automatic version update by autodist [release 3.16.1-1mamba;Sat May 10 2014]

This commit is contained in:
Automatic Build System 2024-01-06 05:12:50 +01:00
parent b2338f4fbe
commit 113f941fb1
24 changed files with 1248 additions and 0 deletions

View File

@ -1,2 +1,5 @@
# libnss # libnss
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

BIN
blank-cert8.db Normal file

Binary file not shown.

BIN
blank-cert9.db Normal file

Binary file not shown.

BIN
blank-key3.db Normal file

Binary file not shown.

BIN
blank-key4.db Normal file

Binary file not shown.

BIN
blank-secmod.db Normal file

Binary file not shown.

View File

@ -0,0 +1,12 @@
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
CORE_DEPTH = ../../..
-DIRS = builtins
+DIRS = builtins pem
PRIVATE_EXPORTS = \
ck.h \

View File

@ -0,0 +1,14 @@
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100
+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100
@@ -52,9 +52,9 @@
ifeq ($(OS_ARCH), Linux)
ifeq ($(USE_64), 1)
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib'
else
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib'
endif
endif

View File

@ -0,0 +1,52 @@
diff -up ./mozilla/security/nss/lib/Makefile.nolocalsql ./mozilla/security/nss/lib/Makefile
--- ./mozilla/security/nss/lib/Makefile.nolocalsql 2007-07-19 23:36:49.000000000 +0200
+++ ./mozilla/security/nss/lib/Makefile 2009-04-14 17:07:40.000000000 +0200
@@ -62,11 +62,11 @@ ifeq ($(OS_TARGET), WINCE)
DIRS := $(filter-out fortcrypt,$(DIRS))
endif
-ifndef MOZILLA_CLIENT
-ifndef NSS_USE_SYSTEM_SQLITE
-DIRS := sqlite $(DIRS)
-endif
-endif
+#ifndef MOZILLA_CLIENT
+#ifndef NSS_USE_SYSTEM_SQLITE
+#DIRS := sqlite $(DIRS)
+#endif
+#endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
diff -up ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn
--- ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn.nolocalsql 2007-07-19 23:36:50.000000000 +0200
+++ ./mozilla/security/nss/lib/softoken/legacydb/manifest.mn 2009-04-14 17:07:40.000000000 +0200
@@ -46,9 +46,9 @@ MAPFILE = $(OBJDIR)/nssdbm.def
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
-ifdef MOZILLA_CLIENT
-INCLUDES += -I$(DIST)/include/sqlite3
-endif
+#ifdef MOZILLA_CLIENT
+#INCLUDES += -I$(DIST)/include/sqlite3
+#endif
CSRCS = \
dbmshim.c \
diff -up ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql ./mozilla/security/nss/lib/softoken/manifest.mn
--- ./mozilla/security/nss/lib/softoken/manifest.mn.nolocalsql 2009-03-25 17:21:37.000000000 +0100
+++ ./mozilla/security/nss/lib/softoken/manifest.mn 2009-04-14 17:07:40.000000000 +0200
@@ -47,9 +47,9 @@ MAPFILE = $(OBJDIR)/softokn.def
DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
-ifdef MOZILLA_CLIENT
-INCLUDES += -I$(DIST)/include/sqlite3
-endif
+#ifdef MOZILLA_CLIENT
+#INCLUDES += -I$(DIST)/include/sqlite3
+#endif
EXPORTS = \
secmodt.h \

View File

@ -0,0 +1,23 @@
diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c
--- ./mozilla/security/nss/lib/freebl/stubs.c 2009-03-28 19:21:50.000000000 -0700
+++ ./mozilla/security/nss/lib/freebl/stubs.c 2009-06-08 20:37:20.000000000 -0700
@@ -558,8 +558,8 @@ FREEBL_InitStubs()
return SECFailure;
}
rv = freebl_InitNSPR(nspr);
- freebl_releaseLibrary(nspr);
if (rv != SECSuccess) {
+ freebl_releaseLibrary(nspr);
return rv;
}
}
@@ -570,8 +570,8 @@ FREEBL_InitStubs()
return SECFailure;
}
rv = freebl_InitNSSUtil(nssutil);
- freebl_releaseLibrary(nssutil);
if (rv != SECSuccess) {
+ freebl_releaseLibrary(nssutil);
return rv;
}
}

View File

@ -0,0 +1,12 @@
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
CORE_DEPTH = ../../..
-DIRS = builtins
+DIRS = builtins pem
PRIVATE_EXPORTS = \
ck.h \

View File

@ -0,0 +1,133 @@
Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
retrieving revision 1.30
diff -u -p -r1.30 pk11load.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 22 Jan 2011 05:39:07 -0000
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
char *oldModuleSpec;
if (secmod_IsInternalKeySlot(newModule)) {
- pk11_SetInternalKeySlot(slot);
- }
+ pk11_FirstInternalKeySlot(slot);
+ }
newID = slot->slotID;
PK11_FreeSlot(slot);
for (thisChild=children, thisID=ids; thisChild && *thisChild;
@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
/* look down the slot info table */
PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
SECMOD_SetRootCerts(mod->slots[i],mod);
+ /* explicitly mark the internal slot as such if IsInternalKeySlot()
+ * is set */
+ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
+ pk11_FirstInternalKeySlot(mod->slots[i]);
+ }
}
mod->slotCount = slotCount;
mod->slotInfoCount = 0;
Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
retrieving revision 1.13
diff -u -p -r1.13 pk11priv.h
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 22 Jan 2011 05:39:07 -0000
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
+void pk11_FirstInternalKeySlot(PK11SlotInfo *slot);
/*********************************************************************
* Mechanism Mapping functions
Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
retrieving revision 1.101
diff -u -p -r1.101 pk11slot.c
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 22 Jan 2011 05:39:08 -0000
@@ -1735,6 +1735,15 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
}
+void
+pk11_FirstInternalKeySlot(PK11SlotInfo *slot)
+{
+ if (pk11InternalKeySlot) {
+ return;
+ }
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+}
+
/* get the internal key slot. FIPS has only one slot for both key slots and
* default slots */
Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
retrieving revision 1.2
diff -u -p -r1.2 nsssysinit.c
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 22 Jan 2011 05:39:08 -0000
@@ -221,7 +221,7 @@ getFIPSMode(void)
* 2 for the key slot, and
* 3 for the crypto operations slot fips
*/
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
+#define ORDER_FLAGS "cipherOrder=100"
#define SLOT_FLAGS \
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
" askpw=any timeout=30 ]"
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
- "NSS=\"%sflags=internal%s\"",
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
userdb, stripped_parameters, nssflags,
isFIPS ? ",FIPS" : "");
@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
userdb, stripped_parameters);
}
-#if 0
- /* This doesn't actually work. If we register
- both this and the sysdb (in either order)
- then only one of them actually shows up */
-
- /* Using a NULL filename as a Boolean flag to
- * prevent registering both an application-defined
- * db and the system db. rhbz #546211.
- */
- PORT_Assert(filename);
- if (sysdb && PL_CompareStrings(filename, sysdb))
- filename = NULL;
- else if (userdb && PL_CompareStrings(filename, userdb))
- filename = NULL;
-
- if (filename && !userIsRoot()) {
- module_list[next++] = PR_smprintf(
- "library= "
- "module=\"NSS database\" "
- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
- }
-#endif
-
/* now the system database (always read only unless it's root) */
if (sysdb) {
const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS system database\" "
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
}
/* that was the last module */

View File

@ -0,0 +1,33 @@
Index: mozilla/security/nss/cmd/selfserv/selfserv.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
retrieving revision 1.94
diff -p -u -8 -r1.94 selfserv.c
--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94
+++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000
@@ -1487,21 +1487,21 @@ PRFileDesc *
getBoundListenSocket(unsigned short port)
{
PRFileDesc * listen_sock;
int listenQueueDepth = 5 + (2 * maxThreads);
PRStatus prStatus;
PRNetAddr addr;
PRSocketOptionData opt;
- addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
+ errExit("PR_SetNetAddr");
+ }
- listen_sock = PR_NewTCPSocket();
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
if (listen_sock == NULL) {
errExit("PR_NewTCPSocket");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {

View File

@ -0,0 +1,52 @@
diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800
@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
return (result);
loser:
- if (result != NULL) {
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
- }
return (NULL);
}
@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
prStatus = PR_GetOpenFileInfo(src, &info);
- if (prStatus != PR_SUCCESS) {
+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
return SECFailure;
}
@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
return SECSuccess;
loser:
- SECITEM_FreeItem(dst, PR_FALSE);
- nss_ZFreeIf(dst);
+ nss_ZFreeIf(dst->data);
return SECFailure;
}
@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
/* Read in ascii data */
rv = FileToItem(&filedata, inFile);
+ if (rv != SECSuccess) {
+ PR_Close(inFile);
+ return -1;
+ }
asc = (char *) filedata.data;
if (!asc) {
PR_Close(inFile);
@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
} else {
/* Read in binary der */
rv = FileToItem(der, inFile);
- if (rv) {
+ if (rv != SECSuccess) {
PR_Close(inFile);
return -1;
}

View File

@ -0,0 +1,12 @@
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
};

View File

@ -0,0 +1,11 @@
--- mozilla/security/nss/Makefile 2009-12-08 17:47:03.000000000 +0100
+++ mozilla/security/nss/Makefile-gil 2011-01-26 01:02:44.000000000 +0100
@@ -78,7 +78,7 @@
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-nss_build_all: build_coreconf build_nspr build_dbm all
+nss_build_all: build_coreconf build_dbm all
nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber

View File

@ -0,0 +1,241 @@
Submitted By: Armin K. <krejzi at email dot com>
Date: 2013-07-02
Initial Package Version: 3.15
Upstream Status: Not applicable
Origin: Based on dj's original patch, rediffed and modified for 3.15
Description: Adds auto-generated nss.pc and nss-config script, and allows
building without nspr in the source tree.
--- a/nss/config/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ b/nss/config/Makefile 2013-07-02 14:53:56.684750636 +0200
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
+PREFIX = /usr
+
+all: export libs
+
+export:
+ # Create the nss.pc file
+ mkdir -p $(DIST)/lib/pkgconfig
+ sed -e "s,@prefix@,$(PREFIX)," \
+ -e "s,@exec_prefix@,\$${prefix}," \
+ -e "s,@libdir@,\$${prefix}/lib," \
+ -e "s,@includedir@,\$${prefix}/include/nss," \
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+ nss.pc.in > nss.pc
+ chmod 0644 nss.pc
+ ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig
+
+ # Create the nss-config script
+ mkdir -p $(DIST)/bin
+ sed -e "s,@prefix@,$(PREFIX)," \
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+ nss-config.in > nss-config
+ chmod 0755 nss-config
+ ln -sf ../../../nss/config/nss-config $(DIST)/bin
+
+libs:
+
+dummy: all export libs
+
--- a/nss/config/nss-config.in 1970-01-01 01:00:00.000000000 +0100
+++ b/nss/config/nss-config.in 2013-07-02 14:52:58.328084334 +0200
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@NSS_MAJOR_VERSION@
+minor_version=@NSS_MINOR_VERSION@
+patch_version=@NSS_PATCH_VERSION@
+
+usage()
+{
+ cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+ [--prefix[=DIR]]
+ [--exec-prefix[=DIR]]
+ [--includedir[=DIR]]
+ [--libdir[=DIR]]
+ [--version]
+ [--libs]
+ [--cflags]
+Dynamic Libraries:
+ nss
+ nssutil
+ smime
+ ssl
+ softokn
+EOF
+ exit $1
+}
+
+if test $# -eq 0; then
+ usage 1 1>&2
+fi
+
+lib_nss=yes
+lib_nssutil=yes
+lib_smime=yes
+lib_ssl=yes
+lib_softokn=yes
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ nss)
+ lib_nss=yes
+ ;;
+ nssutil)
+ lib_nssutil=yes
+ ;;
+ smime)
+ lib_smime=yes
+ ;;
+ ssl)
+ lib_ssl=yes
+ ;;
+ softokn)
+ lib_softokn=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+ includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+ libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs="-L$libdir"
+ if test -n "$lib_nss"; then
+ libdirs="$libdirs -lnss${major_version}"
+ fi
+ if test -n "$lib_nssutil"; then
+ libdirs="$libdirs -lnssutil${major_version}"
+ fi
+ if test -n "$lib_smime"; then
+ libdirs="$libdirs -lsmime${major_version}"
+ fi
+ if test -n "$lib_ssl"; then
+ libdirs="$libdirs -lssl${major_version}"
+ fi
+ if test -n "$lib_softokn"; then
+ libdirs="$libdirs -lsoftokn${major_version}"
+ fi
+ echo $libdirs
+fi
+
--- a/nss/config/nss.pc.in 1970-01-01 01:00:00.000000000 +0100
+++ b/nss/config/nss.pc.in 2013-07-02 14:52:58.328084334 +0200
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: NSS
+Description: Network Security Services
+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
+Requires: nspr >= 4.8
+Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
+Cflags: -I${includedir}
+
--- a/nss/Makefile 2013-05-28 23:43:24.000000000 +0200
+++ b/nss/Makefile 2013-07-02 14:52:58.328084334 +0200
@@ -44,7 +44,7 @@
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-nss_build_all: build_nspr all
+nss_build_all: all
nss_clean_all: clobber_nspr clobber
--- a/nss/manifest.mn 2013-05-28 23:43:24.000000000 +0200
+++ b/nss/manifest.mn 2013-07-02 14:52:58.331417666 +0200
@@ -10,4 +10,4 @@
RELEASE = nss
-DIRS = coreconf lib cmd
+DIRS = coreconf lib cmd config

View File

@ -0,0 +1,15 @@
--- nss/coreconf/Linux.mk 2010-08-13 03:32:29.000000000 +0200
+++ nss/coreconf/Linux.mk-gil 2011-01-26 01:13:01.000000000 +0100
@@ -112,11 +112,7 @@
endif
ifdef BUILD_OPT
-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
- OPTIMIZER = -Os
-else
- OPTIMIZER = -O2
-endif
+ OPTIMIZER = $(OPT_FLAGS)
ifdef MOZ_DEBUG_SYMBOLS
ifdef MOZ_DEBUG_FLAGS
OPTIMIZER += $(MOZ_DEBUG_FLAGS)

View File

@ -0,0 +1,10 @@
--- nss-3.15.4/nss/lib/freebl/rsapkcs.c.orig 2014-02-18 14:09:04.195114868 +0100
+++ nss-3.15.4/nss/lib/freebl/rsapkcs.c 2014-02-18 14:09:13.416071147 +0100
@@ -32,6 +32,7 @@
RSA_BlockUnused = 0, /* unused */
RSA_BlockPrivate = 1, /* pad for a private-key operation */
RSA_BlockPublic = 2, /* pad for a public-key operation */
+ RSA_BlockOAEP = 3,
RSA_BlockRaw = 4, /* simply justify the block appropriately */
RSA_BlockTotal
} RSA_BlockType;

398
libnss.spec Normal file
View File

@ -0,0 +1,398 @@
%define srcver %(echo %version | tr . _)
#%define nspr_version %(rpm -q --queryformat '%{VERSION}' libnspr)
%define nspr_version %(%{_bindir}/nspr-config --version)
%define with_test 1
%define with_nsspem 1
Name: libnss
Version: 3.16.1
Release: 1mamba
Summary: Network Security Services
Group: System/Libraries
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.mozilla.org/projects/security/pki/nss/
Source0: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{srcver}_RTM/src/nss-%{version}.tar.gz
Source1: nss.pc.in
Source2: nss-config.in
Source3: blank-cert8.db
Source4: blank-key3.db
Source5: blank-secmod.db
Source6: blank-cert9.db
Source7: blank-key4.db
Source8: nss-pkcs11.txt
Source9: setup-nsssysinit.sh
# from fedora
# git clone https://git.fedorahosted.org/git/nss-pem.git
# tar cjf ../SOURCES/libnss-pem-20140218.tar.bz2 nss-pem/
%if %with_nsspem
Source10: libnss-pem-20140218.tar.bz2
%endif
Patch1: libnss-3.12.3-no-rpath.patch
Patch2: libnss-3.12.3-nolocalsql.patch
Patch3: libnss-3.12.9-renegotiate-transitional.patch
Patch4: libnss-3.12.9-enable-pem.patch
Patch5: libnss-3.12.9-nsspem-642433.patch
Patch6: libnss-3.12.3-enable-pem.patch
Patch7: libnss-3.12.3-stubs-bug502133.patch
Patch8: libnss-3.12.9-honor-user-trust-preferences.patch
Patch9: libnss-3.12.9-system-nspr.patch
Patch10: libnss-3.15.1-opt_flags.patch
Patch11: libnss-3.12.9-ipv6-type-connections-bug539183.patch
Patch12: libnss-3.15.4-add-missing-RSA_BlockOAEP.patch
Patch13: libnss-3.15.1-lfs-buildfixes.patch
License: GPL, MPL 1.1, LGPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libnspr-devel
BuildRequires: libsqlite-devel
BuildRequires: libz-devel
## AUTOBUILDREQ-END
BuildRequires: gawk
BuildRequires: perl
BuildRequires: pkgconfig
BuildRequires: psmisc
Obsoletes: libmozilla-nss
Provides: libmozilla-nss = %{?epoch:%epoch:}%{version}-%{release}
Obsoletes: libmozilla
Conflicts: libmozilla <= 1.7.13-1
Requires: %{name}-sysinit = %{?epoch:%epoch:}%{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
%package tools
Summary: Tools for the Network Security Services
Group: Applications/Security
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
%description tools
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
Install the nss-tools package if you need command-line tools to manipulate the NSS certificate and key database.
%package devel
Group: Development/Libraries
Summary: Static libraries and headers for %{name}
Obsoletes: libmozilla-nss-devel
Provides: libmozilla-nss-devel = %{?epoch:%epoch:}%{version}-%{release}
Conflicts: libmozilla-devel <= 1.7.13-1
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
%description devel
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
This package contains static libraries and header files need for development.
%package sysinit
Summary: System NSS Initilization
Group: System/Tools
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
Requires: coreutils
Requires: sed
%description sysinit
Default Operating System module that manages applications loading NSS globally on the system. This module loads the system defined PKCS #11 modules for NSS and chains with other NSS modules to load any system or user configured modules.
%prep
%setup -q -n nss-%{version}
#-D -T
#:<< __EOF
%patch3 -p3
%if %with_nsspem
tar -xf %{SOURCE10}
mv nss-pem/nss/lib/ckfw/pem/ nss/lib/ckfw/
%patch4 -p3
#%patch5 -p3
%endif
#%patch8 -p1
#%patch9 -p0
%patch10 -p0
#%patch11 -p0
#%patch12 -p1
%patch13 -p1
%build
#:<< __EOF
export BUILD_OPT=1
export XCFLAGS="%{optflags}"
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
export NSPR_INCLUDE_DIR
export NSPR_LIB_DIR
export NSS_USE_SYSTEM_SQLITE=1
export OPT_FLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
%ifarch x86_64 ia64
export USE_64=1
%endif
make -C ./nss/coreconf
make -C ./nss/lib/dbm
make -C ./nss CORE_DEPTH=`pwd`/nss
cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
-e "s,%%NSS_VERSION%%,%{version},g" > custom_nss.pc
NSS_VMAJOR=`cat mozilla/security/nss/lib/nss/nss.h | \
grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
NSS_VMINOR=`cat mozilla/security/nss/lib/nss/nss.h | \
grep "#define.*NSS_VMINOR" | awk '{print $3}'`
NSS_VPATCH=`cat mozilla/security/nss/lib/nss/nss.h | \
grep "#define.*NSS_VPATCH" | awk '{print $3}'`
cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
-e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
-e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
-e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" > custom_nss-config
cat %{SOURCE9} > setup-nsssysinit.sh
%if %with_test
export BUILD_OPT=1
export HOST="localhost"
export DOMSUF=" "
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
cd nss/tests
./all.sh
#TEST_FAILURES=`grep -c FAILED ../../../tests_results/security/localhost.1/output.log` || :
#if [ $TEST_FAILURES -ne 0 ]; then
# echo "error: test suite returned failure(s)"
# exit 1
#fi
%endif
%install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
install -D -m 644 custom_nss.pc %{buildroot}%{_libdir}/pkgconfig/nss.pc
install -D -m 755 custom_nss-config %{buildroot}%{_bindir}/nss-config
# copy all the binary libraries
for file in libfreebl3.so libnss3.so libnssckbi.so libsmime3.so libsoftokn3.so libssl3.so libnssutil3.so libnssdbm3.so libnsssysinit.so; do
install -m 755 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
done
%if %with_nsspem
install -m 755 dist/*.OBJ/lib/libnsspem.so %{buildroot}%{_libdir}
%endif
# copy alle the chk files
for file in libfreebl3.chk libsoftokn3.chk libnssdbm3.chk; do
install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
done
# install the empty NSS db files
# legacy db
install -d %{buildroot}%{_sysconfdir}/pki/nssdb
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pki/nssdb/cert8.db
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pki/nssdb/key3.db
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pki/nssdb/secmod.db
# shared db
install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pki/nssdb/cert9.db
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/nssdb/key4.db
install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pki/nssdb/pkcs11.txt
# copy the development libraries we want
for file in libcrmf.a libnssb.a libnssckfw.a; do
install -m 644 dist/*.OBJ/lib/$file %{buildroot}%{_libdir}
done
# copy the binaries we want
for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap; do
install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_bindir}
done
# copy unsupported tools
mkdir -p %{buildroot}%{_libexecdir}/nss
for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil tstclnt vfyserv vfychain; do
install -m 755 dist/*.OBJ/bin/$file %{buildroot}%{_libexecdir}/nss
done
# pkcs11 configuration script
mkdir -p %{buildroot}%{_sbindir}
install -pm 755 setup-nsssysinit.sh %{buildroot}%{_sbindir}/setup-nsssysinit.sh
# copy the include files
install -d %{buildroot}%{_includedir}/nss3
for file in dist/public/nss/*.h; do
install -m 644 $file %{buildroot}%{_includedir}/nss3
done
%clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%{_libdir}/libnss3.so
%{_libdir}/libssl3.so
%{_libdir}/libsmime3.so
%{_libdir}/libsoftokn3.so
%{_libdir}/libsoftokn3.chk
%{_libdir}/libnssckbi.so
%{_libdir}/libfreebl3.so
%{_libdir}/libfreebl3.chk
%{_libdir}/libnssutil3.so
%{_libdir}/libnssdbm3.so
%{_libdir}/libnssdbm3.chk
%if %with_nsspem
%{_libdir}/libnsspem.so
%endif
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %{_sysconfdir}/pki/nssdb/cert8.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/key3.db
%config(noreplace) %{_sysconfdir}/pki/nssdb/secmod.db
%post sysinit
/sbin/ldconfig
%{_sbindir}/setup-nsssysinit.sh on
%preun sysinit
if [ $1 = 0 ]; then
%{_sbindir}/setup-nsssysinit.sh off
fi
%postun sysinit -p /sbin/ldconfig
%files sysinit
%defattr(-,root,root)
%{_sbindir}/setup-nsssysinit.sh
%{_libdir}/libnsssysinit.so
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
%files tools
%defattr(-,root,root)
%{_bindir}/certutil
%{_bindir}/cmsutil
%{_bindir}/crlutil
%{_bindir}/modutil
%{_bindir}/pk12util
%{_bindir}/signtool
%{_bindir}/signver
%{_bindir}/ssltap
%dir %{_libexecdir}/nss
%{_libexecdir}/nss/*
%files devel
%defattr(-,root,root)
%{_bindir}/nss-config
%{_libdir}/libcrmf.a
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a
%{_libdir}/pkgconfig/nss.pc
%{_includedir}/nss3/
%changelog
* Sat May 10 2014 Automatic Build System <autodist@mambasoft.it> 3.16.1-1mamba
- automatic version update by autodist
* Wed Apr 09 2014 Automatic Build System <autodist@mambasoft.it> 3.16-1mamba
- automatic version update by autodist
* Sun Mar 30 2014 Automatic Build System <autodist@mambasoft.it> 3.15.5-1mamba
- automatic version update by autodist
* Tue Feb 18 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 3.15.4-1mamba
- update to 3.15.4
* Tue Dec 10 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3.1-1mamba
- automatic version update by autodist
* Thu Nov 14 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3-2mamba
- rebuilt after breaking and fixing rpm
* Wed Nov 13 2013 Automatic Build System <autodist@mambasoft.it> 3.15.3-1mamba
- automatic version update by autodist
* Mon Oct 07 2013 Automatic Build System <autodist@mambasoft.it> 3.15.2-1mamba
- automatic version update by autodist
* Fri Aug 30 2013 Automatic Build System <autodist@mambasoft.it> 3.15.1-1mamba
- automatic version update by autodist
* Sun Apr 07 2013 Automatic Build System <autodist@mambasoft.it> 3.14.3-1mamba
- automatic version update by autodist
* Fri Dec 28 2012 Automatic Build System <autodist@mambasoft.it> 3.14.1-1mamba
- automatic version update by autodist
* Sat Dec 01 2012 Automatic Build System <autodist@mambasoft.it> 3.14-1mamba
- automatic version update by autodist
* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 3.13.6-1mamba
- automatic version update by autodist
* Mon Mar 12 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.13.3-1mamba
- update to 3.13.3
* Fri Jan 06 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 3.13.1-1mamba
- update to 3.13.1
* Tue Aug 02 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12.10-1mamba
- update to 3.12.10
* Sat Apr 09 2011 Ercole 'ercolinux' Carpanetto <ercole69@gmail.com> 3.12.9-3mamba
- rebuilt with libsqlite 3.7.3-2
* Sun Mar 20 2011 gil <puntogil@libero.it> 3.12.9-2mamba
- ... add a changelog entry
* Tue Jan 25 2011 gil <puntogil@libero.it> 3.12.9-1mamba
- update to 3.12.9
* Mon Nov 29 2010 gil <puntogil@libero.it> 3.12.8-1mamba
- update to 3.12.8
* Tue Sep 14 2010 gil <puntogil@libero.it> 3.12.7-1mamba
- update to 3.12.7
* Thu Jul 22 2010 gil <puntogil@libero.it> 3.12.6-2mamba
- rebuil with libnspr 4.8.6; libsqlite 3.7.0
* Fri Apr 02 2010 gil <puntogil@libero.it> 3.12.6-1mamba
- update to 3.12.6
* Sat Dec 12 2009 gil <puntogil@libero.it> 3.12.4-1mamba
- update to 3.12.4
* Wed Jul 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12.3-1mamba
- update to 3.12.3
* Mon Jun 23 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 3.12-2mamba
- add patch to use system libsqlite
- development nss-config and nss.pc files updated for linking with libnssutil3
* Sat Jun 21 2008 gil <puntogil@libero.it> 3.12-1mamba
- update to 3.12
* Sat May 31 2008 gil <puntogil@libero.it> 3.11.9-1mamba
- update to 3.11.9
* Wed Jan 31 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 3.11.4-3qilnx
- obsolete libmozilla
* Wed Jan 24 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.11.4-2qilnx
- conflicts libmozilla
* Tue Jan 16 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.11.4-1qilnx
- package created by autospec

144
nss-config.in Normal file
View File

@ -0,0 +1,144 @@
#!/bin/sh
prefix=@prefix@
major_version=@MOD_MAJOR_VERSION@
minor_version=@MOD_MINOR_VERSION@
patch_version=@MOD_PATCH_VERSION@
usage()
{
cat <<EOF
Usage: nss-config [OPTIONS] [LIBRARIES]
Options:
[--prefix[=DIR]]
[--exec-prefix[=DIR]]
[--includedir[=DIR]]
[--libdir[=DIR]]
[--version]
[--libs]
[--cflags]
Dynamic Libraries:
nss
ssl
smime
EOF
exit $1
}
if test $# -eq 0; then
usage 1 1>&2
fi
lib_ssl=yes
lib_smime=yes
lib_nss=yes
lib_nssutil=yes
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
esac
case $1 in
--prefix=*)
prefix=$optarg
;;
--prefix)
echo_prefix=yes
;;
--exec-prefix=*)
exec_prefix=$optarg
;;
--exec-prefix)
echo_exec_prefix=yes
;;
--includedir=*)
includedir=$optarg
;;
--includedir)
echo_includedir=yes
;;
--libdir=*)
libdir=$optarg
;;
--libdir)
echo_libdir=yes
;;
--version)
echo ${major_version}.${minor_version}.${patch_version}
;;
--cflags)
echo_cflags=yes
;;
--libs)
echo_libs=yes
;;
ssl)
lib_ssl=yes
;;
smime)
lib_smime=yes
;;
nss)
lib_nss=yes
;;
nssutil)
lib_nssutil=yes
;;
*)
usage 1 1>&2
;;
esac
shift
done
# Set variables that may be dependent upon other variables
if test -z "$exec_prefix"; then
exec_prefix=`pkg-config --variable=exec_prefix nss`
fi
if test -z "$includedir"; then
includedir=`pkg-config --variable=includedir nss`
fi
if test -z "$libdir"; then
libdir=`pkg-config --variable=libdir nss`
fi
if test "$echo_prefix" = "yes"; then
echo $prefix
fi
if test "$echo_exec_prefix" = "yes"; then
echo $exec_prefix
fi
if test "$echo_includedir" = "yes"; then
echo $includedir
fi
if test "$echo_libdir" = "yes"; then
echo $libdir
fi
if test "$echo_cflags" = "yes"; then
echo -I$includedir
fi
if test "$echo_libs" = "yes"; then
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
if test -n "$lib_ssl"; then
libdirs="$libdirs -lssl${major_version}"
fi
if test -n "$lib_smime"; then
libdirs="$libdirs -lsmime${major_version}"
fi
if test -n "$lib_nss"; then
libdirs="$libdirs -lnss${major_version}"
fi
if test -n "$lib_nssutil"; then
libdirs="$libdirs -lnssutil${major_version}"
fi
echo $libdirs
fi

4
nss-pkcs11.txt Normal file
View File

@ -0,0 +1,4 @@
library=libnsssysinit.so
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

11
nss.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=%prefix%
exec_prefix=%exec_prefix%
libdir=%libdir%
includedir=%includedir%
Name: NSS
Description: Network Security Services
Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
Cflags: -I${includedir}

68
setup-nsssysinit.sh Normal file
View File

@ -0,0 +1,68 @@
#!/bin/sh
#
# Turns on or off the nss-sysinit module db by editing the
# global PKCS #11 congiguration file. Displays the status.
#
# This script can be invoked by the user as super user.
# It is invoked at nss-sysinit post install time with argument on.
#
usage()
{
cat <<EOF
Usage: setup-nsssysinit [on|off]
on - turns on nsssysinit
off - turns off nsssysinit
status - reports whether nsssysinit is turned on or off
EOF
exit $1
}
# validate
if [ $# -eq 0 ]; then
usage 1 1>&2
fi
# the system-wide configuration file
p11conf="/etc/pki/nssdb/pkcs11.txt"
# must exist, otherwise report it and exit with failure
if [ ! -f $p11conf ]; then
echo "Could not find ${p11conf}"
exit 1
fi
# check if nsssysinit is currently enabled or disabled
sysinit_enabled()
{
grep -q '^library=libnsssysinit' ${p11conf}
}
umask 022
case "$1" in
on | ON )
if sysinit_enabled; then
exit 0
fi
cat ${p11conf} | \
sed -e 's/^library=$/library=libnsssysinit.so/' \
-e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
${p11conf}.on
mv ${p11conf}.on ${p11conf}
;;
off | OFF )
if ! sysinit_enabled; then
exit 0
fi
cat ${p11conf} | \
sed -e 's/^library=libnsssysinit.so/library=/' \
-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
${p11conf}.off
mv ${p11conf}.off ${p11conf}
;;
status )
echo -n 'NSS sysinit is '
sysinit_enabled && echo 'enabled' || echo 'disabled'
;;
* )
usage 1 1>&2
;;
esac