[Buildroot] [PATCH] libnss: Add new package.

Michael S. Zick minimod at morethan.org
Mon Mar 14 16:54:42 UTC 2011


On Mon March 14 2011, Will Newton wrote:
> NSS is the Network Security Services library developed as part of
> the Mozilla project. It provides similar functions to OpenSSL but
> allows MPL, GPL and LGPL licensing and has been FIPS certified.
>

Note:
The version mentioned in this patch __is not__ one of the certified
versions.
Ref:
http://www.mozilla.org/projects/security/pki/nss/fips/

Nor does the validated version build for all of the Buildroot targets.
Ref:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#815
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf

So I think it is unwise to include that "and has been FIPS certified"
in the new package description.

Mike 
> Signed-off-by: Will Newton <will.newton at imgtec.com>
> ---
>  package/Config.in                  |    1 +
>  package/libnss/Config.in           |   13 +++++++
>  package/libnss/libnss-cross.patch  |   19 +++++++++++
>  package/libnss/libnss-uclibc.patch |   11 ++++++
>  package/libnss/libnss.mk           |   62 ++++++++++++++++++++++++++++++++++++
>  5 files changed, 106 insertions(+), 0 deletions(-)
>  create mode 100644 package/libnss/Config.in
>  create mode 100644 package/libnss/libnss-cross.patch
>  create mode 100644 package/libnss/libnss-uclibc.patch
>  create mode 100644 package/libnss/libnss.mk
> 
> diff --git a/package/Config.in b/package/Config.in
> index 19c38fa..6bb3a42 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -245,6 +245,7 @@ menu "Crypto"
>  source "package/beecrypt/Config.in"
>  source "package/libgcrypt/Config.in"
>  source "package/libgpg-error/Config.in"
> +source "package/libnss/Config.in"
>  source "package/openssl/Config.in"
>  endmenu
> 
> diff --git a/package/libnss/Config.in b/package/libnss/Config.in
> new file mode 100644
> index 0000000..e58aa50
> --- /dev/null
> +++ b/package/libnss/Config.in
> @@ -0,0 +1,13 @@
> +config BR2_PACKAGE_LIBNSS
> +	bool "libnss"
> +	depends on BR2_PACKAGE_LIBNSPR
> +	depends on BR2_PACKAGE_SQLITE
> +	depends on BR2_PACKAGE_ZLIB
> +	help
> +	  Network Security Services (NSS) is a set of libraries designed
> +	  to support development of security-enabled client and server
> +	  applications. Applications built with NSS can support SSL v2
> +	  and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME,
> +	  and X.509 v3 certificates.
> +
> +	  http://www.mozilla.org/projects/security/pki/nss/
> diff --git a/package/libnss/libnss-cross.patch
> b/package/libnss/libnss-cross.patch
> new file mode 100644
> index 0000000..7670511
> --- /dev/null
> +++ b/package/libnss/libnss-cross.patch
> @@ -0,0 +1,19 @@
> +--- libnss-3.12.9.old/mozilla/security/coreconf/Linux.mk	2011-03-01
> 10:31:21.517847183 +0000
> ++++ libnss-3.12.9/mozilla/security/coreconf/Linux.mk	2011-03-01
> 10:33:42.688648237 +0000
> +@@ -46,9 +46,13 @@
> + 	IMPL_STRATEGY = _PTH
> + endif
> +
> +-CC			= gcc
> +-CCC			= g++
> +-RANLIB			= ranlib
> ++TARGETCC		= gcc
> ++TARGETCCC		= g++
> ++TARGETRANLIB		= ranlib
> ++
> ++CC			= $(TARGETCC)
> ++CCC			= $(TARGETCCC)
> ++RANLIB			= $(TARGETRANLIB)
> +
> + DEFAULT_COMPILER = gcc
> +
> diff --git a/package/libnss/libnss-uclibc.patch
> b/package/libnss/libnss-uclibc.patch
> new file mode 100644
> index 0000000..e437067
> --- /dev/null
> +++ b/package/libnss/libnss-uclibc.patch
> @@ -0,0 +1,11 @@
> +--- libnss-3.12.9.old/mozilla/security/nss/lib/freebl/stubs.c	2011-03-01
> 10:41:35.226450100 +0000
> ++++ libnss-3.12.9/mozilla/security/nss/lib/freebl/stubs.c	2011-03-01
> 10:42:14.628507934 +0000
> +@@ -539,7 +539,7 @@
> +  * fetch the library if it's loaded. For NSS it should already be loaded
> +  */
> + #define freebl_getLibrary(libName)  \
> +-    dlopen (libName, RTLD_LAZY|RTLD_NOLOAD)
> ++    dlopen (libName, RTLD_LAZY)
> +
> + #define freebl_releaseLibrary(lib) \
> +     if (lib) dlclose(lib)
> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
> new file mode 100644
> index 0000000..b530cc3
> --- /dev/null
> +++ b/package/libnss/libnss.mk
> @@ -0,0 +1,62 @@
> +#############################################################
> +#
> +# libnss
> +#
> +#############################################################
> +LIBNSS_VERSION = 3.12.9
> +LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
> +LIBNSS_SITE_VERSION = $(subst .,_,$(LIBNSS_VERSION))
> +LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(LIBNSS_SITE_VERSION)_RTM/src/
> +LIBNSS_SUBDIR = mozilla/security
> +LIBNSS_DISTDIR = mozilla/dist
> +LIBNSS_INSTALL_STAGING = YES
> +LIBNSS_DEPENDENCIES = libnspr sqlite zlib
> +
> +LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \
> +		NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
> +		NSPR_LIB_DIR=$(STAGING_DIR)/usr/lib \
> +		BUILD_OPT=1 \
> +		NS_USE_GCC=1 \
> +		OPTIMIZER="$(TARGET_CFLAGS)" \
> +		NSS_USE_SYSTEM_SQLITE=1 \
> +		NSS_ENABLE_ECC=1 \
> +		NATIVE_CC="$(HOSTCC)" \
> +		TARGETCC="$(TARGET_CC)" \
> +		TARGETCCC="$(TARGET_CXX)" \
> +		TARGETRANLIB="$(TARGET_RANLIB)" \
> +		OS_ARCH="Linux" \
> +		OS_RELEASE="2.6" \
> +		OS_TEST="$(ARCH)"
> +
> +
> +define LIBNSS_BUILD_CMDS
> +	$(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_coreconf build_dbm all \
> +			SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
> +			DIST=$(@D)/$(LIBNSS_DISTDIR) \
> +			CHECKLOC= \
> +			$(LIBNSS_BUILD_VARS)
> +endef
> +
> +define LIBNSS_INSTALL_STAGING_CMDS
> +	$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
> +		$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
> +	$(INSTALL) -m 755 -d $(STAGING_DIR)/usr/include/nss
> +	$(INSTALL) -m 644 -t $(STAGING_DIR)/usr/include/nss \
> +		$(@D)/$(LIBNSS_DISTDIR)/public/nss/*
> +	$(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
> +		$(@D)/$(LIBNSS_DISTDIR)/lib/*.a
> +endef
> +
> +define LIBNSS_INSTALL_TARGET_CMDS
> +	$(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
> +		$(@D)/$(LIBNSS_DISTDIR)/lib/*.so
> +endef
> +
> +define LIBNSS_CLEAN_CMDS
> +	-$(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR) clobber \
> +					clobber_dbm \
> +					clobber_coreconf \
> +					BUILD_OPT=1
> +endef
> +
> +$(eval $(call GENTARGETS,package,libnss))





More information about the buildroot mailing list