The package rpms/nss-softokn.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s): https://src.fedoraproject.org/cgit/rpms/nss-softokn.git/commit/?id=7473987a7....
Change: -%ifnarch noarch
Thanks.
Full change: ============
commit 7473987a7b3ae68c7e1c9fc2cde9d1cc29aaac40 Author: Daiki Ueno dueno@redhat.com Date: Wed Dec 19 14:13:34 2018 +0100
merged into nss package
diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9dbea0d..0000000 --- a/.gitignore +++ /dev/null @@ -1,19 +0,0 @@ -/nss-softokn-3.25.0.tar.gz -/nss-softokn-3.26.0.tar.gz -/nss-softokn-3.27.0.tar.gz -/nss-softokn-3.28.1.tar.gz -/nss-softokn-3.29.0.tar.gz -/nss-softokn-3.29.1.tar.gz -/nss-softokn-3.30.0.tar.gz -/nss-softokn-3.30.2.tar.gz -/nss-softokn-3.31.0.tar.gz -/nss-softokn-3.32.0.tar.gz -/nss-softokn-3.33.0.tar.gz -/nss-softokn-3.34.0.tar.gz -/nss-softokn-3.35.0.tar.gz -/nss-softokn-3.36.0.tar.gz -/nss-softokn-3.36.1.tar.gz -/nss-softokn-3.37.1.tar.gz -/nss-softokn-3.37.3.tar.gz -/nss-softokn-3.38.0.tar.gz -/nss-softokn-3.39.tar.gz diff --git a/STAGE2-nss-softokn b/STAGE2-nss-softokn deleted file mode 100644 index 034c15f..0000000 --- a/STAGE2-nss-softokn +++ /dev/null @@ -1,78 +0,0 @@ -#requires nspr -#requires perl -#requires nss-util -#requires sqlite - -mcd $BUILDDIR/nss - -export BUILD_OPT=1 -export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 -export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 -export NSPR_INCLUDE_DIR=/usr/include/nspr -export NSPR_LIB_DIR=/usr/lib${SUFFIX} -export NSSUTIL_INCLUDE_DIR=/usr/include/nss3 -export NSSUTIL_LIB_DIR=/usr/lib${SUFFIX} -export FREEBL_NO_DEPEND=1 -export NSS_USE_SYSTEM_SQLITE=1 -export NSS_BUILD_SOFTOKEN_ONLY=1 -export NSS_DISABLE_GTESTS=1 - -if [ "$SUFFIX" = "64" ]; then - USE_64=1 - export USE_64 -fi - -# publish some header files from NSS to eliminate a -# circular dependency -- these will be replaced when -# the nss package gets built -[ ! -d /usr/include/nss3 ] && mkdir /usr/include/nss3 -for ii in cryptohi/cryptohi.h cryptohi/cryptoht.h \ - cryptohi/key.h cryptohi/keyhi.h cryptohi/keythi.h cryptohi/keyt.h \ - certdb/certt.h certdb/cert.h certdb/certdb.h \ - pk11wrap/secpkcs5.h pk11wrap/pk11func.h pk11wrap/pk11pub.h \ - pk11wrap/pk11priv.h pk11wrap/secmodt.h \ - pkcs7/secpkcs7.h pkcs7/pkcs7t.h \ - smime/cmsreclist.h \ - ssl/sslerr.h ssl/sslt.h ssl/ssl.h ssl/sslproto.h -do - cp $SRC/nss-3.*/nss/lib/$ii /usr/include/nss3 -done - -for ii in freebl/blapit.h freebl/blapi.h \ - freebl/ecl/ecl-exp.h freebl/alghmac.h \ - freebl/secrng.h softoken/softoken.h \ - softoken/lowkeyti.h softoken/softoknt.h \ - freebl/ecl/ecl-curve.h -do - cp $SRC/nss-softokn-3.*/nss/lib/$ii /usr/include/nss3 -done - - -make -C $SRC/nss-softokn-3.*/nss/coreconf -make -C $SRC/nss-softokn-3.*/nss/lib/dbm - -# ldvector.c, pkcs11.c, and lginit.c include nss/lib/util/verref.h, -# which is private export, move it to where it can be found. -(cd $SRC/nss-softokn-3.* && mkdir -p dist/private/nss && cp -a nss/lib/util/verref.h dist/private/nss/) - -make -C $SRC/nss-softokn-3.*/nss - -cd $SRC/nss-softokn-3.*/nss/coreconf -make install -cd $SRC/nss-softokn-3.*/nss/lib/dbm -make install -cd $SRC/nss-softokn-3.*/nss -make install -# Copy the binary libraries we want -cd $SRC/nss-softokn-3.* - -for file in `cd dist/*.OBJ/lib; echo *` -do - install -p -m 755 dist/*.OBJ/lib/$file /usr/lib${SUFFIX}/ -done -# Copy the include files we want -test -d /usr/include/nss3 || mkdir -p /usr/include/nss3 -for file in $SRC/nss-*/dist/public/nss/*.h -do - install -p -m 644 $file /usr/include/nss3/ -done diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..d47c880 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +merged into nss package diff --git a/iquote.patch b/iquote.patch deleted file mode 100644 index 8cd372a..0000000 --- a/iquote.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk ---- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200 -+++ nss/coreconf/location.mk 2017-08-30 15:17:56.553361830 +0200 -@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME - SQLITE_LIB_NAME = sqlite3 - endif - -+# Prefer in-tree headers over system headers -+ifdef IN_TREE_FREEBL_HEADERS_FIRST -+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss -+endif -+ - MK_LOCATION = included diff --git a/nss-softokn-config.in b/nss-softokn-config.in deleted file mode 100644 index f46ba24..0000000 --- a/nss-softokn-config.in +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/sh - -prefix=@prefix@ - -major_version=@MOD_MAJOR_VERSION@ -minor_version=@MOD_MINOR_VERSION@ -patch_version=@MOD_PATCH_VERSION@ - -usage() -{ - cat <<EOF -Usage: nss-softokn-config [OPTIONS] [LIBRARIES] -Options: - [--prefix[=DIR]] - [--exec-prefix[=DIR]] - [--includedir[=DIR]] - [--libdir[=DIR]] - [--version] - [--libs] - [--cflags] -Dynamic Libraries: - softokn3 - Requires full dynamic linking - freebl3 - for internal use only (and glibc for self-integrity check) - nssdbm3 - for internal use only -Dymamically linked -EOF - exit $1 -} - -if test $# -eq 0; then - usage 1 1>&2 -fi - -while test $# -gt 0; do - case "$1" in - -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - case $1 in - --prefix=*) - prefix=$optarg - ;; - --prefix) - echo_prefix=yes - ;; - --exec-prefix=*) - exec_prefix=$optarg - ;; - --exec-prefix) - echo_exec_prefix=yes - ;; - --includedir=*) - includedir=$optarg - ;; - --includedir) - echo_includedir=yes - ;; - --libdir=*) - libdir=$optarg - ;; - --libdir) - echo_libdir=yes - ;; - --version) - echo ${major_version}.${minor_version}.${patch_version} - ;; - --cflags) - echo_cflags=yes - ;; - --libs) - echo_libs=yes - ;; - *) - usage 1 1>&2 - ;; - esac - shift -done - -# Set variables that may be dependent upon other variables -if test -z "$exec_prefix"; then - exec_prefix=`pkg-config --variable=exec_prefix nss-softokn` -fi -if test -z "$includedir"; then - includedir=`pkg-config --variable=includedir nss-softokn` -fi -if test -z "$libdir"; then - libdir=`pkg-config --variable=libdir nss-softokn` -fi - -if test "$echo_prefix" = "yes"; then - echo $prefix -fi - -if test "$echo_exec_prefix" = "yes"; then - echo $exec_prefix -fi - -if test "$echo_includedir" = "yes"; then - echo $includedir -fi - -if test "$echo_libdir" = "yes"; then - echo $libdir -fi - -if test "$echo_cflags" = "yes"; then - echo -I$includedir -fi - -if test "$echo_libs" = "yes"; then - libdirs="-Wl,-rpath-link,$libdir -L$libdir" - echo $libdirs -fi - diff --git a/nss-softokn-dracut-module-setup.sh b/nss-softokn-dracut-module-setup.sh deleted file mode 100644 index 951f427..0000000 --- a/nss-softokn-dracut-module-setup.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -check() { - return 255 -} - -depends() { - return 0 -} - -install() { - local _dir - - inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \ - libfreebl3.so -} - diff --git a/nss-softokn-dracut.conf b/nss-softokn-dracut.conf deleted file mode 100644 index 2d9232e..0000000 --- a/nss-softokn-dracut.conf +++ /dev/null @@ -1,3 +0,0 @@ -# turn on nss-softokn module - -add_dracutmodules+=" nss-softokn " diff --git a/nss-softokn-prelink.conf b/nss-softokn-prelink.conf deleted file mode 100644 index 11d7fb0..0000000 --- a/nss-softokn-prelink.conf +++ /dev/null @@ -1,6 +0,0 @@ --b /lib{,64}/libfreeblpriv3.so --b /lib{,64}/libsoftokn3.so --b /lib{,64}/libnssdbm3.so --b /usr/lib{,64}/libfreeblpriv3.so --b /usr/lib{,64}/libsoftokn3.so --b /usr/lib{,64}/libnssdbm3.so diff --git a/nss-softokn.pc.in b/nss-softokn.pc.in deleted file mode 100644 index 022ebbf..0000000 --- a/nss-softokn.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=%prefix% -exec_prefix=%exec_prefix% -libdir=%libdir% -includedir=%includedir% - -Name: NSS-SOFTOKN -Description: Network Security Services Softoken PKCS #11 Module -Version: %SOFTOKEN_VERSION% -Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION% -Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3 -Cflags: -I${includedir} diff --git a/nss-softokn.spec b/nss-softokn.spec deleted file mode 100644 index abac805..0000000 --- a/nss-softokn.spec +++ /dev/null @@ -1,1102 +0,0 @@ -%global nspr_version 4.20.0 -%global nss_name nss -%global nss_util_version 3.39.0 -%global nss_softokn_version 3.39.0 -%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools -%global saved_files_dir %{_libdir}/nss/saved -%global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/ -%define dracutlibdir %{_prefix}/lib/dracut -%global dracut_modules_dir %{dracutlibdir}/modules.d/05nss-softokn/ -%global dracut_conf_dir %{dracutlibdir}/dracut.conf.d - -# The upstream omits the trailing ".0", while we need it for -# consistency with the pkg-config version: -# https://bugzilla.redhat.com/show_bug.cgi?id=1578106 -%{lua: -rpm.define(string.format("nss_softokn_archive_version %s", - string.gsub(rpm.expand("%nss_softokn_version"), "(.*)%.0$", "%1"))) -} - -# Produce .chk files for the final stripped binaries -# -# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links -# against the freebl that we just built. This is necessary -# because the signing algorithm changed on 3.14 to DSA2 with SHA256 -# whereas we previously signed with DSA and SHA1. We must Keep this line -# until all mock platforms have been updated. -# After %%{__os_install_post} we would add -# export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir} -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libsoftokn3.so \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreeblpriv3.so \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libfreebl3.so \ - $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_libdir}/libnssdbm3.so \ -%{nil} - -Summary: Network Security Services Softoken Module -Name: nss-softokn -Version: %{nss_softokn_version} -# for Rawhide, please always use release >= 2 -# for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 3%{?dist} -License: MPLv2.0 -URL: http://www.mozilla.org/projects/security/pki/nss/ -Group: System Environment/Libraries -Requires: nspr >= %{nspr_version} -Requires: nss-util >= %{nss_util_version} -Requires: nss-softokn-freebl%{_isa} >= %{version}-%{release} -BuildRequires: nspr-devel >= %{nspr_version} -BuildRequires: nss-util-devel >= %{nss_util_version} -# for shlibsign -BuildRequires: nss-softokn -BuildRequires: sqlite-devel -BuildRequires: zlib-devel -BuildRequires: pkgconfig -BuildRequires: gawk -BuildRequires: psmisc -BuildRequires: perl-interpreter -BuildRequires: gcc - -Source0: %{name}-%{nss_softokn_archive_version}.tar.gz -# The nss-softokn tar ball is a subset of nss-{version}.tar.gz. -# We use the nss-split-softokn.sh script to keep only what we need -# via via nss-split-softokn.sh ${version} -# Detailed Steps: -# fedpkg clone nss-softokn -# cd nss-softokn -# Split off nss-softokn out of the full nss source tar ball: -# sh ./nss-split-softokn.sh ${version} -# A file named {name}-{version}.tar.gz should appear -# which is ready for uploading to the lookaside cache. -Source1: nss-split-softokn.sh -Source2: nss-softokn.pc.in -Source3: nss-softokn-config.in -Source4: nss-softokn-prelink.conf -Source5: nss-softokn-dracut-module-setup.sh -Source6: nss-softokn-dracut.conf - -# This patch uses the GCC -iquote option documented at -# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options -# to give the in-tree headers a higher priority over the system headers, -# when they are included through the quote form (#include "file.h"). -# -# This ensures a build even when system freebl headers are older. Such -# is the case when we are starting a major update. -# -# NSSUTIL_INCLUDE_DIR, after all, contains both util and freebl -# headers. Once has been bootstapped the patch may be removed, but it -# doesn't hurt to keep it. -Patch10: iquote.patch - -%description -Network Security Services Softoken Cryptographic Module - -%package freebl -Summary: Freebl library for the Network Security Services -Group: System Environment/Base -# For PR_GetEnvSecure() from nspr >= 4.12 -Requires: nspr >= 4.12 -# For NSS_SecureMemcmpZero() from nss-util >= 3.33 -Requires: nss-util >= 3.33 -Conflicts: nss < 3.12.2.99.3-5 -Conflicts: prelink < 0.4.3 -Conflicts: filesystem < 3 - -%description freebl -NSS Softoken Cryptographic Module Freebl Library - -Install the nss-softokn-freebl package if you need the freebl -library. - -%package freebl-devel -Summary: Header and Library files for doing development with the Freebl library for NSS -Group: System Environment/Base -Provides: nss-softokn-freebl-static = %{version}-%{release} -Requires: nss-softokn-freebl%{?_isa} = %{version}-%{release} - -%description freebl-devel -NSS Softoken Cryptographic Module Freebl Library Development Tools -This package supports special needs of some PKCS #11 module developers and -is otherwise considered private to NSS. As such, the programming interfaces -may change and the usual NSS binary compatibility commitments do not apply. -Developers should rely only on the officially supported NSS public API. - -%package devel -Summary: Development libraries for Network Security Services -Group: Development/Libraries -Requires: nss-softokn%{?_isa} = %{version}-%{release} -Requires: nss-softokn-freebl-devel%{?_isa} = %{version}-%{release} -Requires: nspr-devel >= %{nspr_version} -Requires: nss-util-devel >= %{nss_util_version} -Requires: pkgconfig -BuildRequires: nspr-devel >= %{nspr_version} -BuildRequires: nss-util-devel >= %{nss_util_version} -# require nss at least the version when we split via subpackages - -%description devel -Header and library files for doing development with Network Security Services. - - -%prep -%setup -q -n %{name}-%{nss_softokn_archive_version} - -pushd nss -# activate if needed when doing a major update with new apis -%patch10 -p1 -b .iquote -popd - -%build - -LDFLAGS=$RPM_LD_FLAGS -export LDFLAGS - -FREEBL_NO_DEPEND=1 -export FREEBL_NO_DEPEND - -# Must export FREEBL_LOWHASH=1 for nsslowhash.h so that it gets -# copied to dist and the rpm install phase can find it -# This due of the upstream changes to fix -# https://bugzilla.mozilla.org/show_bug.cgi?id=717906 -FREEBL_LOWHASH=1 -export FREEBL_LOWHASH - -# Enable FIPS startup test -export NSS_FORCE_FIPS=1 - -# Enable compiler optimizations and disable debugging code -export BUILD_OPT=1 - -# Uncomment to disable optimizations -#RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` -#export RPM_OPT_FLAGS - -# Generate symbolic info for debuggers -XCFLAGS=$RPM_OPT_FLAGS -export XCFLAGS - -PKG_CONFIG_ALLOW_SYSTEM_LIBS=1 -PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 - -export PKG_CONFIG_ALLOW_SYSTEM_LIBS -export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS - -NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'` -NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'` - -export NSPR_INCLUDE_DIR -export NSPR_LIB_DIR - -export NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'` -export NSSUTIL_LIB_DIR=%{_libdir} - -NSS_USE_SYSTEM_SQLITE=1 -export NSS_USE_SYSTEM_SQLITE - -export NSS_DISABLE_GTESTS=1 - -%ifnarch noarch -%if 0%{__isa_bits} == 64 -USE_64=1 -export USE_64 -%endif -%endif - -# uncomment if the iquote patch is activated -export IN_TREE_FREEBL_HEADERS_FIRST=1 - -# Use only the basicutil subset for sectools.a -export NSS_BUILD_SOFTOKEN_ONLY=1 - -# display processor information -CPU_INFO=`cat /proc/cpuinfo` -echo "############## CPU INFO ##################" -echo "${CPU_INFO}" -echo "##########################################" - -# Compile softokn plus needed support -%{__make} -C ./nss/coreconf -%{__make} -C ./nss/lib/dbm - -# ldvector.c, pkcs11.c, and lginit.c include nss/lib/util/verref.h, -# which is private export, move it to where it can be found. -%{__mkdir_p} ./dist/private/nss -%{__mv} ./nss/lib/util/verref.h ./dist/private/nss/verref.h - -%{__make} -C ./nss - -# Set up our package file -# The nspr_version and nss_util_version globals used here -# must match the ones nss-softokn has for its Requires. -%{__mkdir_p} ./dist/pkgconfig -%{__cat} %{SOURCE2} | sed -e "s,%%libdir%%,%{_libdir},g" \ - -e "s,%%prefix%%,%{_prefix},g" \ - -e "s,%%exec_prefix%%,%{_prefix},g" \ - -e "s,%%includedir%%,%{_includedir}/nss3,g" \ - -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ - -e "s,%%NSSUTIL_VERSION%%,%{nss_util_version},g" \ - -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ - ./dist/pkgconfig/nss-softokn.pc - -SOFTOKEN_VMAJOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'` -SOFTOKEN_VMINOR=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'` -SOFTOKEN_VPATCH=`cat nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'` - -export SOFTOKEN_VMAJOR -export SOFTOKEN_VMINOR -export SOFTOKEN_VPATCH - -%{__cat} %{SOURCE3} | sed -e "s,@libdir@,%{_libdir},g" \ - -e "s,@prefix@,%{_prefix},g" \ - -e "s,@exec_prefix@,%{_prefix},g" \ - -e "s,@includedir@,%{_includedir}/nss3,g" \ - -e "s,@MOD_MAJOR_VERSION@,$SOFTOKEN_VMAJOR,g" \ - -e "s,@MOD_MINOR_VERSION@,$SOFTOKEN_VMINOR,g" \ - -e "s,@MOD_PATCH_VERSION@,$SOFTOKEN_VPATCH,g" \ - > ./dist/pkgconfig/nss-softokn-config - -chmod 755 ./dist/pkgconfig/nss-softokn-config - - -%check - -# Begin -- copied from the build section -FREEBL_NO_DEPEND=1 -export FREEBL_NO_DEPEND - -export BUILD_OPT=1 - -%ifnarch noarch -%if 0%{__isa_bits} == 64 -USE_64=1 -export USE_64 -%endif -%endif - -# to test for the last tool built correctly -export NSS_BUILD_SOFTOKEN_ONLY=1 - -# End -- copied from the build section - -# enable the following line to force a test failure -# find . -name *.chk | xargs rm -f - -# Run test suite. - -SPACEISBAD=`find ./nss/tests | grep -c ' '` ||: -if [ $SPACEISBAD -ne 0 ]; then - echo "error: filenames containing space are not supported (xargs)" - exit 1 -fi - -rm -rf ./tests_results -pushd ./nss/tests/ -# all.sh is the test suite script - -# only run cipher tests for nss-softokn -%global nss_cycles "standard" -%global nss_tests "cipher ec lowhash" -%global nss_ssl_tests " " -%global nss_ssl_run " " - -SKIP_NSS_TEST_SUITE=`echo $SKIP_NSS_TEST_SUITE` - -if [ "x$SKIP_NSS_TEST_SUITE" == "x" ]; then - HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh -fi - -popd - -if [ "x$SKIP_NSS_TEST_SUITE" == "x" ]; then - TEST_FAILURES=`grep -c FAILED ./tests_results/security/localhost.1/output.log` || : -else - TEST_FAILURES=0 -fi - -if [ $TEST_FAILURES -ne 0 ]; then - echo "error: test suite returned failure(s)" - exit 1 -fi -echo "test suite completed" - -%install - -%{__rm} -rf $RPM_BUILD_ROOT - -# There is no make install target so we'll do it ourselves. - -%{__mkdir_p} $RPM_BUILD_ROOT/%{_includedir}/nss3 -%{__mkdir_p} $RPM_BUILD_ROOT/%{_bindir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} -%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig -%{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{prelink_conf_dir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_modules_dir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_conf_dir} - -%{__install} -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{prelink_conf_dir} -%{__install} -m 755 %{SOURCE5} $RPM_BUILD_ROOT/%{dracut_modules_dir}/module-setup.sh -%{__install} -m 644 %{SOURCE6} $RPM_BUILD_ROOT/%{dracut_conf_dir}/50-nss-softokn.conf - - -# Copy the binary libraries we want -for file in libsoftokn3.so libnssdbm3.so libfreebl3.so libfreeblpriv3.so -do - %{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} -done - -# Copy the binaries we ship as unsupported -for file in bltest ecperf fbectest fipstest shlibsign -do - %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} -done - -# Copy the include files we want -for file in dist/public/nss/*.h -do - %{__install} -p -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3 -done - -# Copy some freebl include files we also want -for file in blapi.h alghmac.h -do - %{__install} -p -m 644 dist/private/nss/$file $RPM_BUILD_ROOT/%{_includedir}/nss3 -done - -# Copy the static freebl library -for file in libfreebl.a -do -%{__install} -p -m 644 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir} -done - -# Copy the package configuration files -%{__install} -p -m 644 ./dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc -%{__install} -p -m 755 ./dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config - - - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - -%files -%{_libdir}/libnssdbm3.so -%{_libdir}/libnssdbm3.chk -%{_libdir}/libsoftokn3.so -%{_libdir}/libsoftokn3.chk -# shared with nss-tools -%dir %{_libdir}/nss -%dir %{saved_files_dir} -%dir %{unsupported_tools_directory} -%{unsupported_tools_directory}/bltest -%{unsupported_tools_directory}/ecperf -%{unsupported_tools_directory}/fbectest -%{unsupported_tools_directory}/fipstest -%{unsupported_tools_directory}/shlibsign - -%files freebl -%{!?_licensedir:%global license %%doc} -%license nss/COPYING -%{_libdir}/libfreebl3.so -%{_libdir}/libfreebl3.chk -%{_libdir}/libfreeblpriv3.so -%{_libdir}/libfreeblpriv3.chk -#shared -%dir %{prelink_conf_dir} -%{prelink_conf_dir}/nss-softokn-prelink.conf -%dir %{dracut_modules_dir} -%{dracut_modules_dir}/module-setup.sh -%{dracut_conf_dir}/50-nss-softokn.conf - -%files freebl-devel -%{_libdir}/libfreebl.a -%{_includedir}/nss3/blapi.h -%{_includedir}/nss3/blapit.h -%{_includedir}/nss3/alghmac.h -%{_includedir}/nss3/lowkeyi.h -%{_includedir}/nss3/lowkeyti.h - -%files devel -%{_libdir}/pkgconfig/nss-softokn.pc -%{_bindir}/nss-softokn-config - -# co-owned with nss -%dir %{_includedir}/nss3 -# -# The following headers are those exported public in -# nss/lib/freebl/manifest.mn and -# nss/lib/softoken/manifest.mn -# -# The following list is short because many headers, such as -# the pkcs #11 ones, have been provided by nss-util-devel -# which installed them before us. -# -%{_includedir}/nss3/ecl-exp.h -%{_includedir}/nss3/nsslowhash.h -%{_includedir}/nss3/shsign.h - -%changelog -* Thu Sep 13 2018 Daiki Ueno dueno@redhat.com - 3.39.0-3 -- Fix LDFLAGS injection - -* Mon Sep 3 2018 Daiki Ueno dueno@redhat.com - 3.39.0-2 -- Update to NSS 3.39 - -* Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 3.38.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Jul 2 2018 Daiki Ueno dueno@redhat.com - 3.38.0-2 -- Update to NSS 3.38 - -* Tue Jun 5 2018 Daiki Ueno dueno@redhat.com - 3.37.3-3 -- Fix partial injection of LDFLAGS (the original relro flags are also - set by redhat-rpm-config) - -* Tue Jun 5 2018 Daiki Ueno dueno@redhat.com - 3.37.3-2 -- Update to NSS 3.37.3 - -* Mon May 28 2018 Daiki Ueno dueno@redhat.com - 3.37.1-2 -- Update NSS 3.37.1 - -* Thu May 03 2018 Kai Engert kaie@redhat.com - 3.36.1-3 -- Upstream patch to automatically enable SQL DB caching based on - filesystem type, mozbz#1456888 - -* Wed Apr 11 2018 Daiki Ueno dueno@redhat.com - 3.36.1-2 -- Update to NSS 3.36.1 - -* Wed Mar 14 2018 Daiki Ueno dueno@redhat.com - 3.36.0-3 -- Enable FIPS startup test - -* Fri Mar 9 2018 Daiki Ueno dueno@redhat.com - 3.36.0-2 -- Update to NSS 3.36.0 -- Add nss-softokn to BuildRequires -- Add gcc to BuildRequires - -* Thu Feb 08 2018 Fedora Release Engineering releng@fedoraproject.org - 3.35.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Jan 30 2018 Kai Engert kaie@redhat.com - 3.35.0-3 -- Rebuild - -* Tue Jan 23 2018 Daiki Ueno dueno@redhat.com - 3.35.0-2 -- Update to NSS 3.35.0 - -* Tue Nov 14 2017 Daiki Ueno dueno@redhat.com - 3.34.0-2 -- Update to NSS 3.34.0 - -* Tue Oct 24 2017 Kai Engert kaie@redhat.com - 3.33.0-4 -- rhbz#1505493, backport upstream fixes required for rhbz#1496560 - -* Wed Oct 18 2017 Daiki Ueno dueno@redhat.com - 3.33.0-3 -- Add explicit version dependency from -freebl, on nspr and nss-util - -* Tue Oct 3 2017 Daiki Ueno dueno@redhat.com - 3.33.0-2 -- Update to NSS 3.33.0 -- Revert the SSE2 changes, as we postopone it until the 3.34 rebase - -* Fri Sep 22 2017 Daiki Ueno dueno@redhat.com - 3.32.0-9 -- Replace disable-sse2 patch with upstreamed solution - -* Fri Sep 15 2017 Daiki Ueno dueno@redhat.com - 3.32.0-8 -- Disable SSE2 completely - -* Tue Sep 12 2017 Daiki Ueno dueno@redhat.com - 3.32.0-7 -- Temporarily enable SSE2 in AES and GCM code, to avoid test failures - -* Mon Sep 11 2017 Daiki Ueno dueno@redhat.com - 3.32.0-6 -- Disable SSE2 when building freebl on i686 - -* Wed Aug 30 2017 Daiki Ueno dueno@redhat.com - 3.32.0-5 -- Update iquote.patch to really prefer in-tree headers over system headers - -* Fri Aug 11 2017 Elio Maldonado elio.maldonado.batiz@gmail.com - 3.32.0-4 -- Restore missing portions of add encrypt derive patch - -* Fri Aug 11 2017 Daiki Ueno dueno@redhat.com - 3.32.0-3 -- Fix memory leak in AES-GCM on i686 - -* Mon Aug 7 2017 Daiki Ueno dueno@redhat.com - 3.32.0-2 -- Update to NSS 3.32.0 - -* Thu Aug 03 2017 Fedora Release Engineering releng@fedoraproject.org - 3.31.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 3.31.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Jun 21 2017 Daiki Ueno dueno@redhat.com - 3.31.0-2 -- Update to NSS 3.31.0 - -* Fri Apr 21 2017 Daiki Ueno dueno@redhat.com - 3.30.2-2 -- Update to NSS 3.30.2 - -* Tue Mar 21 2017 Daiki Ueno dueno@redhat.com - 3.30.0-2 -- Update to NSS 3.30.0 -- Remove upstreamed build fixes - -* Fri Feb 17 2017 Daiki Ueno dueno@redhat.com - 3.29.1-2 -- Update to NSS 3.29.1 - -* Wed Feb 8 2017 Daiki Ueno dueno@redhat.com - 3.29.0-2 -- Update to NSS 3.29.0 - -* Fri Jan 6 2017 Daiki Ueno dueno@redhat.com - 3.28.1-2 -- Update to NSS 3.28.1 -- Adjust to the ectest splitting -- Temporarily fix build-dependency issue - -* Thu Sep 29 2016 Daiki Ueno dueno@redhat.com - 3.27.0-2 -- Update to NSS 3.27.0 -- Remove upstreamed ectest patch - -* Thu Aug 11 2016 Daiki Ueno dueno@redhat.com - 3.26.0-4 -- Adjust ecperf patch according to code review - -* Thu Aug 11 2016 Daiki Ueno dueno@redhat.com - 3.26.0-3 -- Fix RNG intialization in ecperf pointed out by upstream - -* Mon Aug 8 2016 Daiki Ueno dueno@redhat.com - 3.26.0-2 -- Update to NSS 3.26.0 -- Remove unused directories from split tarball -- Run EC tests here instead of in the nss package - -* Fri Jun 24 2016 Elio Maldonado emaldona@redhat.com - 3.25.0-3 -- Enable the add encrypt derive patch - -* Fri Jun 24 2016 Elio Maldonado emaldona@redhat.com - 3.25.0-2 -- Update to NSS 3.25.0 - -* Tue May 24 2016 Elio Maldonado emaldona@redhat.com - 3.24.0-2.0 -- Update to NSS 3.24.0 - -* Sat Mar 12 2016 Elio Maldonado emaldona@redhat.com - 3.23.0-3 -- Wait for upstream to solve the readdir_r deprecation issue - -* Sat Mar 05 2016 Elio Maldonado emaldona@redhat.com - 3.23.0-2 -- Update to NSS 3.23.0 - -* Sun Feb 28 2016 Elio Maldonado emaldona@redhat.com - 3.22.2-2 -- Update to NSS 3.22.2 -- Change unix_rand to not use readdir_r which is deprecated - -* Sun Feb 21 2016 Elio Maldonado emaldona@redhat.com - 3.22.1-2 -- Update to NSS 3.22.1 - -* Sat Feb 06 2016 Elio Maldonado emaldona@redhat.com - 3.22.0-2 -- Update to NSS 3.22 - -* Thu Feb 04 2016 Fedora Release Engineering releng@fedoraproject.org - 3.21.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Sat Jan 02 2016 Elio Maldonado emaldona@redhat.com - 3.21.0-5 -- Restore patch that had been mistakenly removed in a prior update -- Resolves: Bug 1155306 - Provide sym key derive mechanism as result of encryption of message - -* Wed Dec 30 2015 Michal Toman mtoman@fedoraproject.org - 3.21.0-4 -- Use __isa_bits macro even in %%check - -* Sat Nov 21 2015 Elio Maldonado emaldona@redhat.com - 3.21.0-3 -- Update %%{nss_util_version} to 3.21.0 - -* Thu Nov 12 2015 Elio Maldonado emaldona@redhat.com - 3.21.0-2 -- Update to NSS 3.21 -- Resolves: Bug 1279912 - nss-3.21 is available -- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - -* Fri Oct 30 2015 Elio Maldonado emaldona@redhat.com - 3.20.1-1 -- Update to NSS 3.20.1 - -* Thu Aug 20 2015 Elio Maldonado emaldona@redhat.com - 3.20.0-1 -- Update to NSS 3.20 - -* Sat Aug 08 2015 Elio Maldonado emaldona@redhat.com - 3.19.3-2 -- Update to NSS 3.19.3 - -* Wed Jun 17 2015 Kai Engert kaie@redhat.com - 3.19.2-2 -- Update to NSS 3.19.2 - -* Thu May 28 2015 Kai Engert kaie@redhat.com - 3.19.1-2 -- Update to NSS 3.19.1 - -* Tue May 19 2015 Kai Engert kaie@redhat.com - 3.19.0-2 -- Update to NSS 3.19 - -* Thu Mar 19 2015 Elio Maldonado emaldona@redhat.com - 3.18.0-1 -- Update to nss-3.18.0 - -* Wed Jan 28 2015 Elio Maldonado emaldona@redhat.com - 3.17.4-1 -- Update to nss-3.17.4 -- fix dependencies so nss-softokn pulls in nss-softokn-freebl of the same version and release - -* Fri Dec 05 2014 Elio Maldonado emaldona@redhat.com - 3.17.3-1 -- Update to nss-3.17.3 - -* Sat Nov 08 2014 Elio Maldonado emaldona@redhat.com - 3.17.2-2 -- Resolves: Bug 1155306 - Provide sym key derive mechansm as result of encryption of message - -* Sun Oct 12 2014 Elio Maldonado emaldona@redhat.com - 3.17.2-1 -- Update to nss-3.17.2 - -* Wed Sep 24 2014 Kai Engert kaie@redhat.com - 3.17.1-2 -- Update nss-util build dependency -- Fix check of test suite result - -* Wed Sep 24 2014 Kai Engert kaie@redhat.com - 3.17.1-1 -- Update to nss-3.17.1 -- Add a mechanism to skip test suite execution during development work - -* Tue Aug 19 2014 Elio Maldonado emaldona@redhat.com - 3.17.0-1 -- Update to nss-3.17.0 - -* Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.16.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Fri Jul 18 2014 Tom Callaway spot@fedoraproject.org - 3.16.2-2 -- fix license handling - -* Sun Jun 29 2014 Elio Maldonado emaldona@redhat.com - 3.16.2-1 -- Update to nss-3.16.2 - -* Sat Jun 07 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.16.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Mon May 12 2014 Jaromir Capik jcapik@redhat.com - 3.16.1-2 -- Replacing ppc64 and ppc64le with the power64 macro -- Related: Bug 1052546 - Trivial change for ppc64le in nss-softokn spec - -* Tue May 06 2014 Elio Maldonado emaldona@redhat.com - 3.16.1-1 -- Update to nss-3.16.1 -- Remove patch no longer needed due to the rebase -- Resolves: Bug 1094702 - nss-3.16.1 is available - -* Mon Apr 14 2014 Elio Maldonado emaldona@redhat.com - 3.16.0-2 -- Refactor ecdecode support from softoken to freebl -- Resolves: Bug 1075702 - ECC decode refactoring needed to build OpenJDK SunEC provider for ECC support - -* Tue Mar 18 2014 Elio Maldonado emaldona@redhat.com - 3.16.0-0 -- Update to nss-3.16.0 - -* Sun Mar 02 2014 Elio Maldonado emaldona@redhat.com - 3.15.5-2 -- Fix a segmentation fault when signing on i686 that occurs in Rawhide -- Patch contributed by Stephan Bergmann -- Resolves: Bug 1071679 - Define -DMP_USE_UINT_DIGIT in lib/freebl/Makefile for Linux x86 - -* Wed Feb 19 2014 Elio Maldonado emaldona@redhat.com - 3.15.5-1 -- Update to nss-3.15.1 - Resolves: Bug 1066877 - -* Sat Jan 25 2014 Elio Maldonado emaldona@redhat.com - 3.15.4-3 -- Add support for ppc64le, Resolves: Bug 1052546 - -* Mon Jan 20 2014 Peter Robinson pbrobinson@fedoraproject.org 3.15.4-2 -- ARM tests pass so remove ARM conditional - -* Tue Jan 07 2014 Elio Maldonado emaldona@redhat.com - 3.15.3-2 -- Update to NSS_3_15_4_RTM -- Resolves: Bug 1049229 - nss-3.15.4 is available - -* Tue Nov 26 2013 Elio Maldonado emaldona@redhat.com - 3.15.2-3 -- Update to NSS_3_15_3_RTM -- Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 - -* Thu Oct 17 2013 Elio Maldonado emaldona@redhat.com - 3.15.2-2 -- Split off nss-softokn from the full nss sources as released upstream -- Bug 1019244 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird - -* Thu Sep 26 2013 Elio Maldonado emaldona@redhat.com - 3.15.2-1 -- Update to NSS_3_15_2_RTM -- Update softokn splitting script to copy lowhash from full nss sources -- Add lowhash to test suites to run in the %%check section - -* Sun Aug 11 2013 Elio Maldonado emaldona@redhat.com - 3.15.1-3 -- Cleanup spec file to address rpmlint errors and warnings -- Use double percent symbols to fix macro-in-comment warnings - -* Sat Aug 03 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.15.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Tue Jul 02 2013 Elio Maldonado emaldona@redhat.com - 3.15.1-1 -- Update to NSS_3_15_1_RTM - -* Mon Jun 17 2013 Elio Maldonado emaldona@redhat.com - 3.15-3 -- Require nspr-4.10 or greater -- Fix patch to select tests to run - -* Thu Jun 13 2013 Elio Maldonado emaldona@redhat.com - 3.15-2 -- Select the tests suite to run based on the build type - -* Wed May 29 2013 Elio Maldonado emaldona@redhat.com - 3.15-1 -- Update to NSS_3_15_RTM - -* Tue Apr 23 2013 Elio Maldonado emaldona@redhat.com - 3.15-0.1.beta.3 -- Reverse the last changes since pk11gcmtest properly belongs to nss - -* Tue Apr 23 2013 Elio Maldonado emaldona@redhat.com - 3.15-0.1.beta.2 -- Add lowhashtest and pk11gcmtest as unsupported tools -- Modify nss-softoken-split script to include them in the split - -* Fri Apr 05 2013 Elio Maldonado emaldona@redhat.com - 3.15-0.1.beta.1 -- Update to NSS_3_15_BETA1 -- Update spec file, patches, and helper scrips on account of a shallwer source tree - -* Fri Feb 15 2013 Elio Maldonado emaldona@redhat.com - 3.14.3-1 -- Update to NSS_3_14_3_RTM -- Resolves: rhbz#909781 - specfile support for AArch64 - -* Mon Feb 04 2013 Elio Maldonado emaldona@redhat.com - 3.14.2-3 -- Allow building nss-softokn against older system sqlite - -* Sat Feb 02 2013 Elio Maldonado emaldona@redhat.com - 3.14.2-2 -- Update to NSS_3_14_2_RTM -- Restore comments on how to transition when signing algorithm changes -- Remove unused patches - -* Fri Feb 01 2013 Elio Maldonado emaldona@redhat.com - 3.14.2-1 -- Update to NSS_3_14_2_RTM - -* Thu Dec 27 2012 Elio Maldonado emaldona@redhat.com - 3.14.1-5 -- Add RSA performance test for freebl -- Fix bogus date in changelog warnings - -* Mon Dec 24 2012 Elio Maldonado emaldona@redhat.com - 3.14.1-4 -- Fix bogus date warnings in %%changelog - -* Sat Dec 22 2012 Elio Maldonado emaldona@redhat.com - 3.14.1-3 -- Cleanup patches for building softoken only libraries and tests - -* Mon Dec 17 2012 Elio Maldonado emaldona@redhat.com - 3.14.1-2 -- Require nspr version >= 4.9.4 - -* Mon Dec 17 2012 Elio Maldonado emaldona@redhat.com - 3.14.1-1 -- Update to NSS_3_14_1_RTM - -* Mon Dec 03 2012 Elio Maldonado emaldona@redhat.com - 3.14-6 -- Bug 883114 - Install bltest and fipstest as unsupported tools - -* Mon Nov 19 2012 Elio Maldonado emaldona@redhat.com - 3.14-5 -- Truly apply the bug 829088 patch this time -- Resolves: rhbz#829088 - Fix failure in sha244 self-test - -* Mon Nov 19 2012 Elio Maldonado emaldona@redhat.com - 3.14-4 -- Apply the bug 829088 patch in question -- Adjust the patch to account for code changes in nss-3.14 -- Resolves: rhbz#829088 - Fix failure in sha244 self-test - -* Sun Nov 18 2012 Elio Maldonado emaldona@redhat.com - 3.14-3 -- Resolves: rhbz#829088 - Fix failure in sha244 self-test -- Fixes login failures on fips mode - -* Sat Oct 27 2012 Elio Maldonado emaldona@redhat.com - 3.14-2 - - Update the license to MPLv2.0 - -* Mon Oct 22 2012 Elio Maldonado emaldona@redhat.com - 3.14-1 -- Update to NSS_3_14_RTM - -* Sun Oct 21 2012 Elio Maldonado emaldona@redhat.com - 3.14-0.1.rc1.2 -- Update to NSS_3_14_RC -- Remove the temporary bootstrapping modifications - -* Sun Oct 21 2012 Elio Maldonado emaldona@redhat.com - 3.14-0.1.rc.1 -- Update to NSS_3_14_RC1 -- Remove patches rendered obsolete by this update and update others -- Temporarily modifiy the spec file while bootstrapping the buildroot a follows: -- Remove unwanted headers that we lo loger ship -- Modified the post install scriplet to ensure the in-tree freebl library is loaded - -* Fri Jul 20 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.13.5-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Wed Jun 20 2012 Elio Maldonado emaldona@redhat.com - 3.13.5-2 -- Resolves: rhbz#833529 - revert unwanted change to nss-softokn.pc.in - -* Mon Jun 18 2012 Elio Maldonado emaldona@redhat.com - 3.13.5-1 -- Update to NSS_3_13_5_RTM -- Remove unneeded fix for gcc 4.7 c++ issue in secmodt.h which undoes the upstream fix -- Fix Libs: line on nss-softokn.pc.in - -* Wed Jun 13 2012 Elio Maldonado emaldona@redhat.com - 3.13.4-3 -- Resolves: rhbz#745224 - nss-softokn sha224 self-test fails in fips mode - -* Tue Apr 10 2012 Elio Maldonado emaldona@redhat.com - 3.13.4-2 -- Resolves: Bug 801975 Restore use of NSS_NoDB_Init or alternate to fipstest - -* Fri Apr 06 2012 Elio Maldonado emaldona@redhat.com - 3.13.4-1 -- Update to NSS_3_13_4 - -* Sun Apr 01 2012 Elio Maldonado emaldona@redhat.com - 3.13.4-0.1.beta.1 -- Update to NSS_3_13_4_BETA1 -- Improve steps for splitting off softokn from the full nss - -* Wed Mar 21 2012 Elio Maldonado emaldona@redhat.com - 3.13.3-2 -- Resolves: Bug 805719 - Library needs partial RELRO support added - -* Thu Mar 01 2012 Elio Maldonado emaldona@redhat.com - 3.13.3-1 -- Update to NSS_3_13_3_RTM - -* Wed Feb 1 2012 Tom Callaway spot@fedoraproject.org 3.13.1-20 -- re-enable /usrmove changes - -* Wed Feb 1 2012 Tom Callaway spot@fedoraproject.org 3.13.1-19.1 -- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals -- temporarily revert /usrmove changes. they will be restored in -20 for the f17-usrmove tag. - -* Wed Jan 25 2012 Harald Hoyer harald@redhat.com 3.13.1-19 -- add filesystem guard - -* Wed Jan 25 2012 Harald Hoyer harald@redhat.com 3.13.1-18 -- install everything in /usr - https://fedoraproject.org/wiki/Features/UsrMove - -* Fri Jan 13 2012 Elio Maldonado Batiz emaldona@redhat.com - 3.13.1-17 -- Remove unneeded prelink patch afterthe nss update to 3.13.1 - -* Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.13.1-16 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Fri Dec 30 2011 Elio Maldonado emaldona@redhat.com - 3.13.1-15 -- Bug 770999 - Fix segmentation violation when turning on fips mode -- Reintroduce the iquote patch but don't apply it unless needed - -* Tue Dec 13 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-14 -- Restore the update to 3.13.1 -- Update the patch for freebl to deal with prelinked shared libraries -- Add additional dbrg power-up self-tests as required by fips -- Reactivate the tests - -* Tue Dec 06 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-13 -- Bug 757005 Build nss-softokn for rhel 7 -- Make it almost like nss-softokn-3.12.9 in rhel 6.2 -- Added a patch to build with Linux 3 and higher -- Meant to work with nss and nss-utul 3.1.3.1 -- Download only the 3.12.9 sources from the lookaside cache - -* Fri Dec 02 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-12 -- Retagging - -* Wed Nov 23 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-11 -- Downgrading to 3.12.9 for a merge into new RHEL git repo -- This build is for the buildroot for a limited time only -- Do not not push it to update-testing - -* Tue Nov 08 2011 Elio Maldonado emaldona@redhat.com - 3.13.1-1 -- Update to NSS_3_13_1_RTM - -* Wed Oct 12 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-6 -- Fix failure to switch nss-softokn to FIPS mode (#745571) - -* Tue Oct 11 2011 Elio Maldonado emaldona@redhat.com - 3.13-0.1.rc0.3 -- Update to NSS_3_13_RC0 post bootstrapping -- Don't incude util in sources for the lookaside cache -- Reenable building the fipstest tool -- Restore full cli argument parsing in the sectool library - -* Sun Oct 09 2011 Elio Maldonado emaldona@redhat.com - 3.13-0.1.rc0.2 -- Update to NSS_3_13_RC0 bootstrapping the system phase 2 -- Reenable the cipher test suite - -* Sat Oct 08 2011 Elio Maldonado emaldona@redhat.com - 3.13-0.rc0.1 -- Update to NSS_3_13_RC0 - -* Thu Sep 8 2011 Ville Skytt ville.skytta@iki.fi - 3.12.11-3 -- Avoid %%post/un shell invocations and dependencies. - -* Wed Aug 17 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-5 -- rebuilt as recommended to deal with an rpm 4.9.1 issue - -* Wed Jul 20 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-4 -- Adjustements from code review (#715402) - -* Sun Jun 26 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-3 -- Add %%{check} section to run crypto tests as part of the build (#715402) - -* Tue Jun 14 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-2 -- Fix intel optimized aes code to deal with case where input and ouput are in the same buffer (#709517) - -* Fri May 06 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-1 -- Update to NSS_3_12_10_RTM - -* Wed Apr 27 2011 Elio Maldonado emaldona@redhat.com - 3.12.10-0.1.beta1 -- Update to NSS_3_12_10_BETA1 - -* Fri Feb 25 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-7 -- Add requires nss-softokn-freebl-devel to nss-softokn-devel (#675196) - -* Mon Feb 14 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-5 -- Expand the nss-softokn-freebl-devel package description (#675196) - -* Mon Feb 14 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-5 -- Remove duplicates from the file lists - -* Sun Feb 13 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-4 -- Add blapit.h to headers provided by nss-softokn-freebl-devel (#675196) -- Expand the freebl-devel package description - -* Tue Feb 08 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.12.9-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Fri Feb 04 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-2 -- Add header for nss-softokn-freebl-devel (#675196) - -* Wed Jan 12 2011 Elio Maldonado emaldona@redhat.com - 3.12.9-1 -- Update to 3.12.9 - -* Mon Dec 27 2010 Elio Maldonado emaldona@redhat.com - 3.12.9-0.1.beta2 -- Rebuilt according to fedora pre-release package naming guidelines - -* Fri Dec 10 2010 Elio Maldonado emaldona@redhat.com - 3.12.8.99.2-1 -- Update to NSS_3_12_9_BETA2 - -* Wed Dec 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.8.99.1-1 -- Update to NSS_3_12_9_BETA1 - -* Wed Sep 29 2010 jkeating - 3.12.8-2 -- Rebuilt for gcc bug 634757 - -* Thu Sep 23 2010 Elio Maldonado emaldona@redhat.com - 3.12.8-1 -- Update to 3.12.8 -- Adhere to static library packaging guidelines (#609613) -- Fix nss-util-devel version dependency line -- Shorten freebl and freebl subpackages descriptions - -* Sat Sep 18 2010 Elio Maldonado emaldona@redhat.com - 3.12.99.4-1 -- NSS 3.12.8 RC0 - -* Sun Sep 12 2010 Elio Maldonado emaldona@redhat.com - 3.12.7.99.3-2 -- Update the required version of nss-util to 3.12.7.99.3 - -* Sat Sep 04 2010 Elio Maldonado emaldona@redhat.com - 3.12.7.99.3-1 -- NSS 3.12.8 Beta 3 - -* Mon Aug 30 2010 Elio Maldonado emaldona@redhat.com - 3.12.7-3 -- Update BuildRequires on nspr-devel and nss-util-devel - -* Sun Aug 29 2010 Elio Maldonado emaldona@redhat.com - 3.12.7-2 -- Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch -- Fix rpmlint warnings about macros in comments and changelog - -* Mon Aug 16 2010 Elio Maldonado emaldona@redhat.com - 3.12.7-1 -- Update to 3.12.7 -- Fix build files to ensure nsslowhash.h is included in public headers - -* Tue Jun 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.6-3 -- Retagging - -* Mon Jun 07 2010 Elio Maldonado emaldona@redhat.com - 3.12.6-2 -- Bump NVR to be greater than those for nss-softokn subpackages in F11 (rhbz#601407) - -* Sun Jun 06 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-23 -- Bump release number - -* Fri Jun 04 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-22 -- Cleanup changelog comments to avoid unwanted macro expansions - -* Wed Jun 02 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-21 -- Retagging - -* Wed Jun 02 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-20 -- Add %%{?_isa} to the requires in the devel packages (#596840) -- Fix typo in the package description (#598295) -- Update nspr version to 4.8.4 - -* Sat May 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-19 -- Consider the system as not fips enabled when /proc/sys/crypto/fips_enabled isn't present (rhbz#590199) - -* Sat May 08 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-18 -- Fix Conflicts line to prevent update when prelink is not yet the right version (rhbz#590199) - -* Mon Apr 19 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-17 -- Updated prelink patch rhbz#504949 - -* Thu Apr 15 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-16 -- allow prelink of softoken and freebl. Change the verify code to use - prelink -u if prelink is installed. Fix by Robert Relyea rhbz#504949 - -* Mon Jan 18 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-15 -- Move libfreebl3.so and its .chk file to /lib{64} (rhbz#561544) - -* Mon Jan 18 2010 Elio Maldonado emaldona@redhat.com - 3.12.4-13 -- Fix in nss-softokn-spec.in -- Require nss-util >= 3.12.4 - -* Thu Dec 03 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-12 -- Require nss-util 3.12.5 - -* Fri Nov 20 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-11 -- export freebl devel tools (#538226) - -* Wed Sep 23 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-10 -- Fix paths in nss-softokn-prelink so signed libraries don't get touched, rhbz#524794 - -* Thu Sep 17 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-9 -- Add nssdbm3.so to nss-softokn-prelink.conf, rhbz#524077 - -* Thu Sep 10 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-8 -- Retagging for a chained build - -* Thu Sep 10 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-6 -- Don't list libraries in nss-softokn-config, dynamic linking required - -* Tue Sep 08 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-5 -- Installing shared libraries to %%{_libdir} - -* Sun Sep 06 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-4 -- Postuninstall scriptlet finishes quietly - -* Sat Sep 05 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-3 -- Remove symblic links to shared libraries from devel, rhbz#521155 -- Apply the nss-nolocalsql patch -- No rpath-link in nss-softokn-config - -* Fri Sep 04 2009 serstring=Elio Maldonadoemaldona@redhat.cpm - 3.12.4-2 -- Retagging to pick up the correct .cvsignore - -* Tue Sep 01 2009 Elio Maldonadoemaldona@redhat.com - 3.12.4-1 -- Update to 3.12.4 -- Fix logic on postun -- Don't require sqlite - -* Mon Aug 31 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-24 -- Fixed test on %%postun to avoid returning 1 when nss-softokn instances still remain - -* Sun Aug 30 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-23 -- Explicitly state via nss_util_version the nss-util version we require - -* Fri Aug 28 2009 Warren Togami wtogami@redhat.com - 3.12.3.99.3-22 -- caolan's nss-softokn.pc patch - -* Thu Aug 27 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-21 -- Bump the release number for a chained build of nss-util, nss-softokn and nss - -* Thu Aug 27 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-20 -- List freebl, nssdbm and softokn libraries in nss-softokn-config and nss-softokn.pc - -* Thu Aug 27 2009 Elio Maldonado emaldona@redhat.com - 3.12.3.99.3-19 -- Determine NSSUTIL_INCLUDE_DIR and NSSUTIL_LIB_DIR with a pkg-config query on nss-util -- Remove the release 17 hack - -* Thu Aug 27 2009 Elio maldonadoemaldona@redhat.com - 3.12.3.99.3-18 -- fix spurious executable permissions on nss-softokn.pc - -* Thu Aug 27 2009 Adel Gadllah adel.gadllah@gmail.com - 3.12.3.99.3-17 -- Add hack to fix build - -* Tue Aug 25 2009 Dennis Gilmore dennis@ausil.us - 3.12.3.99.3-16 -- only have a single Requires: line in the .pc file - -* Tue Aug 25 2009 Dennis Gilmore dennis@ausil.us - 3.12.3.99.3-12 -- bump to unique rpm nvr - -* Tue Aug 25 2009 Elio Maldonadoemaldona@redhat.com - 3.12.3.99.3-10 -- Build after nss with subpackages and new nss-util - -* Thu Aug 20 2009 Dennis Gilmore dennis@ausil.us 3.12.3.99.3-9 -- revert to shipping bits - -* Wed Aug 19 2009 Elio Maldonado emaldona@redhat.com 3.12.3.99.3-8.1 -- Disable installing until conflicts are relsoved - -* Wed Aug 19 2009 Elio Maldonado emaldona@redhat.com 3.12.3.99.3-8 -- Initial build diff --git a/nss-split-softokn.sh b/nss-split-softokn.sh deleted file mode 100755 index e8c5ab9..0000000 --- a/nss-split-softokn.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/sh -# -# Splits NSS into nss-util and nss-softokn -# Takes as command line input the version of nss -# and assumes that a file nss-${nss_version}.tar.gz -# exists in the current directory - -set -e - -if test -z $1 -then - echo "usage: $0 nss-version" - exit -fi - -export name=nss -export version=$1 - -echo "Extracting ${name}-${version}.tar.gz" - -tar -xzf ${name}-${version}.tar.gz - -# the directory will be named ${name}-${version} - -nss_source_dir=${name}-${version} -softokn_dir=${name}-softokn-${version} - -# make_nss_softokn -#------------------------------------------------- -# create the nss-softokn subset consisting of -# nss/dbm full directory -# nss/coreconf full directory -# nss top files only -# nss/lib top files only -# nss/lib/freebl full directory -# nss/lib/softoken full directory -# nss/lib/softoken/dbm full directory -#------------------------------------------------------- - -WORK=${softokn_dir}-work -rm -rf ${WORK} -mkdir ${WORK} - -# copy everything -cp -a ${nss_source_dir} ${WORK}/${softokn_dir} - -# remove subdirectories that we don't want -rm -rf ${WORK}/${softokn_dir}/nss/cmd -rm -rf ${WORK}/${softokn_dir}/nss/tests -rm -rf ${WORK}/${softokn_dir}/nss/lib -rm -rf ${WORK}/${softokn_dir}/nss/pkg -rm -rf ${WORK}/${softokn_dir}/nss/automation -rm -rf ${WORK}/${softokn_dir}/nss/external_tests -rm -rf ${WORK}/${softokn_dir}/nss/doc -# start with an empty lib directory and copy only what we need -mkdir ${WORK}/${softokn_dir}/nss/lib -# copy the top files from nss/lib/ -topFilesL=`find ${nss_source_dir}/nss/lib/ -maxdepth 1 -mindepth 1 -type f` -for f in $topFilesL; do - cp -p $f ${WORK}/${softokn_dir}/nss/lib -done -mkdir ${WORK}/${softokn_dir}/nss/lib/util -# copy entire dbm, freebl and softoken directories recursively -cp -a ${nss_source_dir}/nss/lib/dbm ${WORK}/${softokn_dir}/nss/lib/dbm -cp -a ${nss_source_dir}/nss/lib/freebl ${WORK}/${softokn_dir}/nss/lib/freebl -cp -a ${nss_source_dir}/nss/lib/softoken ${WORK}/${softokn_dir}/nss/lib/softoken -# and some Makefiles and related files from nss -topFilesN=`find ${nss_source_dir}/nss/ -maxdepth 1 -mindepth 1 -type f` -for f in $topFilesN; do - cp -p $f ${WORK}/${softokn_dir}/nss/ -done -# copy private headers that nss-softoken needs -for f in verref.h; do - cp -p ${nss_source_dir}/nss/lib/util/$f ${WORK}/${softokn_dir}/nss/lib/util -done - -# we do need bltest, ecperf, fbectest, lib, lowhashtest, and shlibsign -# from nss/cmd -mkdir ${WORK}/${softokn_dir}/nss/cmd -# copy some files at the top and the slhlib subdirectory -topFilesC=`find ${nss_source_dir}/nss/cmd/ -maxdepth 1 -mindepth 1 -type f` -for f in $topFilesC; do - cp -p $f ${WORK}/${softokn_dir}/nss/cmd/ -done - -cp -a ${nss_source_dir}/nss/cmd/bltest ${WORK}/${softokn_dir}/nss/cmd/bltest -cp -a ${nss_source_dir}/nss/cmd/ecperf ${WORK}/${softokn_dir}/nss/cmd/ecperf -cp -a ${nss_source_dir}/nss/cmd/fbectest ${WORK}/${softokn_dir}/nss/cmd/fbectest -cp -a ${nss_source_dir}/nss/cmd/fipstest ${WORK}/${softokn_dir}/nss/cmd/fipstest -cp -a ${nss_source_dir}/nss/cmd/lib ${WORK}/${softokn_dir}/nss/cmd/lib -cp -a ${nss_source_dir}/nss/cmd/lowhashtest ${WORK}/${softokn_dir}/nss/cmd/lowhashtest -cp -a ${nss_source_dir}/nss/cmd/shlibsign ${WORK}/${softokn_dir}/nss/cmd/shlibsign - -# plus common, crypto, and lowhash from nss/tests -mkdir ${WORK}/${softokn_dir}/nss/tests -topFilesT=`find ${nss_source_dir}/nss/tests/ -maxdepth 1 -mindepth 1 -type f` -for f in $topFilesT; do - cp -p $f ${WORK}/${softokn_dir}/nss/tests/ -done -keepers="cipher common ec lowhash" -for t in $keepers; do - cp -a ${nss_source_dir}/nss/tests/$t ${WORK}/${softokn_dir}/nss/tests/$t -done - -pushd ${WORK} -# the compressed tar ball for nss-softokn -tar -czf ../${name}-softokn-${version}.tar.gz ${softokn_dir} -popd - -# cleanup after ourselves -rm -fr ${nss_source_dir} -rm -rf ${WORK} - - - diff --git a/sources b/sources deleted file mode 100644 index 3047028..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -SHA512 (nss-softokn-3.39.tar.gz) = 11dc3830eee2fef0f15b889673e6fedc5fca8199f84e9ce610adbe825517d6f918f0fb2dd6f414388d678cc93b2db99001b08e9a583d571151d222bb9186c3b0 diff --git a/tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile b/tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile deleted file mode 100644 index ea65d87..0000000 --- a/tests/NSS-tools-should-not-use-SHA1-by-default-when/Makefile +++ /dev/null @@ -1,64 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when -# Description: NSS tools should not use SHA1 by default when -# Author: Hubert Kario hkario@redhat.com -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - -include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Hubert Kario hkario@redhat.com" > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA) - @echo "Type: Regression" >> $(METADATA) - @echo "TestTime: 10m" >> $(METADATA) - @echo "RunFor: nss openssl" >> $(METADATA) - @echo "Requires: nss nss-tools openssl" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE b/tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE deleted file mode 100644 index 7caf493..0000000 --- a/tests/NSS-tools-should-not-use-SHA1-by-default-when/PURPOSE +++ /dev/null @@ -1,4 +0,0 @@ -PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when -Description: NSS tools should not use SHA1 by default when -Author: Hubert Kario hkario@redhat.com -Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates diff --git a/tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh b/tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh deleted file mode 100755 index 8290d92..0000000 --- a/tests/NSS-tools-should-not-use-SHA1-by-default-when/runtest.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when -# Description: NSS tools should not use SHA1 by default when -# Author: Hubert Kario hkario@redhat.com -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2016 Red Hat, Inc. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="nss" -PACKAGES="nss openssl" -DBDIR="nssdb" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm --all - rlRun "TmpDir=$(mktemp -d)" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlRun "mkdir nssdb" - rlRun "certutil -N -d $DBDIR --empty-password" - rlLogInfo "Create a JAR file" - rlRun "mkdir java-dir" - rlRun "pushd java-dir" - rlRun "mkdir META-INF mypackage" - rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF" - rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class" - #rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class" - rlRun "popd" - #rlRun "mv java-dir/package.jar ." - rlPhaseEnd - - rlPhaseStartTest "Self signing certificates" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise" - rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartTest "Signing certificates" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime" - rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartTest "Certificate request" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "mkdir srv2db" - rlRun "certutil -d srv2db -N --empty-password" - rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise" - rlRun -s "openssl req -noout -text -in srv2.req" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt" - rlRun -s "openssl x509 -in srv2.crt -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlRun "rm -rf srv2db" - rlPhaseEnd - - rlPhaseStartTest "Certificate request with SHA1" - rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null" - rlRun "mkdir srv2db" - rlRun "certutil -d srv2db -N --empty-password" - rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1" - rlRun -s "openssl req -noout -text -in srv2.req" - rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG" - rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt" - rlRun -s "openssl x509 -in srv2.crt -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG" - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlRun "rm -rf srv2db" - rlPhaseEnd - - rlPhaseStartTest "Signing CMS messages" - rlRun "echo 'This is a document' > document.txt" - rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms" - rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print" - rlAssertGrep "algorithm: sha256" $rlRun_LOG - rlAssertNotGrep "algorithm: sha1" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartTest "CRL signing" - rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script" - rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script" - rlRun "echo addext crlNumber 0 1245 >>script" - rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script" - rlRun "echo addext reasonCode 0 0 >>script" - rlRun "cat script" - rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl" - rlRun -s "openssl crl -in ca.crl -inform der -noout -text" - rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG - rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index df64aa2..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# This first play always runs on the local staging system -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - tests: - - NSS-tools-should-not-use-SHA1-by-default-when - required_packages: - - nss-tools - - nss
arch-excludes@lists.fedoraproject.org