[nss/f14/master] Fixes for Bugs 636787, 636792, 636801, and 609612
Elio Maldonado
emaldonado at fedoraproject.org
Tue Sep 28 22:15:07 UTC 2010
commit 125ad15fa41b468effd0ecc1d791d99a9b1e46be
Author: Elio Maldonado <emaldona at redhat.com>
Date: Tue Sep 28 15:10:47 2010 -0700
Fixes for Bugs 636787, 636792, 636801, and 609612
Prevent of nss-sysinit disabling on package upgrade (#636787):
Change system-pkcs11.txt to have nsssyinit turned on by default and
add posttrans syninit scriplet as replacement to post and preun ones
Create pkcs11.txt with correct permissions regardless of umask (#636792)
Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801)
Add provides nss-pkcs11-devel-static to comply with packaging guidelines (#609612)
nss.spec | 21 ++++++++++++++-------
setup-nsssysinit.sh | 24 ++++++++++++++++--------
system-pkcs11.txt | 4 ++--
3 files changed, 32 insertions(+), 17 deletions(-)
---
diff --git a/nss.spec b/nss.spec
index a9117c2..9ac5239 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.7
-Release: 6%{?dist}
+Release: 7%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -16,7 +16,7 @@ Requires: nss-softokn%{_isa} >= %{nss_softokn_version}
Requires: nss-system-init
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{nspr_version}
-BuildRequires: nss-softokn-devel >= %{nss_softokn_version}
+BuildRequires: nss-softokn-devel >= %{nss_softokn_version}
BuildRequires: nss-util-devel >= %{nss_util_version}
BuildRequires: sqlite-devel
BuildRequires: zlib-devel
@@ -100,6 +100,7 @@ Header and Library files for doing development with Network Security Services.
%package pkcs11-devel
Summary: Development libraries for PKCS #11 (Cryptoki) using NSS
Group: Development/Libraries
+Provides: nss-pkcs11-devel-static = %{version}-%{release}
Requires: nss-devel = %{version}-%{release}
%description pkcs11-devel
@@ -371,11 +372,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%postun -p /sbin/ldconfig
-%post sysinit
-%{_bindir}/setup-nsssysinit.sh on
-
-%preun sysinit
-%{_bindir}/setup-nsssysinit.sh off
+# Prevent disabling of nss-sysinit on nss package upgrade. Reverses
+# nss-sysinit disabling caused by faulty preun sysinit scriplet from
+# previous versions of nss.spec. It should be eventually removed.
+%posttrans sysinit
+[ -e /etc/pki/nssdb/pkcs11.txt ] && /usr/bin/setup-nsssysinit.sh on
%files
%defattr(-,root,root)
@@ -489,6 +490,12 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%{_libdir}/libnssckfw.a
%changelog
+* Tue Sep 28 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.7-7
+- Prevent of nss-sysinit disabling on package upgrade (#636787)
+- Create pkcs11.txt with correct permissions regardless of umask (#636792)
+- Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801)
+- Add provides nss-pkcs11-devel-static to comply with packaging guidelines (#609612)
+
* Sun Sep 12 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.7-6
- Remove {nss_util|nss_softokn}_build_version, BuildRequires must match Requires
diff --git a/setup-nsssysinit.sh b/setup-nsssysinit.sh
index 9c1727b..02042ff 100755
--- a/setup-nsssysinit.sh
+++ b/setup-nsssysinit.sh
@@ -1,18 +1,18 @@
#!/bin/sh
#
# Turns on or off the nss-sysinit module db by editing the
-# global PKCS #11 congiguration file.
+# global PKCS #11 congiguration file. Displays the status.
#
# This script can be invoked by the user as super user.
-# It is invoked at nss-sysinit post install time with argument on
-# and at nss-sysinit pre uninstall with argument off.
+# It is invoked at nss-sysinit post install time with argument on.
#
usage()
{
cat <<EOF
Usage: setup-nsssysinit [on|off]
- on - turns on nsssysinit
- off - turns off nsssysinit
+ on - turns on nsssysinit
+ off - turns off nsssysinit
+ status - reports whether nsssysinit is turned on or off
EOF
exit $1
}
@@ -33,22 +33,30 @@ fi
on="1"
case "$1" in
on | ON )
+ if [ `grep '^library=libnsssysinit' ${p11conf}` ]; then
+ exit 0
+ fi
+ umask 022
cat ${p11conf} | \
- sed -e 's/^library=$/library=libnsssysinit.so/' \
- -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
- ${p11conf}.on
+ sed -e 's/^library=$/library=libnsssysinit.so/' \
+ -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
+ ${p11conf}.on
mv ${p11conf}.on ${p11conf}
;;
off | OFF )
if [ ! `grep "^library=libnsssysinit" ${p11conf}` ]; then
exit 0
fi
+ umask 022
cat ${p11conf} | \
sed -e 's/^library=libnsssysinit.so/library=/' \
-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' > \
${p11conf}.off
mv ${p11conf}.off ${p11conf}
;;
+ status )
+ grep -q '^library=libnsssysinit' ${p11conf} && echo 'ON' || echo OFF
+ ;;
* )
usage 1 1>&2
;;
diff --git a/system-pkcs11.txt b/system-pkcs11.txt
index 0aa7a5c..c2f5704 100644
--- a/system-pkcs11.txt
+++ b/system-pkcs11.txt
@@ -1,5 +1,5 @@
-library=
+library=libnsssysinit.so
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
-NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
More information about the scm-commits
mailing list