Remove support for NSS

NSS is a behemoth of a library which drags in a whole runtime subsystem of its own which is often at odds with normal Unix system behavior (hello SIGPIPE). Now that we have nicer alternatives available there's little reason to lug this baggage along. NSS was deprecated in rpm 4.16 (commit 0b9efb9).
rpm-software-management · May 28, 2020 · 8af8c3f · 8af8c3f
1 parent 1ef7b2e
commit 8af8c3f
Show file tree

Hide file tree

Showing 9 changed files with 2 additions and 586 deletions.
diff --git a/INSTALL b/INSTALL
@@ -21,17 +21,6 @@ libgcrypt is the default.
 
 libgcrypt library is available from https://www.gnupg.org/software/libgcrypt/
 
-If using the Mozilla NSS library for encyption (and NSPR library which
-NSS uses) it must be version 3.12 or later. Both NSPR and NSS libraries and
-headers need to be installed during RPM compilation. As NSPR and NSS
-typically install their headers outside the regular include search path,
-you need to tell configure about this, eg something like:
-    ./configure <......> CPPFLAGS="-I/usr/include/nspr -I/usr/include/nss"
-
-The NSPR and NSS libraries are available from 
-    http://www.mozilla.org/projects/security/pki/nss/
-    http://www.mozilla.org/projects/nspr/
-
 If using the OpenSSL library for encryption, it must be version 1.0.2 or
 later. Note: when compiling against OpenSSL, there is a possible license
 incompatibility. For more details on this, see

diff --git a/Makefile.am b/Makefile.am
@@ -53,7 +53,6 @@ AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
 AM_CPPFLAGS += -I$(top_srcdir)/build
 AM_CPPFLAGS += -I$(top_srcdir)/lib
 AM_CPPFLAGS += -I$(top_srcdir)/rpmio
-AM_CPPFLAGS += @WITH_NSS_INCLUDE@
 AM_CPPFLAGS += @WITH_OPENSSL_INCLUDE@
 AM_CPPFLAGS += @WITH_POPT_INCLUDE@
 AM_CPPFLAGS += -I$(top_srcdir)/misc

diff --git a/build/Makefile.am b/build/Makefile.am
@@ -5,7 +5,6 @@ AM_CFLAGS = @RPMCFLAGS@
 AM_CFLAGS += @OPENMP_CFLAGS@
 
 AM_CPPFLAGS =  -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
-AM_CPPFLAGS += @WITH_NSS_INCLUDE@
 AM_CPPFLAGS += @WITH_MAGIC_INCLUDE@
 AM_CPPFLAGS += @WITH_POPT_INCLUDE@
 AM_CPPFLAGS += -I$(top_srcdir)/misc

diff --git a/configure.ac b/configure.ac
@@ -254,7 +254,7 @@ AM_CONDITIONAL(LIBDWARF,[test "$WITH_LIBDWARF" = yes])
 # Select crypto library
 AC_ARG_WITH(crypto,
             [AC_HELP_STRING([--with-crypto=CRYPTO_LIB],
-                            [The cryptographic library to use (nss|openssl|libgcrypt). The default is libgcrypt. nss is DEPRECATED.])
+                            [The cryptographic library to use (openssl|libgcrypt). The default is libgcrypt.])
                             ],[],
                             [with_crypto=libgcrypt])
 
@@ -364,38 +364,6 @@ AM_CONDITIONAL([WITH_LIBGCRYPT],[test "$with_crypto" = libgcrypt])
 AC_SUBST(WITH_LIBGCRYPT_INCLUDE)
 AC_SUBST(WITH_LIBGCRYPT_LIB)
 
-#=================
-# Check for NSS library.
-# We need nss.h from NSS which needs nspr.h. Unfortunately both glibc and NSS
-# have a header named nss.h... so make extra check for NSS's sechash.h
-# which we use too and hopefully is slightly more unique to NSS.
-WITH_NSS_INCLUDE=
-WITH_NSS_LIB=
-if test "$with_crypto" = nss; then
-AC_MSG_WARN([Using the nss library with rpm is deprecated and support will be removed in a future release!])
-# If we have pkgconfig make sure CPPFLAGS are setup correctly for the nss
-# -I include path. Otherwise the below checks will fail because nspr.h
-# cannot be found.
-AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no], [$PATH:/usr/bin:/usr/local/bin])
-if test "x$PKGCONFIG" != "xno"; then
-  CPPFLAGS="$CPPFLAGS $($PKGCONFIG --cflags nss)"
-fi
-AC_CHECK_HEADERS([nspr.h nss.h sechash.h], [], [
-  AC_MSG_ERROR([missing required NSPR / NSS header])
-])
-AC_CHECK_LIB(nss3, VFY_VerifyDigestDirect, [
-  WITH_NSS_LIB=-lnss3
-  AC_CHECK_LIB(nss3, NSS_InitContext, [
-    AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [Define to 1 if NSS has NSS_InitContext])
-    AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
-  ])
-], [
-  AC_MSG_ERROR([required NSS library 'nss3' missing or too old])
-])
-fi
-AC_SUBST(WITH_NSS_INCLUDE)
-AC_SUBST(WITH_NSS_LIB)
-
 #=================
 # Check for magic library.
 WITH_MAGIC_INCLUDE=

diff --git a/lib/Makefile.am b/lib/Makefile.am
@@ -4,7 +4,6 @@ include $(top_srcdir)/rpm.am
 AM_CFLAGS = @RPMCFLAGS@
 
 AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
-AM_CPPFLAGS += @WITH_NSS_INCLUDE@
 AM_CPPFLAGS += @WITH_POPT_INCLUDE@
 AM_CPPFLAGS += -I$(top_srcdir)/misc
 AM_CPPFLAGS += -DLOCALEDIR="\"$(localedir)\""

diff --git a/rpm.pc.in b/rpm.pc.in
@@ -12,4 +12,4 @@ Requires.private: @ZSTD_REQUIRES@
 # Conflicts:
 Cflags: -I${includedir}
 Libs: -L${libdir} -lrpm -lrpmio
-Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_DB_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @WITH_NSS_LIB@ @LUA_LIBS@
+Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_DB_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @LUA_LIBS@
diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am
@@ -4,7 +4,6 @@ include $(top_srcdir)/rpm.am
 AM_CFLAGS = @RPMCFLAGS@
 
 AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
-AM_CPPFLAGS += @WITH_NSS_INCLUDE@
 AM_CPPFLAGS += @WITH_OPENSSL_INCLUDE@
 AM_CPPFLAGS += @WITH_LIBGCRYPT_INCLUDE@
 AM_CPPFLAGS += @WITH_POPT_INCLUDE@
@@ -28,16 +27,12 @@ librpmio_la_SOURCES += digest_openssl.c
 else
 if WITH_LIBGCRYPT
 librpmio_la_SOURCES += digest_libgcrypt.c
-else
-librpmio_la_SOURCES += digest_nss.c
 endif
 endif
 
-
 librpmio_la_LDFLAGS = -version-info $(rpm_version_info)
 librpmio_la_LIBADD = \
 	../misc/libmisc.la \
-	@WITH_NSS_LIB@ \
 	@WITH_OPENSSL_LIB@ \
 	@WITH_LIBGCRYPT_LIB@ \
 	@WITH_BZ2_LIB@ \