rpms/nss/devel nss-freebl-kernelfipsmode, NONE, 1.1 nss.spec, 1.65, 1.66
Kai Engert
kengert at fedoraproject.org
Tue Apr 14 22:21:52 UTC 2009
- Previous message: rpms/openoffice.org-extendedPDF/F-10 openoffice.org-extendedPDF-1.4.0-oooVersion.patch, NONE, 1.1
- Next message: rpms/NetworkManager/devel .cvsignore, 1.103, 1.104 NetworkManager.spec, 1.270, 1.271 nm-applet-internal-buildfixes.patch, 1.6, 1.7 sources, 1.140, 1.141
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kengert
Update of /cvs/extras/rpms/nss/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16080
Modified Files:
nss.spec
Added Files:
nss-freebl-kernelfipsmode
Log Message:
* Tue Apr 14 2009 Kai Engert <kaie at redhat.com> - 3.12.3-3
- ship .chk files instead of running shlibsign at install time
- include .chk file in softokn-freebl subpackage
- add patch for upstream nss bug 488350
--- NEW FILE nss-freebl-kernelfipsmode ---
diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode ./mozilla/security/nss/lib/freebl/nsslowhash.c
--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.kernelfipsmode 2008-11-27 16:20:44.000000000 +0100
+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2009-04-14 22:58:19.000000000 +0200
@@ -267,6 +267,27 @@ struct NSSLOWHASHContextStr {
};
+static int nsslow_GetFIPSEnabled(void) {
+#ifdef LINUX
+ FILE *f;
+ char d;
+ size_t size;
+
+ f = fopen("/proc/sys/crypto/fips_enabled", "r");
+ if (!f)
+ return 0;
+
+ size = fread(&d, 1, 1, f);
+ fclose(f);
+ if (size != 1)
+ return 0;
+ if (d != '1')
+ return 0;
+#endif
+ return 1;
+}
+
+
static int post = 0;
static NSSLOWInitContext dummyContext = { 0 };
@@ -284,7 +305,9 @@ NSSLOW_Init(void)
if (!post) {
- crv = freebl_fipsPowerUpSelfTest();
+ crv = CKR_OK;
+ if (nsslow_GetFIPSEnabled())
+ crv = freebl_fipsPowerUpSelfTest();
if (crv != CKR_OK) {
return NULL;
}
Index: nss.spec
===================================================================
RCS file: /cvs/extras/rpms/nss/devel/nss.spec,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- nss.spec 14 Apr 2009 15:21:19 -0000 1.65
+++ nss.spec 14 Apr 2009 22:21:51 -0000 1.66
@@ -4,7 +4,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.3
-Release: 2%{?dist}
+Release: 3%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -36,6 +36,7 @@
Patch5: nss-pem-bug429175.patch
Patch6: nss-enable-pem.patch
Patch7: nss-disable-freebl-execstack.patch
+Patch8: nss-freebl-kernelfipsmode
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -107,6 +108,7 @@
%patch5 -p0 -b .429175
%patch6 -p0 -b .libpem
%patch7 -p1
+%patch8 -p1
%build
@@ -230,6 +232,14 @@
#fi
#echo "test suite completed"
+# Produce .chk files for the final stripped binaries
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libsoftokn3.so \
+ $RPM_BUILD_ROOT/%{unsupported_tools_directory}/shlibsign -i $RPM_BUILD_ROOT/%{_lib}/libfreebl3.so \
+%{nil}
%install
@@ -248,11 +258,9 @@
ln -sf ../../%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
done
-# These ghost files will be generated in the post step
# Make sure chk files can be found in both places
for file in libsoftokn3.chk libfreebl3.chk
do
- touch $RPM_BUILD_ROOT/%{_lib}/$file
ln -s ../../%{_lib}/$file $RPM_BUILD_ROOT/%{_libdir}/$file
done
@@ -295,8 +303,6 @@
%post
/sbin/ldconfig >/dev/null 2>/dev/null
-%{unsupported_tools_directory}/shlibsign -i /%{_lib}/libsoftokn3.so >/dev/null 2>/dev/null
-%{unsupported_tools_directory}/shlibsign -i /%{_lib}/libfreebl3.so >/dev/null 2>/dev/null
%postun
@@ -311,11 +317,10 @@
/%{_lib}/libssl3.so
/%{_lib}/libsmime3.so
/%{_lib}/libsoftokn3.so
+/%{_lib}/libsoftokn3.chk
/%{_lib}/libnssckbi.so
/%{_lib}/libnsspem.so
%{unsupported_tools_directory}/shlibsign
-%ghost /%{_lib}/libsoftokn3.chk
-%ghost /%{_lib}/libfreebl3.chk
%dir %{_libdir}/nss
%dir %{unsupported_tools_directory}
%dir %{_sysconfdir}/pki/nssdb
@@ -327,6 +332,7 @@
%files softokn-freebl
/%{_lib}/libfreebl3.so
+/%{_lib}/libfreebl3.chk
%files tools
%defattr(-,root,root)
@@ -470,6 +476,10 @@
%changelog
+* Tue Apr 14 2009 Kai Engert <kaie at redhat.com> - 3.12.3-3
+- ship .chk files instead of running shlibsign at install time
+- include .chk file in softokn-freebl subpackage
+- add patch for upstream nss bug 488350
* Tue Apr 14 2009 Kai Engert <kaie at redhat.com> - 3.12.3-2
- Update to NSS 3.12.3
* Mon Apr 06 2009 Kai Engert <kaie at redhat.com> - 3.12.2.99.3-7
- Previous message: rpms/openoffice.org-extendedPDF/F-10 openoffice.org-extendedPDF-1.4.0-oooVersion.patch, NONE, 1.1
- Next message: rpms/NetworkManager/devel .cvsignore, 1.103, 1.104 NetworkManager.spec, 1.270, 1.271 nm-applet-internal-buildfixes.patch, 1.6, 1.7 sources, 1.140, 1.141
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list