokn-devel
Requires: nspr-devel >= %{nspr_version}
Requires: pkgconfig
+BuildRequires: xmlto
%description devel
Header and Library files for doing development with Network Security Services.
@@ -294,6 +298,16 @@ export NSS_BLTEST_NOT_AVAILABLE=1
%{__make} -C ./nss
unset NSS_BLTEST_NOT_AVAILABLE
+# build the man pages clean
+pushd ./nss
+%{__make} clean_docs build_docs
+popd
+
+# and copy them here
+for m in "%{allTools}"; do
+ cp ./nss/doc/nroff/${m}.1 .
+done
+
# Set up our package file
# The nspr_version and nss_{util|softokn}_version globals used
# here match the ones nss has for its Requires.
@@ -333,6 +347,16 @@ chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
%{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/
+date +"%e %B %Y" | tr -d '\n' > date.xml
+echo -n %{version} > version.xml
+
+for m in %{SOURCE20} %{SOURCE21}; do
+ cp ${m} .
+done
+for m in nss-config.xml setup-nsssysinit.xml; do
+ xmlto man ${m}
+done
+
%check
if [ $DISABLETEST -eq 1 ]; then
echo "testing disabled"
@@ -437,6 +461,8 @@ echo "test suite completed"
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
+
touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so
%{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so
@@ -492,6 +518,14 @@ done
%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
# Copy the pkcs #11 configuration script
%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
+# Copy the man pages for scripts
+for f in nss-config setup-nsssysinit; do
+ install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
+done
+# Copy the man pages the nss tools
+for f in "%{allTools}"; do
+ install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
+done
%clean
%{__rm} -rf $RPM_BUILD_ROOT
@@ -570,6 +604,7 @@ fi
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
%{_bindir}/setup-nsssysinit.sh
+%attr(0644,root,root) %doc /usr/share/man/man1/setup-nsssysinit.1.gz
%files tools
%defattr(-,root,root)
@@ -592,12 +627,28 @@ fi
%{unsupported_tools_directory}/tstclnt
%{unsupported_tools_directory}/vfyserv
%{unsupported_tools_directory}/vfychain
+# instead of %{_mandir}/man*/* let's list them explicitely
+# supported tools
+%attr(0644,root,root) %doc /usr/share/man/man1/certutil.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/cmsutil.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/crlutil.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/modutil.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/pk12util.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/signver.1.gz
+# unsupported tools
+%attr(0644,root,root) %doc /usr/share/man/man1/derdump.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/pp.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/ssltap.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/vfychain.1.gz
+%attr(0644,root,root) %doc /usr/share/man/man1/vfyserv.1.gz
%files devel
%defattr(-,root,root)
%{_libdir}/libcrmf.a
%{_libdir}/pkgconfig/nss.pc
%{_bindir}/nss-config
+%attr(0644,root,root) %doc /usr/share/man/man1/nss-config.1.gz
%dir %{_includedir}/nss3
%{_includedir}/nss3/cert.h
@@ -667,6 +718,10 @@ fi
%changelog
+* Wed Jun 19 2013 Elio Maldonado - 3.15-5
+- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
+- Resolves: rhbz#606020 - nss security tools lack man pages
+
* Tue Jun 18 2013 emaldona - 3.15-4
- Build nss without softoken or util sources in the tree
- Resolves: rhbz#689918
diff --git a/setup-nsssysinit.xml b/setup-nsssysinit.xml
new file mode 100644
index 0000000..4335d85
--- /dev/null
+++ b/setup-nsssysinit.xml
@@ -0,0 +1,110 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ setup-nsssysinit
+ 1
+
+
+
+ setup-nsssysinit
+ Query or enable the nss-sysinit module
+
+
+
+
+ setup-nsssysinit
+
+
+
+
+
+
+
+
+
+
+
+ Description
+ setup-nsssysinit is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it.
+ Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
+
+
+
+
+ Options
+
+
+
+
+ Turn on nss-sysinit.
+
+
+
+
+ Turn on nss-sysinit.
+
+
+
+ count
+ returns whether nss-syinit is enabled or not.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for the status of nss-sysinit:
+
+ /usr/bin/setup-nsssysinit --status
+
+
+
+ The following example, when run as superuser, will turn on nss-sysinit:
+
+ /usr/bin/setup-nsssysinit --on
+
+
+
+
+
+
+ Files
+ /usr/sbin/setup-nsssysinit
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+