diff --git a/README.md b/README.md index a85a205..106f655 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # libnss +Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. +Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. + diff --git a/blank-cert8.db b/blank-cert8.db new file mode 100644 index 0000000..ac40a33 Binary files /dev/null and b/blank-cert8.db differ diff --git a/blank-cert9.db b/blank-cert9.db new file mode 100644 index 0000000..1763264 Binary files /dev/null and b/blank-cert9.db differ diff --git a/blank-key3.db b/blank-key3.db new file mode 100644 index 0000000..31e3975 Binary files /dev/null and b/blank-key3.db differ diff --git a/blank-key4.db b/blank-key4.db new file mode 100644 index 0000000..987ffe0 Binary files /dev/null and b/blank-key4.db differ diff --git a/blank-secmod.db b/blank-secmod.db new file mode 100644 index 0000000..9a02807 Binary files /dev/null and b/blank-secmod.db differ diff --git a/libnss-3.12.3-enable-pem.patch b/libnss-3.12.3-enable-pem.patch new file mode 100644 index 0000000..665a148 --- /dev/null +++ b/libnss-3.12.3-enable-pem.patch @@ -0,0 +1,12 @@ +diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn +--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 +@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife + + CORE_DEPTH = ../../.. + +-DIRS = builtins ++DIRS = builtins pem + + PRIVATE_EXPORTS = \ + ck.h \ diff --git a/libnss-3.12.3-no-rpath.patch b/libnss-3.12.3-no-rpath.patch new file mode 100644 index 0000000..35ea573 --- /dev/null +++ b/libnss-3.12.3-no-rpath.patch @@ -0,0 +1,14 @@ +--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100 ++++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100 +@@ -52,9 +52,9 @@ + + ifeq ($(OS_ARCH), Linux) + ifeq ($(USE_64), 1) +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' + else +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' + endif + endif + diff --git a/libnss-3.12.3-nolocalsql.patch b/libnss-3.12.3-nolocalsql.patch new file mode 100644 index 0000000..21101fa --- /dev/null +++ b/libnss-3.12.3-nolocalsql.patch @@ -0,0 +1,52 @@ +diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile +--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2007-07-19 23:36:49.000000000 +0200 ++++ ./mozilla/security/nss/lib/Makefile 2009-04-14 17:07:40.000000000 +0200 +@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE) + DIRS := $(filter-out fortcrypt,$(DIRS)) + endif + +-ifndef MOZILLA_CLIENT +-ifndef NSS_USE_SYSTEM_SQLITE +-DIRS := sqlite $(DIRS) +-endif +-endif ++#ifndef MOZILLA_CLIENT ++#ifndef NSS_USE_SYSTEM_SQLITE ++#DIRS := sqlite $(DIRS) ++#endif ++#endif + + ####################################################################### + # (5) Execute "global" rules. (OPTIONAL) # +diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn +--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-07-19 23:36:50.000000000 +0200 ++++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2009-04-14 17:07:40.000000000 +0200 +@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def + + DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" + +-ifdef MOZILLA_CLIENT +-INCLUDES += -I$(DIST)/include/sqlite3 +-endif ++#ifdef MOZILLA_CLIENT ++#INCLUDES += -I$(DIST)/include/sqlite3 ++#endif + + CSRCS = \ + dbmshim.c \ +diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn +--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2009-03-25 17:21:37.000000000 +0100 ++++ ./mozilla/security/nss/lib/softoken/manifest.mn 2009-04-14 17:07:40.000000000 +0200 +@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def + + DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" + +-ifdef MOZILLA_CLIENT +-INCLUDES += -I$(DIST)/include/sqlite3 +-endif ++#ifdef MOZILLA_CLIENT ++#INCLUDES += -I$(DIST)/include/sqlite3 ++#endif + + EXPORTS = \ + secmodt.h \ diff --git a/libnss-3.12.3-stubs-bug502133.patch b/libnss-3.12.3-stubs-bug502133.patch new file mode 100644 index 0000000..a0f1503 --- /dev/null +++ b/libnss-3.12.3-stubs-bug502133.patch @@ -0,0 +1,23 @@ +diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c +--- ./mozilla/security/nss/lib/freebl/stubs.c 2009-03-28 19:21:50.000000000 -0700 ++++ ./mozilla/security/nss/lib/freebl/stubs.c 2009-06-08 20:37:20.000000000 -0700 +@@ -558,8 +558,8 @@ FREEBL_InitStubs() + return SECFailure; + } + rv = freebl_InitNSPR(nspr); +- freebl_releaseLibrary(nspr); + if (rv != SECSuccess) { ++ freebl_releaseLibrary(nspr); + return rv; + } + } +@@ -570,8 +570,8 @@ FREEBL_InitStubs() + return SECFailure; + } + rv = freebl_InitNSSUtil(nssutil); +- freebl_releaseLibrary(nssutil); + if (rv != SECSuccess) { ++ freebl_releaseLibrary(nssutil); + return rv; + } + } diff --git a/libnss-3.12.9-enable-pem.patch b/libnss-3.12.9-enable-pem.patch new file mode 100644 index 0000000..665a148 --- /dev/null +++ b/libnss-3.12.9-enable-pem.patch @@ -0,0 +1,12 @@ +diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn +--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700 ++++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700 +@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife + + CORE_DEPTH = ../../.. + +-DIRS = builtins ++DIRS = builtins pem + + PRIVATE_EXPORTS = \ + ck.h \ diff --git a/libnss-3.12.9-honor-user-trust-preferences.patch b/libnss-3.12.9-honor-user-trust-preferences.patch new file mode 100644 index 0000000..e9414de --- /dev/null +++ b/libnss-3.12.9-honor-user-trust-preferences.patch @@ -0,0 +1,133 @@ +Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v +retrieving revision 1.30 +diff -u -p -r1.30 pk11load.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 22 Jan 2011 05:39:07 -0000 +@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod + char *oldModuleSpec; + + if (secmod_IsInternalKeySlot(newModule)) { +- pk11_SetInternalKeySlot(slot); +- } ++ pk11_FirstInternalKeySlot(slot); ++ } + newID = slot->slotID; + PK11_FreeSlot(slot); + for (thisChild=children, thisID=ids; thisChild && *thisChild; +@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo + /* look down the slot info table */ + PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount); + SECMOD_SetRootCerts(mod->slots[i],mod); ++ /* explicitly mark the internal slot as such if IsInternalKeySlot() ++ * is set */ ++ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) { ++ pk11_FirstInternalKeySlot(mod->slots[i]); ++ } + } + mod->slotCount = slotCount; + mod->slotInfoCount = 0; +Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v +retrieving revision 1.13 +diff -u -p -r1.13 pk11priv.h +--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 22 Jan 2011 05:39:07 -0000 +@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_ + PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot); + SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot); + void pk11_SetInternalKeySlot(PK11SlotInfo *slot); ++void pk11_FirstInternalKeySlot(PK11SlotInfo *slot); + + /********************************************************************* + * Mechanism Mapping functions +Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v +retrieving revision 1.101 +diff -u -p -r1.101 pk11slot.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 22 Jan 2011 05:39:08 -0000 +@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl + pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; + } + ++void ++pk11_FirstInternalKeySlot(PK11SlotInfo *slot) ++{ ++ if (pk11InternalKeySlot) { ++ return; ++ } ++ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; ++} ++ + + /* get the internal key slot. FIPS has only one slot for both key slots and + * default slots */ +Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v +retrieving revision 1.2 +diff -u -p -r1.2 nsssysinit.c +--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2 ++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 22 Jan 2011 05:39:08 -0000 +@@ -221,7 +221,7 @@ getFIPSMode(void) + * 2 for the key slot, and + * 3 for the crypto operations slot fips + */ +-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100" ++#define ORDER_FLAGS "cipherOrder=100" + #define SLOT_FLAGS \ + "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \ + " askpw=any timeout=30 ]" +@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_ + "library= " + "module=\"NSS User database\" " + "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" " +- "NSS=\"%sflags=internal%s\"", ++ "NSS=\"trustOrder=75 %sflags=internal%s\"", + userdb, stripped_parameters, nssflags, + isFIPS ? ",FIPS" : ""); + +@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_ + userdb, stripped_parameters); + } + +-#if 0 +- /* This doesn't actually work. If we register +- both this and the sysdb (in either order) +- then only one of them actually shows up */ +- +- /* Using a NULL filename as a Boolean flag to +- * prevent registering both an application-defined +- * db and the system db. rhbz #546211. +- */ +- PORT_Assert(filename); +- if (sysdb && PL_CompareStrings(filename, sysdb)) +- filename = NULL; +- else if (userdb && PL_CompareStrings(filename, userdb)) +- filename = NULL; +- +- if (filename && !userIsRoot()) { +- module_list[next++] = PR_smprintf( +- "library= " +- "module=\"NSS database\" " +- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" " +- "NSS=\"%sflags=internal\"",filename, filename, nssflags); +- } +-#endif +- + /* now the system database (always read only unless it's root) */ + if (sysdb) { + const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly"; +@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_ + "library= " + "module=\"NSS system database\" " + "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" " +- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags); ++ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags); + } + + /* that was the last module */ diff --git a/libnss-3.12.9-ipv6-type-connections-bug539183.patch b/libnss-3.12.9-ipv6-type-connections-bug539183.patch new file mode 100644 index 0000000..d86a705 --- /dev/null +++ b/libnss-3.12.9-ipv6-type-connections-bug539183.patch @@ -0,0 +1,33 @@ +Index: mozilla/security/nss/cmd/selfserv/selfserv.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v +retrieving revision 1.94 +diff -p -u -8 -r1.94 selfserv.c +--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94 ++++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000 +@@ -1487,21 +1487,21 @@ PRFileDesc * + getBoundListenSocket(unsigned short port) + { + PRFileDesc * listen_sock; + int listenQueueDepth = 5 + (2 * maxThreads); + PRStatus prStatus; + PRNetAddr addr; + PRSocketOptionData opt; + +- addr.inet.family = PR_AF_INET; +- addr.inet.ip = PR_INADDR_ANY; +- addr.inet.port = PR_htons(port); ++ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { ++ errExit("PR_SetNetAddr"); ++ } + +- listen_sock = PR_NewTCPSocket(); ++ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); + if (listen_sock == NULL) { + errExit("PR_NewTCPSocket"); + } + + opt.option = PR_SockOpt_Nonblocking; + opt.value.non_blocking = PR_FALSE; + prStatus = PR_SetSocketOption(listen_sock, &opt); + if (prStatus < 0) { diff --git a/libnss-3.12.9-nsspem-642433.patch b/libnss-3.12.9-nsspem-642433.patch new file mode 100644 index 0000000..710919b --- /dev/null +++ b/libnss-3.12.9-nsspem-642433.patch @@ -0,0 +1,52 @@ +diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c +--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800 ++++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800 +@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item + return (result); + + loser: +- if (result != NULL) { +- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE); +- } + return (NULL); + } + +@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds + + prStatus = PR_GetOpenFileInfo(src, &info); + +- if (prStatus != PR_SUCCESS) { ++ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) { + return SECFailure; + } + +@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds + + return SECSuccess; + loser: +- SECITEM_FreeItem(dst, PR_FALSE); +- nss_ZFreeIf(dst); ++ nss_ZFreeIf(dst->data); + return SECFailure; + } + +@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha + + /* Read in ascii data */ + rv = FileToItem(&filedata, inFile); ++ if (rv != SECSuccess) { ++ PR_Close(inFile); ++ return -1; ++ } + asc = (char *) filedata.data; + if (!asc) { + PR_Close(inFile); +@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha + } else { + /* Read in binary der */ + rv = FileToItem(der, inFile); +- if (rv) { ++ if (rv != SECSuccess) { + PR_Close(inFile); + return -1; + } diff --git a/libnss-3.12.9-renegotiate-transitional.patch b/libnss-3.12.9-renegotiate-transitional.patch new file mode 100644 index 0000000..3dc6eec --- /dev/null +++ b/libnss-3.12.9-renegotiate-transitional.patch @@ -0,0 +1,12 @@ +diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c +--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700 ++++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700 +@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ +- 2, /* enableRenegotiation (default: requires extension) */ ++ 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + PR_FALSE, /* enableFalseStart */ + }; diff --git a/libnss-3.12.9-system-nspr.patch b/libnss-3.12.9-system-nspr.patch new file mode 100644 index 0000000..97cdc7e --- /dev/null +++ b/libnss-3.12.9-system-nspr.patch @@ -0,0 +1,11 @@ +--- mozilla/security/nss/Makefile 2009-12-08 17:47:03.000000000 +0100 ++++ mozilla/security/nss/Makefile-gil 2011-01-26 01:02:44.000000000 +0100 +@@ -78,7 +78,7 @@ + # (7) Execute "local" rules. (OPTIONAL). # + ####################################################################### + +-nss_build_all: build_coreconf build_nspr build_dbm all ++nss_build_all: build_coreconf build_dbm all + + nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber + diff --git a/libnss-3.15.1-lfs-buildfixes.patch b/libnss-3.15.1-lfs-buildfixes.patch new file mode 100644 index 0000000..289dbc2 --- /dev/null +++ b/libnss-3.15.1-lfs-buildfixes.patch @@ -0,0 +1,241 @@ +Submitted By: Armin K. +Date: 2013-07-02 +Initial Package Version: 3.15 +Upstream Status: Not applicable +Origin: Based on dj's original patch, rediffed and modified for 3.15 +Description: Adds auto-generated nss.pc and nss-config script, and allows + building without nspr in the source tree. + +--- a/nss/config/Makefile 1970-01-01 01:00:00.000000000 +0100 ++++ b/nss/config/Makefile 2013-07-02 14:53:56.684750636 +0200 +@@ -0,0 +1,40 @@ ++CORE_DEPTH = .. ++DEPTH = .. ++ ++include $(CORE_DEPTH)/coreconf/config.mk ++ ++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` ++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` ++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` ++PREFIX = /usr ++ ++all: export libs ++ ++export: ++ # Create the nss.pc file ++ mkdir -p $(DIST)/lib/pkgconfig ++ sed -e "s,@prefix@,$(PREFIX)," \ ++ -e "s,@exec_prefix@,\$${prefix}," \ ++ -e "s,@libdir@,\$${prefix}/lib," \ ++ -e "s,@includedir@,\$${prefix}/include/nss," \ ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ ++ nss.pc.in > nss.pc ++ chmod 0644 nss.pc ++ ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig ++ ++ # Create the nss-config script ++ mkdir -p $(DIST)/bin ++ sed -e "s,@prefix@,$(PREFIX)," \ ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ ++ nss-config.in > nss-config ++ chmod 0755 nss-config ++ ln -sf ../../../nss/config/nss-config $(DIST)/bin ++ ++libs: ++ ++dummy: all export libs ++ +--- a/nss/config/nss-config.in 1970-01-01 01:00:00.000000000 +0100 ++++ b/nss/config/nss-config.in 2013-07-02 14:52:58.328084334 +0200 +@@ -0,0 +1,153 @@ ++#!/bin/sh ++ ++prefix=@prefix@ ++ ++major_version=@NSS_MAJOR_VERSION@ ++minor_version=@NSS_MINOR_VERSION@ ++patch_version=@NSS_PATCH_VERSION@ ++ ++usage() ++{ ++ cat <&2 ++fi ++ ++lib_nss=yes ++lib_nssutil=yes ++lib_smime=yes ++lib_ssl=yes ++lib_softokn=yes ++ ++while test $# -gt 0; do ++ case "$1" in ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ++ *) optarg= ;; ++ esac ++ ++ case $1 in ++ --prefix=*) ++ prefix=$optarg ++ ;; ++ --prefix) ++ echo_prefix=yes ++ ;; ++ --exec-prefix=*) ++ exec_prefix=$optarg ++ ;; ++ --exec-prefix) ++ echo_exec_prefix=yes ++ ;; ++ --includedir=*) ++ includedir=$optarg ++ ;; ++ --includedir) ++ echo_includedir=yes ++ ;; ++ --libdir=*) ++ libdir=$optarg ++ ;; ++ --libdir) ++ echo_libdir=yes ++ ;; ++ --version) ++ echo ${major_version}.${minor_version}.${patch_version} ++ ;; ++ --cflags) ++ echo_cflags=yes ++ ;; ++ --libs) ++ echo_libs=yes ++ ;; ++ nss) ++ lib_nss=yes ++ ;; ++ nssutil) ++ lib_nssutil=yes ++ ;; ++ smime) ++ lib_smime=yes ++ ;; ++ ssl) ++ lib_ssl=yes ++ ;; ++ softokn) ++ lib_softokn=yes ++ ;; ++ *) ++ usage 1 1>&2 ++ ;; ++ esac ++ shift ++done ++ ++# Set variables that may be dependent upon other variables ++if test -z "$exec_prefix"; then ++ exec_prefix=`pkg-config --variable=exec_prefix nss` ++fi ++if test -z "$includedir"; then ++ includedir=`pkg-config --variable=includedir nss` ++fi ++if test -z "$libdir"; then ++ libdir=`pkg-config --variable=libdir nss` ++fi ++ ++if test "$echo_prefix" = "yes"; then ++ echo $prefix ++fi ++ ++if test "$echo_exec_prefix" = "yes"; then ++ echo $exec_prefix ++fi ++ ++if test "$echo_includedir" = "yes"; then ++ echo $includedir ++fi ++ ++if test "$echo_libdir" = "yes"; then ++ echo $libdir ++fi ++ ++if test "$echo_cflags" = "yes"; then ++ echo -I$includedir ++fi ++ ++if test "$echo_libs" = "yes"; then ++ libdirs="-L$libdir" ++ if test -n "$lib_nss"; then ++ libdirs="$libdirs -lnss${major_version}" ++ fi ++ if test -n "$lib_nssutil"; then ++ libdirs="$libdirs -lnssutil${major_version}" ++ fi ++ if test -n "$lib_smime"; then ++ libdirs="$libdirs -lsmime${major_version}" ++ fi ++ if test -n "$lib_ssl"; then ++ libdirs="$libdirs -lssl${major_version}" ++ fi ++ if test -n "$lib_softokn"; then ++ libdirs="$libdirs -lsoftokn${major_version}" ++ fi ++ echo $libdirs ++fi ++ +--- a/nss/config/nss.pc.in 1970-01-01 01:00:00.000000000 +0100 ++++ b/nss/config/nss.pc.in 2013-07-02 14:52:58.328084334 +0200 +@@ -0,0 +1,12 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: NSS ++Description: Network Security Services ++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ ++Requires: nspr >= 4.8 ++Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@ ++Cflags: -I${includedir} ++ +--- a/nss/Makefile 2013-05-28 23:43:24.000000000 +0200 ++++ b/nss/Makefile 2013-07-02 14:52:58.328084334 +0200 +@@ -44,7 +44,7 @@ + # (7) Execute "local" rules. (OPTIONAL). # + ####################################################################### + +-nss_build_all: build_nspr all ++nss_build_all: all + + nss_clean_all: clobber_nspr clobber + +--- a/nss/manifest.mn 2013-05-28 23:43:24.000000000 +0200 ++++ b/nss/manifest.mn 2013-07-02 14:52:58.331417666 +0200 +@@ -10,4 +10,4 @@ + + RELEASE = nss + +-DIRS = coreconf lib cmd ++DIRS = coreconf lib cmd config diff --git a/libnss-3.15.1-opt_flags.patch b/libnss-3.15.1-opt_flags.patch new file mode 100644 index 0000000..f6074d0 --- /dev/null +++ b/libnss-3.15.1-opt_flags.patch @@ -0,0 +1,15 @@ +--- nss/coreconf/Linux.mk 2010-08-13 03:32:29.000000000 +0200 ++++ nss/coreconf/Linux.mk-gil 2011-01-26 01:13:01.000000000 +0100 +@@ -112,11 +112,7 @@ + endif + + ifdef BUILD_OPT +-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) +- OPTIMIZER = -Os +-else +- OPTIMIZER = -O2 +-endif ++ OPTIMIZER = $(OPT_FLAGS) + ifdef MOZ_DEBUG_SYMBOLS + ifdef MOZ_DEBUG_FLAGS + OPTIMIZER += $(MOZ_DEBUG_FLAGS) diff --git a/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch new file mode 100644 index 0000000..43541fc --- /dev/null +++ b/libnss-3.15.4-add-missing-RSA_BlockOAEP.patch @@ -0,0 +1,10 @@ +--- nss-3.15.4/nss/lib/freebl/rsapkcs.c.orig 2014-02-18 14:09:04.195114868 +0100 ++++ nss-3.15.4/nss/lib/freebl/rsapkcs.c 2014-02-18 14:09:13.416071147 +0100 +@@ -32,6 +32,7 @@ + RSA_BlockUnused = 0, /* unused */ + RSA_BlockPrivate = 1, /* pad for a private-key operation */ + RSA_BlockPublic = 2, /* pad for a public-key operation */ ++ RSA_BlockOAEP = 3, + RSA_BlockRaw = 4, /* simply justify the block appropriately */ + RSA_BlockTotal + } RSA_BlockType; diff --git a/libnss.spec b/libnss.spec new file mode 100644 index 0000000..ecbbf01 --- /dev/null +++ b/libnss.spec @@ -0,0 +1,398 @@ +%define srcver %(echo %version | tr . _) +#%define nspr_version %(rpm -q --queryformat '%{VERSION}' libnspr) +%define nspr_version %(%{_bindir}/nspr-config --version) +%define with_test 1 +%define with_nsspem 1 +Name: libnss +Version: 3.16.1 +Release: 1mamba +Summary: Network Security Services +Group: System/Libraries +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.mozilla.org/projects/security/pki/nss/ +Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz +Source1: nss.pc.in +Source2: nss-config.in +Source3: blank-cert8.db +Source4: blank-key3.db +Source5: blank-secmod.db +Source6: blank-cert9.db +Source7: blank-key4.db +Source8: nss-pkcs11.txt +Source9: setup-nsssysinit.sh +# from fedora +# git clone https://git.fedorahosted.org/git/nss-pem.git +# tar cjf ../SOURCES/libnss-pem-20140218.tar.bz2 nss-pem/ +%if %with_nsspem +Source10: libnss-pem-20140218.tar.bz2 +%endif +Patch1: libnss-3.12.3-no-rpath.patch +Patch2: libnss-3.12.3-nolocalsql.patch +Patch3: libnss-3.12.9-renegotiate-transitional.patch +Patch4: libnss-3.12.9-enable-pem.patch +Patch5: libnss-3.12.9-nsspem-642433.patch +Patch6: libnss-3.12.3-enable-pem.patch +Patch7: libnss-3.12.3-stubs-bug502133.patch +Patch8: libnss-3.12.9-honor-user-trust-preferences.patch +Patch9: libnss-3.12.9-system-nspr.patch +Patch10: libnss-3.15.1-opt_flags.patch +Patch11: libnss-3.12.9-ipv6-type-connections-bug539183.patch +Patch12: libnss-3.15.4-add-missing-RSA_BlockOAEP.patch +Patch13: libnss-3.15.1-lfs-buildfixes.patch +License: GPL, MPL 1.1, LGPL +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libnspr-devel +BuildRequires: libsqlite-devel +BuildRequires: libz-devel +## AUTOBUILDREQ-END +BuildRequires: gawk +BuildRequires: perl +BuildRequires: pkgconfig +BuildRequires: psmisc +Obsoletes: libmozilla-nss +Provides: libmozilla-nss = %{?epoch:%epoch:}%{version}-%{release} +Obsoletes: libmozilla +Conflicts: libmozilla <= 1.7.13-1 +Requires: %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release} +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. +Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. + +%package tools +Summary: Tools for the Network Security Services +Group: Applications/Security +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} + +%description tools +Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. +Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. + +Install the nss-tools package if you need command-line tools to manipulate the NSS certificate and key database. + +%package devel +Group: Development/Libraries +Summary: Static libraries and headers for %{name} +Obsoletes: libmozilla-nss-devel +Provides: libmozilla-nss-devel = %{?epoch:%epoch:}%{version}-%{release} +Conflicts: libmozilla-devel <= 1.7.13-1 +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} + +%description devel +Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. +Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. + +This package contains static libraries and header files need for development. + +%package sysinit +Summary: System NSS Initilization +Group: System/Tools +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} +Requires: coreutils +Requires: sed + +%description sysinit +Default Operating System module that manages applications loading NSS globally on the system. This module loads the system defined PKCS #11 modules for NSS and chains with other NSS modules to load any system or user configured modules. + +%prep +%setup -q -n nss-%{version} +#-D -T +#:<< __EOF +%patch3 -p3 +%if %with_nsspem +tar -xf %{SOURCE10} +mv nss-pem/nss/lib/ckfw/pem/ nss/lib/ckfw/ + +%patch4 -p3 +#%patch5 -p3 +%endif +#%patch8 -p1 +#%patch9 -p0 +%patch10 -p0 +#%patch11 -p0 +#%patch12 -p1 +%patch13 -p1 + +%build +#:<< __EOF +export BUILD_OPT=1 +export XCFLAGS="%{optflags}" +export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 +export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 +NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` +NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` +export NSPR_INCLUDE_DIR +export NSPR_LIB_DIR +export NSS_USE_SYSTEM_SQLITE=1 +export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" + +%ifarch x86_64 ia64 +export USE_64=1 +%endif + +make -C ./nss/coreconf +make -C ./nss/lib/dbm +make -C ./nss CORE_DEPTH=`pwd`/nss + +cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ + -e "s,%%prefix%%,%{_prefix},g" \ + -e "s,%%exec_prefix%%,%{_prefix},g" \ + -e "s,%%includedir%%,%{_includedir}/nss3,g" \ + -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ + -e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc + +NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | \ + grep "#define.*NSS_VMAJOR" | awk '{print $3}'` +NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | \ + grep "#define.*NSS_VMINOR" | awk '{print $3}'` +NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | \ + grep "#define.*NSS_VPATCH" | awk '{print $3}'` +cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ + -e "s,@prefix@,%{_prefix},g" \ + -e "s,@exec_prefix@,%{_prefix},g" \ + -e "s,@includedir@,%{_includedir}/nss3,g" \ + -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \ + -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ + -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config + +cat %{SOURCE9} > setup-nsssysinit.sh + +%if %with_test +export BUILD_OPT=1 +export HOST="localhost" +export DOMSUF=" " +export USE_IP=TRUE +export IP_ADDRESS="127.0.0.1" +cd nss/tests +./all.sh +#TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || : +#if [ $TEST_FAILURES -ne 0 ]; then +# echo "error: test suite returned failure(s)" +# exit 1 +#fi +%endif + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc +install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config + +# copy all the binary libraries +for file in libfreebl3.so libnss3.so libnssckbi.so libsmime3.so libsoftokn3.so libssl3.so libnssutil3.so libnssdbm3.so libnsssysinit.so; do + install -m 755 dist/*.OBJ/lib/$file %{buildroot}%{_libdir} +done + +%if %with_nsspem +install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir} +%endif + +# copy alle the chk files +for file in libfreebl3.chk libsoftokn3.chk libnssdbm3.chk; do + install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir} +done + +# install the empty NSS db files +# legacy db +install -d %{buildroot}%{_sysconfdir}/pki/nssdb +install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db +install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db +# shared db +install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db +install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db +install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt + + +# copy the development libraries we want +for file in libcrmf.a libnssb.a libnssckfw.a; do + install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir} +done + +# copy the binaries we want +for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap; do + install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_bindir} +done + +# copy unsupported tools +mkdir -p %{buildroot}%{_libexecdir}/nss +for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain; do + install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_libexecdir}/nss +done + +# pkcs11 configuration script +mkdir -p %{buildroot}%{_sbindir} +install -pm 755 setup-nsssysinit.sh %{buildroot}%{_sbindir}/setup-nsssysinit.sh + +# copy the include files +install -d %{buildroot}%{_includedir}/nss3 +for file in dist/public/nss/*.h; do + install -m 644 $file %{buildroot}%{_includedir}/nss3 +done + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%{_libdir}/libnss3.so +%{_libdir}/libssl3.so +%{_libdir}/libsmime3.so +%{_libdir}/libsoftokn3.so +%{_libdir}/libsoftokn3.chk +%{_libdir}/libnssckbi.so +%{_libdir}/libfreebl3.so +%{_libdir}/libfreebl3.chk +%{_libdir}/libnssutil3.so +%{_libdir}/libnssdbm3.so +%{_libdir}/libnssdbm3.chk +%if %with_nsspem +%{_libdir}/libnsspem.so +%endif +%dir %{_sysconfdir}/pki/nssdb +%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db +%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db +%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db + + +%post sysinit +/sbin/ldconfig +%{_sbindir}/setup-nsssysinit.sh on + +%preun sysinit +if [ $1 = 0 ]; then + %{_sbindir}/setup-nsssysinit.sh off +fi + +%postun sysinit -p /sbin/ldconfig + +%files sysinit +%defattr(-,root,root) +%{_sbindir}/setup-nsssysinit.sh +%{_libdir}/libnsssysinit.so +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt + +%files tools +%defattr(-,root,root) +%{_bindir}/certutil +%{_bindir}/cmsutil +%{_bindir}/crlutil +%{_bindir}/modutil +%{_bindir}/pk12util +%{_bindir}/signtool +%{_bindir}/signver +%{_bindir}/ssltap +%dir %{_libexecdir}/nss +%{_libexecdir}/nss/* + +%files devel +%defattr(-,root,root) +%{_bindir}/nss-config +%{_libdir}/libcrmf.a +%{_libdir}/libnssb.a +%{_libdir}/libnssckfw.a +%{_libdir}/pkgconfig/nss.pc +%{_includedir}/nss3/ + +%changelog +* Sat May 10 2014 Automatic Build System 3.16.1-1mamba +- automatic version update by autodist + +* Wed Apr 09 2014 Automatic Build System 3.16-1mamba +- automatic version update by autodist + +* Sun Mar 30 2014 Automatic Build System 3.15.5-1mamba +- automatic version update by autodist + +* Tue Feb 18 2014 Silvan Calarco 3.15.4-1mamba +- update to 3.15.4 + +* Tue Dec 10 2013 Automatic Build System 3.15.3.1-1mamba +- automatic version update by autodist + +* Thu Nov 14 2013 Automatic Build System 3.15.3-2mamba +- rebuilt after breaking and fixing rpm + +* Wed Nov 13 2013 Automatic Build System 3.15.3-1mamba +- automatic version update by autodist + +* Mon Oct 07 2013 Automatic Build System 3.15.2-1mamba +- automatic version update by autodist + +* Fri Aug 30 2013 Automatic Build System 3.15.1-1mamba +- automatic version update by autodist + +* Sun Apr 07 2013 Automatic Build System 3.14.3-1mamba +- automatic version update by autodist + +* Fri Dec 28 2012 Automatic Build System 3.14.1-1mamba +- automatic version update by autodist + +* Sat Dec 01 2012 Automatic Build System 3.14-1mamba +- automatic version update by autodist + +* Wed Oct 10 2012 Automatic Build System 3.13.6-1mamba +- automatic version update by autodist + +* Mon Mar 12 2012 Silvan Calarco 3.13.3-1mamba +- update to 3.13.3 + +* Fri Jan 06 2012 Silvan Calarco 3.13.1-1mamba +- update to 3.13.1 + +* Tue Aug 02 2011 Silvan Calarco 3.12.10-1mamba +- update to 3.12.10 + +* Sat Apr 09 2011 Ercole 'ercolinux' Carpanetto 3.12.9-3mamba +- rebuilt with libsqlite 3.7.3-2 + +* Sun Mar 20 2011 gil 3.12.9-2mamba +- ... add a changelog entry + +* Tue Jan 25 2011 gil 3.12.9-1mamba +- update to 3.12.9 + +* Mon Nov 29 2010 gil 3.12.8-1mamba +- update to 3.12.8 + +* Tue Sep 14 2010 gil 3.12.7-1mamba +- update to 3.12.7 + +* Thu Jul 22 2010 gil 3.12.6-2mamba +- rebuil with libnspr 4.8.6; libsqlite 3.7.0 + +* Fri Apr 02 2010 gil 3.12.6-1mamba +- update to 3.12.6 + +* Sat Dec 12 2009 gil 3.12.4-1mamba +- update to 3.12.4 + +* Wed Jul 01 2009 Silvan Calarco 3.12.3-1mamba +- update to 3.12.3 + +* Mon Jun 23 2008 Silvan Calarco 3.12-2mamba +- add patch to use system libsqlite +- development nss-config and nss.pc files updated for linking with libnssutil3 + +* Sat Jun 21 2008 gil 3.12-1mamba +- update to 3.12 + +* Sat May 31 2008 gil 3.11.9-1mamba +- update to 3.11.9 + +* Wed Jan 31 2007 Silvan Calarco 3.11.4-3qilnx +- obsolete libmozilla + +* Wed Jan 24 2007 Davide Madrisan 3.11.4-2qilnx +- conflicts libmozilla + +* Tue Jan 16 2007 Davide Madrisan 3.11.4-1qilnx +- package created by autospec diff --git a/nss-config.in b/nss-config.in new file mode 100644 index 0000000..af3c997 --- /dev/null +++ b/nss-config.in @@ -0,0 +1,144 @@ +#!/bin/sh + +prefix=@prefix@ + +major_version=@MOD_MAJOR_VERSION@ +minor_version=@MOD_MINOR_VERSION@ +patch_version=@MOD_PATCH_VERSION@ + +usage() +{ + cat <&2 +fi + +lib_ssl=yes +lib_smime=yes +lib_nss=yes +lib_nssutil=yes + +while test $# -gt 0; do + case "$1" in + -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + case $1 in + --prefix=*) + prefix=$optarg + ;; + --prefix) + echo_prefix=yes + ;; + --exec-prefix=*) + exec_prefix=$optarg + ;; + --exec-prefix) + echo_exec_prefix=yes + ;; + --includedir=*) + includedir=$optarg + ;; + --includedir) + echo_includedir=yes + ;; + --libdir=*) + libdir=$optarg + ;; + --libdir) + echo_libdir=yes + ;; + --version) + echo ${major_version}.${minor_version}.${patch_version} + ;; + --cflags) + echo_cflags=yes + ;; + --libs) + echo_libs=yes + ;; + ssl) + lib_ssl=yes + ;; + smime) + lib_smime=yes + ;; + nss) + lib_nss=yes + ;; + nssutil) + lib_nssutil=yes + ;; + *) + usage 1 1>&2 + ;; + esac + shift +done + +# Set variables that may be dependent upon other variables +if test -z "$exec_prefix"; then + exec_prefix=`pkg-config --variable=exec_prefix nss` +fi +if test -z "$includedir"; then + includedir=`pkg-config --variable=includedir nss` +fi +if test -z "$libdir"; then + libdir=`pkg-config --variable=libdir nss` +fi + +if test "$echo_prefix" = "yes"; then + echo $prefix +fi + +if test "$echo_exec_prefix" = "yes"; then + echo $exec_prefix +fi + +if test "$echo_includedir" = "yes"; then + echo $includedir +fi + +if test "$echo_libdir" = "yes"; then + echo $libdir +fi + +if test "$echo_cflags" = "yes"; then + echo -I$includedir +fi + +if test "$echo_libs" = "yes"; then + libdirs="-Wl,-rpath-link,$libdir -L$libdir" + if test -n "$lib_ssl"; then + libdirs="$libdirs -lssl${major_version}" + fi + if test -n "$lib_smime"; then + libdirs="$libdirs -lsmime${major_version}" + fi + if test -n "$lib_nss"; then + libdirs="$libdirs -lnss${major_version}" + fi + if test -n "$lib_nssutil"; then + libdirs="$libdirs -lnssutil${major_version}" + fi + echo $libdirs +fi + diff --git a/nss-pkcs11.txt b/nss-pkcs11.txt new file mode 100644 index 0000000..7f8bd21 --- /dev/null +++ b/nss-pkcs11.txt @@ -0,0 +1,4 @@ +library=libnsssysinit.so +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) diff --git a/nss.pc.in b/nss.pc.in new file mode 100644 index 0000000..d47b9e1 --- /dev/null +++ b/nss.pc.in @@ -0,0 +1,11 @@ +prefix=%prefix% +exec_prefix=%exec_prefix% +libdir=%libdir% +includedir=%includedir% + +Name: NSS +Description: Network Security Services +Version: %NSS_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 +Cflags: -I${includedir} diff --git a/setup-nsssysinit.sh b/setup-nsssysinit.sh new file mode 100644 index 0000000..8e1f5f7 --- /dev/null +++ b/setup-nsssysinit.sh @@ -0,0 +1,68 @@ +#!/bin/sh +# +# Turns on or off the nss-sysinit module db by editing the +# global PKCS #11 congiguration file. Displays the status. +# +# This script can be invoked by the user as super user. +# It is invoked at nss-sysinit post install time with argument on. +# +usage() +{ + cat <&2 +fi + +# the system-wide configuration file +p11conf="/etc/pki/nssdb/pkcs11.txt" +# must exist, otherwise report it and exit with failure +if [ ! -f $p11conf ]; then + echo "Could not find ${p11conf}" + exit 1 +fi + +# check if nsssysinit is currently enabled or disabled +sysinit_enabled() +{ + grep -q '^library=libnsssysinit' ${p11conf} +} + +umask 022 +case "$1" in + on | ON ) + if sysinit_enabled; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=$/library=libnsssysinit.so/' \ + -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \ + ${p11conf}.on + mv ${p11conf}.on ${p11conf} + ;; + off | OFF ) + if ! sysinit_enabled; then + exit 0 + fi + cat ${p11conf} | \ + sed -e 's/^library=libnsssysinit.so/library=/' \ + -e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \ + ${p11conf}.off + mv ${p11conf}.off ${p11conf} + ;; + status ) + echo -n 'NSS sysinit is ' + sysinit_enabled && echo 'enabled' || echo 'disabled' + ;; + * ) + usage 1 1>&2 + ;; +esac