SPECS: apache-mod_nss.spec - generate dummy cert db from apache certs
glen
glen at pld-linux.org
Tue Jun 17 08:38:47 CEST 2008
Author: glen Date: Tue Jun 17 06:38:47 2008 GMT
Module: SPECS Tag: HEAD
---- Log message:
- generate dummy cert db from apache certs
---- Files affected:
SPECS:
apache-mod_nss.spec (1.12 -> 1.13)
---- Diffs:
================================================================
Index: SPECS/apache-mod_nss.spec
diff -u SPECS/apache-mod_nss.spec:1.12 SPECS/apache-mod_nss.spec:1.13
--- SPECS/apache-mod_nss.spec:1.12 Tue Jun 17 08:09:58 2008
+++ SPECS/apache-mod_nss.spec Tue Jun 17 08:38:42 2008
@@ -1,15 +1,19 @@
# $Revision$, $Date$
+# TODO
+# - certutil tries to open /dev/tty to get passphrase for nss db init
%define mod_name nss
%define apxs /usr/sbin/apxs
Summary: mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
Summary(pl.UTF-8): mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
Name: apache-mod_nss
Version: 1.0.7
-Release: 0.3
+Release: 0.4
License: Apache v2.0
Group: Networking/Daemons
Source0: http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
# Source0-md5: 71107cbc702bf07c6c79843aa92a0e09
+Source1: apache-server.crt
+Source2: apache-server.key
Patch0: %{name}-config.patch
URL: http://directory.fedoraproject.org/wiki/Mod_nss
BuildRequires: %{apxs}
@@ -24,7 +28,7 @@
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null)
-%define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null)/conf.d
+%define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null)
%description
An Apache 2.x module for implementing crypto using the Mozilla NSS
@@ -51,6 +55,8 @@
%prep
%setup -q -n mod_nss-%{version}
%patch0 -p1
+cp %{SOURCE1} server.crt
+cp %{SOURCE2} server.key
%build
# apr-util is missing in configure check
@@ -65,13 +71,21 @@
%{__make}
+install -d nss
+# XXX: this is interactive
+certutil -N -d nss
+
+openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
+pk12util -i server.p12 -d nss -W ''
+
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}}
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
install nss_pcache $RPM_BUILD_ROOT%{_sbindir}
-cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/40_mod_%{mod_name}.conf
+cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
+cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss
%clean
rm -rf $RPM_BUILD_ROOT
@@ -86,8 +100,12 @@
%files
%defattr(644,root,root,755)
-%doc NOTICE README TODO docs/mod_nss.html
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*_mod_%{mod_name}.conf
+%doc NOTICE README TODO docs/mod_nss.html migrate.pl
+%attr(750,root,root) %dir %{_sysconfdir}/nss
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
%attr(755,root,root) %{_pkglibdir}/libmodnss.so
%attr(755,root,root) %{_sbindir}/nss_pcache
@@ -97,6 +115,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.13 2008/06/17 06:38:42 glen
+- generate dummy cert db from apache certs
+
Revision 1.12 2008/06/17 06:09:58 glen
- add missing service restart
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/apache-mod_nss.spec?r1=1.12&r2=1.13&f=u
More information about the pld-cvs-commit
mailing list