[nss-softokn/f18] Resolves: Bug 891369 - shared libraries not found due to signature verification failure

Elio Maldonado emaldonado at fedoraproject.org
Wed Jan 2 19:40:03 UTC 2013 

commit 602019f1c683f114be2ec3f639cf5edcbcb50148
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Wed Jan 2 10:58:53 2013 -0800

    Resolves: Bug 891369 - shared libraries not found due to signature verification failure
    
    - Fix failure signature verification failures on post-install scriplet
    - Add export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} before the signing commands
    - Ensure tool links with in-tree freebl so verification uses same algorithm as in signing

 nss-softokn.spec |   16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)
---
diff --git a/nss-softokn.spec b/nss-softokn.spec
index 82864f0..95ab2fb 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -4,6 +4,14 @@
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global saved_files_dir %{_libdir}/nss/saved
 
+# Produce .chk files for the final stripped binaries
+#
+# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
+# against the freebl that we just built. This is necessary
+# because the signing algorithm changed on 3.14 to DSA2 with SHA256
+# whereas we previously signed with DSA and SHA1. We must Keep this line
+# until all mock platforms have been updated.
+#
 %define __spec_install_post \
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
@@ -16,7 +24,7 @@
 Summary:          Network Security Services Softoken Module
 Name:             nss-softokn
 Version:          3.14.1
-Release:          5%{?dist}
+Release:          6%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -378,6 +386,12 @@ done
 %{_includedir}/nss3/shsign.h
 
 %changelog
+* Wed Jan 02 2013 Elio Maldonado <emaldona at redhat.com> - 3.14.1-6
+- Resolves: Bug 891369 - shared libraries not found due to signature verification failure
+- Fix failure signature verification failures on post-install scriplet
+- Add export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} before the signing commands
+- Ensure tool links with in-tree freebl so verification uses same algorithm as in signing
+
 * Thu Dec 27 2012 Elio Maldonado <emaldona at redhat.com> - 3.14.1-5
 - Add RSA performance test for freebl
 - Fix bogus date in changelog warnings

More information about the scm-commits mailing list