%define nss_version %(rpm -q nss --queryformat="%{VERSION}") %define nssdir %{_sysconfdir}/pki/nss/apache-mod_nss Summary: Provides SSL support using the NSS crypto libraries Name: apache-mod_nss Version: 1.0.8 Release: %mkrel 15 License: Apache License Group: System/Servers URL: http://directory.fedora.redhat.com/wiki/Mod_nss Source0: http://directory.fedora.redhat.com/sources/mod_nss-%{version}.tar.gz Patch1: mod_nss-conf.patch Patch2: mod_nss-gencert.patch Patch3: mod_nss-wouldblock.patch Patch4: mod_nss-negotiate.patch Patch5: mod_nss-reverseproxy.patch Patch6: mod_nss-pcachesignal.h Patch7: mod_nss-reseterror.patch Patch8: mod_nss-lockpcache.patch Patch9: mod_nss-httpd24.patch Requires(pre): rpm-helper Requires(postun): rpm-helper Requires(pre): apache >= 2.2.0 Requires: nss = 2:%{nss_version} ## Nobody else requires this at the moment #Requires: ksh Requires: openssl Requires: apache >= 2.2.0 BuildRequires: apache-devel >= 2.2.0 BuildRequires: automake BuildRequires: nspr-devel >= 2:4.8.4 BuildRequires: nss-devel >= 2:3.12.6 BuildRequires: pkgconfig BuildRequires: flex Conflicts: apache-mod_ssl %description An Apache 2.0 module for implementing crypto using the Mozilla NSS crypto libraries. This supports SSLv3/TLSv1 including support for client certificate authentication. NSS provides web applications with a FIPS 140 certified crypto provider and support for a full range of PKCS11 devices. mod_nss is an SSL provider derived from the mod_ssl module for the Apache web server that uses the Network Security Services (NSS) libraries. We started with mod_ssl and replaced the OpenSSL calls with NSS calls. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from the Apache-SSL package developed by Ben Laurie. It is licensed under the Apache 2.0 license. %prep %setup -q -n mod_nss-%{version} %patch1 -p1 -b .conf %patch2 -p1 -b .gencert %patch3 -p1 -b .wouldblock %patch4 -p1 -b .negotiate %patch5 -p1 -b .reverseproxy %patch6 -p1 -b .pcachesignal.h %patch7 -p1 -b .reseterror %patch8 -p1 -b .lockpcache %patch9 -p1 -b .mod_nss-httpd24 # Touch expression parser sources to prevent regenerating it touch nss_expr_*.[chyl] %build export WANT_AUTOCONF_2_5="1" rm -rf autom*cache configure libtoolize --copy --force; aclocal; autoconf; automake --foreign --add-missing --copy CFLAGS="$RPM_OPT_FLAGS" APXS=%{_httpd_apxs} export CFLAGS APXS NSPR_INCLUDE_DIR=`%{_bindir}/pkg-config --variable=includedir nspr` NSPR_LIB_DIR=`%{_bindir}/pkg-config --variable=libdir nspr` NSS_INCLUDE_DIR=`%{_bindir}/pkg-config --variable=includedir nss` NSS_LIB_DIR=`%{_bindir}/pkg-config --variable=libdir nss` NSS_BIN=`%{_bindir}/pkg-config --variable=exec_prefix nss` %configure2_5x \ --with-nss-lib=$NSS_LIB_DIR \ --with-nss-inc=$NSS_INCLUDE_DIR \ --with-nspr-lib=$NSPR_LIB_DIR \ --with-nspr-inc=$NSPR_INCLUDE_DIR \ --with-apr-config %make all %install # The install target of the Makefile isn't used because that uses apxs # which tries to enable the module in the build host httpd instead of in # the build root. rm -rf %{buildroot} install -d %{buildroot}%{_sbindir} install -d %{buildroot}%{_libdir}/httpd/modules install -d %{buildroot}%{nssdir} install -d %{buildroot}%{_httpd_confdir}/modules.d install -d %{buildroot}%{_sysconfdir}/httpd/alias install -d %{buildroot}%{_httpd_modconfdir} sed -n /^LoadModule/p nss.conf > 00_mod_nss.conf sed -i /^LoadModule/d nss.conf install -m 644 00_mod_nss.conf %{buildroot}%{_httpd_modconfdir} install -m 644 nss.conf %{buildroot}%{_httpd_confdir} install -m0755 .libs/libmodnss.so %{buildroot}%{_libdir}/httpd/modules/libmodnss.so install -m0755 nss_pcache %{buildroot}%{_sbindir}/ install -m0755 gencert %{buildroot}%{_sbindir}/gencert ln -s ../../../%{_libdir}/libnssckbi.so %{buildroot}%{_sysconfdir}/httpd/alias/ touch %{buildroot}%{_sysconfdir}/httpd/alias/secmod.db touch %{buildroot}%{_sysconfdir}/httpd/alias/cert8.db touch %{buildroot}%{_sysconfdir}/httpd/alias/key3.db touch %{buildroot}%{_sysconfdir}/httpd/alias/install.log cat > README.urpmi << EOF NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss EOF %post # Create an NSS database. # This will create the 3 files that make up your database: cert8.db, key3.db and secmod.db. and the install.log umask 077 if [ "$1" -eq 1 ] ; then if [ ! -e %{_sysconfdir}/httpd/alias/key3.db ]; then %_create_ssl_certificate_helper %{_sysconfdir}/httpd/alias > %{_sysconfdir}/httpd/alias/install.log 2>&1 echo "" echo "%{name} certificate database generated." echo "" fi # Make sure that the database ownership is setup properly. /bin/find %{_sysconfdir}/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \; /bin/find %{_sysconfdir}/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \; fi if [ -f %{_var}/lock/subsys/httpd ]; then %_post_service httpd fi %postun if [ "$1" = "0" ]; then if [ -f %{_var}/lock/subsys/httpd ]; then %_postun_service httpd fi fi %files %doc LICENSE NOTICE README TODO migrate.pl docs/*.html README.urpmi %config(noreplace) %{_httpd_confdir}/nss.conf %dir %attr(0750,root,root) %{nssdir} %attr(0644,root,root) %config(noreplace) %{_httpd_modconfdir}/*_mod_nss.conf %attr(0755,root,root) %{_libdir}/httpd/modules/libmodnss.so %dir %{_sysconfdir}/httpd/alias/ %attr(0640,root,apache) %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db %attr(0640,root,apache) %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db %attr(0640,root,apache) %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/install.log %{_sysconfdir}/httpd/alias/libnssckbi.so %attr(0755,root,root) %{_sbindir}/nss_pcache %attr(0755,root,root) %{_sbindir}/gencert %changelog * Wed Feb 20 2013 fwang <fwang> 1.0.8-15.mga3 + Revision: 399575 - rebuild for new nss * Thu Feb 07 2013 spuhler <spuhler> 1.0.8-14.mga3 + Revision: 395048 - rebuild agains new NSS * Fri Jan 11 2013 umeabot <umeabot> 1.0.8-13.mga3 + Revision: 345861 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Mon Dec 24 2012 spuhler <spuhler> 1.0.8-12.mga3 + Revision: 334462 - moved the cat file to the correct place * Sun Dec 23 2012 spuhler <spuhler> 1.0.8-11.mga3 + Revision: 334404 - rebuilt with nss-devel-3.14.1 - cleaned up spec added the note about updating the installed open-ssl cert * Thu Dec 06 2012 spuhler <spuhler> 1.0.8-9.mga3 + Revision: 327100 - using %%_create_ssl_certificate_helper to creater cert * Wed Dec 05 2012 spuhler <spuhler> 1.0.8-8.mga3 + Revision: 326837 - Coordinated spec with fedora. * Mon Nov 19 2012 spuhler <spuhler> 1.0.8-7.mga3 + Revision: 319593 - moved the module to the same location as apache bumbe rel * Thu Nov 08 2012 spuhler <spuhler> 1.0.8-6.mga3 + Revision: 316264 - renamed extramodules/mod_nss.so to modules/libmodnss.so * Sun Nov 04 2012 spuhler <spuhler> 1.0.8-5.mga3 + Revision: 313599 - changed /apache-extramodules/mod_nss.so to /httpd/modules/libmodnss.so where the config file says it is bumped rel + oden <oden> - fix double LoadModule statement * Sun Oct 28 2012 spuhler <spuhler> 1.0.8-4.mga3 + Revision: 310891 + rebuild (emptylog) * Sat Oct 27 2012 spuhler <spuhler> 1.0.8-3.mga3 + Revision: 310864 - removed Requires: apache-conf * Sat Oct 27 2012 spuhler <spuhler> 1.0.8-2.mga3 + Revision: 310811 - removed the Requires: ksh we don't provide it and nobody else requires it. * Sat Oct 27 2012 spuhler <spuhler> 1.0.8-1.mga3 + Revision: 310766 - Cleaned spec file added apache-2.4 patch - imported package apache-mod_nss