Name: mod_nss Version: 1.0.7 Release: 4%{?dist} Summary: SSL/TLS module for the Apache HTTP server Group: System Environment/Daemons License: Apache Software License URL: http://directory.fedoraproject.org/wiki/Mod_nss Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: nspr-devel >= 4.6.3, nss-devel >= 3.11.3 BuildRequires: httpd-devel >= 0:2.0.52, apr-devel, apr-util-devel BuildRequires: pkgconfig Requires: httpd >= 0:2.0.52 Patch1: mod_nss-conf.patch Patch2: mod_nss-gencert.patch Patch3: mod_nss-proxy.patch Patch4: mod_nss-nofork.patch %description The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols using the Network Security Services (NSS) security library. %prep %setup -q %patch1 -p1 -b .conf %patch2 -p1 -b .gencert %patch3 -p1 -b .proxy %patch4 -p1 -b .nofork # Touch expression parser sources to prevent regenerating it touch nss_expr_*.[chyl] %build CFLAGS="$RPM_OPT_FLAGS" export CFLAGS NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nspr` NSPR_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nspr` NSS_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nss` NSS_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nss` NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss` %configure \ --with-nss-lib=$NSS_LIB_DIR \ --with-nss-inc=$NSS_INCLUDE_DIR \ --with-nspr-lib=$NSPR_LIB_DIR \ --with-nspr-inc=$NSPR_INCLUDE_DIR \ --with-apr-config make %{?_smp_mflags} all %install # The install target of the Makefile isn't used because that uses apxs # which tries to enable the module in the build host httpd instead of in # the build root. rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias install -m 644 nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/ install -m 755 nss_pcache $RPM_BUILD_ROOT%{_sbindir}/ install -m 755 gencert $RPM_BUILD_ROOT%{_sbindir}/ ln -s ../../../%{_libdir}/libnssckbi.so $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/ touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/secmod.db touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/cert8.db touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/key3.db touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/install.log perl -pi -e "s:$NSS_LIB_DIR:$NSS_BIN:" $RPM_BUILD_ROOT%{_sbindir}/gencert %clean rm -rf $RPM_BUILD_ROOT %post umask 077 if [ "$1" -eq 1 ] ; then if [ ! -e %{_sysconfdir}/httpd/alias/key3.db ]; then %{_sbindir}/gencert %{_sysconfdir}/httpd/alias > %{_sysconfdir}/httpd/alias/install.log 2>&1 echo "" echo "%{name} certificate database generated." echo "" fi # Make sure that the database ownership is setup properly. find /etc/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \; find /etc/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \; fi %files %defattr(-,root,root,-) %doc README LICENSE docs/mod_nss.html %config(noreplace) %{_sysconfdir}/httpd/conf.d/nss.conf %{_libdir}/httpd/modules/libmodnss.so %dir %{_sysconfdir}/httpd/alias/ %ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db %ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db %ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/install.log %{_sysconfdir}/httpd/alias/libnssckbi.so %{_sbindir}/nss_pcache %{_sbindir}/gencert %changelog * Wed Jun 18 2008 Rob Crittenden 1.0.7-4 - Need to fix ownership and permissions of the NSS database as well so init after fork will work. * Wed Jun 18 2008 Rob Crittenden 1.0.7-3 - Apply patch so that mod_nss calls NSS_Init() after Apache forks a child and not before. This is in response to a change in the NSS softtokn code and should have always been done this way. (444348, 451960) * Thu Oct 18 2007 Rob Crittenden 1.0.7-2 - Register functions needed by mod_proxy if mod_ssl is not loaded. * Fri Jun 1 2007 Rob Crittenden 1.0.7-1 - Update to 1.0.7 - Remove Requires for nss and nspr since those are handled automatically by versioned libraries - Updated URL and Source to reference directory.fedoraproject.org * Mon Apr 9 2007 Rob Crittenden 1.0.6-2 - Patch to properly detect the Apache model and set up NSS appropriately - Patch to punt if a bad password is encountered - Patch to fix crash when password.conf is malformatted - Don't enable ECC support as NSS doesn't have it enabled (3.11.4-0.7) * Mon Oct 23 2006 Rob Crittenden 1.0.6-1 - Update to 1.0.6 * Fri Aug 04 2006 Rob Crittenden 1.0.3-4 - Include LogLevel warn in nss.conf and use separate log files * Fri Aug 04 2006 Rob Crittenden 1.0.3-3 - Need to initialize ECC certificate and key variables * Fri Aug 04 2006 Jarod Wilson 1.0.3-2 - Use %%ghost for db files and install.log * Tue Jun 20 2006 Rob Crittenden 1.0.3-1 - Initial build