%define cert_name %(basename %{cert_file} | sed 's/.[^.]*$//')
%define nssdb %{_sysconfdir}/pki/nssdb

Name:           nss-ca-cert-%{cert_name}
Version:        %(date +%%Y.%%m.%%d)
Release:        %(date +%%H.%%M.%%S)
Summary:        CA certificate for ${cert_name} TPS system
Group:          Identity/System
License:        Other
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch:      noarch

Requires(post): nss-tools
Requires(preun): nss-tools

%description
CA certificate for NSS database, to authorize security tokens
enrolled with the air.sfbay.redhat.com TPS system.

%install
rm -rf $RPM_BUILD_ROOT

mkdir -p $RPM_BUILD_ROOT%{nssdb}
install -m 644 %{cert_file} $RPM_BUILD_ROOT%{nssdb}/

%post 
ASCII=""
if file %{nssdb}/$(basename %{cert_file}) 2>/dev/null | grep -q ASCII; then
   ASCII="-a"
fi
certutil -A -n "CA %{cert_name}" -t "CT,C," -d %{nssdb} ${ASCII} -i %{nssdb}/$(basename %{cert_file})
chmod a+r %{nssdb} -R

%preun
if [ $1 = 0 ]; then
  certutil -D -n "CA %{cert_name}" -d %{nssdb}
  chmod a+r %{nssdb} -R
fi

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%config %{nssdb}/*