linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-23 22:42:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

nss-3.13.3

Browse Source 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9596 af4574ff-66df-0310-9fd7-8a98e5e911e0
This commit is contained in:
Andrew Benton 2012-03-04 23:27:16 +00:00
parent 7753fc6161
commit 9333a52581
3 changed files with 166 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
general.ent
View File

@ -121,7 +121,7 @@ $Date$
<!ENTITY liboauth-version "0.9.4">
<!ENTITY mitkrb-version "1.6">
<!ENTITY nettle-version "2.4">
<!ENTITY nss-version "3.13.1">
<!ENTITY nss-version "3.13.3">
<!ENTITY openssh-version "5.9p1">
<!ENTITY openssl-version "1.0.0g">
<!-- version no longer used, we take whatever mozilla is offering

3
introduction/welcome/changelog.xml
View File

@ -54,6 +54,9 @@
<listitem>
<para>[abenton] - NSPR 4.9.</para>
</listitem>
<listitem>
<para>[abenton] - NSS 3.13.3.</para>
</listitem>
</itemizedlist>
</listitem>

279
postlfs/security/nss.xml
View File

@ -4,12 +4,14 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY nss-download-http "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_1_RTM/src/nss-&nss-version;.tar.gz">
<!ENTITY nss-download-ftp "ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_1_RTM/src/nss-&nss-version;.tar.gz">
<!ENTITY nss-md5sum "c500f96d33ba1390c8a35c667e05e542">
<!ENTITY nss-size "5.7 MB">
<!ENTITY nss-buildsize "44 MB (more than double this to run the test suite)">
<!ENTITY nss-time "0.7 SBU (at least an additional 3.5 SBU to run the test suite)">
<!ENTITY nss-download-http
"http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/nss-&nss-version;.tar.gz">
<!ENTITY nss-download-ftp
"ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/nss-&nss-version;.tar.gz">
<!ENTITY nss-md5sum "006cb82fa900e9e664b4b14a9b7810ca">
<!ENTITY nss-size "5.8 MB">
<!ENTITY nss-buildsize "70 MB (more than double this to run the test suite)">
<!ENTITY nss-time "1.0 SBU (at least an additional 3.5 SBU to run the test suite)">
]>
<sect1 id="nss" xreflabel="NSS-&nss-version;">
@ -29,92 +31,114 @@
<sect2 role="package">
<title>Introduction to NSS</title>
<para>The Network Security Services (<application>NSS</application>)
package is a set of libraries designed to support cross-platform
development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards. This is useful for implementing SSL and S/MIME or
other Internet security standards into an application.</para>
<para>
The Network Security Services (<application>NSS</application>) package is
a set of libraries designed to support cross-platform development of
security-enabled client and server applications. Applications built with
NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME, X.509 v3 certificates, and other security standards. This is
useful for implementing SSL and S/MIME or other Internet security
standards into an application.
</para>
&lfs70_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&nss-download-http;"/></para>
<para>
Download (HTTP): <ulink url="&nss-download-http;"/>
</para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&nss-download-ftp;"/></para>
<para>
Download (FTP): <ulink url="&nss-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>Download MD5 sum: &nss-md5sum;</para>
<para>
Download MD5 sum: &nss-md5sum;
</para>
</listitem>
<listitem>
<para>Download size: &nss-size;</para>
<para>
Download size: &nss-size;
</para>
</listitem>
<listitem>
<para>Estimated disk space required: &nss-buildsize;</para>
<para>
Estimated disk space required: &nss-buildsize;
</para>
</listitem>
<listitem>
<para>Estimated build time: &nss-time;</para>
<para>
Estimated build time: &nss-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Required patch: <ulink
url="&patch-root;/nss-&nss-version;-standalone-1.patch"/></para>
<para>
Required patch:
<ulink url="&patch-root;/nss-&nss-version;-standalone-1.patch"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">NSS Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required"><xref linkend="nspr"/></para>
<para role="required">
<xref linkend="nspr"/>
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended"><xref linkend="sqlite"/> (internal sqlite is
incompatable with existing or future installations)</para>
<para role="recommended">
<xref linkend="sqlite"/> (internal <application>sqlite</application> is
incompatable with existing or future installations)
</para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/nss"/></para>
<para condition="html" role="usernotes">
User Notes: <ulink url="&blfs-wiki;/nss"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of NSS</title>
<para>Install <application>NSS</application> by running the following
commands:</para>
<para>
Install <application>NSS</application> by running the following commands:
</para>
<screen><userinput>bash
[ $(arch) = x86_64 ] &amp;&amp; export USE_64=1
export BUILD_OPT=1 &amp;&amp;
cat /usr/include/sqlite3.h &amp;&gt; /dev/null &amp;&amp;
export NSS_USE_SYSTEM_SQLITE=1
export NSPR_INCLUDE_DIR=/usr/include/nspr &amp;&amp;
export USE_SYSTEM_ZLIB=1 &amp;&amp;
export ZLIB_LIBS=-lz &amp;&amp;
patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
make -C mozilla/security/nss nss_build_all</userinput></screen>
<screen><userinput>patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
cd mozilla/security/nss &amp;&amp;
make nss_build_all $([ $(arch) = x86_64 ] &amp;&amp; echo USE_64=1) BUILD_OPT=1 \
NSPR_INCLUDE_DIR=/usr/include/nspr USE_SYSTEM_ZLIB=1 ZLIB_LIBS=-lz \
$(cat /usr/include/sqlite3.h &amp;&gt; /dev/null &amp;&amp; echo NSS_USE_SYSTEM_SQLITE=1)</userinput></screen>
<para>If you wish to test the results, you'll need to set the domain name of
your system in the <envar>DOMSUF</envar> environment variable. Most of the
tests will fail if you don't provide the correct domain name. The voluminous
output will report how many of the several thousand tests passed, and if any
failed. To review the details of any failures, you may wish to capture
stdout and stderr in a file.</para>
<para>This package does not come with a test suite.</para>
<!--
<para>
If you wish to test the results, you'll need to set the domain name of
your system in the <envar>DOMSUF</envar> environment variable. Most of the
tests will fail if you don't provide the correct domain name. The
voluminous output will report how many of the several thousand tests
passed, and if any failed. To review the details of any failures, you may
wish to capture stdout and stderr in a file.
</para>
<para>To run the tests, ensure you change the
<command>export DOMSUF</command> command below to an appropriate value,
e.g., <parameter>mydomain.com</parameter> or, if you do not have any domain
in your <filename>/etc/hosts</filename> replace this with the developers'
recommendation of
<command>"export HOST=localhost DOMSUF=localdomain"</command> and issue the
following commands:</para>
<para>
To run the tests, ensure you change the <command>export DOMSUF</command>
command below to an appropriate value, e.g.,
<parameter>mydomain.com</parameter> or, if you do not have any domain in
your <filename>/etc/hosts</filename> replace this with the developers'
recommendation of
<command>"export HOST=localhost DOMSUF=localdomain"</command> and issue
the following commands:
</para>
<screen><userinput>bash
@ -130,77 +154,65 @@ sed -i 's/gmake/make/' common/init.sh &amp;&amp;
grep Passed $TEST_RESULTSDIR/$(hostname).1/results.html | wc -l &amp;&amp;
exit</userinput></screen>
-->
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>export NSS_LINUXDIR=$(basename `ls -d $PWD/mozilla/dist/Linux*`) &amp;&amp;
cd mozilla/dist &amp;&amp;
install -v -m755 $NSS_LINUXDIR/lib/*.so /usr/lib &amp;&amp;
install -v -m644 $NSS_LINUXDIR/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
<screen role="root"><userinput>cd ../../dist &amp;&amp;
install -v -m755 Linux*/lib/*.so /usr/lib &amp;&amp;
install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
install -v -m755 -d /usr/include/nss &amp;&amp;
install -v -m755 $NSS_LINUXDIR/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
install -v -m644 $NSS_LINUXDIR/lib/pkgconfig/nss.pc /usr/lib/pkgconfig &amp;&amp;
install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib/pkgconfig &amp;&amp;
cp -v -RL {public,private}/nss/* /usr/include/nss &amp;&amp;
chmod 644 /usr/include/nss/*</userinput></screen>
<para>Now as the unprivileged user, exit the <command>bash</command>
shell started at the beginning of the installation to restore the
environment to the original state.</para>
<screen><userinput>exit</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para><command>bash</command>: Shells are started as many environment
variables are created during the installation process. Exiting the shells
serves the purpose of restoring the environment and returning back to the
original directory when the installation is complete.</para>
<para>
<parameter>[ $(arch) = x86_64 ] &amp;&amp; echo USE_64=1</parameter>:
This option is <emphasis>required on x86_64</emphasis>, otherwise the
<command>make</command> will attempt to create 32-bit objects and in a
non-multilib system it will fail. The [ $(arch) = x86_64 ] test ensures it
has no effect on a 32 bit system.
</para>
<para><command>[ $(arch) = x86_64 ] &amp;&amp; export USE_64=1</command>:
This command is <emphasis>required on x86_64</emphasis>, otherwise the
build will attempt to create 32-bit objects and fail in a non-multilib
system. The [ $(arch) = x86_64 ] test ensures it has no effect on a 32 bit
system.</para>
<para>
<command>cat /usr/include/sqlite3.h ... </command>: This tests if
<application>sqlite</application> is installed and if so it
<command>echo</command>s the option NSS_USE_SYSTEM_SQLITE=1 to
<command>make</command> so that
<filename class="libraryfile">libsoftokn3.so</filename> will link against
the system version of sqlite.
</para>
<para><command>cat /usr/include/sqlite3.h ... </command>: tests if
<application>sqlite</application> is installed and if so it sets the
environment variable NSS_USE_SYSTEM_SQLITE=1 so that
<filename class="libraryfile">libsoftokn3.so</filename> will link against
the system version of sqlite.</para>
<para>
<parameter>BUILD_OPT=1</parameter>: This option is passed to
<command>make</command> so that the build is performed with no debugging
symbols built into the binaries and the default compiler optimizations are
used.
</para>
<para><command>export BUILD_OPT=1</command>: This variable is set so that
the build is performed with no debugging symbols built into the binaries
and that the default compiler optimizations are used.</para>
<para>
<parameter>NSPR_INCLUDE_DIR=/usr/include/nspr</parameter>: This option
sets the location of the nspr headers.
</para>
<para><command>export NSPR_INCLUDE_DIR=/usr/include/nspr</command>: This
command sets the location of the nspr headers.</para>
<para><command>export USE_SYSTEM_ZLIB=1</command>: This command ensures that
the system installed library is used instead of the in-tree version.</para>
<para><command>export ZLIB_LIBS=-lz</command>: This command provides the
needed linker flags to link to the system zlib.</para>
<para><command>export NSS_LINUXDIR=...</command>: This variable is set so
that the exact name of the architecture specific directories where the
binaries are stored in the source tree can be determined.</para>
<para><command>make -C mozilla/security/nss nss_build_all</command>: This
command builds the <application>NSS</application> libraries and creates a
<filename class='directory'>dist</filename> directory which houses all the
programs, libraries and interface headers. None of the programs created by
this process are installed onto the system using the default instructions
(except for <application>nss-config</application>). If you need any of
these programs installed, you can find them in the
<filename class='directory'>mozilla/*.OBJ/dist/bin</filename> directory of
the source tree.</para>
<para><command>sed -i 's/gmake/make/' common/init.sh</command>: This
command changes the command used to compile some test programs.</para>
<para>
<parameter>USE_SYSTEM_ZLIB=1</parameter>: This option is passed to
<command>make</command> to ensure that the
<filename class="libraryfile">libssl3.so</filename> library is linked to
the system installed <application>zlib</application> instead of the
in-tree version.
</para>
<para>
<parameter>ZLIB_LIBS=-lz</parameter>: This option provides the
linker flags needed to link to the system <application>zlib</application>.
</para>
</sect2>
<sect2 role="content">
@ -212,10 +224,11 @@ chmod 644 /usr/include/nss/*</userinput></screen>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>nss-config</seg>
<seg>libcrmf.a, libfreebl3.so, libnss3.so, libnssckbi.so,
libnssdbm3.so, libnssutil3.so, libsmime3.so, libsoftokn3.so
and libssl3.so</seg>
<seg>certutil, nss-config and pk12util</seg>
<seg>
libcrmf.a, libfreebl3.so, libnss3.so, libnssckbi.so, libnssdbm3.so,
libnssutil3.so, libsmime3.so, libsoftokn3.so and libssl3.so
</seg>
<seg>/usr/include/nss</seg>
</seglistitem>
</segmentedlist>
@ -225,18 +238,50 @@ chmod 644 /usr/include/nss/*</userinput></screen>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="certutil">
<term><command>certutil</command></term>
<listitem>
<para>
is the Mozilla Certificate Database Tool. It is a command-line
utility that can create and modify the Netscape Communicator
cert8.db and key3.db database files. It can also list, generate,
modify, or delete certificates within the cert8.db file and create
or change the password, generate new public and private key pairs,
display the contents of the key database, or delete key pairs within
the key3.db file.
</para>
<indexterm zone="nss certutil">
<primary sortas="b-certutil">certutil</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nss-config">
<term><command>nss-config</command></term>
<listitem>
<para>is used to determine the NSS library settings
of the installed NSS libraries.</para>
<para>
is used to determine the NSS library settings of the installed NSS
libraries.
</para>
<indexterm zone="nss nss-config">
<primary sortas="b-nss-config">nss-config</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pk12util">
<term><command>pk12util</command></term>
<listitem>
<para>
is a tool for importing certificates and keys from pkcs #12 files
into NSS or exporting them. It can also list certificates and keys
in such files.
</para>
<indexterm zone="nss pk12util">
<primary sortas="b-pk12util">pk12util</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>