nss: add nss-tools

Network Security Services (NSS) is a set of libraries designed
to support cross-platform development of security-enabled client
and server applications. Applications built with NSS can support
SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME,
X.509 v3 certificates, and other security standards.

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>

libs/nss/Makefile

@@ -0,0 +1,138 @@
+#
+# Copyright (C) 2019 Lucian Cristian
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nss
+PKG_VERSION:=3.43
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
+PKG_LICENCE:=MPL-2.0
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= \
+    https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \
+    https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src
+PKG_HASH:=f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca
+
+PKG_BUILD_PARALLEL:=0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libnss
+  SECTION:=libs
+  SUBMENU:=SSL
+  CATEGORY:=Libraries
+  TITLE:=Mozilla's SSL and TLS implementation
+  URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+  DEPENDS:=+libpthread +librt +libsqlite3 +nspr
+endef
+
+define Package/nss-utils
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Utilities for Mozilla's SSL and TLS implementation
+  URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+  DEPENDS:=+libnss
+endef
+
+define Package/libnss/description
+  Network Security Services (NSS) is a set of libraries designed to support 
+  cross-platform development of security-enabled client and server applications.
+  Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
+  PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
+endef
+
+CONFIGURE_PATH = ./nss
+MAKE_PATH = ./nss
+
+LBITS = $(shell $(TARGET_CC) -dM -E - </dev/null | grep -q "__LP64__" && echo 64 || echo 32)
+
+ifeq ($(LBITS),64)
+    export USE_64=1
+endif
+
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
+export CROSS_COMPILE=1
+export BUILD_OPT=1
+export NATIVE_CC=$(HOSTCC)
+export NATIVE_FLAGS=$(HOST_CFLAGS)
+export NSS_ENABLE_WERROR=0
+export NSS_DISABLE_GTESTS=1
+export NSS_USE_SYSTEM_SQLITE=1
+export OS_TARGET=Linux
+export OS_ARCH=Linux
+export OS_TEST=$(ARCH)
+export CPU_ARCH=$(ARCH)
+export fpic=$(FPIC)
+export NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr
+export SEED_ONLY_DEV_URANDOM=1
+export OS_REL_CFLAGS=$(TARGET_CFLAGS)
+export NS_USE_GCC=1
+#size optimisation, seems to not impact speed
+export NSS_DISABLE_DBM=1
+export NSS_PKIX_NO_LDAP=1
+export ALLOW_OPT_CODE_SIZE=1
+export OPT_CODE_SIZE=1
+
+#native compile nsinstall
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	USE_NATIVE=1 OS_REL_CFLAGS="$(HOST_CFLAGS)" LDFLAGS="$(HOST_LDFLAGS)" CC="$(HOSTCC)" \
+	    $(MAKE) -C $(PKG_BUILD_DIR)/nss/coreconf/nsinstall
+#	$(if $(CONFIG_LIBC_USE_GLIBC),, \
+#		$(SED) '/-DHAVE_SYS_CDEFS_H/d' $(PKG_BUILD_DIR)/nss/lib/dbm/config/config.mk)
+endef
+
+define Package/libnss/conffiles
+/etc/pki/nssdb
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) \
+	 $(1)/usr/include/nss \
+	 $(1)/usr/lib \
+	 $(1)/usr/lib/pkgconfig
+	$(FIND) $(PKG_BUILD_DIR)/nss  -type f -name *.h \
+	    -exec $(CP) -a {} $(1)/usr/include/nss/ \;
+	$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.so \
+	    -exec $(CP) -a {} $(1)/usr/lib/ \;
+	$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.pc \
+	    -exec $(CP) -a {} $(1)/usr/lib/pkgconfig/ \;
+endef
+
+define Package/nss-utils/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/bin
+	$(CP) $(PKG_BUILD_DIR)/nss/cmd/certutil/build_dir/certutil $(1)/usr/bin
+	$(CP) $(PKG_BUILD_DIR)/nss/cmd/pk12util/build_dir/pk12util $(1)/usr/bin
+endef
+
+#for now pack only libreswan needed libs
+define Package/libnss/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/lib \
+	 $(1)/etc/pki/nssdb \
+	 $(1)/etc/ipsec.d
+
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/nss/build_dir/libnss3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/smime/build_dir/libsmime3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/ssl/build_dir/libssl3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/util/build_dir/libnssutil3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/softoken/build_dir/libsoftokn3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/freebl/build_dir/$(OS_TARGET)_SINGLE_SHLIB/libfreeblpriv3.so $(1)/usr/lib/
+#	Pprovide databases with a blank certificate
+	$(CP)	./files/blank-cert9.db $(1)/etc/pki/nssdb/cert9.db
+	$(CP)	./files/blank-key4.db $(1)/etc/pki/nssdb/key4.db
+	$(CP)	./files/system-pkcs11.txt $(1)/etc/pki/nssdb/pkcs11.txt
+	ln -s /etc/pki/nssdb/cert9.db $(1)/etc/ipsec.d/cert9.db
+	ln -s /etc/pki/nssdb/key4.db $(1)/etc/ipsec.d/key4.db
+	ln -s /etc/pki/nssdb/pkcs11.txt $(1)/etc/ipsec.d/pkcs11.txt
+endef
+
+$(eval $(call BuildPackage,nss-utils))
+$(eval $(call BuildPackage,libnss))

libs/nss/files/system-pkcs11.txt

@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+

libs/nss/patches/001-nss_standalone.patch

@@ -0,0 +1,247 @@
+Submitted By:            DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
+Date:                    2016-12-27
+Initial Package Version: 3.12.4
+Upstream Status:         Not applicable
+Origin:                  Self, rediffed for nss-3.28.
+Description:             Adds auto-generated nss.pc and nss-config script, and
+                         allows building without nspr in the source tree.
+                         For 3.40.1, Requires: updated to nspr >= 4.20.
+
+diff -Naurp nss-3.28-orig/nss/Makefile nss-3.28/nss/Makefile
+--- nss-3.28-orig/nss/Makefile	2016-12-21 05:56:27.000000000 -0600
++++ nss-3.28/nss/Makefile	2016-12-26 22:24:52.695146032 -0600
+@@ -46,7 +46,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+ 
+-nss_build_all: build_nspr all latest
++nss_build_all: all latest
+ 
+ nss_clean_all: clobber_nspr clobber
+ 
+diff -Naurp nss-3.28-orig/nss/config/Makefile nss-3.28/nss/config/Makefile
+--- nss-3.28-orig/nss/config/Makefile	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.28/nss/config/Makefile	2016-12-26 22:20:40.008205774 -0600
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH      = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
++PREFIX = /usr
++
++all: export libs
++
++export:
++	# Create the nss.pc file
++	mkdir -p $(DIST)/lib/pkgconfig
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@exec_prefix@,\$${prefix}," \
++	    -e "s,@libdir@,\$${prefix}/lib," \
++	    -e "s,@includedir@,\$${prefix}/include/nss," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss.pc.in > nss.pc
++	chmod 0644 nss.pc
++	ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig
++
++	# Create the nss-config script
++	mkdir -p $(DIST)/bin
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss-config.in > nss-config
++	chmod 0755 nss-config
++	ln -sf ../../../nss/config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+diff -Naurp nss-3.28-orig/nss/config/nss-config.in nss-3.28/nss/config/nss-config.in
+--- nss-3.28-orig/nss/config/nss-config.in	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.28/nss/config/nss-config.in	2016-12-26 22:20:40.008205774 -0600
+@@ -0,0 +1,153 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++	cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++	[--prefix[=DIR]]
++	[--exec-prefix[=DIR]]
++	[--includedir[=DIR]]
++	[--libdir[=DIR]]
++	[--version]
++	[--libs]
++	[--cflags]
++Dynamic Libraries:
++	nss
++	nssutil
++	smime
++	ssl
++	softokn
++EOF
++	exit $1
++}
++
++if test $# -eq 0; then
++	usage 1 1>&2
++fi
++
++lib_nss=yes
++lib_nssutil=yes
++lib_smime=yes
++lib_ssl=yes
++lib_softokn=yes
++
++while test $# -gt 0; do
++  case "$1" in
++  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++  *) optarg= ;;
++  esac
++
++  case $1 in
++    --prefix=*)
++      prefix=$optarg
++      ;;
++    --prefix)
++      echo_prefix=yes
++      ;;
++    --exec-prefix=*)
++      exec_prefix=$optarg
++      ;;
++    --exec-prefix)
++      echo_exec_prefix=yes
++      ;;
++    --includedir=*)
++      includedir=$optarg
++      ;;
++    --includedir)
++      echo_includedir=yes
++      ;;
++    --libdir=*)
++      libdir=$optarg
++      ;;
++    --libdir)
++      echo_libdir=yes
++      ;;
++    --version)
++      echo ${major_version}.${minor_version}.${patch_version}
++      ;;
++    --cflags)
++      echo_cflags=yes
++      ;;
++    --libs)
++      echo_libs=yes
++      ;;
++    nss)
++      lib_nss=yes
++      ;;
++    nssutil)
++      lib_nssutil=yes
++      ;;
++    smime)
++      lib_smime=yes
++      ;;
++    ssl)
++      lib_ssl=yes
++      ;;
++    softokn)
++      lib_softokn=yes
++      ;;
++    *)
++      usage 1 1>&2
++      ;;
++  esac
++  shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "$exec_prefix"; then
++    exec_prefix=`pkg-config --variable=exec_prefix nss`
++fi
++if test -z "$includedir"; then
++    includedir=`pkg-config --variable=includedir nss`
++fi
++if test -z "$libdir"; then
++    libdir=`pkg-config --variable=libdir nss`
++fi
++
++if test "$echo_prefix" = "yes"; then
++    echo $prefix
++fi
++
++if test "$echo_exec_prefix" = "yes"; then
++    echo $exec_prefix
++fi
++
++if test "$echo_includedir" = "yes"; then
++    echo $includedir
++fi
++
++if test "$echo_libdir" = "yes"; then
++    echo $libdir
++fi
++
++if test "$echo_cflags" = "yes"; then
++    echo -I$includedir
++fi
++
++if test "$echo_libs" = "yes"; then
++      libdirs="-L$libdir"
++      if test -n "$lib_nss"; then
++	libdirs="$libdirs -lnss${major_version}"
++      fi
++      if test -n "$lib_nssutil"; then
++        libdirs="$libdirs -lnssutil${major_version}"
++      fi
++      if test -n "$lib_smime"; then
++	libdirs="$libdirs -lsmime${major_version}"
++      fi
++      if test -n "$lib_ssl"; then
++	libdirs="$libdirs -lssl${major_version}"
++      fi
++      if test -n "$lib_softokn"; then
++        libdirs="$libdirs -lsoftokn${major_version}"
++      fi
++      echo $libdirs
++fi      
++
+diff -Naurp nss-3.28-orig/nss/config/nss.pc.in nss-3.28/nss/config/nss.pc.in
+--- nss-3.28-orig/nss/config/nss.pc.in	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.28/nss/config/nss.pc.in	2016-12-26 22:22:53.300694346 -0600
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.20
++Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
++Cflags: -I${includedir}
++
+diff -Naurp nss-3.28-orig/nss/manifest.mn nss-3.28/nss/manifest.mn
+--- nss-3.28-orig/nss/manifest.mn	2016-12-21 05:56:27.000000000 -0600
++++ nss-3.28/nss/manifest.mn	2016-12-26 22:24:12.278991843 -0600
+@@ -10,4 +10,4 @@ IMPORTS =	nspr20/v4.8 \
+ 
+ RELEASE = nss
+ 
+-DIRS = coreconf lib cmd cpputil gtests
++DIRS = coreconf lib cmd cpputil gtests config

libs/nss/patches/002-os_test.patch

@@ -0,0 +1,18 @@
+--- a/nss/coreconf/arch.mk	2019-04-01 22:20:32.470080052 +0300
++++ b/nss/coreconf/arch.mk	2019-04-01 22:21:01.730987548 +0300
+@@ -20,13 +20,13 @@
+ # Macros for getting the OS architecture
+ #
+ 
+-OS_ARCH := $(subst /,_,$(shell uname -s))
++OS_ARCH ?= $(subst /,_,$(shell uname -s))
+ 
+ #
+ # Attempt to differentiate between sparc and x86 Solaris
+ #
+ 
+-OS_TEST := $(shell uname -m)
++OS_TEST ?= $(shell uname -m)
+ ifeq ($(OS_TEST),i86pc)
+     OS_RELEASE := $(shell uname -r)_$(OS_TEST)
+ else

libs/nss/patches/003-openwrt_fix.patch

@@ -0,0 +1,86 @@
+--- a/nss/lib/dbm/src/dirent.h	2017-10-19 17:15:14.797053528 +0300
++++ b/nss/lib/dbm/src/dirent.h	2017-10-19 17:15:26.156310432 +0300
+@@ -30,7 +30,7 @@
+ #define MAXNAMLEN FILENAME_MAX
+ 
+ #else
+-#include <param.h>
++#include <sys/param.h>
+ #endif
+ #endif
+ 
+--- a/nss/coreconf/rules.mk	2019-03-31 22:39:06.741609534 +0300
++++ b/nss/coreconf/rules.mk	2019-03-31 22:36:13.260356949 +0300
+@@ -261,7 +261,7 @@
+ ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+ 	$(AR) $(subst /,\\,$(OBJS))
+ else
+-	$(AR) $(OBJS)
++	$(AR) rcs $@ $(OBJS)
+ endif
+ 	$(RANLIB) $@
+ 
+--- a/nss/coreconf/arch.mk	2019-03-31 23:38:34.374931416 +0300
++++ b/nss/coreconf/arch.mk	2019-03-31 23:38:44.667236102 +0300
+@@ -305,7 +305,7 @@
+     OBJDIR_NAME_COMPILER = $(COMPILER_TAG)
+ endif
+ OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG)
+-OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ
++OBJDIR_NAME = build_dir
+ 
+ 
+ ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+--- a/nss/coreconf/Linux.mk	2019-04-01 10:08:59.129269177 +0300
++++ b/nss/coreconf/Linux.mk	2019-04-01 10:09:15.557782574 +0300
+@@ -139,6 +139,7 @@
+ 	DEFINES		+= -D_REENTRANT
+ endif
+ 
++ifndef USE_NATIVE
+ DSO_CFLAGS		= -fPIC
+ DSO_LDOPTS		= -shared $(ARCHFLAG) -Wl,--gc-sections
+ # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
+@@ -149,6 +150,7 @@
+ ZDEFS_FLAG		= -Wl,-z,defs
+ DSO_LDOPTS		+= $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
+ LDFLAGS			+= $(ARCHFLAG) -z noexecstack
++endif
+ 
+ # On Maemo, we need to use the -rpath-link flag for even the standard system
+ # library directories.
+--- a/nss/coreconf/Linux.mk	2019-04-01 23:10:19.091912203 +0300
++++ b/nss/coreconf/Linux.mk	2019-04-06 14:07:13.499169075 +0300
+@@ -140,7 +140,7 @@
+ endif
+ 
+ ifndef USE_NATIVE
+-DSO_CFLAGS		= -fPIC
++DSO_CFLAGS		= $(fpic)
+ DSO_LDOPTS		= -shared $(ARCHFLAG) -Wl,--gc-sections
+ # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
+ # incorrectly reports undefined references in the libraries we link with, so
+--- a/nss/coreconf/Linux.mk	2019-04-06 20:25:36.431663894 +0300
++++ b/nss/coreconf/Linux.mk	2019-04-06 20:26:23.397129525 +0300
+@@ -107,11 +107,6 @@
+ endif
+ 
+ ifdef BUILD_OPT
+-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+-	OPTIMIZER = -Os
+-else
+-	OPTIMIZER = -O2
+-endif
+ ifdef MOZ_DEBUG_SYMBOLS
+ 	ifdef MOZ_DEBUG_FLAGS
+ 		OPTIMIZER += $(MOZ_DEBUG_FLAGS)
+--- a/nss/coreconf/UNIX.mk	2019-04-06 20:34:24.284157646 +0300
++++ b/nss/coreconf/UNIX.mk	2019-04-06 20:34:34.760485327 +0300
+@@ -10,7 +10,6 @@
+ LDOPTS     += -L$(SOURCE_LIB_DIR)
+ 
+ ifdef BUILD_OPT
+-	OPTIMIZER  += -O
+ 	DEFINES    += -UDEBUG -DNDEBUG
+ else
+ 	OPTIMIZER  += -g