diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..2c3d383
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "nss"]
+ path = nss
+ url = https://git.sailfishos.org/mirror/nss
diff --git a/nss b/nss
new file mode 160000
index 0000000..ffdd772
--- /dev/null
+++ b/nss
@@ -0,0 +1 @@
+Subproject commit ffdd7722592e0d0a5e6f15d06876b9c336f8acf2
diff --git a/nss-3.39.tar.gz b/nss-3.39.tar.gz
deleted file mode 100644
index e7ce4a8..0000000
Binary files a/nss-3.39.tar.gz and /dev/null differ
diff --git a/nss-pem-1.0.4.tar.xz b/nss-pem-1.0.4.tar.xz
deleted file mode 100644
index 644055a..0000000
Binary files a/nss-pem-1.0.4.tar.xz and /dev/null differ
diff --git a/nss-pem.cmake b/nss-pem.cmake
deleted file mode 100644
index e119c8f..0000000
--- a/nss-pem.cmake
+++ /dev/null
@@ -1,6 +0,0 @@
-# Add external nss header locations
-include_directories(../../dist/public/nss;../../dist/private/nss)
-# Find the external library path for linking
-execute_process(COMMAND find ${PROJECT_SOURCE_DIR}/../../dist -name libnssckfw.a OUTPUT_VARIABLE NSS_EXT_LIB_PATH)
-get_filename_component(NSS_LIB_PATH ${NSS_EXT_LIB_PATH} DIRECTORY)
-link_directories(${NSS_LIB_PATH})
diff --git a/add-relro-linker-option.patch b/rpm/add-relro-linker-option.patch
similarity index 100%
rename from add-relro-linker-option.patch
rename to rpm/add-relro-linker-option.patch
diff --git a/blank-cert8.db b/rpm/blank-cert8.db
similarity index 100%
rename from blank-cert8.db
rename to rpm/blank-cert8.db
diff --git a/blank-cert9.db b/rpm/blank-cert9.db
similarity index 100%
rename from blank-cert9.db
rename to rpm/blank-cert9.db
diff --git a/blank-key3.db b/rpm/blank-key3.db
similarity index 100%
rename from blank-key3.db
rename to rpm/blank-key3.db
diff --git a/blank-key4.db b/rpm/blank-key4.db
similarity index 100%
rename from blank-key4.db
rename to rpm/blank-key4.db
diff --git a/blank-secmod.db b/rpm/blank-secmod.db
similarity index 100%
rename from blank-secmod.db
rename to rpm/blank-secmod.db
diff --git a/rpm/cert8.db.xml b/rpm/cert8.db.xml
new file mode 100644
index 0000000..e82948d
--- /dev/null
+++ b/rpm/cert8.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ cert8.db
+ 5
+
+
+
+ cert8.db
+ Legacy NSS certificate database
+
+
+
+ Description
+ cert8.db is an NSS certificate database.
+ This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/cert8.db
+
+
+
+ See also
+ cert9.db(5), key4.db(5), pkcs11.txt(5),
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/rpm/cert9.db.xml b/rpm/cert9.db.xml
new file mode 100644
index 0000000..815d3f9
--- /dev/null
+++ b/rpm/cert9.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ cert9.db
+ 5
+
+
+
+ cert9.db
+ NSS certificate database
+
+
+
+ Description
+ cert9.db is an NSS certificate database.
+ This certificate database is the sqlite-based shared database with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/cert9.db
+
+
+
+ See also
+ pkcs11.txt(5)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/iquote.patch b/rpm/iquote.patch
similarity index 100%
rename from iquote.patch
rename to rpm/iquote.patch
diff --git a/rpm/key3.db.xml b/rpm/key3.db.xml
new file mode 100644
index 0000000..444d7aa
--- /dev/null
+++ b/rpm/key3.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ key3.db
+ 5
+
+
+
+ key3.db
+ Legacy NSS certificate database
+
+
+
+ Description
+ key3.db is an NSS certificate database.
+ This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/key3.db
+
+
+
+ See also
+ cert9.db(5), key4.db(5), pkcs11.txt(5),
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/rpm/key4.db.xml b/rpm/key4.db.xml
new file mode 100644
index 0000000..9b65f41
--- /dev/null
+++ b/rpm/key4.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ key4.db
+ 5
+
+
+
+ key4.db
+ NSS certificate database
+
+
+
+ Description
+ key4.db is an NSS key database.
+ This key database is the sqlite-based shared database format with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/key4.db
+
+
+
+ See also
+ pkcs11.txt(5)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/rpm/nss-3.47-ike-fix.patch b/rpm/nss-3.47-ike-fix.patch
new file mode 100644
index 0000000..2dc0b06
--- /dev/null
+++ b/rpm/nss-3.47-ike-fix.patch
@@ -0,0 +1,22 @@
+diff -up ./nss/lib/softoken/pkcs11.c.ike_fix ./nss/lib/softoken/pkcs11.c
+--- ./nss/lib/softoken/pkcs11.c.ike_fix 2019-11-04 10:15:08.022176945 -0800
++++ ./nss/lib/softoken/pkcs11.c 2019-11-04 10:17:35.396733750 -0800
+@@ -330,7 +330,7 @@ static const struct mechanismList mechan
+ { CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE },
+ { CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE },
+ { CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE },
+- { CKM_AES_XCBC_MAC_96, { 16, 16, CKF_SN_VR }, PR_TRUE },
++ { CKM_AES_XCBC_MAC_96, { 12, 12, CKF_SN_VR }, PR_TRUE },
+ { CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
+ /* ------------------------- Camellia Operations --------------------- */
+ { CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
+@@ -518,7 +518,8 @@ static const struct mechanismList mechan
+ /* --------------------IPSEC ----------------------- */
+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE },
+ { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
+- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }
++ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE },
++ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }
+ };
+ static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);
+
diff --git a/rpm/nss-3.49-neon-build-fixes.patch b/rpm/nss-3.49-neon-build-fixes.patch
new file mode 100644
index 0000000..88e173d
--- /dev/null
+++ b/rpm/nss-3.49-neon-build-fixes.patch
@@ -0,0 +1,159 @@
+# HG changeset patch
+# User Mike Hommey
+# Date 1578673372 -3600
+# Fri Jan 10 17:22:52 2020 +0100
+# Node ID 9c359d019d333282476ffeec3dab819cfdcf127e
+# Parent 4921046404f197526969a6b79f19c136469e69f8
+Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms.
+
+Summary:
+Despite the code having runtime detection of NEON and crypto extensions,
+the optimized code using those instructions is disabled at build time on
+platforms where the compiler doesn't enable NEON by default of with the
+flags it's given for the caller code.
+
+In the case of gcm, this goes as far as causing a build error.
+
+What is needed is for the optimized code to be enabled in every case,
+letting the caller code choose whether to use that code based on the
+existing runtime checks.
+
+But this can't be simply done either, because those optimized parts of
+the code need to be built with NEON enabled, unconditionally, but that
+is not compatible with platforms using the softfloat ABI. For those,
+we need to use the softfp ABI, which is compatible. However, the softfp
+ABI is not compatible with the hardfp ABI, so we also can't
+unconditionally use the softfp ABI, so we do so only when the compiler
+targets the softfloat ABI, which confusingly enough is advertized via
+the `__SOFTFP__` define.
+
+Reviewers: jcj!
+
+Bug #: 1608327
+
+Differential Revision: https://phabricator.services.mozilla.com/D59451
+
+diff --git ./nss/lib/freebl/Makefile ./nss/lib/freebl/Makefile
+--- ./nss/lib/freebl/Makefile
++++ ./nss/lib/freebl/Makefile
+@@ -781,8 +781,12 @@ ifdef INTEL_GCM_CLANG_CL
+ endif
+
+ ifeq ($(CPU_ARCH),arm)
+-$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8
+-$(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon
++# When the compiler uses the softfloat ABI, we want to use the compatible softfp ABI when
++# enabling NEON for these objects.
++# Confusingly, __SOFTFP__ is the name of the define for the softfloat ABI, not for the softfp ABI.
++USES_SOFTFLOAT_ABI := $(shell $(CC) -o - -E -dM - $(CFLAGS) < /dev/null | grep __SOFTFP__ > /dev/null && echo 1)
++$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
++$(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
+ endif
+ ifeq ($(CPU_ARCH),aarch64)
+ $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+diff --git ./nss/lib/freebl/aes-armv8.c ./nss/lib/freebl/aes-armv8.c
+--- ./nss/lib/freebl/aes-armv8.c
++++ ./nss/lib/freebl/aes-armv8.c
+@@ -8,7 +8,7 @@
+ #if ((defined(__clang__) || \
+ (defined(__GNUC__) && defined(__GNUC_MINOR__) && \
+ (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 8)))) && \
+- (defined(__ARM_NEON) || defined(__ARM_NEON__)))
++ defined(IS_LITTLE_ENDIAN))
+
+ #ifndef __ARM_FEATURE_CRYPTO
+ #error "Compiler option is invalid"
+diff --git ./nss/lib/freebl/freebl.gyp ./nss/lib/freebl/freebl.gyp
+--- ./nss/lib/freebl/freebl.gyp
++++ ./nss/lib/freebl/freebl.gyp
+@@ -126,10 +126,12 @@
+ '<(DEPTH)/exports.gyp:nss_exports'
+ ],
+ 'cflags': [
+- '-mfpu=neon'
++ '-mfpu=neon',
++ '<@(softfp_cflags)',
+ ],
+ 'cflags_mozilla': [
+- '-mfpu=neon'
++ '-mfpu=neon',
++ '<@(softfp_cflags)',
+ ]
+ },
+ {
+@@ -179,11 +181,13 @@
+ [ 'target_arch=="arm"', {
+ 'cflags': [
+ '-march=armv8-a',
+- '-mfpu=crypto-neon-fp-armv8'
++ '-mfpu=crypto-neon-fp-armv8',
++ '<@(softfp_cflags)',
+ ],
+ 'cflags_mozilla': [
+ '-march=armv8-a',
+- '-mfpu=crypto-neon-fp-armv8'
++ '-mfpu=crypto-neon-fp-armv8',
++ '<@(softfp_cflags)',
+ ],
+ }, 'target_arch=="arm64" or target_arch=="aarch64"', {
+ 'cflags': [
+@@ -533,6 +537,11 @@
+ }, {
+ 'have_int128_support%': 0,
+ }],
++ [ 'target_arch=="arm"', {
++ # When the compiler uses the softfloat ABI, we want to use the compatible softfp ABI when enabling NEON for these objects.
++ # Confusingly, __SOFTFP__ is the name of the define for the softfloat ABI, not for the softfp ABI.
++ 'softfp_cflags': ' /dev/null && echo -mfloat-abi=softfp || true)',
++ }],
+ ],
+ }
+ }
+diff --git ./nss/lib/freebl/gcm-arm32-neon.c ./nss/lib/freebl/gcm-arm32-neon.c
+--- ./nss/lib/freebl/gcm-arm32-neon.c
++++ ./nss/lib/freebl/gcm-arm32-neon.c
+@@ -11,7 +11,7 @@
+ #include "secerr.h"
+ #include "prtypes.h"
+
+-#if defined(__ARM_NEON__) || defined(__ARM_NEON)
++#if defined(IS_LITTLE_ENDIAN)
+
+ #include
+
+@@ -199,4 +199,4 @@ gcm_HashZeroX_hw(gcmHashContext *ghash)
+ return SECSuccess;
+ }
+
+-#endif /* __ARM_NEON__ || __ARM_NEON */
++#endif /* IS_LITTLE_ENDIAN */
+diff --git ./nss/lib/freebl/gcm.c ./nss/lib/freebl/gcm.c
+--- ./nss/lib/freebl/gcm.c
++++ ./nss/lib/freebl/gcm.c
+@@ -21,11 +21,8 @@
+ #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \
+ (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6)
+ #define USE_ARM_GCM
+-#elif defined(__arm__) && defined(IS_LITTLE_ENDIAN) && \
+- (defined(__ARM_NEON__) || defined(__ARM_NEON))
+-/* We don't test on big endian platform, so disable this on big endian.
+- * Also, we don't check whether compiler support NEON well, so this uses
+- * that compiler uses -mfpu=neon only. */
++#elif defined(__arm__) && defined(IS_LITTLE_ENDIAN)
++/* We don't test on big endian platform, so disable this on big endian. */
+ #define USE_ARM_GCM
+ #endif
+
+diff --git ./nss/lib/freebl/rijndael.c ./nss/lib/freebl/rijndael.c
+--- ./nss/lib/freebl/rijndael.c
++++ ./nss/lib/freebl/rijndael.c
+@@ -20,8 +20,7 @@
+ #include "gcm.h"
+ #include "mpi.h"
+
+-#if (!defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64)) || \
+- (defined(__arm__) && !defined(__ARM_NEON) && !defined(__ARM_NEON__))
++#if !defined(IS_LITTLE_ENDIAN) && !defined(NSS_X86_OR_X64)
+ // not test yet on big endian platform of arm
+ #undef USE_HW_AES
+ #endif
diff --git a/nss-539183.patch b/rpm/nss-539183.patch
similarity index 100%
rename from nss-539183.patch
rename to rpm/nss-539183.patch
diff --git a/nss-config.in b/rpm/nss-config.in
similarity index 100%
rename from nss-config.in
rename to rpm/nss-config.in
diff --git a/rpm/nss-config.xml b/rpm/nss-config.xml
new file mode 100644
index 0000000..f9518c9
--- /dev/null
+++ b/rpm/nss-config.xml
@@ -0,0 +1,132 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ nss-config
+ 1
+
+
+
+ nss-config
+ Return meta information about nss libraries
+
+
+
+
+ nss-config
+
+
+
+
+
+
+
+
+
+
+
+ Description
+
+ nss-config is a shell scrip
+ tool which can be used to obtain gcc options for building client pacakges of nspt.
+
+
+
+
+ Options
+
+
+
+
+ Returns the top level system directory under which the nss libraries are installed.
+
+
+
+
+ returns the top level system directory under which any nss binaries would be installed.
+
+
+
+ count
+ returns the path to the directory were the nss libraries are installed.
+
+
+
+
+ returns the upstream version of nss in the form major_version-minor_version-patch_version.
+
+
+
+
+ returns the compiler linking flags.
+
+
+
+
+ returns the compiler include flags.
+
+
+
+
+ returns the path to the directory were the nss libraries are installed.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for both include path and linkage flags:
+
+
+ /usr/bin/nss-config --cflags --libs
+
+
+
+
+
+
+
+
+ Files
+
+ /usr/bin/nss-config
+
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/nss-nolocalsql.patch b/rpm/nss-nolocalsql.patch
similarity index 100%
rename from nss-nolocalsql.patch
rename to rpm/nss-nolocalsql.patch
diff --git a/rpm/nss-p11-kit.config b/rpm/nss-p11-kit.config
new file mode 100644
index 0000000..0ebf073
--- /dev/null
+++ b/rpm/nss-p11-kit.config
@@ -0,0 +1,4 @@
+name=p11-kit-proxy
+library=p11-kit-proxy.so
+
+
diff --git a/nss-prelink.conf b/rpm/nss-prelink.conf
similarity index 100%
rename from nss-prelink.conf
rename to rpm/nss-prelink.conf
diff --git a/nss-skip-bltest-and-fipstest.patch b/rpm/nss-skip-bltest-and-fipstest.patch
similarity index 100%
rename from nss-skip-bltest-and-fipstest.patch
rename to rpm/nss-skip-bltest-and-fipstest.patch
diff --git a/nss-skip-util-gtest.patch b/rpm/nss-skip-util-gtest.patch
similarity index 100%
rename from nss-skip-util-gtest.patch
rename to rpm/nss-skip-util-gtest.patch
diff --git a/rpm/nss-softokn-config.in b/rpm/nss-softokn-config.in
new file mode 100644
index 0000000..c7abe29
--- /dev/null
+++ b/rpm/nss-softokn-config.in
@@ -0,0 +1,116 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+ cat <&2
+fi
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
+fi
+if test -z "$includedir"; then
+ includedir=`pkg-config --variable=includedir nss-softokn`
+fi
+if test -z "$libdir"; then
+ libdir=`pkg-config --variable=libdir nss-softokn`
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+ echo $libdirs
+fi
+
diff --git a/rpm/nss-softokn-dracut-module-setup.sh b/rpm/nss-softokn-dracut-module-setup.sh
new file mode 100644
index 0000000..010ec18
--- /dev/null
+++ b/rpm/nss-softokn-dracut-module-setup.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+check() {
+ return 255
+}
+
+depends() {
+ return 0
+}
+
+install() {
+ local _dir
+
+ inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
+ libfreebl3.so
+}
diff --git a/rpm/nss-softokn-dracut.conf b/rpm/nss-softokn-dracut.conf
new file mode 100644
index 0000000..2d9232e
--- /dev/null
+++ b/rpm/nss-softokn-dracut.conf
@@ -0,0 +1,3 @@
+# turn on nss-softokn module
+
+add_dracutmodules+=" nss-softokn "
diff --git a/nss-softokn.pc.in b/rpm/nss-softokn.pc.in
similarity index 100%
rename from nss-softokn.pc.in
rename to rpm/nss-softokn.pc.in
diff --git a/nss-sysinit-userdb-first.patch b/rpm/nss-sysinit-userdb-first.patch
similarity index 100%
rename from nss-sysinit-userdb-first.patch
rename to rpm/nss-sysinit-userdb-first.patch
diff --git a/rpm/nss-util-config.in b/rpm/nss-util-config.in
new file mode 100644
index 0000000..532abbe
--- /dev/null
+++ b/rpm/nss-util-config.in
@@ -0,0 +1,118 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+ cat <&2
+fi
+
+lib_nssutil=yes
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=`pkg-config --variable=exec_prefix nss-util`
+fi
+if test -z "$includedir"; then
+ includedir=`pkg-config --variable=includedir nss-util`
+fi
+if test -z "$libdir"; then
+ libdir=`pkg-config --variable=libdir nss-util`
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+ if test -n "$lib_nssutil"; then
+ libdirs="$libdirs -lnssutil${major_version}"
+ fi
+ echo $libdirs
+fi
+
diff --git a/nss-util.pc.in b/rpm/nss-util.pc.in
similarity index 100%
rename from nss-util.pc.in
rename to rpm/nss-util.pc.in
diff --git a/nss.changes b/rpm/nss.changes
similarity index 100%
rename from nss.changes
rename to rpm/nss.changes
diff --git a/nss.pc.in b/rpm/nss.pc.in
similarity index 100%
rename from nss.pc.in
rename to rpm/nss.pc.in
diff --git a/nss.spec b/rpm/nss.spec
similarity index 59%
rename from nss.spec
rename to rpm/nss.spec
index b582a89..3b28ca8 100644
--- a/nss.spec
+++ b/rpm/nss.spec
@@ -1,27 +1,42 @@
-%global nspr_version 4.20
-%global nss_util_version 3.39
-%global nss_softokn_version 3.39
-%global nss_version 3.39
+%global nspr_version 4.24
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
-%global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv"
%global saved_files_dir %{_libdir}/nss/saved
+%global dracutlibdir %{_prefix}/lib/dracut
+%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/
+%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d
-# The upstream omits the trailing ".0", while we need it for
-# consistency with the pkg-config version:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1578106
-%{lua:
-rpm.define(string.format("nss_archive_version %s",
- string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1")))
-}
+%bcond_without tests
+
+# Produce .chk files for the final stripped binaries
+#
+# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
+# against the freebl that we just built. This is necessary
+# because the signing algorithm changed on 3.14 to DSA2 with SHA256
+# whereas we previously signed with DSA and SHA1. We must Keep this line
+# until all mock platforms have been updated.
+# After %%{__os_install_post} we would add
+# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir}
+
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
+%{nil}
Summary: Network Security Services
Name: nss
-Version: %{nss_version}
-Release: 9%{?dist}
+Version: 3.49
+Release: 1
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
-Group: System Environment/Libraries
Requires: nspr >= %{nspr_version}
+Requires: nss-util >= %{version}
+Requires: nss-softokn%{_isa} >= %{version}
Requires: nss-system-init
Requires: p11-kit-trust
BuildRequires: nspr-devel >= %{nspr_version}
@@ -31,29 +46,42 @@ BuildRequires: pkgconfig
BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
-BuildRequires: gcc-c++
BuildRequires: cmake
-Source0: %{name}-%{nss_archive_version}.tar.gz
-Source1: nss.pc.in
-Source2: nss-config.in
-Source3: blank-cert8.db
-Source4: blank-key3.db
-Source5: blank-secmod.db
-Source6: blank-cert9.db
-Source7: blank-key4.db
-Source8: system-pkcs11.txt
-Source9: setup-nsssysinit.sh
-Source10: nss-softokn.pc.in
-Source12: nss-util.pc.in
-Source14: nss-pem-1.0.4.tar.xz
-Source15: nss-pem.cmake
-Source16: nss-prelink.conf
+Source0: %{name}-%{version}.tar.gz
+Source1: nss-util.pc.in
+Source2: nss-util-config.in
+Source3: nss-softokn.pc.in
+Source4: nss-softokn-config.in
+Source6: nss-softokn-dracut-module-setup.sh
+Source7: nss-softokn-dracut.conf
+Source8: nss.pc.in
+Source9: nss-config.in
+Source10: blank-cert8.db
+Source11: blank-key3.db
+Source12: blank-secmod.db
+Source13: blank-cert9.db
+Source14: blank-key4.db
+Source15: system-pkcs11.txt
+Source16: setup-nsssysinit.sh
+Source20: nss-config.xml
+Source21: setup-nsssysinit.xml
+Source22: pkcs11.txt.xml
+Source23: cert8.db.xml
+Source24: cert9.db.xml
+Source25: key3.db.xml
+Source26: key4.db.xml
+Source27: secmod.db.xml
+Source28: nss-p11-kit.config
Patch1: nss-nolocalsql.patch
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch
Patch8: nss-sysinit-userdb-first.patch
+# add missing ike mechanism to softoken
+Patch10: nss-3.47-ike-fix.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1608327
+Patch11: nss-3.49-neon-build-fixes.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch16: nss-539183.patch
# TODO remove when we switch to building nss without softoken
@@ -71,8 +99,8 @@ Patch49: nss-skip-bltest-and-fipstest.patch
# but it doesn't hurt to keep it.
Patch50: iquote.patch
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
-Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
-Patch62: nss-skip-util-gtest.patch
+Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
+Patch62: nss-skip-util-gtest.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -83,7 +111,6 @@ v3 certificates, and other security standards.
%package tools
Summary: Tools for the Network Security Services
-Group: System Environment/Base
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tools
@@ -98,7 +125,6 @@ manipulate the NSS certificate and key database.
%package sysinit
Summary: System NSS Initialization
-Group: System Environment/Base
# providing nss-system-init without version so that it can
# be replaced by a better one, e.g. supplied by the os vendor
Provides: nss-system-init
@@ -113,7 +139,6 @@ any system or user configured modules.
%package devel
Summary: Development libraries for Network Security Services
-Group: Development/Libraries
Provides: nss-static = %{version}-%{release}
Requires: nss = %{version}-%{release}
Requires: nspr-devel >= %{nspr_version}
@@ -122,67 +147,96 @@ Requires: pkgconfig
%description devel
Header and Library files for doing development with Network Security Services.
-
%package pkcs11-devel
-Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
-Group: Development/Libraries
+Summary: Development libraries for PKCS 11 (Cryptoki) using NSS
Provides: nss-pkcs11-devel-static = %{version}-%{release}
Requires: nss-devel = %{version}-%{release}
-Requires: nss-softokn-freebl-devel >= %{nss_softokn_version}
+Requires: nss-softokn-freebl-devel >= %{version}
%description pkcs11-devel
Library files for developing PKCS #11 modules using basic NSS
low level services.
+%package util
+Summary: Network Security Services Utilities Library
+Requires: nspr >= %{nspr_version}
+
+%description util
+Utilities for Network Security Services and the Softoken module
+
+%package util-devel
+Summary: Development libraries for Network Security Services Utilities
+Requires: nss-util%{?_isa} = %{version}-%{release}
+Requires: nspr-devel >= %{nspr_version}
+Requires: pkgconfig
+
+%description util-devel
+Header and library files for doing development with Network Security Services.
+
+%package softokn
+Summary: Network Security Services Softoken Module
+Requires: nspr >= %{nspr_version}
+Requires: nss-util >= %{version}-%{release}
+Requires: nss-softokn-freebl%{_isa} >= %{version}-%{release}
+
+%description softokn
+Network Security Services Softoken Cryptographic Module. Softoken is an NSS
+module that exposes most FreeBL functionality as a PKCS#11 module.
+
%package softokn-freebl
-Summary: Network Security Services Softoken and Freebl Cryptographic Modules
-Group: System Environment/Base
-BuildRequires: nss-devel
+Summary: Freebl library for the Network Security Services
+# For PR_GetEnvSecure() from nspr >= 4.12
Requires: nspr >= 4.12
-Requires: nss >= 3.33
+# For NSS_SecureMemcmpZero() from nss-util >= 3.33
+Requires: nss-util >= 3.33
+Conflicts: nss < 3.12.2.99.3-5
+Conflicts: filesystem < 3
%description softokn-freebl
-Network Security Services Softoken and Freebl Cryptographic Modules
+FreeBL Cryptographic Module, a base library providing hash functions,
+big number calculations, and cryptographic algorithms.
%package softokn-freebl-devel
Summary: Development files for Softoken Freebl libraries for NSS
-Group: System Environment/Base
Provides: nss-softokn-freebl-static = %{version}-%{release}
Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release}
%description softokn-freebl-devel
-NSS Softoken Cryptographic Module Freebl Library Development Tools
+NSS Softoken Cryptographic Module FreeBL Library Development Tools
This package supports special needs of some PKCS #11 module developers and
is otherwise considered private to NSS. As such, the programming interfaces
may change and the usual NSS binary compatibility commitments do not apply.
Developers should rely only on the officially supported NSS public API.
-
-%package pem
-Summary: PEM file reader for Network Security Services
-Group: System Environment/Libraries
-Requires: nspr >= %{nspr_version}
-
-%description pem
-PEM file reader for Network Security Services (NSS), implemented as a PKCS#11 module.
+
+%package softokn-devel
+Summary: Development libraries for Network Security Services
+Requires: nss-softokn%{?_isa} = %{version}-%{release}
+Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release}
+Requires: nspr-devel >= %{nspr_version}
+Requires: nss-util-devel >= %{version}-%{release}
+Requires: pkgconfig
+BuildRequires: nspr-devel >= %{nspr_version}
+
+%description softokn-devel
+Header and library files for doing development with Network Security Services.
%prep
-%setup -q -n %{name}-%{nss_archive_version}
-%setup -q -T -D -n %{name}-%{nss_archive_version} -a 14
-
-%patch1 -p0 -b .nolocalsql
-%patch2 -p0 -b .relro
-%patch3 -p0 -b .transitional
-%patch8 -p0 -b .userdbfirst
-%patch16 -p0 -b .539183
-%patch49 -p0 -b .skipthem
-%patch50 -p0 -b .iquote
-%patch58 -p0 -b .1185708_3des
-pushd nss
+%setup -q -n %{name}-%{version}/%{name}
+
+%patch1 -p1 -b .nolocalsql
+%patch2 -p1 -b .relro
+%patch3 -p1 -b .transitional
+%patch8 -p2 -b .sysinit_userdb
+%patch10 -p2 -b .ike_fix
+%patch11 -p2 -b .neon_build
+%patch16 -p2 -b .539183
+%patch49 -p2 -b .skip_bltest
+%patch50 -p1 -b .iquote
+%patch58 -p2 -b .1185708_3des
%patch62 -p1 -b .skip_util_gtest
-popd
-%build
+%build
FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND
@@ -246,8 +300,8 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1
##### phase 2: build the rest of nss
export NSS_BLTEST_NOT_AVAILABLE=1
-%{__make} -C ./nss/coreconf
-%{__make} -C ./nss/lib/dbm
+%{__make} -C coreconf
+%{__make} -C lib/dbm
# Set the policy file location
# if set NSS will always check for the policy file and load if it exists
@@ -255,104 +309,117 @@ export POLICY_FILE="nss.config"
# location of the policy file
export POLICY_PATH="/etc/crypto-policies/back-ends"
-%{__make} -C ./nss
+%{__make}
# This will copy to dist dir and sign libraries
-%{__make} -C ./nss install
+%{__make} install
+
unset NSS_BLTEST_NOT_AVAILABLE
+# Disable man pages, since make dont find xmlto command.
# build the man pages clean
-pushd ./nss
-%{__make} clean_docs build_docs
-popd
+#pushd ./nss
+#{__make} clean_docs build_docs
+#popd
# and copy them to the dist directory for %%install to find them
-%{__mkdir_p} ./dist/docs/nroff
-%{__cp} ./nss/doc/nroff/* ./dist/docs/nroff
-
-# Set up our package file
-# The nspr_version and nss_{util|softokn}_version globals used
-# here match the ones nss has for its Requires.
-# Using the current %%{nss_softokn_version} for fedora again
-%{__mkdir_p} ./dist/pkgconfig
-%{__cat} %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
+#mkdir -p ./dist/docs/nroff
+#cp ./nss/doc/nroff/* ./dist/docs/nroff
+
+# Set up our package files
+mkdir -p ../dist/pkgconfig
+
+cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
- -e "s,%%NSS_VERSION%%,%{version},g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
- -e "s,%%SOFTOKEN_VERSION%%,%{nss_softokn_version},g" > \
- ./dist/pkgconfig/nss.pc
-
-NSS_VMAJOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
-NSS_VMINOR=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
-NSS_VPATCH=`cat nss/lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
-
-export NSS_VMAJOR
-export NSS_VMINOR
-export NSS_VPATCH
+ -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
+ ../dist/pkgconfig/nss-util.pc
+
+NSSUTIL_VMAJOR=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
+NSSUTIL_VMINOR=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
+NSSUTIL_VPATCH=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
-%{__cat} %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
+export NSSUTIL_VMAJOR
+export NSSUTIL_VMINOR
+export NSSUTIL_VPATCH
+
+cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \
-e "s,@prefix@,%{_prefix},g" \
-e "s,@exec_prefix@,%{_prefix},g" \
-e "s,@includedir@,%{_includedir}/nss3,g" \
- -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
- -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
- -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
- > ./dist/pkgconfig/nss-config
-
-# Set up our package file
-# The nspr_version and nss_util_version globals used here
-# must match the ones nss-softokn has for its Requires.
-%{__mkdir_p} ./dist/pkgconfig
-%{__cat} %{SOURCE10} | sed -e "s,%%libdir%%,%{_libdir},g" \
+ -e "s,@MOD_MAJOR_VERSION@,$NSSUTIL_VMAJOR,g" \
+ -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \
+ -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \
+ > ../dist/pkgconfig/nss-util-config
+
+chmod 755 ../dist/pkgconfig/nss-util-config
+
+cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \
+ -e "s,%%NSSUTIL_VERSION%%,%{version},g" \
-e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
- ./dist/pkgconfig/nss-softokn.pc
-
-SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
-SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
-SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
+ ../dist/pkgconfig/nss-softokn.pc
+
+SOFTOKEN_VMAJOR=`cat lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'`
+SOFTOKEN_VMINOR=`cat lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
+SOFTOKEN_VPATCH=`cat lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
export SOFTOKEN_VMAJOR
export SOFTOKEN_VMINOR
-export SOFTOKEN_VPATCH
-
-%{__cat} %{SOURCE12} | sed -e "s,%%libdir%%,%{_libdir},g" \
+export SOFTOKEN_VPATCH
+
+cat %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \
+ -e "s,@prefix@,%{_prefix},g" \
+ -e "s,@exec_prefix@,%{_prefix},g" \
+ -e "s,@includedir@,%{_includedir}/nss3,g" \
+ -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \
+ -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \
+ -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \
+ > ../dist/pkgconfig/nss-softokn-config
+
+chmod 755 ../dist/pkgconfig/nss-softokn-config
+
+cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \
-e "s,%%prefix%%,%{_prefix},g" \
-e "s,%%exec_prefix%%,%{_prefix},g" \
-e "s,%%includedir%%,%{_includedir}/nss3,g" \
+ -e "s,%%NSS_VERSION%%,%{version},g" \
-e "s,%%NSPR_VERSION%%,%{nspr_version},g" \
- -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \
- ./dist/pkgconfig/nss-util.pc
-
-NSSUTIL_VMAJOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'`
-NSSUTIL_VMINOR=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'`
-NSSUTIL_VPATCH=`cat nss/lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'`
+ -e "s,%%NSSUTIL_VERSION%%,%{version},g" \
+ -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \
+ ../dist/pkgconfig/nss.pc
+
+NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'`
+NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'`
+NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'`
-export NSSUTIL_VMAJOR
-export NSSUTIL_VMINOR
-export NSSUTIL_VPATCH
+export NSS_VMAJOR
+export NSS_VMINOR
+export NSS_VPATCH
+
+cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \
+ -e "s,@prefix@,%{_prefix},g" \
+ -e "s,@exec_prefix@,%{_prefix},g" \
+ -e "s,@includedir@,%{_includedir}/nss3,g" \
+ -e "s,@MOD_MAJOR_VERSION@,$NSS_VMAJOR,g" \
+ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \
+ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \
+ > ../dist/pkgconfig/nss-config
+
+chmod 755 ../dist/pkgconfig/nss-config
-%{__cat} %{SOURCE9} > ./dist/pkgconfig/setup-nsssysinit.sh
-chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
+cat %{SOURCE16} > ../dist/pkgconfig/setup-nsssysinit.sh
+chmod 755 ../dist/pkgconfig/setup-nsssysinit.sh
-%{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/
+cp lib/ckfw/nssck.api ../dist/private/nss/
date +"%e %B %Y" | tr -d '\n' > date.xml
echo -n %{version} > version.xml
-# PEM plugin
-%{__mkdir_p} nss-pem-1.0.4/build
-cp %{SOURCE15} nss-pem-1.0.4/build/
-cd nss-pem-1.0.4/build
-PKG_CONFIG_PATH=$PWD/../../dist/pkgconfig cmake -DCMAKE_PROJECT_libnsspem_INCLUDE=%{SOURCE15} ../src
-make
-
%check
if [ ${DISABLETEST:-0} -eq 1 ]; then
echo "testing disabled"
@@ -398,21 +465,21 @@ export NSS_IGNORE_SYSTEM_POLICY=1
# Using xargs doesn't mix well with spaces in filenames, in order to
# avoid weird quoting we'll require that no spaces are being used.
-SPACEISBAD=`find ./nss/tests | grep -c ' '` ||:
+SPACEISBAD=`find tests | grep -c ' '` ||:
if [ $SPACEISBAD -ne 0 ]; then
echo "error: filenames containing space are not supported (xargs)"
exit 1
fi
MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||:
RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||:
-DISTBINDIR=`ls -d ./dist/*.OBJ/bin`; echo $DISTBINDIR ||:
+DISTBINDIR=`ls -d ../dist/*.OBJ/bin`; echo $DISTBINDIR ||:
pushd `pwd`
cd $DISTBINDIR
ln -s selfserv $RANDSERV
popd
# man perlrun, man perlrequick
# replace word-occurrences of selfserv with selfserv_$MYRAND
-find ./nss/tests -type f |\
+find tests -type f |\
grep -v "\.db$" |grep -v "\.crl$" | grep -v "\.crt$" |\
grep -vw CVS |xargs grep -lw selfserv |\
xargs -L 1 perl -pi -e "s/\bselfserv\b/$RANDSERV/g" ||:
@@ -420,7 +487,7 @@ find ./nss/tests -type f |\
killall $RANDSERV || :
rm -rf ./tests_results
-pushd ./nss/tests/
+pushd tests/
# all.sh is the test suite script
# don't need to run all the tests when testing packaging
@@ -443,7 +510,6 @@ if [ "x$SKIP_NSS_TEST_SUITE" == "x" ]; then
else
echo "skipped test suite"
fi
-
popd
# Normally, the grep exit status is 0 if selected lines are found and 1 otherwise,
@@ -482,7 +548,6 @@ fi
echo "test suite completed"
%install
-
%{__rm} -rf $RPM_BUILD_ROOT
# There is no make install target so we'll do it ourselves.
@@ -494,92 +559,100 @@ echo "test suite completed"
%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_modules_dir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_conf_dir}
+%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
# because of the pp.1 conflict with perl-PAR-Packer
%{__mkdir_p} $RPM_BUILD_ROOT%{_datadir}/doc/nss-tools
+install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh
+install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf
+
# Copy the binary libraries we want
for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so libsoftokn3.so libsoftokn3.chk libnssdbm3.so libnssdbm3.chk libfreebl3.so libfreebl3.chk libfreeblpriv3.so libfreeblpriv3.chk libnssutil3.so
do
- %{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+ %{__install} -p -m 755 ../dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
# Install the empty NSS db files
# Legacy db
%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
-%{__install} -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
-%{__install} -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
-%{__install} -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
+%{__install} -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
+%{__install} -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
+%{__install} -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
# Shared db
-%{__install} -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
-%{__install} -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
-%{__install} -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
+%{__install} -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
+%{__install} -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
+%{__install} -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/pkcs11.txt
# prelink
-%{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d
-%{__install} -m 644 %{SOURCE16} $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/nss-prelink.conf
+#{__mkdir_p} $RPM_BUILD_ROOT/#{_sysconfdir}/prelink.conf.d
+#{__install} -m 644 #{SOURCE14} $RPM_BUILD_ROOT/#{_sysconfdir}/prelink.conf.d/nss-prelink.conf
# Copy the development libraries we want
for file in libcrmf.a libnssb.a libnssckfw.a
do
- %{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+ %{__install} -p -m 644 ../dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
# Copy the binaries we want
for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap
do
- %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
+ %{__install} -p -m 755 ../dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir}
done
# Copy the binaries we ship as unsupported
for file in atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain bltest ecperf fbectest fipstest shlibsign
do
- %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
+ %{__install} -p -m 755 ../dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
done
# Copy the include files we want
-for file in dist/public/nss/*.h
+for file in ../dist/public/nss/*.h
do
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
# Copy some freebl include files we also want
-for file in blapi.h alghmac.h
+for file in blapi.h alghmac.h cmac.h
do
- %{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
+ %{__install} -p -m 644 ../dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3
done
# Copy the static freebl library
for file in libfreebl.a
do
-%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
+%{__install} -p -m 644 ../dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
# Copy the template files we want
-for file in dist/private/nss/nssck.api
+for file in ../dist/private/nss/nssck.api
do
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
done
-for file in dist/private/nss/templates.c
+for file in ../dist/private/nss/templates.c ../dist/private/nss/nssck.api
do
%{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3/templates
done
# Copy the package configuration files
-%{__install} -p -m 644 ./dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
-%{__install} -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
-%{__install} -p -m 644 ./dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
-%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
-
-# pem
-%{__install} -m 755 ./nss-pem-1.0.4/build/libnsspem.so $RPM_BUILD_ROOT/%{_libdir}
-%{__install} -m 644 ./nss-pem-1.0.4/src/nsspem.h $RPM_BUILD_ROOT/%{_includedir}/nss3
+%{__install} -p -m 644 ../dist/pkgconfig/nss.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss.pc
+%{__install} -p -m 644 ../dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
+%{__install} -p -m 755 ../dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
+%{__install} -p -m 644 ../dist/pkgconfig/nss-util.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-util.pc
+%{__install} -p -m 755 ../dist/pkgconfig/nss-util-config $RPM_BUILD_ROOT/%{_bindir}/nss-util-config
+%{__install} -p -m 755 ../dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
# Copy the pkcs #11 configuration script
-%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
+%{__install} -p -m 755 ../dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
# install a symbolic link to it, without the ".sh" suffix,
# that matches the man page documentation
ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
+# Copy the crypto-policies configuration file
+
+%{__install} -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
+
%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
# from previous versions of nss.spec
@@ -587,20 +660,17 @@ ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
%ldconfig_scriptlets
+%post
+update-crypto-policies &> /dev/null || :
+
+%postun
+update-crypto-policies &> /dev/null || :
+
%files
-%license nss/COPYING
+%license ../nss/COPYING
%{_libdir}/libnss3.so
%{_libdir}/libssl3.so
%{_libdir}/libsmime3.so
-%{_libdir}/libnssutil3.so
-%{_libdir}/libsoftokn3.so
-%{_libdir}/libsoftokn3.chk
-%{_libdir}/libnssdbm3.so
-%{_libdir}/libnssdbm3.chk
-%{_libdir}/libfreebl3.so
-%{_libdir}/libfreebl3.chk
-%{_libdir}/libfreeblpriv3.so
-%{_libdir}/libfreeblpriv3.chk
%dir %{_sysconfdir}/pki/nssdb
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
@@ -608,32 +678,12 @@ ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
-%dir %{_sysconfdir}/prelink.conf.d
-%config %{_sysconfdir}/prelink.conf.d/nss-prelink.conf
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
+#dir #{_sysconfdir}/prelink.conf.d
+#config #{_sysconfdir}/prelink.conf.d/nss-prelink.conf
%dir %{unsupported_tools_directory}
%{unsupported_tools_directory}/shlibsign
-%files softokn-freebl
-%license nss/COPYING
-%dir %{_libdir}/nss
-%dir %{saved_files_dir}
-%dir %{unsupported_tools_directory}
-%{unsupported_tools_directory}/bltest
-%{unsupported_tools_directory}/ecperf
-%{unsupported_tools_directory}/fbectest
-%{unsupported_tools_directory}/fipstest
-
-%files softokn-freebl-devel
-%dir %{_includedir}/nss3
-%{_libdir}/libfreebl.a
-%{_libdir}/pkgconfig/nss-softokn.pc
-%{_includedir}/nss3/blapi.h
-%{_includedir}/nss3/alghmac.h
-%{_includedir}/nss3/lowkeyi.h
-%{_includedir}/nss3/lowkeyti.h
-%{_includedir}/nss3/nsslowhash.h
-%{_includedir}/nss3/shsign.h
-
%files sysinit
%{_libdir}/libnsssysinit.so
%{_bindir}/setup-nsssysinit.sh
@@ -666,6 +716,7 @@ ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
%files devel
%{_libdir}/libcrmf.a
%{_libdir}/pkgconfig/nss.pc
+%{_bindir}/nss-config
%dir %{_includedir}/nss3
%{_includedir}/nss3/cert.h
%{_includedir}/nss3/certdb.h
@@ -755,7 +806,6 @@ ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
%{_includedir}/nss3/utilparst.h
%{_includedir}/nss3/utilrename.h
%{_includedir}/nss3/templates/templates.c
-%{_bindir}/nss-config
%files pkcs11-devel
%{_includedir}/nss3/nssbase.h
@@ -772,6 +822,108 @@ ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
%{_libdir}/libnssb.a
%{_libdir}/libnssckfw.a
-%files pem
-%{_libdir}/libnsspem.so
-%{_includedir}/nss3/nsspem.h
+%files util
+%{!?_licensedir:%global license %%doc}
+%license ../nss/COPYING
+%{_libdir}/libnssutil3.so
+
+%files util-devel
+# package configuration files
+%{_libdir}/pkgconfig/nss-util.pc
+%{_bindir}/nss-util-config
+# co-owned with nss
+%dir %{_includedir}/nss3
+# these are marked as public export in nss/lib/util/manifest.mk
+%{_includedir}/nss3/base64.h
+%{_includedir}/nss3/ciferfam.h
+%{_includedir}/nss3/eccutil.h
+%{_includedir}/nss3/hasht.h
+%{_includedir}/nss3/nssb64.h
+%{_includedir}/nss3/nssb64t.h
+%{_includedir}/nss3/nsslocks.h
+%{_includedir}/nss3/nssilock.h
+%{_includedir}/nss3/nssilckt.h
+%{_includedir}/nss3/nssrwlk.h
+%{_includedir}/nss3/nssrwlkt.h
+%{_includedir}/nss3/nssutil.h
+%{_includedir}/nss3/pkcs1sig.h
+%{_includedir}/nss3/pkcs11.h
+%{_includedir}/nss3/pkcs11f.h
+%{_includedir}/nss3/pkcs11n.h
+%{_includedir}/nss3/pkcs11p.h
+%{_includedir}/nss3/pkcs11t.h
+%{_includedir}/nss3/pkcs11u.h
+%{_includedir}/nss3/pkcs11uri.h
+%{_includedir}/nss3/portreg.h
+%{_includedir}/nss3/secasn1.h
+%{_includedir}/nss3/secasn1t.h
+%{_includedir}/nss3/seccomon.h
+%{_includedir}/nss3/secder.h
+%{_includedir}/nss3/secdert.h
+%{_includedir}/nss3/secdig.h
+%{_includedir}/nss3/secdigt.h
+%{_includedir}/nss3/secerr.h
+%{_includedir}/nss3/secitem.h
+%{_includedir}/nss3/secoid.h
+%{_includedir}/nss3/secoidt.h
+%{_includedir}/nss3/secport.h
+%{_includedir}/nss3/utilmodt.h
+%{_includedir}/nss3/utilpars.h
+%{_includedir}/nss3/utilparst.h
+%{_includedir}/nss3/utilrename.h
+%{_includedir}/nss3/templates/templates.c
+
+%files softokn
+%{_libdir}/libnssdbm3.so
+%{_libdir}/libnssdbm3.chk
+%{_libdir}/libsoftokn3.so
+%{_libdir}/libsoftokn3.chk
+# shared with nss-tools
+%dir %{_libdir}/nss
+%dir %{saved_files_dir}
+%dir %{unsupported_tools_directory}
+%{unsupported_tools_directory}/bltest
+%{unsupported_tools_directory}/ecperf
+%{unsupported_tools_directory}/fbectest
+%{unsupported_tools_directory}/fipstest
+%{unsupported_tools_directory}/shlibsign
+
+%files softokn-freebl
+%{!?_licensedir:%global license %%doc}
+%license ../nss/COPYING
+%{_libdir}/libfreebl3.so
+%{_libdir}/libfreebl3.chk
+%{_libdir}/libfreeblpriv3.so
+%{_libdir}/libfreeblpriv3.chk
+#shared
+%dir %{dracut_modules_dir}
+%{dracut_modules_dir}/module-setup.sh
+%{dracut_conf_dir}/50-nss-softokn.conf
+
+%files softokn-freebl-devel
+%{_libdir}/libfreebl.a
+%{_includedir}/nss3/blapi.h
+%{_includedir}/nss3/blapit.h
+%{_includedir}/nss3/alghmac.h
+%{_includedir}/nss3/cmac.h
+%{_includedir}/nss3/lowkeyi.h
+%{_includedir}/nss3/lowkeyti.h
+
+%files softokn-devel
+%{_libdir}/pkgconfig/nss-softokn.pc
+%{_bindir}/nss-softokn-config
+# co-owned with nss
+%dir %{_includedir}/nss3
+#
+# The following headers are those exported public in
+# nss/lib/freebl/manifest.mn and
+# nss/lib/softoken/manifest.mn
+#
+# The following list is short because many headers, such as
+# the pkcs #11 ones, have been provided by nss-util-devel
+# which installed them before us.
+#
+%{_includedir}/nss3/ecl-exp.h
+%{_includedir}/nss3/nsslowhash.h
+%{_includedir}/nss3/shsign.h
+
diff --git a/rpm/pkcs11.txt.xml b/rpm/pkcs11.txt.xml
new file mode 100644
index 0000000..d30e469
--- /dev/null
+++ b/rpm/pkcs11.txt.xml
@@ -0,0 +1,56 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ pkcs11.txt
+ 5
+
+
+
+ pkcs11.txt
+ NSS PKCS #11 module configuration file
+
+
+
+ Description
+
+The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
+
+
+For full documentation visit PKCS #11 Module Specs.
+
+
+
+
+ Files
+ /etc/pki/nssdb/pkcs11.txt
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/renegotiate-transitional.patch b/rpm/renegotiate-transitional.patch
similarity index 100%
rename from renegotiate-transitional.patch
rename to rpm/renegotiate-transitional.patch
diff --git a/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch b/rpm/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
similarity index 100%
rename from rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
rename to rpm/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
diff --git a/rpm/secmod.db.xml b/rpm/secmod.db.xml
new file mode 100644
index 0000000..afc9dce
--- /dev/null
+++ b/rpm/secmod.db.xml
@@ -0,0 +1,63 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ secmod.db
+ 5
+
+
+
+ secmod.db
+ Legacy NSS security modules database
+
+
+
+ Description
+ secmod.db is an NSS security modules database.
+ The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
+
+ The command line utility modutil is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
+
+ For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
+
+
+
+
+ Files
+ /etc/pki/nssdb/secmod.db
+
+
+
+ See also
+ modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/setup-nsssysinit.sh b/rpm/setup-nsssysinit.sh
similarity index 100%
rename from setup-nsssysinit.sh
rename to rpm/setup-nsssysinit.sh
diff --git a/rpm/setup-nsssysinit.xml b/rpm/setup-nsssysinit.xml
new file mode 100644
index 0000000..5b9827f
--- /dev/null
+++ b/rpm/setup-nsssysinit.xml
@@ -0,0 +1,106 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ setup-nsssysinit
+ 1
+
+
+
+ setup-nsssysinit
+ Query or enable the nss-sysinit module
+
+
+
+
+ setup-nsssysinit
+
+
+
+
+
+
+
+ Description
+ setup-nsssysinit is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it.
+ Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
+
+
+
+
+ Options
+
+
+
+
+ Turn on nss-sysinit.
+
+
+
+
+ Turn on nss-sysinit.
+
+
+
+
+ returns whether nss-syinit is enabled or not.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for the status of nss-sysinit:
+
+ /usr/bin/setup-nsssysinit status
+
+
+
+ The following example, when run as superuser, will turn on nss-sysinit:
+
+ /usr/bin/setup-nsssysinit on
+
+
+
+
+
+
+ Files
+ /usr/bin/setup-nsssysinit
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/system-pkcs11.txt b/rpm/system-pkcs11.txt
similarity index 100%
rename from system-pkcs11.txt
rename to rpm/system-pkcs11.txt