On 14.06.2017 01:27, Timo Aaltonen wrote:
> On 23.02.2017 00:14, Mike Hommey wrote:
>> On Wed, Feb 22, 2017 at 09:51:50PM +0200, Timo Aaltonen wrote:
>>> Package: libnss3-dev
>>> Severity: normal
>>>
>>> Hi, I need to package nss-pem for certmonger to actually be able to
>>> renew certificates, but it fails to build because blapi.h is missing
>>> from libnss3-dev. Ubuntu has carried it for some time for some reason,
>>> please add it in Debian too.
>>
>> The header is explicitly marked private by upstream, which means nss-pem
>> shouldn't be using it. Or it should be made public. Either way, that's
>> not a decision for me to make, and this should be brought upstream.
>>
>> I could do that, but it would make more sense for the nss-pem upstream
>> themselves to talk to the NSS people about what they need.
>
> This has been discussed on other bugs already, and that's not going to happen
> upstream I think.. So how about putting these in a separate -dev package as
> on Fedora:
>
> diff --git a/debian/control b/debian/control
> index 95dc08b..30f01ef 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -62,6 +62,20 @@ Description: Development files for the Network Security
> Service libraries
> Install this package if you wish to develop your own programs using the
> Network Security Service Libraries.
>
> +Package: libnss3-pkcs11-dev
> +Section: libdevel
> +Architecture: any
> +Depends: ${misc:Depends},
> + libnss3 (= ${binary:Version}),
> +Multi-Arch: ${misc:Multi-Arch}
> +Description: Development files for the Network Security Service libraries --
> PKCS #11 support
> + This is a set of libraries designed to support cross-platform development
> + of security-enabled client and server applications. It can support SSLv2
> + and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
> + other security standards.
> + .
> + This package is needed for building PKCS #11 modules that use NSS.
> +
> Package: libnss3-dbg
> Section: debug
> Priority: extra
> diff --git a/debian/rules b/debian/rules
> index d9ca1d2..6e2aec5 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -149,6 +149,15 @@ override_dh_auto_install: $(PREPROCESS_FILES:.in=)
> install -m 644 -t
> debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig debian/nss.pc
> install -m 755 -t debian/libnss3-dev/usr/bin debian/nss-config
>
> + install -m 755 -d debian/libnss3-pkcs11-dev/usr/include/nss/private
> debian/libnss3-pkcs11-dev/usr/lib/$(D
> EB_HOST_MULTIARCH)
> + install -m 644 -t debian/libnss3-pkcs11-dev/usr/include/nss/private \
> + $(DISTDIR)/private/nss/alghmac.h \
> + $(DISTDIR)/private/nss/blapi.h
> + install -m 644 -t
> debian/libnss3-pkcs11-dev/usr/lib/$(DEB_HOST_MULTIARCH) \
> + $(DISTDIR)/lib/libfreebl.a \
> + $(DISTDIR)/lib/libnssb.a \
> + $(DISTDIR)/lib/libnssckfw.a
>
>
> this would fix #732201 as well...
Hi, I need nss-pem for certmonger which is used on a FreeIPA client to
refresh certificates. Without it shipping FreeIPA server with a CA is
pointless.
Six months have passed, how about just merging this patch? It wouldn't
affect packages using libnss3-dev.
--
t
