From: Michael S. Zick <minimod@morethan.org>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] libnss: Add new package.
Date: Mon, 14 Mar 2011 11:54:42 -0500 [thread overview]
Message-ID: <201103141154.45996.minimod@morethan.org> (raw)
In-Reply-To: <AANLkTikz08GZdkFc9kEVmk6mdxpnb_hovz1JpTXQ8zpa@mail.gmail.com>
On Mon March 14 2011, Will Newton wrote:
> NSS is the Network Security Services library developed as part of
> the Mozilla project. It provides similar functions to OpenSSL but
> allows MPL, GPL and LGPL licensing and has been FIPS certified.
>
Note:
The version mentioned in this patch __is not__ one of the certified
versions.
Ref:
http://www.mozilla.org/projects/security/pki/nss/fips/
Nor does the validated version build for all of the Buildroot targets.
Ref:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#815
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf
So I think it is unwise to include that "and has been FIPS certified"
in the new package description.
Mike
> Signed-off-by: Will Newton <will.newton@imgtec.com>
> ---
> package/Config.in | 1 +
> package/libnss/Config.in | 13 +++++++
> package/libnss/libnss-cross.patch | 19 +++++++++++
> package/libnss/libnss-uclibc.patch | 11 ++++++
> package/libnss/libnss.mk | 62 ++++++++++++++++++++++++++++++++++++
> 5 files changed, 106 insertions(+), 0 deletions(-)
> create mode 100644 package/libnss/Config.in
> create mode 100644 package/libnss/libnss-cross.patch
> create mode 100644 package/libnss/libnss-uclibc.patch
> create mode 100644 package/libnss/libnss.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 19c38fa..6bb3a42 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -245,6 +245,7 @@ menu "Crypto"
> source "package/beecrypt/Config.in"
> source "package/libgcrypt/Config.in"
> source "package/libgpg-error/Config.in"
> +source "package/libnss/Config.in"
> source "package/openssl/Config.in"
> endmenu
>
> diff --git a/package/libnss/Config.in b/package/libnss/Config.in
> new file mode 100644
> index 0000000..e58aa50
> --- /dev/null
> +++ b/package/libnss/Config.in
> @@ -0,0 +1,13 @@
> +config BR2_PACKAGE_LIBNSS
> + bool "libnss"
> + depends on BR2_PACKAGE_LIBNSPR
> + depends on BR2_PACKAGE_SQLITE
> + depends on BR2_PACKAGE_ZLIB
> + help
> + Network Security Services (NSS) is a set of libraries designed
> + to support development of security-enabled client and server
> + applications. Applications built with NSS can support SSL v2
> + and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME,
> + and X.509 v3 certificates.
> +
> + http://www.mozilla.org/projects/security/pki/nss/
> diff --git a/package/libnss/libnss-cross.patch
> b/package/libnss/libnss-cross.patch
> new file mode 100644
> index 0000000..7670511
> --- /dev/null
> +++ b/package/libnss/libnss-cross.patch
> @@ -0,0 +1,19 @@
> +--- libnss-3.12.9.old/mozilla/security/coreconf/Linux.mk 2011-03-01
> 10:31:21.517847183 +0000
> ++++ libnss-3.12.9/mozilla/security/coreconf/Linux.mk 2011-03-01
> 10:33:42.688648237 +0000
> +@@ -46,9 +46,13 @@
> + IMPL_STRATEGY = _PTH
> + endif
> +
> +-CC = gcc
> +-CCC = g++
> +-RANLIB = ranlib
> ++TARGETCC = gcc
> ++TARGETCCC = g++
> ++TARGETRANLIB = ranlib
> ++
> ++CC = $(TARGETCC)
> ++CCC = $(TARGETCCC)
> ++RANLIB = $(TARGETRANLIB)
> +
> + DEFAULT_COMPILER = gcc
> +
> diff --git a/package/libnss/libnss-uclibc.patch
> b/package/libnss/libnss-uclibc.patch
> new file mode 100644
> index 0000000..e437067
> --- /dev/null
> +++ b/package/libnss/libnss-uclibc.patch
> @@ -0,0 +1,11 @@
> +--- libnss-3.12.9.old/mozilla/security/nss/lib/freebl/stubs.c 2011-03-01
> 10:41:35.226450100 +0000
> ++++ libnss-3.12.9/mozilla/security/nss/lib/freebl/stubs.c 2011-03-01
> 10:42:14.628507934 +0000
> +@@ -539,7 +539,7 @@
> + * fetch the library if it's loaded. For NSS it should already be loaded
> + */
> + #define freebl_getLibrary(libName) \
> +- dlopen (libName, RTLD_LAZY|RTLD_NOLOAD)
> ++ dlopen (libName, RTLD_LAZY)
> +
> + #define freebl_releaseLibrary(lib) \
> + if (lib) dlclose(lib)
> diff --git a/package/libnss/libnss.mk b/package/libnss/libnss.mk
> new file mode 100644
> index 0000000..b530cc3
> --- /dev/null
> +++ b/package/libnss/libnss.mk
> @@ -0,0 +1,62 @@
> +#############################################################
> +#
> +# libnss
> +#
> +#############################################################
> +LIBNSS_VERSION = 3.12.9
> +LIBNSS_SOURCE = nss-$(LIBNSS_VERSION).tar.gz
> +LIBNSS_SITE_VERSION = $(subst .,_,$(LIBNSS_VERSION))
> +LIBNSS_SITE = https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_$(LIBNSS_SITE_VERSION)_RTM/src/
> +LIBNSS_SUBDIR = mozilla/security
> +LIBNSS_DISTDIR = mozilla/dist
> +LIBNSS_INSTALL_STAGING = YES
> +LIBNSS_DEPENDENCIES = libnspr sqlite zlib
> +
> +LIBNSS_BUILD_VARS = MOZILLA_CLIENT=1 \
> + NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr \
> + NSPR_LIB_DIR=$(STAGING_DIR)/usr/lib \
> + BUILD_OPT=1 \
> + NS_USE_GCC=1 \
> + OPTIMIZER="$(TARGET_CFLAGS)" \
> + NSS_USE_SYSTEM_SQLITE=1 \
> + NSS_ENABLE_ECC=1 \
> + NATIVE_CC="$(HOSTCC)" \
> + TARGETCC="$(TARGET_CC)" \
> + TARGETCCC="$(TARGET_CXX)" \
> + TARGETRANLIB="$(TARGET_RANLIB)" \
> + OS_ARCH="Linux" \
> + OS_RELEASE="2.6" \
> + OS_TEST="$(ARCH)"
> +
> +
> +define LIBNSS_BUILD_CMDS
> + $(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR)/nss build_coreconf build_dbm all \
> + SOURCE_MD_DIR=$(@D)/$(LIBNSS_DISTDIR) \
> + DIST=$(@D)/$(LIBNSS_DISTDIR) \
> + CHECKLOC= \
> + $(LIBNSS_BUILD_VARS)
> +endef
> +
> +define LIBNSS_INSTALL_STAGING_CMDS
> + $(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
> + $(@D)/$(LIBNSS_DISTDIR)/lib/*.so
> + $(INSTALL) -m 755 -d $(STAGING_DIR)/usr/include/nss
> + $(INSTALL) -m 644 -t $(STAGING_DIR)/usr/include/nss \
> + $(@D)/$(LIBNSS_DISTDIR)/public/nss/*
> + $(INSTALL) -m 755 -t $(STAGING_DIR)/usr/lib/ \
> + $(@D)/$(LIBNSS_DISTDIR)/lib/*.a
> +endef
> +
> +define LIBNSS_INSTALL_TARGET_CMDS
> + $(INSTALL) -m 755 -t $(TARGET_DIR)/usr/lib/ \
> + $(@D)/$(LIBNSS_DISTDIR)/lib/*.so
> +endef
> +
> +define LIBNSS_CLEAN_CMDS
> + -$(MAKE1) -C $(@D)/$(LIBNSS_SUBDIR) clobber \
> + clobber_dbm \
> + clobber_coreconf \
> + BUILD_OPT=1
> +endef
> +
> +$(eval $(call GENTARGETS,package,libnss))
next prev parent reply other threads:[~2011-03-14 16:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 16:25 [Buildroot] [PATCH] libnss: Add new package Will Newton
2011-03-14 16:54 ` Michael S. Zick [this message]
2011-03-14 17:22 ` Will Newton
2011-03-14 19:04 ` Michael S. Zick
-- strict thread matches above, loose matches on Subject: below --
2011-03-14 17:24 Will Newton
2011-03-15 22:57 ` Thomas Petazzoni
2011-03-17 12:20 ` Will Newton
2011-03-25 12:07 Will Newton
2011-04-01 10:00 ` Will Newton
2011-07-07 12:08 Will Newton
2011-07-07 20:32 ` Peter Korsgaard
2011-07-08 13:25 ` Will Newton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201103141154.45996.minimod@morethan.org \
--to=minimod@morethan.org \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox