From: Michael S. Zick <minimod@morethan.org>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] libnss: Add new package.
Date: Mon, 14 Mar 2011 11:54:42 -0500 [thread overview]
Message-ID: <201103141154.45996.minimod@morethan.org> (raw)
In-Reply-To: <AANLkTikz08GZdkFc9kEVmk6mdxpnb_hovz1JpTXQ8zpa@mail.gmail.com>
On Mon March 14 2011, Will Newton wrote:
> NSS is the Network Security Services library developed as part of
> the Mozilla project. It provides similar functions to OpenSSL but
> allows MPL, GPL and LGPL licensing and has been FIPS certified.
>
Note:
The version mentioned in this patch __is not__ one of the certified
versions.
Ref:
http://www.mozilla.org/projects/security/pki/nss/fips/
Nor does the validated version build for all of the Buildroot targets.
Ref:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#815
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf
So I think it is unwise to include that "and has been FIPS certified"
in the new package description.
Mike
> Signed-off-by: Will Newton <will.newton@imgtec.com>
> ---
> package/Config.in | 1 +
> package/libnss/Config.in | 13 +++++++
> package/libnss/libnss-cross.patch | 19 +++++++++++
> package/libnss/libnss-uclibc.patch | 11 ++++++
> package/libnss/libnss.mk | 62 ++++++++++++++++++++++++++++++++++++
> 5 files changed, 106 insertions(+), 0 deletions(-)
> create mode 100644 package/libnss/Config.in
> create mode 100644 package/libnss/libnss-cross.patch
> create mode 100644 package/libnss/libnss-uclibc.patch
> create mode 100644 package/libnss/libnss.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 19c38fa..6bb3a42 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -245,6 +245,7 @@ menu "Crypto"
> source "package/beecrypt/Config.in"
> source "package/libgcrypt/Config.in"
> source "package/libgpg-error/Config.in"
> +source "package/libnss/Config.in"
> source "package/openssl/Config.in"
> endmenu
>
> diff --git a/package/libnss/Config.in b/package/libnss/Config.in
> new file mode 100644
> index 0000000..e58aa50
> --- /dev/null
> +++ b/package/libnss/Config.in
> @@ -0,0 +1,13 @@
> +config BR2_PACKAGE_LIBNSS
> + bool "libnss"
> + depends on BR2_PACKAGE_LIBNSPR
> + depends on BR2_PACKAGE_SQLITE
> + depends on BR2_PACKAGE_ZLIB
> + help
> + Network Security Services (NSS) is a set of libraries designed
> + to support development of security-enabled client and server
> + applications. Applications built with NSS can support SSL v2
> + and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME,
> + and X.509 v3 certificates.
> +
> + http://www.mozilla.org/projects/security/pki/nss/
> diff --git a/package/libnss/libnss-cross.patch
> b/package/libnss/libnss-cross.patch
> new file mode 100644
> index 0000000..7670511
> --- /dev/null
> +++ b/package/libnss/libnss-cross.patch
> @@ -0,0 +1,19 @@
> +--- libnss-3.12.9.old/mozilla/security/coreconf/Linux.mk 2011-03-01
> 10:31:21.517847183 +0000
> ++++ libnss-3.12.9/mozilla/security/coreconf/Linux.mk 2011-03-01
> 10:33:42.688648237 +0000
> +@@ -46,9 +46,13 @@
> + IMPL_STRATEGY = _PTH
> + endif
> +
> +-CC = gcc
> +-CCC = g++
> +-RANLIB = ranlib
> ++TARGETCC = gcc
> ++TARGETCCC = g++
> ++TARGETRANLIB = ranlib
> ++
> ++CC = $(TARGETCC)
> ++CCC = $(TARGETCCC)
> ++RANLIB = $(TARGETRANLIB)
> +
> + DEFAULT_COMPILER = gcc
> +
> diff --git a/package/libnss/libnss-uclibc.patch
> b/package/libnss/libnss-uclibc.patch
> new file mode 100644
> index 0000000..e437067
> --- /dev/null
> +++ b/package/libnss/libnss-uclibc.patch
> @@ -0,0 +1,11 @@
> +--- libnss-3.12.9.old/mozilla/security/nss/lib/freebl/stubs.c 2011-03-01
> 10:41:35.226450100 +0000
> ++++ libnss-3.12.9/mozilla/security/nss/lib/freebl/stubs.c 2011-03-01
> 10:42:14.628507934 +0000
> +@@ -539,7 +539,7 @@
> + * fetch the library if it's loaded. For NSS it should already be loaded
> + */
> + #define freebl_getLibrary(libName) \
> +- dlopen (libName, RTLD_LAZY|RTLD_NOLOAD)
> ++ dlopen (libName, RTLD_LAZY)
> +
> + #define freebl_releaseLibrary(lib) \
> + if (lib) dlclose(lib)
> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
> new file mode 100644
> index 0000000..b530cc3
> --- /dev/null
> +++ b/package/libnss/libnss.mk
> @@ -0,0 +1,62 @@
> +#############################################################
> +#
> +# libnss
> +#
> +#############################################################
> +LIBNSS_VERSION = 3.12.9
> +LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
> +LIBNSS_SITE_VERSION = $(subst .,_,$(LIBNSS_VERSION))
> +LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(LIBNSS_SITE_VERSION)_RTM/src/
> +LIBNSS_SUBDIR = mozilla/security
> +LIBNSS_DISTDIR = mozilla/dist
> +LIBNSS_INSTALL_STAGING = YES
> +LIBNSS_DEPENDENCIES = libnspr sqlite zlib
> +
> +LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \
> + NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
> + NSPR_LIB_DIR=$(STAGING_DIR)/usr/lib \
> + BUILD_OPT=1 \
> + NS_USE_GCC=1 \
> + OPTIMIZER="$(TARGET_CFLAGS)" \
> + NSS_USE_SYSTEM_SQLITE=1 \
> + NSS_ENABLE_ECC=1 \
> + NATIVE_CC="$(HOSTCC)" \
> + TARGETCC="$(TARGET_CC)" \
> + TARGETCCC="$(TARGET_CXX)" \
> + TARGETRANLIB="$(TARGET_RANLIB)" \
> + OS_ARCH="Linux" \
> + OS_RELEASE="2.6" \
> + OS_TEST="$(ARCH)"
> +
> +
> +define LIBNSS_BUILD_CMDS
> + $(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_coreconf build_dbm all \
> + SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
> + DIST=$(@D)/$(LIBNSS_DISTDIR) \
> + CHECKLOC= \
> + $(LIBNSS_BUILD_VARS)
> +endef
> +
> +define LIBNSS_INSTALL_STAGING_CMDS
> + $(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
> + $(@D)/$(LIBNSS_DISTDIR)/lib/*.so
> + $(INSTALL) -m 755 -d $(STAGING_DIR)/usr/include/nss
> + $(INSTALL) -m 644 -t $(STAGING_DIR)/usr/include/nss \
> + $(@D)/$(LIBNSS_DISTDIR)/public/nss/*
> + $(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
> + $(@D)/$(LIBNSS_DISTDIR)/lib/*.a
> +endef
> +
> +define LIBNSS_INSTALL_TARGET_CMDS
> + $(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
> + $(@D)/$(LIBNSS_DISTDIR)/lib/*.so
> +endef
> +
> +define LIBNSS_CLEAN_CMDS
> + -$(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR) clobber \
> + clobber_dbm \
> + clobber_coreconf \
> + BUILD_OPT=1
> +endef
> +
> +$(eval $(call GENTARGETS,package,libnss))
next prev parent reply other threads:[~2011-03-14 16:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 16:25 [Buildroot] [PATCH] libnss: Add new package Will Newton
2011-03-14 16:54 ` Michael S. Zick [this message]
2011-03-14 17:22 ` Will Newton
2011-03-14 19:04 ` Michael S. Zick
-- strict thread matches above, loose matches on Subject: below --
2011-03-14 17:24 Will Newton
2011-03-15 22:57 ` Thomas Petazzoni
2011-03-17 12:20 ` Will Newton
2011-03-25 12:07 Will Newton
2011-04-01 10:00 ` Will Newton
2011-07-07 12:08 Will Newton
2011-07-07 20:32 ` Peter Korsgaard
2011-07-08 13:25 ` Will Newton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201103141154.45996.minimod@morethan.org \
--to=minimod@morethan.org \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.