[nss-softokn/f18] Resolves: Bug 891369 - shared libraries not found due to signature verification failure
Elio Maldonado
emaldonado at fedoraproject.org
Wed Jan 2 19:40:03 UTC 2013
commit 602019f1c683f114be2ec3f639cf5edcbcb50148
Author: Elio Maldonado <emaldona at redhat.com>
Date: Wed Jan 2 10:58:53 2013 -0800
Resolves: Bug 891369 - shared libraries not found due to signature verification failure
- Fix failure signature verification failures on post-install scriplet
- Add export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} before the signing commands
- Ensure tool links with in-tree freebl so verification uses same algorithm as in signing
nss-softokn.spec | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
---
diff --git a/nss-softokn.spec b/nss-softokn.spec
index 82864f0..95ab2fb 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -4,6 +4,14 @@
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved
+# Produce .chk files for the final stripped binaries
+#
+# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links
+# against the freebl that we just built. This is necessary
+# because the signing algorithm changed on 3.14 to DSA2 with SHA256
+# whereas we previously signed with DSA and SHA1. We must Keep this line
+# until all mock platforms have been updated.
+#
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
@@ -16,7 +24,7 @@
Summary: Network Security Services Softoken Module
Name: nss-softokn
Version: 3.14.1
-Release: 5%{?dist}
+Release: 6%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -378,6 +386,12 @@ done
%{_includedir}/nss3/shsign.h
%changelog
+* Wed Jan 02 2013 Elio Maldonado <emaldona at redhat.com> - 3.14.1-6
+- Resolves: Bug 891369 - shared libraries not found due to signature verification failure
+- Fix failure signature verification failures on post-install scriplet
+- Add export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} before the signing commands
+- Ensure tool links with in-tree freebl so verification uses same algorithm as in signing
+
* Thu Dec 27 2012 Elio Maldonado <emaldona at redhat.com> - 3.14.1-5
- Add RSA performance test for freebl
- Fix bogus date in changelog warnings
More information about the scm-commits
mailing list