Revert "Switch to gyp buildsystem"

It turned out that libpkix cannot be enabled in gyp build.

This reverts commit 390eaefc52.
This commit is contained in:
Daiki Ueno 2018-12-10 15:36:58 +01:00
parent af46412ffe
commit cab16c0490
2 changed files with 75 additions and 12 deletions

13
iquote.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
SQLITE_LIB_NAME = sqlite3
endif
+# Prefer in-tree headers over system headers
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
+endif
+
MK_LOCATION = included

View File

@ -64,9 +64,6 @@ BuildRequires: gawk
BuildRequires: psmisc BuildRequires: psmisc
BuildRequires: perl-interpreter BuildRequires: perl-interpreter
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gyp
BuildRequires: ninja-build
BuildRequires: /usr/bin/python
Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz Source0: https://ftp.mozilla.org/pub/security/nss/releases/%{nss_release_tag}/src/%{name}-%{nss_archive_version}.tar.gz
Source1: nss-util.pc.in Source1: nss-util.pc.in
@ -97,6 +94,18 @@ Source28: nss-p11-kit.config
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch2: nss-539183.patch Patch2: nss-539183.patch
# This patch uses the GCC -iquote option documented at
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
# to give the in-tree headers a higher priority over the system headers,
# when they are included through the quote form (#include "file.h").
#
# This ensures a build even when system headers are older. Such is the
# case when starting an update with API changes or even private export
# changes.
#
# Once the buildroot aha been bootstrapped the patch may be removed
# but it doesn't hurt to keep it.
Patch4: iquote.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -233,32 +242,60 @@ popd
%build %build
export FREEBL_NO_DEPEND=1
# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
# copied to dist and the rpm install phase can find it
# This due of the upstream changes to fix
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
export FREEBL_LOWHASH=1
# uncomment if the iquote patch is activated # uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1 export IN_TREE_FREEBL_HEADERS_FIRST=1
export NSS_FORCE_FIPS=1 export NSS_FORCE_FIPS=1
# Enable compiler optimizations and disable debugging code
export BUILD_OPT=1
# Uncomment to disable optimizations # Uncomment to disable optimizations
#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` #RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'`
#export RPM_OPT_FLAGS #export RPM_OPT_FLAGS
# Generate symbolic info for debuggers # Generate symbolic info for debuggers
export CFLAGS=$RPM_OPT_FLAGS export XCFLAGS=$RPM_OPT_FLAGS
export LDFLAGS=$RPM_LD_FLAGS export LDFLAGS=$RPM_LD_FLAGS
export DSO_LDOPTS=$RPM_LD_FLAGS
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed -e 's/-I//' -e 's/ *$//'` export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
export NSPR_LIB_DIR=%{_libdir} export NSPR_LIB_DIR=%{_libdir}
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ALLOW_SSLKEYLOGFILE=1
%ifnarch noarch
%if 0%{__isa_bits} == 64
export USE_64=1
%endif
%endif
##### phase 2: build the rest of nss
make -C ./nss/coreconf
make -C ./nss/lib/dbm
# Set the policy file location # Set the policy file location
# if set NSS will always check for the policy file and load if it exists # if set NSS will always check for the policy file and load if it exists
export POLICY_FILE="nss.config" export POLICY_FILE="nss.config"
# location of the policy file # location of the policy file
export POLICY_PATH="/etc/crypto-policies/back-ends" export POLICY_PATH="/etc/crypto-policies/back-ends"
nss/build.sh --gcc --opt --with-nspr="$NSPR_INCLUDE_DIR" --system-sqlite --enable-fips make -C ./nss
# build the man pages clean # build the man pages clean
pushd ./nss pushd ./nss
@ -371,6 +408,20 @@ done
%check %check
%if %{with tests} %if %{with tests}
# Begin -- copied from the build section
export FREEBL_NO_DEPEND=1
export BUILD_OPT=1
%ifnarch noarch
%if 0%{__isa_bits} == 64
export USE_64=1
%endif
%endif
# End -- copied from the build section
# This is necessary because the test suite tests algorithms that are # This is necessary because the test suite tests algorithms that are
# disabled by the system policy. # disabled by the system policy.
export NSS_IGNORE_SYSTEM_POLICY=1 export NSS_IGNORE_SYSTEM_POLICY=1
@ -491,7 +542,7 @@ mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
# Copy the binary libraries we want # Copy the binary libraries we want
for file in libnssutil3.so libsoftokn3.so libnssdbm3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so for file in libnssutil3.so libsoftokn3.so libnssdbm3.so libfreebl3.so libfreeblpriv3.so libnss3.so libnsssysinit.so libsmime3.so libssl3.so
do do
install -p -m 755 dist/Release/lib/$file $RPM_BUILD_ROOT/%{_libdir} install -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done done
# Install the empty NSS db files # Install the empty NSS db files
@ -508,19 +559,19 @@ install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.tx
# Copy the development libraries we want # Copy the development libraries we want
for file in libcrmf.a libnssb.a libnssckfw.a for file in libcrmf.a libnssb.a libnssckfw.a
do do
install -p -m 644 nss/out/Release/$file $RPM_BUILD_ROOT/%{_libdir} install -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done done
# Copy the binaries we want # Copy the binaries we want
for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
do do
install -p -m 755 dist/Release/bin/$file $RPM_BUILD_ROOT/%{_bindir} install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
done done
# Copy the binaries we ship as unsupported # Copy the binaries we ship as unsupported
for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain for file in bltest ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
do do
install -p -m 755 dist/Release/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} install -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done done
# Copy the include files we want # Copy the include files we want
@ -538,7 +589,7 @@ done
# Copy the static freebl library # Copy the static freebl library
for file in libfreebl.a for file in libfreebl.a
do do
install -p -m 644 nss/out/Release/$file $RPM_BUILD_ROOT/%{_libdir} install -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done done
# Copy the template files we want # Copy the template files we want
@ -853,7 +904,6 @@ update-crypto-policies
- Update to NSS 3.41 - Update to NSS 3.41
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3 * Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-3
- Switch to gyp buildsystem
- Remove unnecessary patches - Remove unnecessary patches
* Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-2 * Thu Dec 6 2018 Daiki Ueno <dueno@redhat.com> - 3.40.1-2