[nss-softokn/f16] Use temprary workarounds while bootstrapping the system
Elio Maldonado
emaldonado at fedoraproject.org
Tue Dec 18 06:35:12 UTC 2012
commit 0903ae3653be7cbd09b777e0c1388128f64a9736
Author: Elio Maldonado <emaldona at redhat.com>
Date: Mon Dec 17 22:22:53 2012 -0800
Use temprary workarounds while bootstrapping the system
- softokn and lindbm are signed libraries installed in /usr/lib{64} whreras
- freebl is installed on /lib{64} and we create symbolic links to its and its .chk file
- in /usr/lib{64} to keep applications happy. While boostrapping the system we modified
- the post-install scriplet by adding a LD_LIBRARY_PATH pointing to the %{BUILROOT}
- so the sign and hash verification would not fail due to now using DSA2 and SHA256
- whereas the system copy of frebl used DSA with SHA1. Such temporary trick only works
- on F17 and above where we have real file in /usr/lib{64}. It failed on f16 whre
- one file is in one place and two in a diffrent places. symbolic links don't cut it
- so I'm using actual copies of linfreebl3.so and its .chk file. Once the sytem has
- been bootstrapped we can return to the previous practice.
nss-softokn.spec | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
---
diff --git a/nss-softokn.spec b/nss-softokn.spec
index ec1f222..60005d8 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -5,6 +5,10 @@
%global saved_files_dir %{_libdir}/nss/saved
# Produce .chk files for the final stripped binaries
+# The LD_LIBRARY_PATH line is used while bootstrapping
+# the sytem. Up the updated we switched to DSA2 with sha256
+# whereas we priviously signed with DSA and SHA1. Without this
+# temporary tricks verification would fail.
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
@@ -12,6 +16,7 @@
export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \
$RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \
%{nil}
@@ -299,13 +304,18 @@ done
for file in libfreebl3.so
do
%{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_lib}
- ln -sf /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so
+ # Camn't use symbolic links at the moment ...
+ #ln -sf /%{_lib}/libfreebl3.so $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so
+ # need a real library so signing works while boostrapping
+ %{__install} -p -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
done
# Make sure chk files can be found in both places
for file in libfreebl3.chk
do
- ln -s /%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
+ #ln -s /%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
+ # need a real .chk file so the signing works while boostrapping
+ cp -p /%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
done
# Copy the binaries we ship as unsupported
@@ -361,7 +371,8 @@ done
%defattr(-,root,root)
/%{_lib}/libfreebl3.so
/%{_lib}/libfreebl3.chk
-# and these symbolic links
+# and these symbolic links,
+# actual copies while bootstrapping
%{_libdir}/libfreebl3.so
%{_libdir}/libfreebl3.chk
More information about the scm-commits
mailing list