- Better approach to ship freebl/softokn based on 3.11.5
- Remove link time dependency on softokn
This commit is contained in:
parent
f126583ff6
commit
d5b7e00105
@ -1 +1,2 @@
|
|||||||
nss-3.11.7-fbst3115-stripped.tar.gz
|
nss-3.11.5-fbst-stripped.tar.gz
|
||||||
|
nss-3.11.7-no-fbst-with-ckbi-1.64.tar.gz
|
||||||
|
317
nss-decouple-softokn.patch
Normal file
317
nss-decouple-softokn.patch
Normal file
@ -0,0 +1,317 @@
|
|||||||
|
? mozilla/security/nss/cmd/crmf-cgi/~Makefile
|
||||||
|
? mozilla/security/nss/lib/ckfw/builtins/qa.der
|
||||||
|
Index: mozilla/security/nss/lib/nss/config.mk
|
||||||
|
===================================================================
|
||||||
|
RCS file: /cvsroot/mozilla/security/nss/lib/nss/config.mk,v
|
||||||
|
retrieving revision 1.26.2.1
|
||||||
|
diff -u -p -r1.26.2.1 config.mk
|
||||||
|
--- mozilla/security/nss/lib/nss/config.mk 17 Nov 2006 01:33:15 -0000 1.26.2.1
|
||||||
|
+++ mozilla/security/nss/lib/nss/config.mk 12 Jun 2007 01:29:35 -0000
|
||||||
|
@@ -53,7 +53,6 @@ RESNAME = $(LIBRARY_NAME).rc
|
||||||
|
ifdef NS_USE_GCC
|
||||||
|
EXTRA_SHARED_LIBS += \
|
||||||
|
-L$(DIST)/lib \
|
||||||
|
- -lsoftokn3 \
|
||||||
|
-L$(NSPR_LIB_DIR) \
|
||||||
|
-lplc4 \
|
||||||
|
-lplds4 \
|
||||||
|
@@ -61,7 +60,6 @@ EXTRA_SHARED_LIBS += \
|
||||||
|
$(NULL)
|
||||||
|
else # ! NS_USE_GCC
|
||||||
|
EXTRA_SHARED_LIBS += \
|
||||||
|
- $(DIST)/lib/softokn3.lib \
|
||||||
|
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
|
||||||
|
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
|
||||||
|
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
|
||||||
|
@@ -74,7 +72,6 @@ else
|
||||||
|
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
|
||||||
|
EXTRA_SHARED_LIBS += \
|
||||||
|
-L$(DIST)/lib \
|
||||||
|
- -lsoftokn3 \
|
||||||
|
-L$(NSPR_LIB_DIR) \
|
||||||
|
-lplc4 \
|
||||||
|
-lplds4 \
|
||||||
|
Index: mozilla/security/nss/lib/pk11wrap/manifest.mn
|
||||||
|
===================================================================
|
||||||
|
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/manifest.mn,v
|
||||||
|
retrieving revision 1.16.2.1
|
||||||
|
diff -u -p -r1.16.2.1 manifest.mn
|
||||||
|
--- mozilla/security/nss/lib/pk11wrap/manifest.mn 2 Jun 2007 02:23:37 -0000 1.16.2.1
|
||||||
|
+++ mozilla/security/nss/lib/pk11wrap/manifest.mn 12 Jun 2007 01:29:35 -0000
|
||||||
|
@@ -82,6 +82,13 @@ REQUIRES = dbm
|
||||||
|
|
||||||
|
LIBRARY_NAME = pk11wrap
|
||||||
|
|
||||||
|
+LIBRARY_VERSION = 3
|
||||||
|
+SOFTOKEN_LIBRARY_VERSION = 3
|
||||||
|
+
|
||||||
|
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
|
||||||
|
+ -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
|
||||||
|
+ -DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
|
||||||
|
+
|
||||||
|
# only add module debugging in opt builds if DEBUG_PKCS11 is set
|
||||||
|
ifdef DEBUG_PKCS11
|
||||||
|
DEFINES += -DDEBUG_MODULE -DFORCE_PR_LOG
|
||||||
|
Index: mozilla/security/nss/lib/pk11wrap/pk11load.c
|
||||||
|
===================================================================
|
||||||
|
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
|
||||||
|
retrieving revision 1.17
|
||||||
|
diff -u -p -r1.17 pk11load.c
|
||||||
|
--- mozilla/security/nss/lib/pk11wrap/pk11load.c 20 Sep 2005 20:56:07 -0000 1.17
|
||||||
|
+++ mozilla/security/nss/lib/pk11wrap/pk11load.c 12 Jun 2007 01:29:35 -0000
|
||||||
|
@@ -47,10 +47,6 @@
|
||||||
|
#include "nssilock.h"
|
||||||
|
#include "secerr.h"
|
||||||
|
|
||||||
|
-extern void FC_GetFunctionList(void);
|
||||||
|
-extern void NSC_GetFunctionList(void);
|
||||||
|
-extern void NSC_ModuleDBFunc(void);
|
||||||
|
-
|
||||||
|
#ifdef DEBUG
|
||||||
|
#define DEBUG_MODULE 1
|
||||||
|
#endif
|
||||||
|
@@ -221,6 +217,196 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static const char* nss_name =
|
||||||
|
+ SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
|
||||||
|
+static const char* softoken_default_name =
|
||||||
|
+ SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX;
|
||||||
|
+static PRCallOnceType loadSoftokenOnce;
|
||||||
|
+static PRLibrary* softokenLib;
|
||||||
|
+
|
||||||
|
+#ifdef XP_UNIX
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#define BL_MAXSYMLINKS 20
|
||||||
|
+
|
||||||
|
+/* ### Copied from freebl/loader.c and freebl changed to softoken. */
|
||||||
|
+/*
|
||||||
|
+ * If 'link' is a symbolic link, this function follows the symbolic links
|
||||||
|
+ * and returns the pathname of the ultimate source of the symbolic links.
|
||||||
|
+ * If 'link' is not a symbolic link, this function returns NULL.
|
||||||
|
+ * The caller should call PR_Free to free the string returned by this
|
||||||
|
+ * function.
|
||||||
|
+ */
|
||||||
|
+static char* st_GetOriginalPathname(const char* link)
|
||||||
|
+{
|
||||||
|
+ char* resolved = NULL;
|
||||||
|
+ char* input = NULL;
|
||||||
|
+ PRUint32 iterations = 0;
|
||||||
|
+ PRInt32 len = 0, retlen = 0;
|
||||||
|
+ if (!link) {
|
||||||
|
+ PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ len = PR_MAX(1024, strlen(link) + 1);
|
||||||
|
+ resolved = PR_Malloc(len);
|
||||||
|
+ input = PR_Malloc(len);
|
||||||
|
+ if (!resolved || !input) {
|
||||||
|
+ if (resolved) {
|
||||||
|
+ PR_Free(resolved);
|
||||||
|
+ }
|
||||||
|
+ if (input) {
|
||||||
|
+ PR_Free(input);
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ strcpy(input, link);
|
||||||
|
+ while ( (iterations++ < BL_MAXSYMLINKS) &&
|
||||||
|
+ ( (retlen = readlink(input, resolved, len - 1)) > 0) ) {
|
||||||
|
+ char* tmp = input;
|
||||||
|
+ resolved[retlen] = '\0'; /* NULL termination */
|
||||||
|
+ input = resolved;
|
||||||
|
+ resolved = tmp;
|
||||||
|
+ }
|
||||||
|
+ PR_Free(resolved);
|
||||||
|
+ if (iterations == 1 && retlen < 0) {
|
||||||
|
+ PR_Free(input);
|
||||||
|
+ input = NULL;
|
||||||
|
+ }
|
||||||
|
+ return input;
|
||||||
|
+}
|
||||||
|
+#endif /* XP_UNIX */
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded
|
||||||
|
+ * shared lib that contains this function, and then do a PR_LoadLibrary
|
||||||
|
+ * with an absolute pathname for the softoken shared library.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include "prio.h"
|
||||||
|
+#include "prprf.h"
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include "prsystem.h"
|
||||||
|
+
|
||||||
|
+/* ### Copied from freebl/loader.c and freebl changed to softoken,
|
||||||
|
+ * and softoken changed to nss.
|
||||||
|
+ */
|
||||||
|
+/*
|
||||||
|
+ * Load the softoken library with the file name 'name' residing in the same
|
||||||
|
+ * directory as libnss, whose pathname is 'nssPath'.
|
||||||
|
+ */
|
||||||
|
+static PRLibrary *
|
||||||
|
+st_LoadSoftokenLibInNssDir(const char *nssPath, const char *name)
|
||||||
|
+{
|
||||||
|
+ PRLibrary *dlh = NULL;
|
||||||
|
+ char *fullName = NULL;
|
||||||
|
+ char* c;
|
||||||
|
+ PRLibSpec libSpec;
|
||||||
|
+
|
||||||
|
+ /* Remove "libnss" from the pathname and add the softoken libname */
|
||||||
|
+ c = strrchr(nssPath, PR_GetDirectorySeparator());
|
||||||
|
+ if (c) {
|
||||||
|
+ size_t nssPathSize = 1 + c - nssPath;
|
||||||
|
+ fullName = (char*) PORT_Alloc(strlen(name) + nssPathSize + 1);
|
||||||
|
+ if (fullName) {
|
||||||
|
+ memcpy(fullName, nssPath, nssPathSize);
|
||||||
|
+ strcpy(fullName + nssPathSize, name);
|
||||||
|
+#ifdef DEBUG_LOADER
|
||||||
|
+ PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n",
|
||||||
|
+ fullName);
|
||||||
|
+#endif
|
||||||
|
+ libSpec.type = PR_LibSpec_Pathname;
|
||||||
|
+ libSpec.value.pathname = fullName;
|
||||||
|
+ dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
|
||||||
|
+ PORT_Free(fullName);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return dlh;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* ### Copied from freebl/loader.c and freebl changed to softoken,
|
||||||
|
+ * and softoken changed to nss.
|
||||||
|
+ */
|
||||||
|
+static PRLibrary *
|
||||||
|
+st_LoadLibrary(const char *name)
|
||||||
|
+{
|
||||||
|
+ PRLibrary *lib = NULL;
|
||||||
|
+ PRFuncPtr fn_addr;
|
||||||
|
+ char* nssPath = NULL;
|
||||||
|
+ PRLibSpec libSpec;
|
||||||
|
+
|
||||||
|
+ /* Get the pathname for the loaded libnss, i.e. /usr/lib/libnss3.so
|
||||||
|
+ * PR_GetLibraryFilePathname works with either the base library name or a
|
||||||
|
+ * function pointer, depending on the platform. We can't query an exported
|
||||||
|
+ * symbol such as NSC_GetFunctionList, because on some platforms we can't
|
||||||
|
+ * find symbols in loaded implicit dependencies such as libnss.
|
||||||
|
+ * But we can just get the address of this function !
|
||||||
|
+ */
|
||||||
|
+ fn_addr = (PRFuncPtr) &st_LoadLibrary;
|
||||||
|
+ nssPath = PR_GetLibraryFilePathname(nss_name, fn_addr);
|
||||||
|
+
|
||||||
|
+ if (nssPath) {
|
||||||
|
+ lib = st_LoadSoftokenLibInNssDir(nssPath, name);
|
||||||
|
+#ifdef XP_UNIX
|
||||||
|
+ if (!lib) {
|
||||||
|
+ /*
|
||||||
|
+ * If nssPath is a symbolic link, resolve the symbolic
|
||||||
|
+ * link and try again.
|
||||||
|
+ */
|
||||||
|
+ char* originalNssPath = st_GetOriginalPathname(nssPath);
|
||||||
|
+ if (originalNssPath) {
|
||||||
|
+ PR_Free(nssPath);
|
||||||
|
+ nssPath = originalNssPath;
|
||||||
|
+ lib = st_LoadSoftokenLibInNssDir(nssPath, name);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+ PR_Free(nssPath);
|
||||||
|
+ }
|
||||||
|
+ if (!lib) {
|
||||||
|
+#ifdef DEBUG_LOADER
|
||||||
|
+ PR_fprintf(PR_STDOUT, "\nAttempting to load %s\n", name);
|
||||||
|
+#endif
|
||||||
|
+ libSpec.type = PR_LibSpec_Pathname;
|
||||||
|
+ libSpec.value.pathname = name;
|
||||||
|
+ lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
|
||||||
|
+ }
|
||||||
|
+ if (NULL == lib) {
|
||||||
|
+#ifdef DEBUG_LOADER
|
||||||
|
+ PR_fprintf(PR_STDOUT, "\nLoading failed : %s.\n", name);
|
||||||
|
+#endif
|
||||||
|
+ }
|
||||||
|
+ return lib;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* This function must be run only once. */
|
||||||
|
+/* determine if hybrid platform, then actually load the DSO. */
|
||||||
|
+static PRStatus
|
||||||
|
+softoken_LoadDSO( void )
|
||||||
|
+{
|
||||||
|
+ PRLibrary * handle;
|
||||||
|
+ const char * name = softoken_default_name;
|
||||||
|
+
|
||||||
|
+ if (!name) {
|
||||||
|
+ PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
|
||||||
|
+ return PR_FAILURE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ handle = st_LoadLibrary(name);
|
||||||
|
+ if (handle) {
|
||||||
|
+ softokenLib = handle;
|
||||||
|
+ return PR_SUCCESS;
|
||||||
|
+ }
|
||||||
|
+ return PR_FAILURE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static PRStatus
|
||||||
|
+softoken_RunLoaderOnce( void )
|
||||||
|
+{
|
||||||
|
+ PRStatus status;
|
||||||
|
+
|
||||||
|
+ status = PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO);
|
||||||
|
+ return status;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* load a new module into our address space and initialize it.
|
||||||
|
*/
|
||||||
|
@@ -238,6 +424,11 @@ SECMOD_LoadPKCS11Module(SECMODModule *mo
|
||||||
|
|
||||||
|
/* intenal modules get loaded from their internal list */
|
||||||
|
if (mod->internal) {
|
||||||
|
+#if 0
|
||||||
|
+ /*
|
||||||
|
+ * Original NSS code that uses a softoken library
|
||||||
|
+ * linked in statically. Deactivated.
|
||||||
|
+ */
|
||||||
|
/* internal, statically get the C_GetFunctionList function */
|
||||||
|
if (mod->isFIPS) {
|
||||||
|
entry = (CK_C_GetFunctionList) FC_GetFunctionList;
|
||||||
|
@@ -251,6 +442,35 @@ SECMOD_LoadPKCS11Module(SECMODModule *mo
|
||||||
|
mod->loaded = PR_TRUE;
|
||||||
|
return SECSuccess;
|
||||||
|
}
|
||||||
|
+#else
|
||||||
|
+ /*
|
||||||
|
+ * Workaround code that loads softoken as a dynamic library,
|
||||||
|
+ * even though the rest of NSS assumes this as the "internal" module.
|
||||||
|
+ */
|
||||||
|
+ if (!softokenLib && PR_SUCCESS != softoken_RunLoaderOnce())
|
||||||
|
+ return SECFailure;
|
||||||
|
+
|
||||||
|
+ if (mod->isFIPS) {
|
||||||
|
+ entry = (CK_C_GetFunctionList)
|
||||||
|
+ PR_FindSymbol(softokenLib, "FC_GetFunctionList");
|
||||||
|
+ } else {
|
||||||
|
+ entry = (CK_C_GetFunctionList)
|
||||||
|
+ PR_FindSymbol(softokenLib, "NSC_GetFunctionList");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!entry)
|
||||||
|
+ return SECFailure;
|
||||||
|
+
|
||||||
|
+ if (mod->isModuleDB) {
|
||||||
|
+ mod->moduleDBFunc = (CK_C_GetFunctionList)
|
||||||
|
+ PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (mod->moduleDBOnly) {
|
||||||
|
+ mod->loaded = PR_TRUE;
|
||||||
|
+ return SECSuccess;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
} else {
|
||||||
|
/* Not internal, load the DLL and look up C_GetFunctionList */
|
||||||
|
if (mod->dllName == NULL) {
|
386
nss-disable-build-freebl-softoken.patch
Normal file
386
nss-disable-build-freebl-softoken.patch
Normal file
@ -0,0 +1,386 @@
|
|||||||
|
--- mozilla/security/nss/lib/softoken/manifest.mn.nofbst 2006-10-03 00:58:51.000000000 +0200
|
||||||
|
+++ mozilla/security/nss/lib/softoken/manifest.mn 2007-06-16 11:16:42.000000000 +0200
|
||||||
|
@@ -40,8 +40,8 @@
|
||||||
|
|
||||||
|
REQUIRES = dbm
|
||||||
|
|
||||||
|
-LIBRARY_NAME = softokn
|
||||||
|
-LIBRARY_VERSION = 3
|
||||||
|
+#LIBRARY_NAME = softokn
|
||||||
|
+#LIBRARY_VERSION = 3
|
||||||
|
MAPFILE = $(OBJDIR)/softokn.def
|
||||||
|
|
||||||
|
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
|
||||||
|
@@ -66,28 +66,6 @@
|
||||||
|
softoknt.h \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
-CSRCS = \
|
||||||
|
- dbinit.c \
|
||||||
|
- dbmshim.c \
|
||||||
|
- ecdecode.c \
|
||||||
|
- fipsaudt.c \
|
||||||
|
- fipstest.c \
|
||||||
|
- fipstokn.c \
|
||||||
|
- keydb.c \
|
||||||
|
- lowcert.c \
|
||||||
|
- lowkey.c \
|
||||||
|
- lowpbe.c \
|
||||||
|
- padbuf.c \
|
||||||
|
- pcertdb.c \
|
||||||
|
- pk11db.c \
|
||||||
|
- pkcs11.c \
|
||||||
|
- pkcs11c.c \
|
||||||
|
- pkcs11u.c \
|
||||||
|
- rsawrapr.c \
|
||||||
|
- softkver.c \
|
||||||
|
- tlsprf.c \
|
||||||
|
- $(NULL)
|
||||||
|
-
|
||||||
|
ifdef NSS_ENABLE_ECC
|
||||||
|
DEFINES += -DNSS_ENABLE_ECC
|
||||||
|
endif
|
||||||
|
--- mozilla/security/nss/lib/softoken/Makefile.nofbst 2004-04-25 17:03:16.000000000 +0200
|
||||||
|
+++ mozilla/security/nss/lib/softoken/Makefile 2007-06-16 11:16:42.000000000 +0200
|
||||||
|
@@ -78,18 +78,3 @@
|
||||||
|
|
||||||
|
export:: private_export
|
||||||
|
|
||||||
|
-# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
|
||||||
|
-# pkcs11c.c in 64-bit mode for unknown reasons. A workaround is
|
||||||
|
-# to compile it with optimizations turned on. (Bugzilla bug #63815)
|
||||||
|
-ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
|
||||||
|
-ifeq ($(USE_64),1)
|
||||||
|
-ifndef BUILD_OPT
|
||||||
|
-$(OBJDIR)/pkcs11.o: pkcs11.c
|
||||||
|
- @$(MAKE_OBJDIR)
|
||||||
|
- $(CC) -o $@ -c -O2 $(CFLAGS) $<
|
||||||
|
-$(OBJDIR)/pkcs11c.o: pkcs11c.c
|
||||||
|
- @$(MAKE_OBJDIR)
|
||||||
|
- $(CC) -o $@ -c -O2 $(CFLAGS) $<
|
||||||
|
-endif
|
||||||
|
-endif
|
||||||
|
-endif
|
||||||
|
--- mozilla/security/nss/lib/freebl/manifest.mn.nofbst 2006-10-13 19:02:58.000000000 +0200
|
||||||
|
+++ mozilla/security/nss/lib/freebl/manifest.mn 2007-06-16 11:16:42.000000000 +0200
|
||||||
|
@@ -44,8 +44,10 @@
|
||||||
|
|
||||||
|
MODULE = nss
|
||||||
|
|
||||||
|
+ifndef FREEBL_CHILD_BUILD
|
||||||
|
LIBRARY_NAME = freebl
|
||||||
|
LIBRARY_VERSION = 3
|
||||||
|
+endif
|
||||||
|
|
||||||
|
ifdef FREEBL_CHILD_BUILD
|
||||||
|
ifdef USE_ABI32_INT32
|
||||||
|
@@ -98,56 +100,9 @@
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
|
||||||
|
-MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
|
||||||
|
|
||||||
|
|
||||||
|
ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h
|
||||||
|
-ifdef NSS_ENABLE_ECC
|
||||||
|
-ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
|
||||||
|
- ecp_aff.c ecp_jac.c ecp_mont.c \
|
||||||
|
- ec_naf.c ecp_jm.c
|
||||||
|
-ifdef NSS_ECC_MORE_THAN_SUITE_B
|
||||||
|
-ECL_SRCS += ec2_aff.c ec2_mont.c ec2_proj.c \
|
||||||
|
- ec2_163.c ec2_193.c ec2_233.c \
|
||||||
|
- ecp_192.c ecp_224.c ecp_256.c ecp_384.c ecp_521.c
|
||||||
|
-endif
|
||||||
|
-else
|
||||||
|
-ECL_SRCS = $(NULL)
|
||||||
|
-endif
|
||||||
|
-SHA_SRCS = sha_fast.c
|
||||||
|
-MPCPU_SRCS = mpcpucache.c
|
||||||
|
-
|
||||||
|
-CSRCS = \
|
||||||
|
- freeblver.c \
|
||||||
|
- ldvector.c \
|
||||||
|
- prng_fips1861.c \
|
||||||
|
- sysrand.c \
|
||||||
|
- $(SHA_SRCS) \
|
||||||
|
- md2.c \
|
||||||
|
- md5.c \
|
||||||
|
- sha512.c \
|
||||||
|
- alghmac.c \
|
||||||
|
- rawhash.c \
|
||||||
|
- alg2268.c \
|
||||||
|
- arcfour.c \
|
||||||
|
- arcfive.c \
|
||||||
|
- desblapi.c \
|
||||||
|
- des.c \
|
||||||
|
- rijndael.c \
|
||||||
|
- aeskeywrap.c \
|
||||||
|
- dh.c \
|
||||||
|
- ec.c \
|
||||||
|
- pqg.c \
|
||||||
|
- dsa.c \
|
||||||
|
- rsa.c \
|
||||||
|
- shvfy.c \
|
||||||
|
- tlsprfalg.c \
|
||||||
|
- $(MPI_SRCS) \
|
||||||
|
- $(MPCPU_SRCS) \
|
||||||
|
- $(ECL_SRCS) \
|
||||||
|
- $(NULL)
|
||||||
|
-
|
||||||
|
-ALL_CSRCS := $(CSRCS)
|
||||||
|
|
||||||
|
ALL_HDRS = \
|
||||||
|
alghmac.h \
|
||||||
|
--- mozilla/security/nss/lib/freebl/Makefile.nofbst 2006-12-07 02:59:41.000000000 +0100
|
||||||
|
+++ mozilla/security/nss/lib/freebl/Makefile 2007-06-16 11:16:42.000000000 +0200
|
||||||
|
@@ -84,21 +84,17 @@
|
||||||
|
|
||||||
|
ifeq ($(OS_TARGET),OSF1)
|
||||||
|
DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
|
||||||
|
- MPI_SRCS += mpvalpha.c
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) #omits WIN16 and WINCE
|
||||||
|
ifdef NS_USE_GCC
|
||||||
|
# Ideally, we want to use assembler
|
||||||
|
-# ASFILES = mpi_x86.s
|
||||||
|
# DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \
|
||||||
|
# -DMP_ASSEMBLY_DIV_2DX1D
|
||||||
|
# but we haven't figured out how to make it work, so we are not
|
||||||
|
# using assembler right now.
|
||||||
|
- ASFILES =
|
||||||
|
DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT
|
||||||
|
else
|
||||||
|
- MPI_SRCS += mpi_x86_asm.c
|
||||||
|
DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
|
||||||
|
DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
|
||||||
|
ifdef BUILD_OPT
|
||||||
|
@@ -114,7 +110,6 @@
|
||||||
|
|
||||||
|
ifeq ($(OS_TARGET),IRIX)
|
||||||
|
ifeq ($(USE_N32),1)
|
||||||
|
- ASFILES = mpi_mips.s
|
||||||
|
ifeq ($(NS_USE_GCC),1)
|
||||||
|
ASFLAGS = -Wp,-P -Wp,-traditional -O -mips3
|
||||||
|
else
|
||||||
|
@@ -127,16 +122,13 @@
|
||||||
|
|
||||||
|
ifeq ($(OS_TARGET),Linux)
|
||||||
|
ifeq ($(CPU_ARCH),x86_64)
|
||||||
|
- ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
|
||||||
|
ASFLAGS += -march=opteron -m64 -fPIC
|
||||||
|
DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
|
||||||
|
DEFINES += -DNSS_USE_COMBA
|
||||||
|
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
|
||||||
|
# DEFINES += -DMPI_AMD64_ADD
|
||||||
|
- MPI_SRCS += mpi_amd64.c mp_comba.c
|
||||||
|
endif
|
||||||
|
ifeq ($(CPU_ARCH),x86)
|
||||||
|
- ASFILES = mpi_x86.s
|
||||||
|
DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
|
||||||
|
DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
|
||||||
|
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
|
||||||
|
@@ -155,33 +147,11 @@
|
||||||
|
ifeq ($(OS_TARGET), HP-UX)
|
||||||
|
ifneq ($(OS_TEST), ia64)
|
||||||
|
# PA-RISC
|
||||||
|
-ASFILES += ret_cr16.s
|
||||||
|
ifndef USE_64
|
||||||
|
FREEBL_BUILD_SINGLE_SHLIB =
|
||||||
|
HAVE_ABI32_INT32 = 1
|
||||||
|
HAVE_ABI32_FPU = 1
|
||||||
|
endif
|
||||||
|
-ifdef FREEBL_CHILD_BUILD
|
||||||
|
-ifdef USE_ABI32_INT32
|
||||||
|
-# build for DA1.1 (HP PA 1.1) 32-bit ABI build with 32-bit arithmetic
|
||||||
|
- DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
|
||||||
|
- DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
|
||||||
|
-else
|
||||||
|
-ifdef USE_64
|
||||||
|
-# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 64-bit digits
|
||||||
|
- MPI_SRCS += mpi_hp.c
|
||||||
|
- ASFILES += hpma512.s hppa20.s
|
||||||
|
- DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
|
||||||
|
-else
|
||||||
|
-# this builds for DA2.0 (HP PA 2.0 Narrow) ABI32_FPU model
|
||||||
|
-# (the 32-bit ABI with 64-bit registers) using 64-bit digits
|
||||||
|
- MPI_SRCS += mpi_hp.c
|
||||||
|
- ASFILES += hpma512.s hppa20.s
|
||||||
|
- DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
|
||||||
|
- ARCHFLAG = -Aa +e +DA2.0 +DS2.0
|
||||||
|
-endif
|
||||||
|
-endif
|
||||||
|
-endif
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
@@ -326,7 +296,6 @@
|
||||||
|
ifdef USE_ABI32_INT32
|
||||||
|
# this builds for Sparc v8 pure 32-bit architecture
|
||||||
|
DEFINES += -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
|
||||||
|
- ASFILES = mpv_sparcv8x.s
|
||||||
|
DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
|
||||||
|
endif
|
||||||
|
ifdef USE_ABI32_INT64
|
||||||
|
@@ -337,8 +306,6 @@
|
||||||
|
ifdef USE_ABI32_FPU
|
||||||
|
# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers,
|
||||||
|
# 32-bit ABI, it uses FPU code, and 32-bit word size
|
||||||
|
- MPI_SRCS += mpi_sparc.c
|
||||||
|
- ASFILES = mpv_sparcv8.s montmulfv8.s
|
||||||
|
DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
|
||||||
|
DEFINES += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
|
||||||
|
ECL_USE_FP = 1
|
||||||
|
@@ -350,8 +317,6 @@
|
||||||
|
ifdef USE_ABI64_FPU
|
||||||
|
# this builds for Sparc v9a pure 64-bit architecture
|
||||||
|
# It uses floating point, and 32-bit word size
|
||||||
|
- MPI_SRCS += mpi_sparc.c
|
||||||
|
- ASFILES = mpv_sparcv9.s montmulfv9.s
|
||||||
|
DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
|
||||||
|
DEFINES += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
|
||||||
|
ECL_USE_FP = 1
|
||||||
|
@@ -367,29 +332,22 @@
|
||||||
|
ifeq ($(USE_64),1)
|
||||||
|
# Solaris for AMD64
|
||||||
|
ifdef NS_USE_GCC
|
||||||
|
- ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s
|
||||||
|
ASFLAGS += -march=opteron -m64 -fPIC
|
||||||
|
- MPI_SRCS += mp_comba.c
|
||||||
|
else
|
||||||
|
- ASFILES = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s
|
||||||
|
- ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s
|
||||||
|
ASFLAGS += -xarch=generic64 -K PIC
|
||||||
|
SHA_SRCS =
|
||||||
|
MPCPU_SRCS =
|
||||||
|
endif
|
||||||
|
DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
|
||||||
|
DEFINES += -DNSS_USE_COMBA
|
||||||
|
- MPI_SRCS += mpi_amd64.c
|
||||||
|
else
|
||||||
|
# Solaris x86
|
||||||
|
DEFINES += -D_X86_
|
||||||
|
DEFINES += -DMP_USE_UINT_DIGIT
|
||||||
|
DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
|
||||||
|
DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
|
||||||
|
- ASFILES = mpi_i86pc.s
|
||||||
|
ifndef NS_USE_GCC
|
||||||
|
MPCPU_SRCS =
|
||||||
|
- ASFILES += mpcpucache_x86.s
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
endif # Solaris for non-sparc family CPUs
|
||||||
|
@@ -399,7 +357,6 @@
|
||||||
|
ifdef ECL_USE_FP
|
||||||
|
#enable floating point ECC code
|
||||||
|
DEFINES += -DECL_USE_FP
|
||||||
|
- ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
|
||||||
|
ECL_HDRS += ecp_fp.h
|
||||||
|
endif
|
||||||
|
endif # NSS_ENABLE_ECC
|
||||||
|
@@ -436,26 +393,12 @@
|
||||||
|
|
||||||
|
DEFINES += -DMP_API_COMPATIBLE
|
||||||
|
|
||||||
|
-MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c
|
||||||
|
-
|
||||||
|
-MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
|
||||||
|
-MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
|
||||||
|
-
|
||||||
|
$(MPI_OBJS): $(MPI_HDRS)
|
||||||
|
|
||||||
|
-ECL_USERS = ec.c
|
||||||
|
-
|
||||||
|
-ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX)))
|
||||||
|
-ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
|
||||||
|
-
|
||||||
|
$(ECL_OBJS): $(ECL_HDRS)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
-$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c
|
||||||
|
-
|
||||||
|
-$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
|
||||||
|
-
|
||||||
|
$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
|
||||||
|
|
||||||
|
ifeq ($(SYSV_SPARC),1)
|
||||||
|
@@ -468,8 +411,6 @@
|
||||||
|
@$(MAKE_OBJDIR)
|
||||||
|
$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
|
||||||
|
|
||||||
|
-$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h
|
||||||
|
-
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifndef FREEBL_CHILD_BUILD
|
||||||
|
@@ -565,25 +506,3 @@
|
||||||
|
|
||||||
|
endif # FREEBL_CHILD_BUILD
|
||||||
|
|
||||||
|
-
|
||||||
|
-# Bugzilla Bug 209827: disable optimization to work around what appears
|
||||||
|
-# to be a VACPP optimizer bug.
|
||||||
|
-ifdef XP_OS2_VACPP
|
||||||
|
-$(OBJDIR)/alg2268.obj: alg2268.c
|
||||||
|
- @$(MAKE_OBJDIR)
|
||||||
|
- $(CC) -Fo$@ -c $(filter-out /O+, $(CFLAGS)) $(call core_abspath,$<)
|
||||||
|
-endif
|
||||||
|
-
|
||||||
|
-# Bugzilla Bug 333917: the non-x86 code in desblapi.c seems to violate
|
||||||
|
-# ANSI C's strict aliasing rules.
|
||||||
|
-ifeq ($(OS_TARGET),Linux)
|
||||||
|
-ifneq ($(CPU_ARCH),x86)
|
||||||
|
-$(OBJDIR)/$(PROG_PREFIX)desblapi$(OBJ_SUFFIX): desblapi.c
|
||||||
|
- @$(MAKE_OBJDIR)
|
||||||
|
-ifdef NEED_ABSOLUTE_PATH
|
||||||
|
- $(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $(call core_abspath,$<)
|
||||||
|
-else
|
||||||
|
- $(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $<
|
||||||
|
-endif
|
||||||
|
-endif
|
||||||
|
-endif
|
||||||
|
--- mozilla/security/nss/cmd/shlibsign/Makefile.nofbst 2006-12-07 02:59:40.000000000 +0100
|
||||||
|
+++ mozilla/security/nss/cmd/shlibsign/Makefile 2007-06-16 11:16:42.000000000 +0200
|
||||||
|
@@ -60,9 +60,9 @@
|
||||||
|
|
||||||
|
# sign any and all shared libraries that contain the word freebl
|
||||||
|
|
||||||
|
-CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
|
||||||
|
-CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
|
||||||
|
-CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
|
||||||
|
+#CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
|
||||||
|
+#CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
|
||||||
|
+#CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
|
||||||
|
|
||||||
|
MD_LIB_RELEASE_FILES = $(CHECKLOC)
|
||||||
|
ALL_TRASH += $(CHECKLOC)
|
||||||
|
--- mozilla/security/nss/cmd/platlibs.mk.nofbst 2006-11-17 03:13:16.000000000 +0100
|
||||||
|
+++ mozilla/security/nss/cmd/platlibs.mk 2007-06-16 11:16:42.000000000 +0200
|
||||||
|
@@ -101,7 +101,6 @@
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
|
||||||
|
- $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
|
||||||
|
$(CRYPTOLIB) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
|
||||||
|
@@ -143,7 +142,6 @@
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
|
||||||
|
- $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
|
||||||
|
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
|
||||||
|
@@ -225,10 +223,6 @@
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
-ifeq ($(OS_ARCH), Darwin)
|
||||||
|
-EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib
|
||||||
|
-endif
|
||||||
|
-
|
||||||
|
|
||||||
|
# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
|
||||||
|
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
|
87
nss.spec
87
nss.spec
@ -1,10 +1,12 @@
|
|||||||
%define nspr_version 4.6.2
|
%define nspr_version 4.6.2
|
||||||
%define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
%define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||||
|
%define fips_source_version 3.11.5
|
||||||
|
%define ckbi_version 1.64
|
||||||
|
|
||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.11.7
|
Version: 3.11.7
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: MPL/GPL/LGPL
|
License: MPL/GPL/LGPL
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -16,17 +18,24 @@ BuildRequires: gawk
|
|||||||
Provides: mozilla-nss
|
Provides: mozilla-nss
|
||||||
Obsoletes: mozilla-nss
|
Obsoletes: mozilla-nss
|
||||||
|
|
||||||
Source0: %{name}-%{version}-fbst3115-stripped.tar.gz
|
#Source0: %{name}-%{version}-no-fbst.tar.gz
|
||||||
|
Source0: %{name}-%{version}-no-fbst-with-ckbi-%{ckbi_version}.tar.gz
|
||||||
|
# ckbi is the builtin roots module which may get released separately.
|
||||||
|
|
||||||
Source1: nss.pc.in
|
Source1: nss.pc.in
|
||||||
Source2: nss-config.in
|
Source2: nss-config.in
|
||||||
Source3: blank-cert8.db
|
Source3: blank-cert8.db
|
||||||
Source4: blank-key3.db
|
Source4: blank-key3.db
|
||||||
Source5: blank-secmod.db
|
Source5: blank-secmod.db
|
||||||
Source7: fake-kstat.h
|
Source7: fake-kstat.h
|
||||||
|
Source10: %{name}-%{fips_source_version}-fbst-stripped.tar.gz
|
||||||
|
|
||||||
Patch1: nss-no-rpath.patch
|
Patch1: nss-no-rpath.patch
|
||||||
Patch2: nss-smartcard-auth.patch
|
Patch2: nss-smartcard-auth.patch
|
||||||
Patch3: nss-use-netstat-hack.patch
|
Patch3: nss-use-netstat-hack.patch
|
||||||
|
Patch4: nss-decouple-softokn.patch
|
||||||
|
Patch5: nss-disable-build-freebl-softoken.patch
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -76,11 +85,43 @@ low level services.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%setup -q -T -D -n %{name}-%{version} -a 10
|
||||||
|
|
||||||
|
%define old_nss_lib %{name}-%{fips_source_version}/mozilla/security/nss/lib
|
||||||
|
%define new_nss_lib mozilla/security/nss/lib
|
||||||
|
|
||||||
|
# Ensure we will not use new freebl/softoken code
|
||||||
|
rm -rf %{new_nss_lib}/freebl
|
||||||
|
rm -rf %{new_nss_lib}/softoken
|
||||||
|
|
||||||
|
# However, in order to build newer NSS we need some exports
|
||||||
|
cp -a %{old_nss_lib}/freebl %{new_nss_lib}
|
||||||
|
cp -a %{old_nss_lib}/softoken %{new_nss_lib}
|
||||||
|
|
||||||
|
# Ensure the newer NSS tree will not build code, except the loader
|
||||||
|
mv -i %{new_nss_lib}/freebl/loader.c %{new_nss_lib}/freebl/loader.c.save
|
||||||
|
rm -rf %{new_nss_lib}/freebl/*.c %{new_nss_lib}/freebl/*.s
|
||||||
|
rm -rf %{new_nss_lib}/softoken/*.c %{new_nss_lib}/softoken/*.s
|
||||||
|
mv -i %{new_nss_lib}/freebl/loader.c.save %{new_nss_lib}/freebl/loader.c
|
||||||
|
|
||||||
|
# These currently don't build without freebl/softoken in the same tree
|
||||||
|
rm -rf mozilla/security/nss/cmd/bltest
|
||||||
|
rm -rf mozilla/security/nss/cmd/fipstest
|
||||||
|
rm -rf mozilla/security/nss/cmd/certcgi
|
||||||
|
|
||||||
|
# Apply the patches to the newer NSS tree
|
||||||
%patch1 -p0
|
%patch1 -p0
|
||||||
%patch2 -p0 -b .smartcard-auth.patch
|
%patch2 -p0 -b .smartcard-auth
|
||||||
%patch3 -p0
|
%patch4 -p0 -b .decouple-softokn
|
||||||
|
%patch5 -p0 -b .nofbst
|
||||||
|
|
||||||
|
# Apply the patches to the tree where we build freebl/softoken
|
||||||
|
cd nss-%{fips_source_version}
|
||||||
|
%patch3 -p0 -b .use-netstat-hack
|
||||||
%{__mkdir_p} mozilla/security/nss/lib/fake/
|
%{__mkdir_p} mozilla/security/nss/lib/fake/
|
||||||
cp -i %{SOURCE7} mozilla/security/nss/lib/fake/kstat.h
|
cp -i %{SOURCE7} mozilla/security/nss/lib/fake/kstat.h
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -115,16 +156,26 @@ export USE_64
|
|||||||
# NSS_ENABLE_ECC=1
|
# NSS_ENABLE_ECC=1
|
||||||
# export NSS_ENABLE_ECC
|
# export NSS_ENABLE_ECC
|
||||||
|
|
||||||
|
##### first, build freebl and softokn shared libraries
|
||||||
|
|
||||||
|
cd nss-%{fips_source_version}
|
||||||
%{__make} -C ./mozilla/security/coreconf
|
%{__make} -C ./mozilla/security/coreconf
|
||||||
%{__make} -C ./mozilla/security/dbm
|
%{__make} -C ./mozilla/security/dbm
|
||||||
%{__make} -C ./mozilla/security/nss export
|
%{__make} -C ./mozilla/security/nss export
|
||||||
|
%{__make} -C ./mozilla/security/nss/lib/base
|
||||||
%{__make} -C ./mozilla/security/nss/lib/util
|
%{__make} -C ./mozilla/security/nss/lib/util
|
||||||
%{__make} -C ./mozilla/security/nss/lib/freebl
|
%{__make} -C ./mozilla/security/nss/lib/freebl
|
||||||
|
|
||||||
touch ./mozilla/security/nss/lib/freebl/unix_rand.c
|
touch ./mozilla/security/nss/lib/freebl/unix_rand.c
|
||||||
USE_NETSTAT_HACK=1 %{__make} -C ./mozilla/security/nss/lib/freebl
|
USE_NETSTAT_HACK=1 %{__make} -C ./mozilla/security/nss/lib/freebl
|
||||||
|
%{__make} -C ./mozilla/security/nss/lib/freebl install
|
||||||
|
%{__make} -C ./mozilla/security/nss/lib/softoken
|
||||||
|
%{__make} -C ./mozilla/security/nss/lib/softoken install
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
##### second, build all the rest of NSS
|
||||||
|
|
||||||
|
%{__make} -C ./mozilla/security/coreconf
|
||||||
|
%{__make} -C ./mozilla/security/dbm
|
||||||
%{__make} -C ./mozilla/security/nss
|
%{__make} -C ./mozilla/security/nss
|
||||||
|
|
||||||
# Set up our package file
|
# Set up our package file
|
||||||
@ -168,7 +219,14 @@ chmod 755 $RPM_BUILD_ROOT/%{_bindir}/nss-config
|
|||||||
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||||
|
|
||||||
# Copy the binary libraries we want
|
# Copy the binary libraries we want
|
||||||
for file in libnss3.so libssl3.so libsmime3.so libsoftokn3.so libnssckbi.so libfreebl3.so
|
for file in libsoftokn3.so libfreebl3.so
|
||||||
|
do
|
||||||
|
%{__install} -m 755 nss-%{fips_source_version}/mozilla/dist/*.OBJ/lib/$file \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}
|
||||||
|
done
|
||||||
|
|
||||||
|
# Copy the binary libraries we want
|
||||||
|
for file in libnss3.so libssl3.so libsmime3.so libnssckbi.so
|
||||||
do
|
do
|
||||||
%{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
%{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||||
done
|
done
|
||||||
@ -201,7 +259,16 @@ do
|
|||||||
%{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
%{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||||
done
|
done
|
||||||
|
|
||||||
# Copy the include files
|
# Copy the include files we want from freebl/softoken sources
|
||||||
|
# and remove those files from the other area
|
||||||
|
for file in blapit.h shsign.h ecl-exp.h pkcs11.h pkcs11f.h pkcs11p.h pkcs11t.h pkcs11n.h pkcs11u.h
|
||||||
|
do
|
||||||
|
%{__install} -m 644 nss-%{fips_source_version}/mozilla/dist/public/nss/$file \
|
||||||
|
$RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||||
|
rm mozilla/dist/public/nss/$file
|
||||||
|
done
|
||||||
|
|
||||||
|
# Copy the include files we want
|
||||||
for file in mozilla/dist/public/nss/*.h
|
for file in mozilla/dist/public/nss/*.h
|
||||||
do
|
do
|
||||||
%{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
%{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
|
||||||
@ -368,6 +435,10 @@ done
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 18 2007 Kai Engert <kengert@redhat.com> - 3.11.7-4
|
||||||
|
- Better approach to ship freebl/softokn based on 3.11.5
|
||||||
|
- Remove link time dependency on softokn
|
||||||
|
|
||||||
* Sun Jun 10 2007 Kai Engert <kengert@redhat.com> - 3.11.7-3
|
* Sun Jun 10 2007 Kai Engert <kengert@redhat.com> - 3.11.7-3
|
||||||
- Fix unowned directories, rhbz#233890
|
- Fix unowned directories, rhbz#233890
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user