[nss/f13/master: 3/4] Improve on fixes for bugs #636787, #636792, and #636801

Elio Maldonado emaldonado at fedoraproject.org
Wed Sep 29 22:53:50 UTC 2010 

commit a3c32434c914c072d56d8ed7ab02cfbc7a3cbd6c
Author: Elio Maldonado <emaldona at redhat.com>
Date:   Wed Sep 29 15:15:00 2010 -0700

    Improve on fixes for bugs #636787, #636792, and #636801
    
    Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)
    Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)

 nss.spec            |   23 +++++++++++++++++------
 setup-nsssysinit.sh |   35 ++++++++++++++++++++++++-----------
 2 files changed, 41 insertions(+), 17 deletions(-)
---
diff --git a/nss.spec b/nss.spec
index a9117c2..9bad215 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.7
-Release:          6%{?dist}
+Release:          8%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -16,7 +16,7 @@ Requires:         nss-softokn%{_isa} >= %{nss_softokn_version}
 Requires:         nss-system-init
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:    nspr-devel >= %{nspr_version}
-BuildRequires:    nss-softokn-devel >= %{nss_softokn_version}                                         
+BuildRequires:    nss-softokn-devel >= %{nss_softokn_version}
 BuildRequires:    nss-util-devel >= %{nss_util_version}
 BuildRequires:    sqlite-devel
 BuildRequires:    zlib-devel
@@ -100,6 +100,7 @@ Header and Library files for doing development with Network Security Services.
 %package pkcs11-devel
 Summary:          Development libraries for PKCS #11 (Cryptoki) using NSS
 Group:            Development/Libraries
+Provides:         nss-pkcs11-devel-static = %{version}-%{release}
 Requires:         nss-devel = %{version}-%{release}
 
 %description pkcs11-devel
@@ -371,11 +372,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 %postun -p /sbin/ldconfig
 
-%post sysinit
-%{_bindir}/setup-nsssysinit.sh on
+# Reverse unwanted disabling of sysinit by faulty preun sysinit scriplet
+# from previous versions of nss.spec
+%triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3
+/usr/bin/setup-nsssysinit.sh on
 
-%preun sysinit
-%{_bindir}/setup-nsssysinit.sh off
 
 %files
 %defattr(-,root,root)
@@ -489,6 +490,16 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 %{_libdir}/libnssckfw.a
 
 %changelog
+* Wed Sep 29 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.7-8
+- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)
+- Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)
+
+* Tue Sep 28 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.7-7
+- Prevent of nss-sysinit disabling on package upgrade (#636787)
+- Create pkcs11.txt with correct permissions regardless of umask (#636792) 
+- Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801)
+- Add provides nss-pkcs11-devel-static to comply with packaging guidelines (#609612)
+
 * Sun Sep 12 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.7-6
 - Remove {nss_util|nss_softokn}_build_version, BuildRequires must match Requires
 
diff --git a/setup-nsssysinit.sh b/setup-nsssysinit.sh
index 9c1727b..8e1f5f7 100755
--- a/setup-nsssysinit.sh
+++ b/setup-nsssysinit.sh
@@ -1,24 +1,24 @@
 #!/bin/sh
 #
 # Turns on or off the nss-sysinit module db by editing the
-# global PKCS #11 congiguration file.
+# global PKCS #11 congiguration file. Displays the status.
 #
 # This script can be invoked by the user as super user.
-# It is invoked at nss-sysinit post install time with argument on
-# and at nss-sysinit pre uninstall with argument off. 
+# It is invoked at nss-sysinit post install time with argument on.
 #
 usage()
 {
   cat <<EOF
 Usage: setup-nsssysinit [on|off]
-  on  - turns on nsssysinit
-  off - turns off nsssysinit
+  on     - turns on nsssysinit
+  off    - turns off nsssysinit
+  status - reports whether nsssysinit is turned on or off
 EOF
   exit $1
 }
 
 # validate
-if test $# -eq 0; then
+if [ $# -eq 0 ]; then
   usage 1 1>&2
 fi
 
@@ -30,17 +30,26 @@ if [ ! -f $p11conf ]; then
   exit 1
 fi
 
-on="1"
+# check if nsssysinit is currently enabled or disabled
+sysinit_enabled()
+{
+  grep -q '^library=libnsssysinit' ${p11conf}
+}
+
+umask 022
 case "$1" in
   on | ON )
+    if sysinit_enabled; then 
+      exit 0 
+    fi
     cat ${p11conf} | \
-     sed -e 's/^library=$/library=libnsssysinit.so/' \
-         -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
-    ${p11conf}.on
+    sed -e 's/^library=$/library=libnsssysinit.so/' \
+        -e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' > \
+        ${p11conf}.on
     mv ${p11conf}.on ${p11conf}
     ;;
   off | OFF )
-    if [ ! `grep "^library=libnsssysinit" ${p11conf}` ]; then
+    if ! sysinit_enabled; then
       exit 0
     fi
     cat ${p11conf} | \
@@ -49,6 +58,10 @@ case "$1" in
         ${p11conf}.off
     mv ${p11conf}.off ${p11conf}
     ;;
+  status )
+    echo -n 'NSS sysinit is '
+    sysinit_enabled && echo 'enabled' || echo 'disabled'
+    ;;
   * )
     usage 1 1>&2
     ;;

More information about the scm-commits mailing list