[nss-softokn/f16] Use temprary workarounds while bootstrapping the system

Tue Dec 18 06:35:12 UTC 2012

commit 0903ae3653be7cbd09b777e0c1388128f64a9736
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Mon Dec 17 22:22:53 2012 -0800

    Use temprary workarounds while bootstrapping the system
    
    - softokn and lindbm are signed libraries installed in /usr/lib{64} whreras
    - freebl is installed on /lib{64} and we create symbolic links to its and its .chk file
    - in /usr/lib{64} to keep applications happy. While boostrapping the system we modified
    - the post-install scriplet by adding a LD_LIBRARY_PATH pointing to the %{BUILROOT}
    - so the sign and hash verification would not fail due to now using DSA2 and SHA256
    - whereas the system copy of frebl used DSA with SHA1. Such temporary trick only works
    - on F17 and above where we have real file in /usr/lib{64}. It failed on f16 whre
    - one file is in one place and two in a diffrent places. symbolic links don't cut it
    - so I'm using actual copies of linfreebl3.so and its .chk file. Once the sytem has
    - been bootstrapped we can return to the previous practice.

 nss-softokn.spec |   17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)
---

diff --git a/nss-softokn.spec b/nss-softokn.spec
index ec1f222..60005d8 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -5,6 +5,10 @@
 %global saved_files_dir %{_libdir}/nss/saved
 
 # Produce .chk files for the final stripped binaries
+# The LD_LIBRARY_PATH line is used while bootstrapping
+# the sytem. Up the updated we switched to DSA2 with sha256
+# whereas we priviously signed with DSA and SHA1. Without this
+# temporary tricks verification would fail.
 %define __spec_install_post \
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
@@ -12,6 +16,7 @@
     export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
     $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
     $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
+    $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
     $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
 %{nil}
 
@@ -299,13 +304,18 @@ done
 for file in libfreebl3.so
 do
   %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib}
-  ln -sf /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so
+  # Camn't use symbolic links at the moment ...
+  #ln -sf /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so
+  # need a real library so signing works while boostrapping
+  %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
 done
 
 # Make sure chk files can be found in both places
 for file in libfreebl3.chk
 do
-  ln -s /%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
+  #ln -s /%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
+  # need a real .chk file so the signing works while boostrapping
+  cp -p /%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
 done
 
 # Copy the binaries we ship as unsupported
@@ -361,7 +371,8 @@ done
 %defattr(-,root,root)
 /%{_lib}/libfreebl3.so
 /%{_lib}/libfreebl3.chk
-# and these symbolic links
+# and these symbolic links,
+# actual copies while bootstrapping
 %{_libdir}/libfreebl3.so
 %{_libdir}/libfreebl3.chk
 
