Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[nss] Update to 3.58 version. Contributes to JB#51592
Build configuration changes:
Removed NSSUTIL_INCLUDE_DIR and NSSUTIL_LIB_DIR to fix compilation errors.
Commented NSS_ALLOW_SSLKEYLOGFILE=1 because looks like debug option.

removed patches:
nss-3.47-ike-fix.patch          - already upstreamed
nss-3.49-neon-build-fixes.patch - already upstreamed
nss-nolocalsql.patch            - NSS select system sqlite via configuration
  • Loading branch information
Mikhail Labiuk committed Oct 21, 2020
1 parent 98e1e7a commit 7727253
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 261 deletions.
2 changes: 1 addition & 1 deletion nss
Submodule nss updated from ffdd77 to c27ad2
22 changes: 0 additions & 22 deletions rpm/nss-3.47-ike-fix.patch

This file was deleted.

159 changes: 0 additions & 159 deletions rpm/nss-3.49-neon-build-fixes.patch

This file was deleted.

34 changes: 0 additions & 34 deletions rpm/nss-nolocalsql.patch

This file was deleted.

68 changes: 23 additions & 45 deletions rpm/nss.spec
@@ -1,4 +1,4 @@
%global nspr_version 4.24
%global nspr_version 4.29
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved
%global dracutlibdir %{_prefix}/lib/dracut
Expand Down Expand Up @@ -30,7 +30,7 @@

Summary: Network Security Services
Name: nss
Version: 3.49
Version: 3.58
Release: 1
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Expand All @@ -40,13 +40,12 @@ Requires: nss-softokn%{_isa} >= %{version}
Requires: nss-system-init
Requires: p11-kit-trust
BuildRequires: nspr-devel >= %{nspr_version}
BuildRequires: sqlite-devel
BuildRequires: pkgconfig(sqlite3)
BuildRequires: zlib-devel
BuildRequires: pkgconfig
BuildRequires: gawk
BuildRequires: psmisc
BuildRequires: perl
BuildRequires: cmake

Source0: %{name}-%{version}.tar.gz
Source1: nss-util.pc.in
Expand Down Expand Up @@ -75,14 +74,9 @@ Source27: secmod.db.xml
Source28: nss-p11-kit.config


Patch1: nss-nolocalsql.patch
Patch2: add-relro-linker-option.patch
Patch3: renegotiate-transitional.patch
Patch8: nss-sysinit-userdb-first.patch
# add missing ike mechanism to softoken
Patch10: nss-3.47-ike-fix.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1608327
Patch11: nss-3.49-neon-build-fixes.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch16: nss-539183.patch
# TODO remove when we switch to building nss without softoken
Expand Down Expand Up @@ -224,12 +218,9 @@ Header and library files for doing development with Network Security Services.
%prep
%setup -q -n %{name}-%{version}/%{name}

%patch1 -p1 -b .nolocalsql
%patch2 -p1 -b .relro
%patch3 -p1 -b .transitional
%patch8 -p2 -b .sysinit_userdb
%patch10 -p2 -b .ike_fix
%patch11 -p2 -b .neon_build
%patch16 -p2 -b .539183
%patch49 -p2 -b .skip_bltest
%patch50 -p1 -b .iquote
Expand All @@ -238,19 +229,18 @@ Header and library files for doing development with Network Security Services.


%build
FREEBL_NO_DEPEND=1
export FREEBL_NO_DEPEND
# TODO: new build system with gyp & ninja

export FREEBL_NO_DEPEND=1

# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets
# copied to dist and the rpm install phase can find it
# This due of the upstream changes to fix
# https://bugzilla.mozilla.org/show_bug.cgi?id=717906
FREEBL_LOWHASH=1
export FREEBL_LOWHASH
export FREEBL_LOWHASH=1

# Enable FIPS startup test
NSS_FORCE_FIPS=1
export NSS_FORCE_FIPS
export NSS_FORCE_FIPS=1

# Enable compiler optimizations and disable debugging code
export BUILD_OPT=1
Expand All @@ -260,61 +250,48 @@ export BUILD_OPT=1
#export RPM_OPT_FLAGS

# Generate symbolic info for debuggers
XCFLAGS=$RPM_OPT_FLAGS
export XCFLAGS

LDFLAGS=$RPM_LD_FLAGS
export LDFLAGS

PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
export XCFLAGS=$RPM_OPT_FLAGS

export PKG_CONFIG_ALLOW_SYSTEM_LIBS
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
export LDFLAGS=$RPM_LD_FLAGS

NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
NSPR_LIB_DIR=%{_libdir}
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1

export NSPR_INCLUDE_DIR
export NSPR_LIB_DIR
export NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
export NSPR_LIB_DIR=%{_libdir}

export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
export NSSUTIL_LIB_DIR=%{_libdir}
export NSS_USE_SYSTEM_SQLITE=1

NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE
export USE_SYSTEM_ZLIB=1
export ZLIB_LIBS=-lz

export NSS_ALLOW_SSLKEYLOGFILE=1
#export NSS_ALLOW_SSLKEYLOGFILE=1

export NSS_DISABLE_GTESTS=1

%ifnarch noarch
%if 0%{__isa_bits} == 64
USE_64=1
export USE_64
export USE_64=1
%endif
%endif

# uncomment if the iquote patch is activated
export IN_TREE_FREEBL_HEADERS_FIRST=1

##### phase 2: build the rest of nss
export NSS_BLTEST_NOT_AVAILABLE=1

%{__make} -C coreconf
%{__make} -C lib/dbm

# Set the policy file location
# if set NSS will always check for the policy file and load if it exists
export POLICY_FILE="nss.config"
# location of the policy file
export POLICY_PATH="/etc/crypto-policies/back-ends"

%{__make}
%{__make} all
%{__make} latest

# This will copy to dist dir and sign libraries
%{__make} install

unset NSS_BLTEST_NOT_AVAILABLE

# Disable man pages, since make dont find xmlto command.
# build the man pages clean
Expand Down Expand Up @@ -741,6 +718,7 @@ update-crypto-policies &> /dev/null || :
%{_includedir}/nss3/p12plcy.h
%{_includedir}/nss3/p12t.h
%{_includedir}/nss3/pk11func.h
%{_includedir}/nss3/pk11hpke.h
%{_includedir}/nss3/pk11pqg.h
%{_includedir}/nss3/pk11priv.h
%{_includedir}/nss3/pk11pub.h
Expand Down

0 comments on commit 7727253

Please sign in to comment.