SPECS: apache-mod_nss.spec - generate dummy cert db from apache certs

glen glen at pld-linux.org
Tue Jun 17 08:38:47 CEST 2008 

Author: glen                         Date: Tue Jun 17 06:38:47 2008 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- generate dummy cert db from apache certs

---- Files affected:
SPECS:
   apache-mod_nss.spec (1.12 -> 1.13) 

---- Diffs:

================================================================
Index: SPECS/apache-mod_nss.spec
diff -u SPECS/apache-mod_nss.spec:1.12 SPECS/apache-mod_nss.spec:1.13
--- SPECS/apache-mod_nss.spec:1.12	Tue Jun 17 08:09:58 2008
+++ SPECS/apache-mod_nss.spec	Tue Jun 17 08:38:42 2008
@@ -1,15 +1,19 @@
 # $Revision$, $Date$
+# TODO
+# - certutil tries to open /dev/tty to get passphrase for nss db init
 %define		mod_name	nss
 %define		apxs		/usr/sbin/apxs
 Summary:	mod_nss - strong cryptography support for Apache using SSL/TLS library NSS
 Summary(pl.UTF-8):	mod_nss - silna kryptografia dla Apache'a przy użyciu biblioteki SSL/TLS NSS
 Name:		apache-mod_nss
 Version:	1.0.7
-Release:	0.3
+Release:	0.4
 License:	Apache v2.0
 Group:		Networking/Daemons
 Source0:	http://directory.fedoraproject.org/sources/mod_nss-%{version}.tar.gz
 # Source0-md5:	71107cbc702bf07c6c79843aa92a0e09
+Source1:	apache-server.crt
+Source2:	apache-server.key
 Patch0:		%{name}-config.patch
 URL:		http://directory.fedoraproject.org/wiki/Mod_nss
 BuildRequires:	%{apxs}
@@ -24,7 +28,7 @@
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define		_pkglibdir	%(%{apxs} -q LIBEXECDIR 2>/dev/null)
-%define		_sysconfdir	%(%{apxs} -q SYSCONFDIR 2>/dev/null)/conf.d
+%define		_sysconfdir	%(%{apxs} -q SYSCONFDIR 2>/dev/null)
 
 %description
 An Apache 2.x module for implementing crypto using the Mozilla NSS
@@ -51,6 +55,8 @@
 %prep
 %setup -q -n mod_nss-%{version}
 %patch0 -p1
+cp %{SOURCE1} server.crt
+cp %{SOURCE2} server.key
 
 %build
 # apr-util is missing in configure check
@@ -65,13 +71,21 @@
 
 %{__make}
 
+install -d nss
+# XXX: this is interactive
+certutil -N -d nss
+
+openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "Server-Cert" -passout pass:
+pk12util -i server.p12 -d nss -W ''
+
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}}
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_pkglibdir},%{_sysconfdir}/{conf.d,nss}}
 install .libs/libmodnss.so $RPM_BUILD_ROOT%{_pkglibdir}
 install nss_pcache $RPM_BUILD_ROOT%{_sbindir}
 
-cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/40_mod_%{mod_name}.conf
+cp -a nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/40_mod_%{mod_name}.conf
+cp -a nss/* $RPM_BUILD_ROOT%{_sysconfdir}/nss
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -86,8 +100,12 @@
 
 %files
 %defattr(644,root,root,755)
-%doc NOTICE README TODO docs/mod_nss.html
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*_mod_%{mod_name}.conf
+%doc NOTICE README TODO docs/mod_nss.html migrate.pl
+%attr(750,root,root) %dir %{_sysconfdir}/nss
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/cert8.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/key3.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nss/secmod.db
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_%{mod_name}.conf
 %attr(755,root,root) %{_pkglibdir}/libmodnss.so
 %attr(755,root,root) %{_sbindir}/nss_pcache
 
@@ -97,6 +115,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.13  2008/06/17 06:38:42  glen
+- generate dummy cert db from apache certs
+
 Revision 1.12  2008/06/17 06:09:58  glen
 - add missing service restart
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SPECS/apache-mod_nss.spec?r1=1.12&r2=1.13&f=u

More information about the pld-cvs-commit mailing list