Build nss without softoken or util sources in the tree
- Resolves: rhbz#689918
This commit is contained in:
parent
41e94360c9
commit
e36079dd45
@ -1,19 +0,0 @@
|
|||||||
diff -up nss/cmd/Makefile.nosoftokentests nss/cmd/Makefile
|
|
||||||
--- nss/cmd/Makefile.nosoftokentests 2013-05-30 23:43:20.982027783 -0700
|
|
||||||
+++ nss/cmd/Makefile 2013-05-30 23:47:11.865874884 -0700
|
|
||||||
@@ -19,9 +19,15 @@ BLTEST_SRCDIR =
|
|
||||||
FIPSTEST_SRCDIR =
|
|
||||||
SHLIBSIGN_SRCDIR =
|
|
||||||
else
|
|
||||||
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
|
||||||
+BLTEST_SRCDIR =
|
|
||||||
+FIPSTEST_SRCDIR =
|
|
||||||
+SHLIBSIGN_SRCDIR =
|
|
||||||
+else
|
|
||||||
BLTEST_SRCDIR = bltest
|
|
||||||
FIPSTEST_SRCDIR = fipstest
|
|
||||||
SHLIBSIGN_SRCDIR = shlibsign
|
|
||||||
+endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
LOWHASHTEST_SRCDIR=
|
|
131
nss.spec
131
nss.spec
@ -19,7 +19,7 @@
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.15
|
Version: 3.15
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -89,14 +89,14 @@ Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
|
|||||||
Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
|
Patch39: nss-ssl-enforce-no-pkcs11-bypass.path
|
||||||
# TODO: Remove this patch when the ocsp test are fixed
|
# TODO: Remove this patch when the ocsp test are fixed
|
||||||
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
|
|
||||||
Patch43: no-softoken-freebl-tests.patch
|
|
||||||
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
|
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
|
||||||
Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
|
Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
|
||||||
# The ocsp stapling tests currently require access to the
|
# The ocsp stapling tests currently require access to the
|
||||||
# kuix.de test server but koji forbids outbount connections
|
# kuix.de test server but koji forbids outbount connections
|
||||||
Patch46: disable-ocsp-stapling-tests.patch
|
Patch46: disable-ocsp-stapling-tests.patch
|
||||||
|
# Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
|
||||||
Patch47: utilwrap-include-templates.patch
|
Patch47: utilwrap-include-templates.patch
|
||||||
|
# TODO submit this patch upstream
|
||||||
Patch48: nss-versus-softoken-tests.patch
|
Patch48: nss-versus-softoken-tests.patch
|
||||||
# TODO remove when we switch to building nss without softoken
|
# TODO remove when we switch to building nss without softoken
|
||||||
Patch49: nss-skip-bltest-and-fipstest.patch
|
Patch49: nss-skip-bltest-and-fipstest.patch
|
||||||
@ -186,14 +186,30 @@ low level services.
|
|||||||
#%patch29 -p0 -b .cbcrandomivoff
|
#%patch29 -p0 -b .cbcrandomivoff
|
||||||
#%patch39 -p0 -b .nobypass
|
#%patch39 -p0 -b .nobypass
|
||||||
%patch40 -p0 -b .noocsptest
|
%patch40 -p0 -b .noocsptest
|
||||||
#%patch43 -p0 -b .nosoftokentests
|
|
||||||
%patch44 -p1 -b .syncupwithupstream
|
%patch44 -p1 -b .syncupwithupstream
|
||||||
%patch45 -p0 -b .notrash
|
%patch45 -p0 -b .notrash
|
||||||
%patch46 -p0 -b .skipoutbound
|
%patch46 -p0 -b .skipoutbound
|
||||||
#%patch47 -p0 -b .templates
|
%patch47 -p0 -b .templates
|
||||||
%patch48 -p0 -b .crypto
|
%patch48 -p0 -b .crypto
|
||||||
%patch49 -p0 -b .skipthem
|
%patch49 -p0 -b .skipthem
|
||||||
|
|
||||||
|
#########################################################
|
||||||
|
# Higher-level libraries and test tools need access to
|
||||||
|
# module-private headers from util, freebl, and softoken
|
||||||
|
# until fixed upstream we must copy some headers locally
|
||||||
|
#########################################################
|
||||||
|
|
||||||
|
pemNeedsFromSoftoken="lowkeyi lowkeyti softoken softoknt"
|
||||||
|
for file in ${pemNeedsFromSoftoken}; do
|
||||||
|
%{__cp} ./nss/lib/softoken/${file}.h ./nss/lib/ckfw/pem/
|
||||||
|
done
|
||||||
|
|
||||||
|
# Copying these header util the upstream bug is accepted
|
||||||
|
# Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
|
||||||
|
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
||||||
|
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
NSS_NO_PKCS11_BYPASS=1
|
NSS_NO_PKCS11_BYPASS=1
|
||||||
@ -226,9 +242,25 @@ NSPR_LIB_DIR=%{_libdir}
|
|||||||
export NSPR_INCLUDE_DIR
|
export NSPR_INCLUDE_DIR
|
||||||
export NSPR_LIB_DIR
|
export NSPR_LIB_DIR
|
||||||
|
|
||||||
|
export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
|
||||||
|
export NSSUTIL_LIB_DIR=%{_libdir}
|
||||||
|
|
||||||
export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
|
export FREEBL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-softokn | sed 's/-I//'`
|
||||||
export FREEBL_LIB_DIR=%{_libdir}
|
export FREEBL_LIB_DIR=%{_libdir}
|
||||||
export USE_SYSTEM_FREEBL=1
|
export USE_SYSTEM_FREEBL=1
|
||||||
|
# FIXME choose one or the other style and submit a patch upstream
|
||||||
|
# wtc has suggested using NSS_USE_SYSTEM_FREEBL
|
||||||
|
export NSS_USE_SYSTEM_FREEBL=1
|
||||||
|
|
||||||
|
export FREEBL_LIBS=`/usr/bin/pkg-config --libs nss-softokn`
|
||||||
|
|
||||||
|
export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||||
|
# use the system ones
|
||||||
|
export USE_SYSTEM_NSSUTIL=1
|
||||||
|
export USE_SYSTEM_SOFTOKEN=1
|
||||||
|
|
||||||
|
# tell the upstream build system what we are doing
|
||||||
|
export NSS_BUILD_WITHOUT_SOFTOKEN=1
|
||||||
|
|
||||||
NSS_USE_SYSTEM_SQLITE=1
|
NSS_USE_SYSTEM_SQLITE=1
|
||||||
export NSS_USE_SYSTEM_SQLITE
|
export NSS_USE_SYSTEM_SQLITE
|
||||||
@ -238,24 +270,16 @@ USE_64=1
|
|||||||
export USE_64
|
export USE_64
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
##### phase 1: build freebl/softokn shared libraries
|
##### phase 1: remove util/freebl/softoken and low level tools
|
||||||
# there no ecc in freebl
|
#
|
||||||
unset NSS_ENABLE_ECC
|
######## Remove freebl, softoken and util
|
||||||
# Compile softoken plus needed support
|
%{__rm} -rf ./mozilla/security/nss/lib/freebl
|
||||||
%{__make} -C ./nss/coreconf
|
%{__rm} -rf ./mozilla/security/nss/lib/softoken
|
||||||
|
%{__rm} -rf ./mozilla/security/nss/lib/util
|
||||||
%{__make} -C ./nss/lib/util export
|
######## Remove nss-softokn test tools
|
||||||
%{__make} -C ./nss/lib/freebl export
|
%{__rm} -rf ./mozilla/security/nss/cmd/bltest
|
||||||
%{__make} -C ./nss/lib/softoken export
|
%{__rm} -rf ./mozilla/security/nss/cmd/fipstest
|
||||||
|
%{__rm} -rf ./mozilla/security/nss/cmd/rsaperf_low
|
||||||
%{__make} -C ./nss/lib/util
|
|
||||||
%{__make} -C ./nss/lib/dbm
|
|
||||||
%{__make} -C ./nss/lib/freebl
|
|
||||||
%{__make} -C ./nss/lib/softoken
|
|
||||||
|
|
||||||
# stash away the bltest and fipstest to build them last
|
|
||||||
tar cf build_these_later.tar ./nss/cmd/bltest ./nss/cmd/fipstest
|
|
||||||
rm -rf ./nss/cmd/bltest ./nss/cmd/fipstest
|
|
||||||
|
|
||||||
##### phase 2: build the rest of nss
|
##### phase 2: build the rest of nss
|
||||||
# nss supports pluggable ecc
|
# nss supports pluggable ecc
|
||||||
@ -264,23 +288,12 @@ export NSS_ENABLE_ECC
|
|||||||
NSS_ECC_MORE_THAN_SUITE_B=1
|
NSS_ECC_MORE_THAN_SUITE_B=1
|
||||||
export NSS_ECC_MORE_THAN_SUITE_B
|
export NSS_ECC_MORE_THAN_SUITE_B
|
||||||
|
|
||||||
# We only ship the nss proper libraries, no softoken nor util, yet
|
|
||||||
# we must compile with the entire source tree because nss needs
|
|
||||||
# private exports from util. The install section will ensure not
|
|
||||||
# to override nss-util and nss-softoken headers already installed.
|
|
||||||
#
|
|
||||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||||
%{__make} -C ./nss/coreconf
|
%{__make} -C ./nss/coreconf
|
||||||
%{__make} -C ./nss/lib/dbm
|
%{__make} -C ./nss/lib/dbm
|
||||||
%{__make} -C ./nss
|
%{__make} -C ./nss
|
||||||
unset NSS_BLTEST_NOT_AVAILABLE
|
unset NSS_BLTEST_NOT_AVAILABLE
|
||||||
|
|
||||||
##### phase 3: build bltest and fipstest
|
|
||||||
tar xf build_these_later.tar
|
|
||||||
unset NSS_ENABLE_ECC; %{__make} -C ./nss/cmd/bltest
|
|
||||||
unset NSS_ENABLE_ECC; %{__make} -C ./nss/cmd/fipstest
|
|
||||||
%{__rm} -f build_these_later.tar
|
|
||||||
|
|
||||||
# Set up our package file
|
# Set up our package file
|
||||||
# The nspr_version and nss_{util|softokn}_version globals used
|
# The nspr_version and nss_{util|softokn}_version globals used
|
||||||
# here match the ones nss has for its Requires.
|
# here match the ones nss has for its Requires.
|
||||||
@ -340,6 +353,9 @@ export USE_64
|
|||||||
|
|
||||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||||
|
|
||||||
|
# needed for the fips manging test
|
||||||
|
export SOFTOKEN_LIB_DIR=%{_libdir}
|
||||||
|
|
||||||
# End -- copied from the build section
|
# End -- copied from the build section
|
||||||
|
|
||||||
# enable the following line to force a test failure
|
# enable the following line to force a test failure
|
||||||
@ -477,49 +493,6 @@ done
|
|||||||
# Copy the pkcs #11 configuration script
|
# Copy the pkcs #11 configuration script
|
||||||
%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
|
%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
|
||||||
|
|
||||||
#remove the nss-util-devel headers
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
|
|
||||||
|
|
||||||
#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/hasht.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/shsign.h
|
|
||||||
rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
%{__rm} -rf $RPM_BUILD_ROOT
|
%{__rm} -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
@ -694,6 +667,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 18 2013 emaldona <emaldona@redhat.com> - 3.15-4
|
||||||
|
- Build nss without softoken or util sources in the tree
|
||||||
|
- Resolves: rhbz#689918
|
||||||
|
|
||||||
* Mon Jun 17 2013 emaldona <emaldona@redhat.com> - 3.15-3
|
* Mon Jun 17 2013 emaldona <emaldona@redhat.com> - 3.15-3
|
||||||
- Update ssl-cbc-random-iv-by-default.patch
|
- Update ssl-cbc-random-iv-by-default.patch
|
||||||
|
|
||||||
|
@ -1,17 +1,13 @@
|
|||||||
Index: ./nss/lib/nss/config.mk
|
diff -up nss/lib/nss/config.mk.templates nss/lib/nss/config.mk
|
||||||
===================================================================
|
--- nss/lib/nss/config.mk.templates 2013-06-18 11:32:07.590089155 -0700
|
||||||
RCS file: /cvsroot/nss/lib/nss/config.mk,v
|
+++ nss/lib/nss/config.mk 2013-06-18 11:33:28.732763345 -0700
|
||||||
retrieving revision 1.37
|
|
||||||
diff -u -p -r1.37 config.mk
|
|
||||||
--- ./nss/lib/nss/config.mk 25 Apr 2012 14:50:03 -0000 1.37
|
|
||||||
+++ ./nss/lib/nss/config.mk 7 Feb 2013 02:22:58 -0000
|
|
||||||
@@ -3,6 +3,10 @@
|
@@ -3,6 +3,10 @@
|
||||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
|
||||||
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
+#ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
|
||||||
+INCLUDES += -I/usr/include/nss3/templates
|
+INCLUDES += -I/usr/include/nss3/templates
|
||||||
+endif
|
+#endif
|
||||||
+
|
+
|
||||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
||||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||||
|
Loading…
Reference in New Issue
Block a user