|
|
08bafd |
################################################################################
|
|
|
b93447 |
Name: jss
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
|
|
|
08bafd |
Summary: Java Security Services (JSS)
|
|
|
08bafd |
URL: http://www.dogtagpki.org/wiki/JSS
|
|
|
b93447 |
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
|
|
08bafd |
|
|
|
34668c |
Version: 4.4.7
|
|
|
34668c |
Release: 2%{?dist}
|
|
|
08bafd |
|
|
|
08bafd |
# To generate the source tarball:
|
|
|
6d8f53 |
# $ git clone https://github.com/dogtagpki/jss.git
|
|
|
6d8f53 |
# $ cd jss
|
|
|
6d8f53 |
# $ git tag v4.4.<z>
|
|
|
6d8f53 |
# $ git push origin v4.4.<z>
|
|
|
6d8f53 |
# Then go to https://github.com/dogtagpki/jss/releases and download the source
|
|
|
6d8f53 |
# tarball.
|
|
|
08bafd |
Source: https://github.com/dogtagpki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
|
|
08bafd |
|
|
|
6d8f53 |
# To create a patch for all changes since a version tag:
|
|
|
6d8f53 |
# $ git format-patch \
|
|
|
6d8f53 |
# --stdout \
|
|
|
6d8f53 |
# <version tag> \
|
|
|
6d8f53 |
# > jss-VERSION-RELEASE.patch
|
|
|
1beea6 |
Patch1: 0001-JSS-CVE-2019-14823-fix.patch
|
|
|
1beea6 |
Patch2: 0002-Add-script-to-add-common-root-CAs.patch
|
|
|
1beea6 |
Patch3: 0003-Add-optional-test-case-against-badssl.com.patch
|
|
|
b93447 |
|
|
|
aee1ec |
Conflicts: idm-console-framework < 1.1.17-4
|
|
|
aee1ec |
Conflicts: pki-base < 10.4.0
|
|
|
aee1ec |
Conflicts: tomcatjss < 7.2.1
|
|
|
aee1ec |
|
|
|
08bafd |
# autosetup
|
|
|
08bafd |
BuildRequires: git
|
|
|
08bafd |
|
|
|
aee1ec |
BuildRequires: nss-devel >= 3.28.4-6
|
|
|
aee1ec |
BuildRequires: nspr-devel >= 4.13.1
|
|
|
6d8f53 |
BuildRequires: java-1.8.0-openjdk-devel
|
|
|
08bafd |
BuildRequires: jpackage-utils
|
|
|
a7067b |
%if 0%{?fedora} >= 25 || 0%{?rhel} > 7
|
|
|
a7067b |
BuildRequires: perl-interpreter
|
|
|
aee1ec |
%endif
|
|
|
08bafd |
BuildRequires: apache-commons-lang
|
|
|
08bafd |
BuildRequires: apache-commons-codec
|
|
|
aee1ec |
|
|
|
08bafd |
Requires: nss >= 3.28.4-6
|
|
|
6d8f53 |
Requires: java-1.8.0-openjdk-headless
|
|
|
08bafd |
Requires: jpackage-utils
|
|
|
08bafd |
Requires: apache-commons-lang
|
|
|
08bafd |
Requires: apache-commons-codec
|
|
|
b93447 |
|
|
|
b93447 |
%description
|
|
|
b93447 |
Java Security Services (JSS) is a java native interface which provides a bridge
|
|
|
b93447 |
for java-based applications to use native Network Security Services (NSS).
|
|
|
b93447 |
This only works with gcj. Other JREs require that JCE providers be signed.
|
|
|
b93447 |
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%package javadoc
|
|
|
08bafd |
################################################################################
|
|
|
08bafd |
|
|
|
b93447 |
Summary: Java Security Services (JSS) Javadocs
|
|
|
b93447 |
Group: Documentation
|
|
|
b93447 |
Requires: jss = %{version}-%{release}
|
|
|
b93447 |
|
|
|
b93447 |
%description javadoc
|
|
|
b93447 |
This package contains the API documentation for JSS.
|
|
|
b93447 |
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%prep
|
|
|
08bafd |
|
|
|
6d8f53 |
%autosetup -n %{name}-%{version} -p 1 -S git
|
|
|
6d8f53 |
|
|
|
6d8f53 |
# Prior to version 4.4.5, the source code were stored under "jss-<version>/jss"
|
|
|
6d8f53 |
# path in the source tarball. Starting from version 4.4.5, the files will be
|
|
|
6d8f53 |
# stored under "jss-<version>" path. However, since the build system is still
|
|
|
6d8f53 |
# using the old path (introduced via sandboxing), the unpacked source code has
|
|
|
6d8f53 |
# to be moved to the old path with the following commands. Otherwise, even
|
|
|
6d8f53 |
# though we're linking against system libraries, the build will complain about
|
|
|
6d8f53 |
# a missing sandbox.
|
|
|
6d8f53 |
|
|
|
6d8f53 |
cd ..
|
|
|
6d8f53 |
mv %{name}-%{version} jss
|
|
|
6d8f53 |
mkdir %{name}-%{version}
|
|
|
6d8f53 |
mv jss %{name}-%{version}
|
|
|
b93447 |
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%build
|
|
|
08bafd |
|
|
|
6d8f53 |
%if 0%{?fedora} >= 27
|
|
|
6d8f53 |
%set_build_flags
|
|
|
6d8f53 |
%endif
|
|
|
08bafd |
|
|
|
b93447 |
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
|
|
|
aee1ec |
[ -z "$USE_INSTALLED_NSPR" ] && export USE_INSTALLED_NSPR=1
|
|
|
aee1ec |
[ -z "$USE_INSTALLED_NSS" ] && export USE_INSTALLED_NSS=1
|
|
|
b93447 |
|
|
|
b93447 |
# Enable compiler optimizations and disable debugging code
|
|
|
aee1ec |
# NOTE: If you ever need to create a debug build with optimizations disabled
|
|
|
aee1ec |
# just comment out this line and change in the %%install section below the
|
|
|
aee1ec |
# line that copies jars xpclass.jar to be xpclass_dbg.jar
|
|
|
aee1ec |
export BUILD_OPT=1
|
|
|
b93447 |
|
|
|
b93447 |
# Generate symbolic info for debuggers
|
|
|
b93447 |
XCFLAGS="-g $RPM_OPT_FLAGS"
|
|
|
b93447 |
export XCFLAGS
|
|
|
b93447 |
|
|
|
b93447 |
PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
|
|
b93447 |
PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
|
|
b93447 |
|
|
|
b93447 |
export PKG_CONFIG_ALLOW_SYSTEM_LIBS
|
|
|
b93447 |
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
|
|
|
b93447 |
|
|
|
b93447 |
NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nspr | sed 's/-I//'`
|
|
|
b93447 |
NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
|
|
|
b93447 |
|
|
|
b93447 |
NSS_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss | sed 's/-I//'`
|
|
|
b93447 |
NSS_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nss | sed 's/-L//'`
|
|
|
b93447 |
|
|
|
b93447 |
export NSPR_INCLUDE_DIR
|
|
|
b93447 |
export NSPR_LIB_DIR
|
|
|
b93447 |
export NSS_INCLUDE_DIR
|
|
|
b93447 |
export NSS_LIB_DIR
|
|
|
b93447 |
|
|
|
aee1ec |
%if 0%{?__isa_bits} == 64
|
|
|
b93447 |
USE_64=1
|
|
|
b93447 |
export USE_64
|
|
|
b93447 |
%endif
|
|
|
b93447 |
|
|
|
b93447 |
# The Makefile is not thread-safe
|
|
|
aee1ec |
make -C jss/coreconf
|
|
|
aee1ec |
make -C jss
|
|
|
aee1ec |
make -C jss javadoc
|
|
|
aee1ec |
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%install
|
|
|
b93447 |
|
|
|
aee1ec |
# Copy the license files here so we can include them in %%doc
|
|
|
08bafd |
cp -p jss/MPL-1.1.txt .
|
|
|
08bafd |
cp -p jss/gpl.txt .
|
|
|
08bafd |
cp -p jss/lgpl.txt .
|
|
|
b93447 |
|
|
|
b93447 |
# There is no install target so we'll do it by hand
|
|
|
b93447 |
|
|
|
b93447 |
# jars
|
|
|
b93447 |
install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
|
|
|
aee1ec |
# NOTE: if doing a debug no opt build change xpclass.jar to xpclass_dbg.jar
|
|
|
aee1ec |
install -m 644 dist/xpclass.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar
|
|
|
b93447 |
|
|
|
b93447 |
# We have to use the name libjss4.so because this is dynamically
|
|
|
b93447 |
# loaded by the jar file.
|
|
|
b93447 |
install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss
|
|
|
aee1ec |
install -m 0755 dist/Linux*.OBJ/lib/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/
|
|
|
b93447 |
pushd ${RPM_BUILD_ROOT}%{_libdir}/jss
|
|
|
b93447 |
ln -fs %{_jnidir}/jss4.jar jss4.jar
|
|
|
b93447 |
popd
|
|
|
b93447 |
|
|
|
b93447 |
# javadoc
|
|
|
b93447 |
install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
|
|
|
aee1ec |
cp -rp dist/jssdoc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
|
|
|
aee1ec |
cp -p jss/jss.html $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
|
|
|
08bafd |
cp -p jss/*.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
|
|
|
b93447 |
|
|
|
b93447 |
# No ldconfig is required since this library is loaded by Java itself.
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%files
|
|
|
08bafd |
|
|
|
b93447 |
%defattr(-,root,root,-)
|
|
|
08bafd |
%doc jss/jss.html jss/MPL-1.1.txt jss/gpl.txt jss/lgpl.txt
|
|
|
b93447 |
%{_libdir}/jss/*
|
|
|
b93447 |
%{_jnidir}/*
|
|
|
aee1ec |
%{_libdir}/jss/lib*.so
|
|
|
b93447 |
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%files javadoc
|
|
|
08bafd |
|
|
|
b93447 |
%defattr(-,root,root,-)
|
|
|
b93447 |
%dir %{_javadocdir}/%{name}-%{version}
|
|
|
b93447 |
%{_javadocdir}/%{name}-%{version}/*
|
|
|
b93447 |
|
|
|
08bafd |
################################################################################
|
|
|
b93447 |
%changelog
|
|
|
34668c |
* Wed Sep 11 2019 Dogtag PKI Team <pki-devel@redhat.com> 4.4.7-2
|
|
|
34668c |
- Bugzilla #1747967 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
|
|
|
1beea6 |
|
|
|
34668c |
* Mon Aug 5 2019 Dogtag PKI Team <pki-devel@redhat.com> 4.4.7-1
|
|
|
34668c |
- Bugzilla #1733590 - Rebase JSS in RHEL 7.8 (ascheel)
|
|
|
1beea6 |
|
|
|
6d8f53 |
* Fri Mar 15 2019 Dogtag PKI Team <pki-devel@redhat.com> 4.4.6-1
|
|
|
6d8f53 |
- Bugzilla #1659527 - Rebase JSS in RHEL 7.7 (ascheel)
|
|
|
08bafd |
|
|
|
08bafd |
* Thu Jul 5 2018 Dogtag PKI Team <pki-devel@redhat.com> 4.4.4-3
|
|
|
08bafd |
- Bugzilla #1534772 - org.mozilla.jss.pkix.primitive.AlgorithmIdentifier
|
|
|
08bafd |
decode/encode process alters original data (cfu)
|
|
|
08bafd |
- Bugzilla #1554056 - JSS: Add support for TLS_*_SHA384 ciphers (cfu)
|
|
|
08bafd |
|
|
|
08bafd |
* Thu Jun 21 2018 Dogtag PKI Team <pki-devel@redhat.com> 4.4.4-2
|
|
|
08bafd |
- Red Hat Bugzilla #1560682 - (RFE) Migrate RHCS x509 cert and crl
|
|
|
08bafd |
functionality to JSS (jmagne)
|
|
|
08bafd |
|
|
|
08bafd |
* Tue May 29 2018 Dogtag PKI Team <pki-devel@redhat.com> 4.4.4-1
|
|
|
08bafd |
- Rebased to JSS 4.4.4
|
|
|
08bafd |
|
|
|
08bafd |
* Thu Apr 05 2018 Dogtag PKI Team <pki-devel@redhat.com> 4.4.3-1
|
|
|
08bafd |
- Rebased to JSS 4.4.3
|
|
|
08bafd |
#- Red Hat Bugzilla #1548548 - Partial Fedora build flags injection
|