rpms / firefox

Clone
Source Code
GIT

#34 flatpak: Enable loading system trust store on the host
Merged 2 years ago by xhorak. Opened 2 years ago by ueno.
rpms/ ueno/firefox wip/dueno/flatpak-p11-kit-trust  into  rawhide

file modified
+15 -1 
@@ -152,7 +152,7 @@ 
 

  Summary:        Mozilla Firefox Web browser
 

  Name:           firefox
 

  Version:        89.0.2
 

- Release:        2%{?pre_tag}%{?dist}
 

+ Release:        3%{?pre_tag}%{?dist}
 

  URL:            https://www.mozilla.org/firefox/
 

  License:        MPLv1.1 or GPLv2+ or LGPLv2+
 

  Source0:        https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
 
@@ -921,6 +921,17 @@ 
 

  rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozjs.so
 

  rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libmozalloc.so
 

  rm -f %{buildroot}%{mozappdirdev}/sdk/lib/libxul.so
 

+ 

+ # Create a symlink to replace libnssckbi.so with p11-kit-client.so
 

+ # instead of p11-kit-trust.so, so that Firefox can see the system
 

+ # trust store on the host through the p11-kit RPC protocol.  A symlink
 

+ # to libnss3.so is also needed, because Firefox tries to load
 

+ # libnssckbi.so from the same directory where libnss3.so is loaded (as
 

+ # of Firefox 89).
 

+ %if 0%{?flatpak}
 

+ ln -sf /usr/lib64/libnss3.so %{buildroot}%{_libdir}/libnss3.so
 

+ ln -sf /usr/lib64/pkcs11/p11-kit-client.so %{buildroot}%{_libdir}/libnssckbi.so
 

+ %endif
 

  #---------------------------------------------------------------------
 

  

  # Moves defaults/preferences to browser/defaults/preferences
 
@@ -1029,6 +1040,9 @@ 
 

  #---------------------------------------------------------------------
 

  

  %changelog
 

+ * Mon Jul 12 2021 Daiki Ueno <dueno@redhat.com> - 89.0.2-3
 

+ - flatpak: Enable loading system trust store on the host (rhbz#1766340)
 

+ 

  * Wed Jun 30 2021 Martin Stransky <stransky@redhat.com> - 89.0.2-2
 

  - Added fix for mozbz#1715254 (rhbz#1976892).

This directs the libnssckbi.so symlink to p11-kit-client.so, instead
of p11-kit-trust.so, so Firefox flatpak can access the system trust
store on the host. Since the /usr filesystem is read-only, this
creates the link in /app/lib64, which is added to LD_LIBRARY_PATH
inside flatpak. A symlink to libnss3.so also needs to be created in
the same directory, to trick the directory search order in
ListPossibleLoadableRootsLocations:
https://hg.mozilla.org/mozilla-central/file/8e850fd29a957f505e0355c1326279e06e9040bb/security/manager/ssl/nsNSSComponent.cpp#l970

Signed-off-by: Daiki Ueno dueno@redhat.com

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

I'm not qualified to review this but I wanted to say...

Thank you @ueno for working on this!

bump - can anyone review this?

rebased onto e4a12e3
2 years ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

Pull-Request has been merged by xhorak
2 years ago
Metadata
None
No Tags
Changes Summary 1
+15 -1
file changed
firefox.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.