Browse Source

nss: add nss-tools

Network Security Services (NSS) is a set of libraries designed
to support cross-platform development of security-enabled client
and server applications. Applications built with NSS can support
SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME,
X.509 v3 certificates, and other security standards.

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
lilik-openwrt-22.03
Lucian Cristian 6 years ago
parent
commit
b75c860fac
7 changed files with 494 additions and 0 deletions
  1. +138
    -0
      libs/nss/Makefile
  2. BIN
      libs/nss/files/blank-cert9.db
  3. BIN
      libs/nss/files/blank-key4.db
  4. +5
    -0
      libs/nss/files/system-pkcs11.txt
  5. +247
    -0
      libs/nss/patches/001-nss_standalone.patch
  6. +18
    -0
      libs/nss/patches/002-os_test.patch
  7. +86
    -0
      libs/nss/patches/003-openwrt_fix.patch

+ 138
- 0
libs/nss/Makefile View File

@ -0,0 +1,138 @@
#
# Copyright (C) 2019 Lucian Cristian
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=nss
PKG_VERSION:=3.43
PKG_RELEASE:=1
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENCE:=MPL-2.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \
https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src
PKG_HASH:=f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca
PKG_BUILD_PARALLEL:=0
include $(INCLUDE_DIR)/package.mk
define Package/libnss
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
TITLE:=Mozilla's SSL and TLS implementation
URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
DEPENDS:=+libpthread +librt +libsqlite3 +nspr
endef
define Package/nss-utils
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Utilities for Mozilla's SSL and TLS implementation
URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
DEPENDS:=+libnss
endef
define Package/libnss/description
Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
endef
CONFIGURE_PATH = ./nss
MAKE_PATH = ./nss
LBITS = $(shell $(TARGET_CC) -dM -E - </dev/null | grep -q "__LP64__" && echo 64 || echo 32)
ifeq ($(LBITS),64)
export USE_64=1
endif
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
export CROSS_COMPILE=1
export BUILD_OPT=1
export NATIVE_CC=$(HOSTCC)
export NATIVE_FLAGS=$(HOST_CFLAGS)
export NSS_ENABLE_WERROR=0
export NSS_DISABLE_GTESTS=1
export NSS_USE_SYSTEM_SQLITE=1
export OS_TARGET=Linux
export OS_ARCH=Linux
export OS_TEST=$(ARCH)
export CPU_ARCH=$(ARCH)
export fpic=$(FPIC)
export NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr
export SEED_ONLY_DEV_URANDOM=1
export OS_REL_CFLAGS=$(TARGET_CFLAGS)
export NS_USE_GCC=1
#size optimisation, seems to not impact speed
export NSS_DISABLE_DBM=1
export NSS_PKIX_NO_LDAP=1
export ALLOW_OPT_CODE_SIZE=1
export OPT_CODE_SIZE=1
#native compile nsinstall
define Build/Prepare
$(call Build/Prepare/Default)
USE_NATIVE=1 OS_REL_CFLAGS="$(HOST_CFLAGS)" LDFLAGS="$(HOST_LDFLAGS)" CC="$(HOSTCC)" \
$(MAKE) -C $(PKG_BUILD_DIR)/nss/coreconf/nsinstall
# $(if $(CONFIG_LIBC_USE_GLIBC),, \
# $(SED) '/-DHAVE_SYS_CDEFS_H/d' $(PKG_BUILD_DIR)/nss/lib/dbm/config/config.mk)
endef
define Package/libnss/conffiles
/etc/pki/nssdb
endef
define Build/InstallDev
$(INSTALL_DIR) \
$(1)/usr/include/nss \
$(1)/usr/lib \
$(1)/usr/lib/pkgconfig
$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.h \
-exec $(CP) -a {} $(1)/usr/include/nss/ \;
$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.so \
-exec $(CP) -a {} $(1)/usr/lib/ \;
$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.pc \
-exec $(CP) -a {} $(1)/usr/lib/pkgconfig/ \;
endef
define Package/nss-utils/install
$(INSTALL_DIR) \
$(1)/usr/bin
$(CP) $(PKG_BUILD_DIR)/nss/cmd/certutil/build_dir/certutil $(1)/usr/bin
$(CP) $(PKG_BUILD_DIR)/nss/cmd/pk12util/build_dir/pk12util $(1)/usr/bin
endef
#for now pack only libreswan needed libs
define Package/libnss/install
$(INSTALL_DIR) \
$(1)/usr/lib \
$(1)/etc/pki/nssdb \
$(1)/etc/ipsec.d
$(CP) $(PKG_BUILD_DIR)/nss/lib/nss/build_dir/libnss3.so $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/nss/lib/smime/build_dir/libsmime3.so $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/nss/lib/ssl/build_dir/libssl3.so $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/nss/lib/util/build_dir/libnssutil3.so $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/nss/lib/softoken/build_dir/libsoftokn3.so $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/nss/lib/freebl/build_dir/$(OS_TARGET)_SINGLE_SHLIB/libfreeblpriv3.so $(1)/usr/lib/
# Pprovide databases with a blank certificate
$(CP) ./files/blank-cert9.db $(1)/etc/pki/nssdb/cert9.db
$(CP) ./files/blank-key4.db $(1)/etc/pki/nssdb/key4.db
$(CP) ./files/system-pkcs11.txt $(1)/etc/pki/nssdb/pkcs11.txt
ln -s /etc/pki/nssdb/cert9.db $(1)/etc/ipsec.d/cert9.db
ln -s /etc/pki/nssdb/key4.db $(1)/etc/ipsec.d/key4.db
ln -s /etc/pki/nssdb/pkcs11.txt $(1)/etc/ipsec.d/pkcs11.txt
endef
$(eval $(call BuildPackage,nss-utils))
$(eval $(call BuildPackage,libnss))

BIN
libs/nss/files/blank-cert9.db View File


BIN
libs/nss/files/blank-key4.db View File


+ 5
- 0
libs/nss/files/system-pkcs11.txt View File

@ -0,0 +1,5 @@
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

+ 247
- 0
libs/nss/patches/001-nss_standalone.patch View File

@ -0,0 +1,247 @@
Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
Date: 2016-12-27
Initial Package Version: 3.12.4
Upstream Status: Not applicable
Origin: Self, rediffed for nss-3.28.
Description: Adds auto-generated nss.pc and nss-config script, and
allows building without nspr in the source tree.
For 3.40.1, Requires: updated to nspr >= 4.20.
diff -Naurp nss-3.28-orig/nss/Makefile nss-3.28/nss/Makefile
--- nss-3.28-orig/nss/Makefile 2016-12-21 05:56:27.000000000 -0600
+++ nss-3.28/nss/Makefile 2016-12-26 22:24:52.695146032 -0600
@@ -46,7 +46,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-nss_build_all: build_nspr all latest
+nss_build_all: all latest
nss_clean_all: clobber_nspr clobber
diff -Naurp nss-3.28-orig/nss/config/Makefile nss-3.28/nss/config/Makefile
--- nss-3.28-orig/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600
+++ nss-3.28/nss/config/Makefile 2016-12-26 22:20:40.008205774 -0600
@@ -0,0 +1,40 @@
+CORE_DEPTH = ..
+DEPTH = ..
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
+NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
+PREFIX = /usr
+
+all: export libs
+
+export:
+ # Create the nss.pc file
+ mkdir -p $(DIST)/lib/pkgconfig
+ sed -e "s,@prefix@,$(PREFIX)," \
+ -e "s,@exec_prefix@,\$${prefix}," \
+ -e "s,@libdir@,\$${prefix}/lib," \
+ -e "s,@includedir@,\$${prefix}/include/nss," \
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+ nss.pc.in > nss.pc
+ chmod 0644 nss.pc
+ ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig
+
+ # Create the nss-config script
+ mkdir -p $(DIST)/bin
+ sed -e "s,@prefix@,$(PREFIX)," \
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
+ nss-config.in > nss-config
+ chmod 0755 nss-config
+ ln -sf ../../../nss/config/nss-config $(DIST)/bin
+
+libs:
+
+dummy: all export libs
+
diff -Naurp nss-3.28-orig/nss/config/nss-config.in nss-3.28/nss/config/nss-config.in
--- nss-3.28-orig/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600
+++ nss-3.28/nss/config/nss-config.in 2016-12-26 22:20:40.008205774 -0600
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@NSS_MAJOR_VERSION@
+minor_version=@NSS_MINOR_VERSION@
+patch_version=@NSS_PATCH_VERSION@
+
+usage()
+{
+ cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+ [--prefix[=DIR]]
+ [--exec-prefix[=DIR]]
+ [--includedir[=DIR]]
+ [--libdir[=DIR]]
+ [--version]
+ [--libs]
+ [--cflags]
+Dynamic Libraries:
+ nss
+ nssutil
+ smime
+ ssl
+ softokn
+EOF
+ exit $1
+}
+
+if test $# -eq 0; then
+ usage 1 1>&2
+fi
+
+lib_nss=yes
+lib_nssutil=yes
+lib_smime=yes
+lib_ssl=yes
+lib_softokn=yes
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --includedir=*)
+ includedir=$optarg
+ ;;
+ --includedir)
+ echo_includedir=yes
+ ;;
+ --libdir=*)
+ libdir=$optarg
+ ;;
+ --libdir)
+ echo_libdir=yes
+ ;;
+ --version)
+ echo ${major_version}.${minor_version}.${patch_version}
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ nss)
+ lib_nss=yes
+ ;;
+ nssutil)
+ lib_nssutil=yes
+ ;;
+ smime)
+ lib_smime=yes
+ ;;
+ ssl)
+ lib_ssl=yes
+ ;;
+ softokn)
+ lib_softokn=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+ exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+ includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+ libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+ echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+ echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs="-L$libdir"
+ if test -n "$lib_nss"; then
+ libdirs="$libdirs -lnss${major_version}"
+ fi
+ if test -n "$lib_nssutil"; then
+ libdirs="$libdirs -lnssutil${major_version}"
+ fi
+ if test -n "$lib_smime"; then
+ libdirs="$libdirs -lsmime${major_version}"
+ fi
+ if test -n "$lib_ssl"; then
+ libdirs="$libdirs -lssl${major_version}"
+ fi
+ if test -n "$lib_softokn"; then
+ libdirs="$libdirs -lsoftokn${major_version}"
+ fi
+ echo $libdirs
+fi
+
diff -Naurp nss-3.28-orig/nss/config/nss.pc.in nss-3.28/nss/config/nss.pc.in
--- nss-3.28-orig/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600
+++ nss-3.28/nss/config/nss.pc.in 2016-12-26 22:22:53.300694346 -0600
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: NSS
+Description: Network Security Services
+Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
+Requires: nspr >= 4.20
+Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
+Cflags: -I${includedir}
+
diff -Naurp nss-3.28-orig/nss/manifest.mn nss-3.28/nss/manifest.mn
--- nss-3.28-orig/nss/manifest.mn 2016-12-21 05:56:27.000000000 -0600
+++ nss-3.28/nss/manifest.mn 2016-12-26 22:24:12.278991843 -0600
@@ -10,4 +10,4 @@ IMPORTS = nspr20/v4.8 \
RELEASE = nss
-DIRS = coreconf lib cmd cpputil gtests
+DIRS = coreconf lib cmd cpputil gtests config

+ 18
- 0
libs/nss/patches/002-os_test.patch View File

@ -0,0 +1,18 @@
--- a/nss/coreconf/arch.mk 2019-04-01 22:20:32.470080052 +0300
+++ b/nss/coreconf/arch.mk 2019-04-01 22:21:01.730987548 +0300
@@ -20,13 +20,13 @@
# Macros for getting the OS architecture
#
-OS_ARCH := $(subst /,_,$(shell uname -s))
+OS_ARCH ?= $(subst /,_,$(shell uname -s))
#
# Attempt to differentiate between sparc and x86 Solaris
#
-OS_TEST := $(shell uname -m)
+OS_TEST ?= $(shell uname -m)
ifeq ($(OS_TEST),i86pc)
OS_RELEASE := $(shell uname -r)_$(OS_TEST)
else

+ 86
- 0
libs/nss/patches/003-openwrt_fix.patch View File

@ -0,0 +1,86 @@
--- a/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:14.797053528 +0300
+++ b/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:26.156310432 +0300
@@ -30,7 +30,7 @@
#define MAXNAMLEN FILENAME_MAX
#else
-#include <param.h>
+#include <sys/param.h>
#endif
#endif
--- a/nss/coreconf/rules.mk 2019-03-31 22:39:06.741609534 +0300
+++ b/nss/coreconf/rules.mk 2019-03-31 22:36:13.260356949 +0300
@@ -261,7 +261,7 @@
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
$(AR) $(subst /,\\,$(OBJS))
else
- $(AR) $(OBJS)
+ $(AR) rcs $@ $(OBJS)
endif
$(RANLIB) $@
--- a/nss/coreconf/arch.mk 2019-03-31 23:38:34.374931416 +0300
+++ b/nss/coreconf/arch.mk 2019-03-31 23:38:44.667236102 +0300
@@ -305,7 +305,7 @@
OBJDIR_NAME_COMPILER = $(COMPILER_TAG)
endif
OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG)
-OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ
+OBJDIR_NAME = build_dir
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
--- a/nss/coreconf/Linux.mk 2019-04-01 10:08:59.129269177 +0300
+++ b/nss/coreconf/Linux.mk 2019-04-01 10:09:15.557782574 +0300
@@ -139,6 +139,7 @@
DEFINES += -D_REENTRANT
endif
+ifndef USE_NATIVE
DSO_CFLAGS = -fPIC
DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections
# The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
@@ -149,6 +150,7 @@
ZDEFS_FLAG = -Wl,-z,defs
DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
LDFLAGS += $(ARCHFLAG) -z noexecstack
+endif
# On Maemo, we need to use the -rpath-link flag for even the standard system
# library directories.
--- a/nss/coreconf/Linux.mk 2019-04-01 23:10:19.091912203 +0300
+++ b/nss/coreconf/Linux.mk 2019-04-06 14:07:13.499169075 +0300
@@ -140,7 +140,7 @@
endif
ifndef USE_NATIVE
-DSO_CFLAGS = -fPIC
+DSO_CFLAGS = $(fpic)
DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections
# The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
# incorrectly reports undefined references in the libraries we link with, so
--- a/nss/coreconf/Linux.mk 2019-04-06 20:25:36.431663894 +0300
+++ b/nss/coreconf/Linux.mk 2019-04-06 20:26:23.397129525 +0300
@@ -107,11 +107,6 @@
endif
ifdef BUILD_OPT
-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
- OPTIMIZER = -Os
-else
- OPTIMIZER = -O2
-endif
ifdef MOZ_DEBUG_SYMBOLS
ifdef MOZ_DEBUG_FLAGS
OPTIMIZER += $(MOZ_DEBUG_FLAGS)
--- a/nss/coreconf/UNIX.mk 2019-04-06 20:34:24.284157646 +0300
+++ b/nss/coreconf/UNIX.mk 2019-04-06 20:34:34.760485327 +0300
@@ -10,7 +10,6 @@
LDOPTS += -L$(SOURCE_LIB_DIR)
ifdef BUILD_OPT
- OPTIMIZER += -O
DEFINES += -UDEBUG -DNDEBUG
else
OPTIMIZER += -g

Loading…
Cancel
Save