rpms/nss/devel nss-decouple-softokn.patch, NONE, 1.1 nss-disable-build-freebl-softoken.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 nss.spec, 1.23, 1.24 sources, 1.9, 1.10

Kai Engert (kengert) fedora-extras-commits at redhat.com
Tue Jun 19 00:02:22 UTC 2007


Author: kengert

Update of /cvs/extras/rpms/nss/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23217

Modified Files:
	.cvsignore nss.spec sources 
Added Files:
	nss-decouple-softokn.patch 
	nss-disable-build-freebl-softoken.patch 
Log Message:
* Mon Jun 18 2007 Kai Engert <kengert at redhat.com> - 3.11.7-4
- Better approach to ship freebl/softokn based on 3.11.5
- Remove link time dependency on softokn


nss-decouple-softokn.patch:

--- NEW FILE nss-decouple-softokn.patch ---
? mozilla/security/nss/cmd/crmf-cgi/~Makefile
? mozilla/security/nss/lib/ckfw/builtins/qa.der
Index: mozilla/security/nss/lib/nss/config.mk
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/nss/config.mk,v
retrieving revision 1.26.2.1
diff -u -p -r1.26.2.1 config.mk
--- mozilla/security/nss/lib/nss/config.mk	17 Nov 2006 01:33:15 -0000	1.26.2.1
+++ mozilla/security/nss/lib/nss/config.mk	12 Jun 2007 01:29:35 -0000
@@ -53,7 +53,6 @@ RESNAME = $(LIBRARY_NAME).rc
 ifdef NS_USE_GCC
 EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib \
-	-lsoftokn3 \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
@@ -61,7 +60,6 @@ EXTRA_SHARED_LIBS += \
 	$(NULL)
 else # ! NS_USE_GCC
 EXTRA_SHARED_LIBS += \
-	$(DIST)/lib/softokn3.lib \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
@@ -74,7 +72,6 @@ else
 # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
 EXTRA_SHARED_LIBS += \
 	-L$(DIST)/lib \
-	-lsoftokn3 \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
Index: mozilla/security/nss/lib/pk11wrap/manifest.mn
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/manifest.mn,v
retrieving revision 1.16.2.1
diff -u -p -r1.16.2.1 manifest.mn
--- mozilla/security/nss/lib/pk11wrap/manifest.mn	2 Jun 2007 02:23:37 -0000	1.16.2.1
+++ mozilla/security/nss/lib/pk11wrap/manifest.mn	12 Jun 2007 01:29:35 -0000
@@ -82,6 +82,13 @@ REQUIRES = dbm
 
 LIBRARY_NAME = pk11wrap
 
+LIBRARY_VERSION = 3
+SOFTOKEN_LIBRARY_VERSION = 3
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
+        -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
+        -DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
+
 # only add module debugging in opt builds if DEBUG_PKCS11 is set
 ifdef DEBUG_PKCS11
   DEFINES += -DDEBUG_MODULE -DFORCE_PR_LOG
Index: mozilla/security/nss/lib/pk11wrap/pk11load.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
retrieving revision 1.17
diff -u -p -r1.17 pk11load.c
--- mozilla/security/nss/lib/pk11wrap/pk11load.c	20 Sep 2005 20:56:07 -0000	1.17
+++ mozilla/security/nss/lib/pk11wrap/pk11load.c	12 Jun 2007 01:29:35 -0000
@@ -47,10 +47,6 @@
 #include "nssilock.h"
 #include "secerr.h"
 
-extern void FC_GetFunctionList(void);
-extern void NSC_GetFunctionList(void);
-extern void NSC_ModuleDBFunc(void);
-
 #ifdef DEBUG
 #define DEBUG_MODULE 1
 #endif
@@ -221,6 +217,196 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, 
     }
 }
 
+static const char* nss_name =
+    SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
+static const char* softoken_default_name =
+    SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX;
+static PRCallOnceType loadSoftokenOnce;
+static PRLibrary* softokenLib;
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#define BL_MAXSYMLINKS 20
+
+/* ### Copied from freebl/loader.c and freebl changed to softoken. */
+/*
+ * If 'link' is a symbolic link, this function follows the symbolic links
+ * and returns the pathname of the ultimate source of the symbolic links.
+ * If 'link' is not a symbolic link, this function returns NULL.
+ * The caller should call PR_Free to free the string returned by this
+ * function.
+ */
+static char* st_GetOriginalPathname(const char* link)
+{
+    char* resolved = NULL;
+    char* input = NULL;
+    PRUint32 iterations = 0;
+    PRInt32 len = 0, retlen = 0;
+    if (!link) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+    len = PR_MAX(1024, strlen(link) + 1);
+    resolved = PR_Malloc(len);
+    input = PR_Malloc(len);
+    if (!resolved || !input) {
+        if (resolved) {
+            PR_Free(resolved);
+        }
+        if (input) {
+            PR_Free(input);
+        }
+        return NULL;
+    }
+    strcpy(input, link);
+    while ( (iterations++ < BL_MAXSYMLINKS) &&
+            ( (retlen = readlink(input, resolved, len - 1)) > 0) ) {
+        char* tmp = input;
+        resolved[retlen] = '\0'; /* NULL termination */
+        input = resolved;
+        resolved = tmp;
+    }
+    PR_Free(resolved);
+    if (iterations == 1 && retlen < 0) {
+        PR_Free(input);
+        input = NULL;
+    }
+    return input;
+}
+#endif /* XP_UNIX */
+
+/*
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded 
+ * shared lib that contains this function, and then do a PR_LoadLibrary
+ * with an absolute pathname for the softoken shared library.
+ */
+
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
+
+/* ### Copied from freebl/loader.c and freebl changed to softoken,
+ *     and softoken changed to nss.
+ */
+/*
+ * Load the softoken library with the file name 'name' residing in the same
+ * directory as libnss, whose pathname is 'nssPath'.
+ */
+static PRLibrary *
+st_LoadSoftokenLibInNssDir(const char *nssPath, const char *name)
+{
+    PRLibrary *dlh = NULL;
+    char *fullName = NULL;
+    char* c;
+    PRLibSpec libSpec;
+
+    /* Remove "libnss" from the pathname and add the softoken libname */
+    c = strrchr(nssPath, PR_GetDirectorySeparator());
+    if (c) {
+        size_t nssPathSize = 1 + c - nssPath;
+        fullName = (char*) PORT_Alloc(strlen(name) + nssPathSize + 1);
+        if (fullName) {
+            memcpy(fullName, nssPath, nssPathSize);
+            strcpy(fullName + nssPathSize, name); 
+#ifdef DEBUG_LOADER
+            PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n", 
+                       fullName);
+#endif
+            libSpec.type = PR_LibSpec_Pathname;
+            libSpec.value.pathname = fullName;
+            dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+            PORT_Free(fullName);
+        }
+    }
+    return dlh;
+}
+
+/* ### Copied from freebl/loader.c and freebl changed to softoken,
+ *     and softoken changed to nss.
+ */
+static PRLibrary *
+st_LoadLibrary(const char *name)
+{
+    PRLibrary *lib = NULL;
+    PRFuncPtr fn_addr;
+    char* nssPath = NULL;
+    PRLibSpec libSpec;
+
+    /* Get the pathname for the loaded libnss, i.e. /usr/lib/libnss3.so
+     * PR_GetLibraryFilePathname works with either the base library name or a
+     * function pointer, depending on the platform. We can't query an exported
+     * symbol such as NSC_GetFunctionList, because on some platforms we can't
+     * find symbols in loaded implicit dependencies such as libnss.
+     * But we can just get the address of this function !
+     */
+    fn_addr = (PRFuncPtr) &st_LoadLibrary;
+    nssPath = PR_GetLibraryFilePathname(nss_name, fn_addr);
+
+    if (nssPath) {
+        lib = st_LoadSoftokenLibInNssDir(nssPath, name);
+#ifdef XP_UNIX
+        if (!lib) {
+            /*
+             * If nssPath is a symbolic link, resolve the symbolic
+             * link and try again.
+             */
+            char* originalNssPath = st_GetOriginalPathname(nssPath);
+            if (originalNssPath) {
+                PR_Free(nssPath);
+                nssPath = originalNssPath;
+                lib = st_LoadSoftokenLibInNssDir(nssPath, name);
+            }
+        }
+#endif
+        PR_Free(nssPath);
+    }
+    if (!lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nAttempting to load %s\n", name);
+#endif
+        libSpec.type = PR_LibSpec_Pathname;
+        libSpec.value.pathname = name;
+        lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    }
+    if (NULL == lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nLoading failed : %s.\n", name);
+#endif
+    }
+    return lib;
+}
+
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+softoken_LoadDSO( void ) 
+{
+  PRLibrary *  handle;
+  const char * name = softoken_default_name;
+
+  if (!name) {
+    PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
+    return PR_FAILURE;
+  }
+
+  handle = st_LoadLibrary(name);
+  if (handle) {
+    softokenLib = handle;
+    return PR_SUCCESS;
+  }
+  return PR_FAILURE;
+}
+
+static PRStatus
+softoken_RunLoaderOnce( void )
+{
+  PRStatus status;
+
+  status = PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO);
+  return status;
+}
+
 /*
  * load a new module into our address space and initialize it.
  */
@@ -238,6 +424,11 @@ SECMOD_LoadPKCS11Module(SECMODModule *mo
 
     /* intenal modules get loaded from their internal list */
     if (mod->internal) {
+#if 0
+    /*
+     * Original NSS code that uses a softoken library
+     * linked in statically. Deactivated. 
+     */
 	/* internal, statically get the C_GetFunctionList function */
 	if (mod->isFIPS) {
 	    entry = (CK_C_GetFunctionList) FC_GetFunctionList;
@@ -251,6 +442,35 @@ SECMOD_LoadPKCS11Module(SECMODModule *mo
 	    mod->loaded = PR_TRUE;
 	    return SECSuccess;
 	}
+#else
+    /*
+     * Workaround code that loads softoken as a dynamic library,
+     * even though the rest of NSS assumes this as the "internal" module.
+     */
+    if (!softokenLib && PR_SUCCESS != softoken_RunLoaderOnce())
+        return SECFailure;
+
+    if (mod->isFIPS) {
+        entry = (CK_C_GetFunctionList) 
+                    PR_FindSymbol(softokenLib, "FC_GetFunctionList");
+    } else {
+        entry = (CK_C_GetFunctionList) 
+                    PR_FindSymbol(softokenLib, "NSC_GetFunctionList");
+    }
+
+    if (!entry)
+        return SECFailure;
+
+    if (mod->isModuleDB) {
+        mod->moduleDBFunc = (CK_C_GetFunctionList) 
+                    PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
+    }
+
+    if (mod->moduleDBOnly) {
+        mod->loaded = PR_TRUE;
+        return SECSuccess;
+    }
+#endif
     } else {
 	/* Not internal, load the DLL and look up C_GetFunctionList */
 	if (mod->dllName == NULL) {

nss-disable-build-freebl-softoken.patch:

--- NEW FILE nss-disable-build-freebl-softoken.patch ---
--- mozilla/security/nss/lib/softoken/manifest.mn.nofbst	2006-10-03 00:58:51.000000000 +0200
+++ mozilla/security/nss/lib/softoken/manifest.mn	2007-06-16 11:16:42.000000000 +0200
@@ -40,8 +40,8 @@
 
 REQUIRES = dbm
 
-LIBRARY_NAME = softokn
-LIBRARY_VERSION = 3
+#LIBRARY_NAME = softokn
+#LIBRARY_VERSION = 3
 MAPFILE = $(OBJDIR)/softokn.def
 
 DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
@@ -66,28 +66,6 @@
 	softoknt.h \
 	$(NULL)
 
-CSRCS = \
-	dbinit.c \
-	dbmshim.c \
-	ecdecode.c \
-	fipsaudt.c \
-	fipstest.c \
-	fipstokn.c \
-	keydb.c    \
-	lowcert.c  \
-	lowkey.c   \
-	lowpbe.c   \
-	padbuf.c   \
-	pcertdb.c \
-	pk11db.c \
-	pkcs11.c   \
-	pkcs11c.c  \
-	pkcs11u.c  \
-	rsawrapr.c  \
-	softkver.c  \
-	tlsprf.c   \
-	$(NULL)
-
 ifdef NSS_ENABLE_ECC
 DEFINES += -DNSS_ENABLE_ECC
 endif
--- mozilla/security/nss/lib/softoken/Makefile.nofbst	2004-04-25 17:03:16.000000000 +0200
+++ mozilla/security/nss/lib/softoken/Makefile	2007-06-16 11:16:42.000000000 +0200
@@ -78,18 +78,3 @@
 
 export:: private_export
 
-# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
-# pkcs11c.c in 64-bit mode for unknown reasons.  A workaround is
-# to compile it with optimizations turned on.  (Bugzilla bug #63815)
-ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
-ifeq ($(USE_64),1)
-ifndef BUILD_OPT
-$(OBJDIR)/pkcs11.o: pkcs11.c
-	@$(MAKE_OBJDIR)
-	$(CC) -o $@ -c -O2 $(CFLAGS) $<
-$(OBJDIR)/pkcs11c.o: pkcs11c.c
-	@$(MAKE_OBJDIR)
-	$(CC) -o $@ -c -O2 $(CFLAGS) $<
-endif
-endif
-endif
--- mozilla/security/nss/lib/freebl/manifest.mn.nofbst	2006-10-13 19:02:58.000000000 +0200
+++ mozilla/security/nss/lib/freebl/manifest.mn	2007-06-16 11:16:42.000000000 +0200
@@ -44,8 +44,10 @@
 
 MODULE = nss
 
+ifndef FREEBL_CHILD_BUILD
 LIBRARY_NAME = freebl
 LIBRARY_VERSION = 3
+endif
 
 ifdef FREEBL_CHILD_BUILD
   ifdef USE_ABI32_INT32
@@ -98,56 +100,9 @@
 	$(NULL)
 
 MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
-MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
 
 
 ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h
-ifdef NSS_ENABLE_ECC
-ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
-	ecp_aff.c ecp_jac.c ecp_mont.c \
-	ec_naf.c ecp_jm.c
-ifdef NSS_ECC_MORE_THAN_SUITE_B
-ECL_SRCS += ec2_aff.c ec2_mont.c ec2_proj.c \
-	ec2_163.c ec2_193.c ec2_233.c \
-	ecp_192.c ecp_224.c ecp_256.c ecp_384.c ecp_521.c 
-endif
-else
-ECL_SRCS = $(NULL)
-endif
-SHA_SRCS = sha_fast.c
-MPCPU_SRCS = mpcpucache.c
-
-CSRCS = \
-	freeblver.c \
-	ldvector.c \
-	prng_fips1861.c \
-	sysrand.c \
-	$(SHA_SRCS) \
-	md2.c \
-	md5.c \
-	sha512.c \
-	alghmac.c \
-	rawhash.c \
-	alg2268.c \
-	arcfour.c \
-	arcfive.c \
-	desblapi.c \
-	des.c \
-	rijndael.c \
-	aeskeywrap.c \
-	dh.c \
-	ec.c \
-	pqg.c \
-	dsa.c \
-	rsa.c \
-	shvfy.c \
-	tlsprfalg.c \
-	$(MPI_SRCS) \
-	$(MPCPU_SRCS) \
-	$(ECL_SRCS) \
-	$(NULL)
-
-ALL_CSRCS := $(CSRCS)
 
 ALL_HDRS =  \
 	alghmac.h \
--- mozilla/security/nss/lib/freebl/Makefile.nofbst	2006-12-07 02:59:41.000000000 +0100
+++ mozilla/security/nss/lib/freebl/Makefile	2007-06-16 11:16:42.000000000 +0200
@@ -84,21 +84,17 @@
 
 ifeq ($(OS_TARGET),OSF1)
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
-    MPI_SRCS += mpvalpha.c
 endif
 
 ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))  #omits WIN16 and WINCE
 ifdef NS_USE_GCC
 # Ideally, we want to use assembler
-#     ASFILES  = mpi_x86.s
 #     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \
 #                -DMP_ASSEMBLY_DIV_2DX1D
 # but we haven't figured out how to make it work, so we are not
 # using assembler right now.
-    ASFILES  =
     DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT
 else
-    MPI_SRCS += mpi_x86_asm.c
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
     DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
     ifdef BUILD_OPT
@@ -114,7 +110,6 @@
 
 ifeq ($(OS_TARGET),IRIX)
 ifeq ($(USE_N32),1)
-    ASFILES  = mpi_mips.s
     ifeq ($(NS_USE_GCC),1)
 	ASFLAGS = -Wp,-P -Wp,-traditional -O -mips3
     else
@@ -127,16 +122,13 @@
 
 ifeq ($(OS_TARGET),Linux)
 ifeq ($(CPU_ARCH),x86_64)
-    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
     ASFLAGS += -march=opteron -m64 -fPIC
     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
     DEFINES += -DNSS_USE_COMBA
     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
 #   DEFINES += -DMPI_AMD64_ADD
-    MPI_SRCS += mpi_amd64.c mp_comba.c
 endif
 ifeq ($(CPU_ARCH),x86)
-    ASFILES  = mpi_x86.s
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
     DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
@@ -155,33 +147,11 @@
 ifeq ($(OS_TARGET), HP-UX)
 ifneq ($(OS_TEST), ia64)
 # PA-RISC
-ASFILES += ret_cr16.s
 ifndef USE_64
     FREEBL_BUILD_SINGLE_SHLIB = 
     HAVE_ABI32_INT32 = 1
     HAVE_ABI32_FPU = 1
 endif
-ifdef FREEBL_CHILD_BUILD
-ifdef USE_ABI32_INT32
-# build for DA1.1 (HP PA 1.1) 32-bit ABI build with 32-bit arithmetic
-    DEFINES  += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
-    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
-else
-ifdef USE_64
-# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 64-bit digits 
-    MPI_SRCS += mpi_hp.c 
-    ASFILES  += hpma512.s hppa20.s 
-    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-else
-# this builds for DA2.0 (HP PA 2.0 Narrow) ABI32_FPU model 
-# (the 32-bit ABI with 64-bit registers) using 64-bit digits
-    MPI_SRCS += mpi_hp.c 
-    ASFILES  += hpma512.s hppa20.s 
-    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-    ARCHFLAG = -Aa +e +DA2.0 +DS2.0
-endif
-endif
-endif
 endif
 endif
 
@@ -326,7 +296,6 @@
     ifdef USE_ABI32_INT32
 	# this builds for Sparc v8 pure 32-bit architecture
 	DEFINES += -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
-	ASFILES  = mpv_sparcv8x.s
 	DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
     endif
     ifdef USE_ABI32_INT64
@@ -337,8 +306,6 @@
     ifdef USE_ABI32_FPU
 	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
 	# 32-bit ABI, it uses FPU code, and 32-bit word size
-	MPI_SRCS += mpi_sparc.c
-	ASFILES  = mpv_sparcv8.s montmulfv8.s
 	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
 	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
 	ECL_USE_FP = 1
@@ -350,8 +317,6 @@
     ifdef USE_ABI64_FPU
 	# this builds for Sparc v9a pure 64-bit architecture
 	# It uses floating point, and 32-bit word size
-	MPI_SRCS += mpi_sparc.c
-	ASFILES   = mpv_sparcv9.s montmulfv9.s
 	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
 	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
 	ECL_USE_FP = 1
@@ -367,29 +332,22 @@
     ifeq ($(USE_64),1)
 	# Solaris for AMD64
 	ifdef NS_USE_GCC
-	    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
 	    ASFLAGS += -march=opteron -m64 -fPIC
-	    MPI_SRCS += mp_comba.c
 	else
-	    ASFILES  = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s
- 	    ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s
 	    ASFLAGS += -xarch=generic64 -K PIC
 	    SHA_SRCS =
  	    MPCPU_SRCS =
 	endif
 	DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
 	DEFINES += -DNSS_USE_COMBA
-	MPI_SRCS += mpi_amd64.c
     else
 	# Solaris x86
 	DEFINES += -D_X86_
 	DEFINES += -DMP_USE_UINT_DIGIT
 	DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
 	DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
-	ASFILES  = mpi_i86pc.s
  	ifndef NS_USE_GCC
  	   MPCPU_SRCS =
- 	   ASFILES += mpcpucache_x86.s
  	endif
     endif
 endif # Solaris for non-sparc family CPUs
@@ -399,7 +357,6 @@
     ifdef ECL_USE_FP
 	#enable floating point ECC code	
 	DEFINES  += -DECL_USE_FP
-	ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
 	ECL_HDRS += ecp_fp.h
     endif
 endif # NSS_ENABLE_ECC
@@ -436,26 +393,12 @@
 
 DEFINES += -DMP_API_COMPATIBLE
 
-MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c
-
-MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
-MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
-
 $(MPI_OBJS): $(MPI_HDRS)
 
-ECL_USERS = ec.c
-
-ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX)))
-ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
-
 $(ECL_OBJS): $(ECL_HDRS)
 
 
 
-$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c
-
-$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
-
 $(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
 
 ifeq ($(SYSV_SPARC),1)
@@ -468,8 +411,6 @@
 	@$(MAKE_OBJDIR)
 	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
 
-$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h
-
 endif
 
 ifndef FREEBL_CHILD_BUILD
@@ -565,25 +506,3 @@
 
 endif  # FREEBL_CHILD_BUILD
 
-
-# Bugzilla Bug 209827: disable optimization to work around what appears
-# to be a VACPP optimizer bug.
-ifdef XP_OS2_VACPP
-$(OBJDIR)/alg2268.obj: alg2268.c
-	@$(MAKE_OBJDIR)
-	$(CC) -Fo$@ -c $(filter-out /O+, $(CFLAGS)) $(call core_abspath,$<)
-endif
-
-# Bugzilla Bug 333917: the non-x86 code in desblapi.c seems to violate
-# ANSI C's strict aliasing rules.
-ifeq ($(OS_TARGET),Linux)
-ifneq ($(CPU_ARCH),x86)
-$(OBJDIR)/$(PROG_PREFIX)desblapi$(OBJ_SUFFIX): desblapi.c
-	@$(MAKE_OBJDIR)
-ifdef NEED_ABSOLUTE_PATH
-	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $(call core_abspath,$<)
-else
-	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $<
-endif
-endif
-endif
--- mozilla/security/nss/cmd/shlibsign/Makefile.nofbst	2006-12-07 02:59:40.000000000 +0100
+++ mozilla/security/nss/cmd/shlibsign/Makefile	2007-06-16 11:16:42.000000000 +0200
@@ -60,9 +60,9 @@
 
 # sign any and all shared libraries that contain the word freebl
 
-CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
-CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
-CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
+#CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
+#CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
+#CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
 
 MD_LIB_RELEASE_FILES = $(CHECKLOC)
 ALL_TRASH += $(CHECKLOC)
--- mozilla/security/nss/cmd/platlibs.mk.nofbst	2006-11-17 03:13:16.000000000 +0100
+++ mozilla/security/nss/cmd/platlibs.mk	2007-06-16 11:16:42.000000000 +0200
@@ -101,7 +101,6 @@
 	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
 	$(CRYPTOLIB) \
 	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
@@ -143,7 +142,6 @@
 	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
-	$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
@@ -225,10 +223,6 @@
 endif
 endif
 
-ifeq ($(OS_ARCH), Darwin)
-EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib
-endif
-
 
 # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
 # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/nss/devel/.cvsignore,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- .cvsignore	1 Jun 2007 01:59:53 -0000	1.9
+++ .cvsignore	19 Jun 2007 00:01:44 -0000	1.10
@@ -1 +1,2 @@
-nss-3.11.7-fbst3115-stripped.tar.gz
+nss-3.11.5-fbst-stripped.tar.gz
+nss-3.11.7-no-fbst-with-ckbi-1.64.tar.gz


Index: nss.spec
===================================================================
RCS file: /cvs/extras/rpms/nss/devel/nss.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- nss.spec	11 Jun 2007 00:50:06 -0000	1.23
+++ nss.spec	19 Jun 2007 00:01:44 -0000	1.24
@@ -1,10 +1,12 @@
 %define nspr_version 4.6.2
 %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
+%define fips_source_version 3.11.5
+%define ckbi_version 1.64
 
 Summary:          Network Security Services
 Name:             nss
 Version:          3.11.7
-Release:          3%{?dist}
+Release:          4%{?dist}
 License:          MPL/GPL/LGPL
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -16,17 +18,24 @@
 Provides:         mozilla-nss
 Obsoletes:        mozilla-nss
 
-Source0:          %{name}-%{version}-fbst3115-stripped.tar.gz
+#Source0:          %{name}-%{version}-no-fbst.tar.gz
+Source0:          %{name}-%{version}-no-fbst-with-ckbi-%{ckbi_version}.tar.gz
+# ckbi is the builtin roots module which may get released separately.
+
 Source1:          nss.pc.in
 Source2:          nss-config.in
 Source3:          blank-cert8.db
 Source4:          blank-key3.db
 Source5:          blank-secmod.db
 Source7:          fake-kstat.h
+Source10:         %{name}-%{fips_source_version}-fbst-stripped.tar.gz
 
 Patch1:           nss-no-rpath.patch
 Patch2:           nss-smartcard-auth.patch
 Patch3:           nss-use-netstat-hack.patch
+Patch4:           nss-decouple-softokn.patch
+Patch5:           nss-disable-build-freebl-softoken.patch
+
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -76,11 +85,43 @@
 
 %prep
 %setup -q
-%patch1  -p0
-%patch2 -p0 -b .smartcard-auth.patch
-%patch3 -p0
+%setup -q -T -D -n %{name}-%{version} -a 10
+
+%define old_nss_lib %{name}-%{fips_source_version}/mozilla/security/nss/lib
+%define new_nss_lib mozilla/security/nss/lib
+
+# Ensure we will not use new freebl/softoken code
+rm -rf %{new_nss_lib}/freebl
+rm -rf %{new_nss_lib}/softoken
+
+# However, in order to build newer NSS we need some exports
+cp -a %{old_nss_lib}/freebl %{new_nss_lib}
+cp -a %{old_nss_lib}/softoken %{new_nss_lib}
+
+# Ensure the newer NSS tree will not build code, except the loader
+mv -i %{new_nss_lib}/freebl/loader.c %{new_nss_lib}/freebl/loader.c.save
+rm -rf %{new_nss_lib}/freebl/*.c %{new_nss_lib}/freebl/*.s
+rm -rf %{new_nss_lib}/softoken/*.c %{new_nss_lib}/softoken/*.s
+mv -i %{new_nss_lib}/freebl/loader.c.save %{new_nss_lib}/freebl/loader.c
+
+# These currently don't build without freebl/softoken in the same tree
+rm -rf mozilla/security/nss/cmd/bltest
+rm -rf mozilla/security/nss/cmd/fipstest
+rm -rf mozilla/security/nss/cmd/certcgi
+
+# Apply the patches to the newer NSS tree
+%patch1 -p0
+%patch2 -p0 -b .smartcard-auth
+%patch4 -p0 -b .decouple-softokn
+%patch5 -p0 -b .nofbst
+
+# Apply the patches to the tree where we build freebl/softoken
+cd nss-%{fips_source_version}
+%patch3 -p0 -b .use-netstat-hack
 %{__mkdir_p} mozilla/security/nss/lib/fake/
 cp -i %{SOURCE7} mozilla/security/nss/lib/fake/kstat.h
+cd ..
+
 
 %build
 
@@ -115,17 +156,27 @@
 # NSS_ENABLE_ECC=1
 # export NSS_ENABLE_ECC
 
+##### first, build freebl and softokn shared libraries
+
+cd nss-%{fips_source_version}
 %{__make} -C ./mozilla/security/coreconf
 %{__make} -C ./mozilla/security/dbm
 %{__make} -C ./mozilla/security/nss export
-
+%{__make} -C ./mozilla/security/nss/lib/base
 %{__make} -C ./mozilla/security/nss/lib/util
 %{__make} -C ./mozilla/security/nss/lib/freebl
-
 touch ./mozilla/security/nss/lib/freebl/unix_rand.c
 USE_NETSTAT_HACK=1 %{__make} -C ./mozilla/security/nss/lib/freebl
+%{__make} -C ./mozilla/security/nss/lib/freebl install
+%{__make} -C ./mozilla/security/nss/lib/softoken
+%{__make} -C ./mozilla/security/nss/lib/softoken install
+cd ..
 
-%{__make} -C ./mozilla/security/nss 
+##### second, build all the rest of NSS
+
+%{__make} -C ./mozilla/security/coreconf
+%{__make} -C ./mozilla/security/dbm
+%{__make} -C ./mozilla/security/nss
 
 # Set up our package file
 %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
@@ -168,7 +219,14 @@
 %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 
 # Copy the binary libraries we want
-for file in libnss3.so libssl3.so libsmime3.so libsoftokn3.so libnssckbi.so libfreebl3.so
+for file in libsoftokn3.so libfreebl3.so
+do
+  %{__install} -m 755 nss-%{fips_source_version}/mozilla/dist/*.OBJ/lib/$file \
+                      $RPM_BUILD_ROOT/%{_libdir}
+done
+
+# Copy the binary libraries we want
+for file in libnss3.so libssl3.so libsmime3.so libnssckbi.so
 do
   %{__install} -m 755 mozilla/dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
 done
@@ -201,7 +259,16 @@
   %{__install} -m 755 mozilla/dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 done
 
-# Copy the include files
+# Copy the include files we want from freebl/softoken sources
+# and remove those files from the other area
+for file in blapit.h shsign.h ecl-exp.h pkcs11.h pkcs11f.h pkcs11p.h pkcs11t.h pkcs11n.h pkcs11u.h
+do
+  %{__install} -m 644 nss-%{fips_source_version}/mozilla/dist/public/nss/$file \
+                      $RPM_BUILD_ROOT/%{_includedir}/nss3
+  rm mozilla/dist/public/nss/$file
+done
+
+# Copy the include files we want
 for file in mozilla/dist/public/nss/*.h
 do
   %{__install} -m 644 $file $RPM_BUILD_ROOT/%{_includedir}/nss3
@@ -368,6 +435,10 @@
 
 
 %changelog
+* Mon Jun 18 2007 Kai Engert <kengert at redhat.com> - 3.11.7-4
+- Better approach to ship freebl/softokn based on 3.11.5
+- Remove link time dependency on softokn
+
 * Sun Jun 10 2007 Kai Engert <kengert at redhat.com> - 3.11.7-3
 - Fix unowned directories, rhbz#233890
 


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/nss/devel/sources,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- sources	1 Jun 2007 01:59:53 -0000	1.9
+++ sources	19 Jun 2007 00:01:44 -0000	1.10
@@ -1 +1,2 @@
-d57e4dd494f04f4c26c9035e660a1fba  nss-3.11.7-fbst3115-stripped.tar.gz
+68c5e1bd8ba091e5a50babcd9e552bc5  nss-3.11.5-fbst-stripped.tar.gz
+c1053d1e001a5b1eb4b7c296a968ca5c  nss-3.11.7-no-fbst-with-ckbi-1.64.tar.gz




More information about the fedora-extras-commits mailing list