Sophie: apache-mod_nss-1.0.8-15.mga3 src

apache-mod_nss-1.0.8-15.mga3.src.rpm

%define nss_version %(rpm -q nss --queryformat="%{VERSION}")
%define nssdir %{_sysconfdir}/pki/nss/apache-mod_nss

Summary:	Provides SSL support using the NSS crypto libraries
Name:		apache-mod_nss
Version:	1.0.8
Release:	%mkrel 15
License:	Apache License
Group:		System/Servers
URL:		http://directory.fedora.redhat.com/wiki/Mod_nss
Source0:	http://directory.fedora.redhat.com/sources/mod_nss-%{version}.tar.gz
Patch1:		mod_nss-conf.patch
Patch2:		mod_nss-gencert.patch
Patch3:		mod_nss-wouldblock.patch
Patch4:		mod_nss-negotiate.patch
Patch5:		mod_nss-reverseproxy.patch
Patch6:		mod_nss-pcachesignal.h
Patch7:		mod_nss-reseterror.patch
Patch8:		mod_nss-lockpcache.patch
Patch9: 	mod_nss-httpd24.patch
Requires(pre): 	rpm-helper
Requires(postun): rpm-helper
Requires(pre):	apache >= 2.2.0
Requires:	nss = 2:%{nss_version}
## Nobody else requires this at the moment
#Requires:	ksh
Requires:	openssl
Requires:	apache >= 2.2.0
BuildRequires:	apache-devel >= 2.2.0
BuildRequires:	automake
BuildRequires:	nspr-devel >= 2:4.8.4
BuildRequires:	nss-devel >= 2:3.12.6
BuildRequires:	pkgconfig
BuildRequires:  flex
Conflicts:	apache-mod_ssl


%description
An Apache 2.0 module for implementing crypto using the Mozilla NSS crypto
libraries. This supports SSLv3/TLSv1 including support for client certificate
authentication. NSS provides web applications with a FIPS 140 certified crypto
provider and support for a full range of PKCS11 devices.

mod_nss is an SSL provider derived from the mod_ssl module for the Apache web
server that uses the Network Security Services (NSS) libraries. We started with
mod_ssl and replaced the OpenSSL calls with NSS calls. 

The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was
originally derived from the Apache-SSL package developed by Ben Laurie. It is
licensed under the Apache 2.0 license.

%prep

%setup -q -n mod_nss-%{version}

%patch1 -p1 -b .conf
%patch2 -p1 -b .gencert
%patch3 -p1 -b .wouldblock
%patch4 -p1 -b .negotiate
%patch5 -p1 -b .reverseproxy
%patch6 -p1 -b .pcachesignal.h
%patch7 -p1 -b .reseterror
%patch8 -p1 -b .lockpcache
%patch9 -p1 -b .mod_nss-httpd24

# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]

%build
export WANT_AUTOCONF_2_5="1"
rm -rf autom*cache configure
libtoolize --copy --force; aclocal; autoconf; automake --foreign --add-missing --copy
CFLAGS="$RPM_OPT_FLAGS"

APXS=%{_httpd_apxs}

export CFLAGS APXS

NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --variable=includedir nspr`
NSPR_LIB_DIR=`%{_bindir}/pkg-config --variable=libdir nspr`

NSS_INCLUDE_DIR=`%{_bindir}/pkg-config --variable=includedir nss`
NSS_LIB_DIR=`%{_bindir}/pkg-config --variable=libdir nss`

NSS_BIN=`%{_bindir}/pkg-config --variable=exec_prefix nss`

%configure2_5x \
    --with-nss-lib=$NSS_LIB_DIR \
    --with-nss-inc=$NSS_INCLUDE_DIR \
    --with-nspr-lib=$NSPR_LIB_DIR \
    --with-nspr-inc=$NSPR_INCLUDE_DIR \
    --with-apr-config


%make all

%install
# The install target of the Makefile isn't used because that uses apxs
# which tries to enable the module in the build host httpd instead of in
# the build root.
rm -rf %{buildroot}

install -d %{buildroot}%{_sbindir}
install -d %{buildroot}%{_libdir}/httpd/modules
install -d %{buildroot}%{nssdir}
install -d %{buildroot}%{_httpd_confdir}/modules.d
install -d %{buildroot}%{_sysconfdir}/httpd/alias
install -d %{buildroot}%{_httpd_modconfdir}


sed -n /^LoadModule/p nss.conf > 00_mod_nss.conf
sed -i /^LoadModule/d nss.conf
install -m 644 00_mod_nss.conf %{buildroot}%{_httpd_modconfdir}
install -m 644 nss.conf %{buildroot}%{_httpd_confdir}

install -m0755 .libs/libmodnss.so %{buildroot}%{_libdir}/httpd/modules/libmodnss.so
install -m0755 nss_pcache %{buildroot}%{_sbindir}/
install -m0755 gencert %{buildroot}%{_sbindir}/gencert
ln -s ../../../%{_libdir}/libnssckbi.so %{buildroot}%{_sysconfdir}/httpd/alias/
touch %{buildroot}%{_sysconfdir}/httpd/alias/secmod.db
touch %{buildroot}%{_sysconfdir}/httpd/alias/cert8.db
touch %{buildroot}%{_sysconfdir}/httpd/alias/key3.db
touch %{buildroot}%{_sysconfdir}/httpd/alias/install.log


cat  > README.urpmi << EOF

NOTE: You may need to convert your existing ssl certs
These links provide a good how-to:

http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html
http://directory.fedora.redhat.com/wiki/Mod_nss
EOF

%post

# Create an NSS database.
# This will create the 3 files that make up your database: cert8.db, key3.db and secmod.db. and the install.log
umask 077

if [ "$1" -eq 1 ] ; then
    if [ ! -e %{_sysconfdir}/httpd/alias/key3.db ]; then
        %_create_ssl_certificate_helper %{_sysconfdir}/httpd/alias > %{_sysconfdir}/httpd/alias/install.log 2>&1
        echo ""
        echo "%{name} certificate database generated."
        echo ""
    fi

    # Make sure that the database ownership is setup properly.
    /bin/find %{_sysconfdir}/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \;
    /bin/find %{_sysconfdir}/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \;
fi


if [ -f %{_var}/lock/subsys/httpd ]; then
    %_post_service httpd
fi

%postun
if [ "$1" = "0" ]; then
    if [ -f %{_var}/lock/subsys/httpd ]; then
       %_postun_service httpd
    fi
fi


%files
%doc LICENSE NOTICE README TODO migrate.pl docs/*.html README.urpmi
%config(noreplace) %{_httpd_confdir}/nss.conf
%dir %attr(0750,root,root) %{nssdir}
%attr(0644,root,root) %config(noreplace) %{_httpd_modconfdir}/*_mod_nss.conf
%attr(0755,root,root) %{_libdir}/httpd/modules/libmodnss.so
%dir %{_sysconfdir}/httpd/alias/
%attr(0640,root,apache) %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db
%attr(0640,root,apache) %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db
%attr(0640,root,apache) %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db
%ghost %config(noreplace) %{_sysconfdir}/httpd/alias/install.log
%{_sysconfdir}/httpd/alias/libnssckbi.so
%attr(0755,root,root) %{_sbindir}/nss_pcache
%attr(0755,root,root) %{_sbindir}/gencert


%changelog

* Wed Feb 20 2013 fwang <fwang> 1.0.8-15.mga3
+ Revision: 399575
- rebuild for new nss

* Thu Feb 07 2013 spuhler <spuhler> 1.0.8-14.mga3
+ Revision: 395048
- rebuild agains new NSS

* Fri Jan 11 2013 umeabot <umeabot> 1.0.8-13.mga3
+ Revision: 345861
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild

* Mon Dec 24 2012 spuhler <spuhler> 1.0.8-12.mga3
+ Revision: 334462
- moved the cat file to the correct place

* Sun Dec 23 2012 spuhler <spuhler> 1.0.8-11.mga3
+ Revision: 334404
- rebuilt with nss-devel-3.14.1
- cleaned up spec
  added the note about updating the installed open-ssl cert

* Thu Dec 06 2012 spuhler <spuhler> 1.0.8-9.mga3
+ Revision: 327100
- using %%_create_ssl_certificate_helper to creater cert

* Wed Dec 05 2012 spuhler <spuhler> 1.0.8-8.mga3
+ Revision: 326837
- Coordinated spec with fedora.

* Mon Nov 19 2012 spuhler <spuhler> 1.0.8-7.mga3
+ Revision: 319593
- moved the module to the same location as apache
  bumbe rel

* Thu Nov 08 2012 spuhler <spuhler> 1.0.8-6.mga3
+ Revision: 316264
- renamed extramodules/mod_nss.so to modules/libmodnss.so

* Sun Nov 04 2012 spuhler <spuhler> 1.0.8-5.mga3
+ Revision: 313599
- changed /apache-extramodules/mod_nss.so
  to /httpd/modules/libmodnss.so
  where the config file says it is
  bumped rel

  + oden <oden>
    - fix double LoadModule statement

* Sun Oct 28 2012 spuhler <spuhler> 1.0.8-4.mga3
+ Revision: 310891
+ rebuild (emptylog)

* Sat Oct 27 2012 spuhler <spuhler> 1.0.8-3.mga3
+ Revision: 310864
- removed Requires: apache-conf

* Sat Oct 27 2012 spuhler <spuhler> 1.0.8-2.mga3
+ Revision: 310811
- removed the Requires: ksh
  we don't provide it and nobody else requires it.

* Sat Oct 27 2012 spuhler <spuhler> 1.0.8-1.mga3
+ Revision: 310766
- Cleaned spec file
  added apache-2.4 patch
- imported package apache-mod_nss