LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File apache2-mod_nss.spec of Package apache2-mod_nss (Project mozilla)

#
# spec file for package apache2-mod_nss
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           apache2-mod_nss
Summary:        SSL/TLS module for the Apache HTTP server
License:        Apache-2.0
Group:          Productivity/Networking/Web/Servers
Version:        1.0.14
Release:        0.4.8
Url:            https://fedorahosted.org/mod_nss
Source:         https://fedorahosted.org/released/mod_nss/mod_nss-%{version}.tar.gz
Source1:        mod_nss.conf.in
Source2:        listen_nss.conf
Source4:        README-SUSE.txt
Source5:        vhost-nss.template
Provides:       mod_nss
Requires:       %{apache_mmn}
Requires:       %{apache_suse_maintenance_mmn}
Requires:       apache2 >= 2.2.12
Requires:       findutils
Requires:       mozilla-nss >= 3.15.1
PreReq:         mozilla-nss-tools
BuildRequires:  apache-rpm-macros
BuildRequires:  apache2-devel >= 2.2.12
BuildRequires:  automake
BuildRequires:  bison
BuildRequires:  curl
BuildRequires:  findutils
BuildRequires:  flex
BuildRequires:  gcc-c++
BuildRequires:  libapr-util1-devel
BuildRequires:  libapr1-devel
BuildRequires:  libtool
BuildRequires:  mozilla-nspr-devel >= 4.6.3
BuildRequires:  mozilla-nss-devel >= 3.15.1
BuildRequires:  mozilla-nss-tools
BuildRequires:  pkgconfig

Patch1:         mod_nss-migrate.patch
Patch2:         mod_nss-gencert-correct-ownership.patch
Patch3:         mod_nss-dont_disable_SSLV2.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define    apxs /usr/sbin/apxs2
%define    apache apache2
%define    apache_libexecdir %(%{apxs} -q LIBEXECDIR)
%define    apache_sysconfdir %(%{apxs} -q SYSCONFDIR)
%define    apache_includedir %(%{apxs} -q INCLUDEDIR)
%define    apache_serverroot %(%{apxs} -q PREFIX)
%define    apache_mmn        %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)
%define    apache_sysconf_nssdir %{apache_sysconfdir}/mod_nss.d

%description
The mod_nss module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols using the Network Security Services (NSS)
security library.

%prep
%setup -q -n mod_nss-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1

# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]

%build
CFLAGS="$RPM_OPT_FLAGS"
export CFLAGS
NSPR_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nspr`
NSPR_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nspr`
NSS_INCLUDE_DIR=`/usr/bin/pkg-config --variable=includedir nss`
NSS_LIB_DIR=`/usr/bin/pkg-config --variable=libdir nss`
NSS_BIN=`/usr/bin/pkg-config --variable=exec_prefix nss`
# For some reason mod_nss can't find nss on SUSE unless we do the following
C_INCLUDE_PATH="/usr/include/nss3:/usr/include/nspr4:/usr/include/apache2-prefork/"
export C_INCLUDE_PATH
# no more patching a config file...
cp -a %{SOURCE1} ./nss.conf.in
cp -a %{SOURCE4} .
chmod 644 ./nss.conf.in
autoreconf -fvi
%configure \
    --with-nss-lib=$NSS_LIB_DIR \
    --with-nss-inc=$NSS_INCLUDE_DIR \
    --with-nspr-lib=$NSPR_LIB_DIR \
    --with-nspr-inc=$NSPR_INCLUDE_DIR \
    --with-apxs=%{apxs} \
    --enable-ecc \
    --with-apr-config
make %{?_smp_mflags} all

%install
# The install target of the Makefile isn't used because that uses apxs
# which tries to enable the module in the build host httpd instead of in
# the build root.
mkdir -p $RPM_BUILD_ROOT/%{apache_libexecdir}
mkdir -p $RPM_BUILD_ROOT%{apache_sysconfdir}/conf.d
mkdir -p $RPM_BUILD_ROOT%{apache_sysconfdir}/vhosts.d
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT%{apache_sysconf_nssdir}

%if 0%{?suse_version}
perl -pi -e "s|\@apache_lib\@|%{_libdir}\/apache2|g" nss.conf
%endif

install -m 644 nss.conf $RPM_BUILD_ROOT%{apache_sysconfdir}/conf.d/mod_nss.conf
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{apache_sysconfdir}/vhosts.d/vhost-nss.template
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{apache_sysconfdir}/listen_nss.conf
install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{apache_libexecdir}/mod_nss.so
install -m 755 nss_pcache $RPM_BUILD_ROOT%{_sbindir}/
install -m 755 gencert $RPM_BUILD_ROOT%{_sbindir}/
install -m 755 migrate.pl $RPM_BUILD_ROOT%{_sbindir}/mod_nss_migrate.pl

#ln -s $RPM_BUILD_ROOT/%%{apache_libexecdir}/libnssckbi.so $RPM_BUILD_ROOT%%{apache_sysconf_nssdir}/
touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/secmod.db
touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/cert8.db
touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/key3.db
touch $RPM_BUILD_ROOT%{apache_sysconf_nssdir}/install.log
perl -pi -e "s:$NSS_LIB_DIR:$NSS_BIN:" $RPM_BUILD_ROOT%{_sbindir}/gencert

%check
set +x
mkdir -p %{apache_test_module_dir}
# create password file including internal token to suppress apache 'builtin dialog'
cat << EOF > %{apache_test_module_dir}/password.conf
internal:httptest
EOF
# create test configuration
cat << EOF > %{apache_test_module_dir}/mod_nss-test.conf
NSSEngine on
NSSNickname Server-Cert
NSSCertificateDatabase %{apache_test_module_dir}/mod_nss.d
NSSPassPhraseDialog file:%{apache_test_module_dir}/password.conf
NSSPassPhraseHelper %{buildroot}/usr/sbin/nss_pcache
NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_128_sha256,+rsa_aes_256_sha256
NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
<Directory /tmp/apache2-mod_nss_test/htdocs>
%if 0%{?apache_branch} >= 204
  Require local
%else
  Allow from localhost
%endif
</Directory>
EOF
# create test certificate
mkdir -p %{apache_test_module_dir}/mod_nss.d
#   bend gencert to use ServerName of apache test instance
cp %{buildroot}%{_sbindir}/gencert .
sed -i 's:FQDN=`getFQDN`:FQDN=test:' gencert
./gencert  %{apache_test_module_dir}/mod_nss.d > %{apache_test_module_dir}/mod_nss.d/LOG 2>&1
# create test document
mkdir -p %{apache_test_module_dir}/htdocs
cat << EOF > %{apache_test_module_dir}/htdocs/index.html
HTTPS HELLO
EOF
exit_code=0
# run apache test instance
%apache_test_module_start_apache -m nss -i mod_nss-test.conf
# get test document 
%apache_test_module_curl -r https -d /index.html -o %{apache_test_module_dir}/output.txt
echo
echo 'Testing /index.html output'
grep 'HTTPS HELLO' %{apache_test_module_dir}/output.txt || exit_code=1
if [ $exit_code -eq 0 ]; then
  echo 'SUCCESS'
else
  echo 'FAILED, error_log:'
  cat %{apache_test_module_dir}/error_log
fi
echo
# stop apache test instance
%apache_test_module_stop_apache
set -x
exit $exit_code

%post
umask 077
if [ ! -e %{apache_sysconf_nssdir}/key3.db ]; then
    %{_sbindir}/gencert %{apache_sysconf_nssdir} > %{apache_sysconf_nssdir}/install.log 2>&1
    echo ""
    echo "%{name} certificate database generated."
    echo ""
fi
# Make sure that the database ownership is setup properly.
find %{apache_sysconf_nssdir} -user root -name "*.db" -exec /bin/chgrp -h www {} +
find %{apache_sysconf_nssdir} -user root -name "*.db" ! -type l -exec /bin/chmod 640 {} +

%files
%defattr(-,root,root,-)
%doc README LICENSE docs/mod_nss.html README-SUSE.txt
%config(noreplace) %{apache_sysconfdir}/conf.d/mod_nss.conf
%config(noreplace) %{apache_sysconfdir}/vhosts.d/vhost-nss.template
%config(noreplace) %{apache_sysconfdir}/listen_nss.conf
%dir %{apache_libexecdir}
%{apache_libexecdir}/mod_nss.so
%dir %{apache_sysconf_nssdir}/
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/secmod.db
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/cert8.db
%ghost %attr(0640,root,www) %config(noreplace) %{apache_sysconf_nssdir}/key3.db
%ghost %config(noreplace) %{apache_sysconf_nssdir}/install.log
%{_sbindir}/nss_pcache
%{_sbindir}/gencert
%{_sbindir}/mod_nss_migrate.pl

%changelog