As discussed over irc, it makes sense to put the db's in /var/lib/nssdb and link from /etc/pki/. Also, since libnss3 is a M-A: same package, the db's can't be in that package (since they'd conflict when mixing archs), so add libnss3-nssdb package that ships them.
-- t
commit 810c9919786a27fec1aaeaaf21142bc0ccd88d9e Author: Timo Aaltonen <tjaal...@ubuntu.com> Date: Sat Dec 1 12:13:31 2012 +0200 initial nssdb commit diff --git a/debian/control b/debian/control index 89b1966..9c2768c 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/nss.git Package: libnss3 Architecture: any Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, libnss3-nssdb Conflicts: libnss3-1d (<< 2:3.13.4-2) Multi-Arch: ${misc:Multi-Arch} Description: Network Security Service libraries @@ -32,6 +32,14 @@ Description: Network Security Service libraries - transitional package This is a transitional package to ensure smooth transition of all packages to libnss3. +Package: libnss3-nssdb +Section: admin +Architecture: all +Pre-Depends: ${misc:Pre-Depends} +Depends: libnss3 (= ${binary:Version}), ${misc:Depends} +Description: Network Security Security libraries - shared databases + This package includes shared certificate and key databases. + Package: libnss3-tools Section: admin Architecture: any diff --git a/debian/libnss3-nssdb.links b/debian/libnss3-nssdb.links new file mode 100644 index 0000000..e1c5d63 --- /dev/null +++ b/debian/libnss3-nssdb.links @@ -0,0 +1 @@ +var/lib/nssdb etc/pki/nssdb diff --git a/debian/libnss3.symbols b/debian/libnss3.symbols index 926b981..36cc765 100644 --- a/debian/libnss3.symbols +++ b/debian/libnss3.symbols @@ -107,6 +107,8 @@ libnssckbi.so libnss3 (>= 2:3.13.4-2~) | libnss3-1d #MINVER# libnssdbm3.so libnss3 (>= 2:3.13.4-2~) | libnss3-1d #MINVER# |libnss3 #MINVER# *@NSSDBM_3.12 3.12.0 +libnsssysinit.so libnss3 #MINVER# + NSS_ReturnModuleSpecData@Base 3.14.2 libsoftokn3.so libnss3 (>= 2:3.13.4-2~) | libnss3-1d #MINVER# |libnss3 #MINVER# *@NSS_3.4 3.12.0~1.9b1 diff --git a/debian/pkcs11.txt b/debian/pkcs11.txt new file mode 100644 index 0000000..aaa8ef2 --- /dev/null +++ b/debian/pkcs11.txt @@ -0,0 +1,4 @@ +library=libnsssysinit.so +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/var/lib/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,moduleDBOnly,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) diff --git a/debian/rules b/debian/rules index 3f98c2b..6748b26 100755 --- a/debian/rules +++ b/debian/rules @@ -33,7 +33,6 @@ DISTDIR := $(CURDIR)/dist override_dh_auto_build: $(MAKE) -C nss \ all \ - MOZILLA_CLIENT=1 \ NSPR_INCLUDE_DIR=/usr/include/nspr \ NSPR_LIB_DIR=/usr/lib \ SOURCE_PREFIX=$(DISTDIR) \ @@ -71,6 +70,7 @@ override_dh_auto_install: $(PREPROCESS_FILES:.in=) $(DISTDIR)/lib/libfreebl3.so \ $(DISTDIR)/lib/libsoftokn3.so \ $(DISTDIR)/lib/libnssdbm3.so \ + $(DISTDIR)/lib/libnsssysinit.so \ $(DISTDIR)/lib/libnssckbi.so install -m 644 -t debian/libnss3-dev/usr/include/nss \ @@ -84,6 +84,17 @@ override_dh_auto_install: $(PREPROCESS_FILES:.in=) $(foreach bin,certutil cmsutil crlutil modutil pk12util shlibsign signtool signver ssltap pwdecrypt, \ $(DISTDIR)/bin/$(bin)) + # Create the empty certificate databases, with empty passphrase + echo "\n" > /tmp/password + install -m 755 -d debian/libnss3-nssdb/etc/pki + install -m 755 -d debian/libnss3-nssdb/var/lib/nssdb + LD_LIBRARY_PATH=$(DISTDIR)/lib $(DISTDIR)/bin/certutil -N -d debian/libnss3-nssdb/var/lib/nssdb \ + -f /tmp/password + LD_LIBRARY_PATH=$(DISTDIR)/lib $(DISTDIR)/bin/certutil -N -d sql:debian/libnss3-nssdb/var/lib/nssdb \ + -f /tmp/password + chmod 644 debian/libnss3-nssdb/var/lib/nssdb/* + install -m 644 -t debian/libnss3-nssdb/var/lib/nssdb debian/pkcs11.txt + override_dh_strip: dh_strip -a --dbg-package=libnss3-dbg $(foreach lib,libsoftokn3.so libfreebl3.so libnssdbm3.so, \