%general-entities; ]> NSS The Network Security Services (NSS) package is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This is useful for implementing SSL and S/MIME or other Internet security standards into an application. &lfs121_checked; Download (HTTP): Download (FTP): Additional Downloads Required patch: NSS Dependencies Required Install NSS by running the following commands: patch -Np1 -i ../nss-&nss-version;-standalone-1.patch && cd nss && make BUILD_OPT=1 \ NSPR_INCLUDE_DIR=/usr/include/nspr \ USE_SYSTEM_ZLIB=1 \ ZLIB_LIBS=-lz \ NSS_ENABLE_WERROR=0 \ $([ $(uname -m) = x86_64 ] && echo USE_64=1) \ $([ -f /usr/include/sqlite3.h ] && echo NSS_USE_SYSTEM_SQLITE=1) To run the tests, execute the following commands: cd tests && HOST=localhost DOMSUF=localdomain ./all.sh cd ../ Some information about the tests: HOST=localhost and DOMSUF=localdomain are required. Without these variables, a FQDN is required to be specified and this generic way should work for everyone, provided localhost.localdomain is defined in /etc/hosts, as done in the LFS book. by the myhostname Name Service Switch module, as specified in the LFS book. The tests take a long time to run. If desired there is information in the all.sh script about running subsets of the total test suite. When interrupting the tests, the test suite fails to spin down test servers that are run. This leads to an infinite loop in the tests where the test suite tries to kill a server that doesn't exist anymore because it pulls the wrong PID. Test suite results (in HTML format!) can be found at ../../test_results/security/localhost.1/results.html A few tests might fail on some Intel machines for unknown reasons. Now, as the root user: cd ../dist && install -v -m755 Linux*/lib/*.so /usr/lib && install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib && install -v -m755 -d /usr/include/nss && cp -v -RL {public,private}/nss/* /usr/include/nss && install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin && install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib/pkgconfig BUILD_OPT=1: This option is passed to make so that the build is performed with no debugging symbols built into the binaries and the default compiler optimizations are used. NSPR_INCLUDE_DIR=/usr/include/nspr: This option sets the location of the nspr headers. USE_SYSTEM_ZLIB=1: This option is passed to make to ensure that the libssl3.so library is linked to the system installed zlib instead of the in-tree version. ZLIB_LIBS=-lz: This option provides the linker flags needed to link to the system zlib. $([ $(uname -m) = x86_64 ] && echo USE_64=1): The USE_64=1 option is required on x86_64, otherwise make will try (and fail) to create 32-bit objects. The [ $(uname -m) = x86_64 ] test ensures it has no effect on a 32 bit system. ([ -f /usr/include/sqlite3.h ] && echo NSS_USE_SYSTEM_SQLITE=1): This tests if sqlite is installed and if so it echos the option NSS_USE_SYSTEM_SQLITE=1 to make so that libsoftokn3.so will link against the system version of sqlite. NSS_DISABLE_GTESTS=1: If you don't need to run NSS test suite, append this option to make command, to prevent the compilation of tests and save some build time. First clean the directory by running the following commands while in the nss directory: make clean && rm -rf ../dist The command make clean as of now can fail but the directory in most cases can still be used for 32-bit compilation after a 64-bit compilation. If running the following commands do not work, remove the directory containing nss, unpack the tarball, change directory into the resulting directory, and apply the patch by following the command: patch -Np1 -i ../nss-3.99-standalone-1.patch Then finally change directory into nss and proceed with the following commands. Install lib32-NSS by running the following commands: CC="gcc -m32" CXX="g++ -m32" \ make BUILD_OPT=1 \ NSPR_INCLUDE_DIR=/usr/include/nspr \ USE_SYSTEM_ZLIB=1 \ ZLIB_LIBS=-lz \ NSS_ENABLE_WERROR=0 \ $([ -f /usr/lib32/libsqlite3.so ] && echo NSS_USE_SYSTEM_SQLITE=1) Now, as the root user: cd ../dist && install -v -m755 Linux*/lib/*.so /usr/lib32 && install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib32 && sed -i 's/lib/lib32/g' Linux*/lib/pkgconfig/nss.pc && install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib32/pkgconfig Installed Programs Installed Libraries Installed Directories certutil, nss-config, and pk12util libcrmf.a, libfreebl3.so, libfreeblpriv3.so, libnss3.so, libnssckbi.so, libnssckbi-testlib.so, libnssdbm3.so, libnsssysinit.so, libnssutil3.so, libpkcs11testmodule.so, libsmime3.so, libsoftokn3.so, and libssl3.so /usr/include/nss Short Descriptions certutil is the Mozilla Certificate Database Tool. It is a command-line utility that can create and modify the Netscape Communicator cert8.db and key3.db database files. It can also list, generate, modify, or delete certificates within the cert8.db file and create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key3.db file certutil nss-config is used to determine the NSS library settings of the installed NSS libraries nss-config pk12util is a tool for importing certificates and keys from pkcs #12 files into NSS or exporting them. It can also list certificates and keys in such files pk12util