source: postlfs/security/nss.xml@ 295ca00

systemd-13485
Last change on this file since 295ca00 was 295ca00, checked in by Douglas R. Reno <renodr@…>, 6 years ago

Update to Sudo-1.8.15 (merged from trunk r16594)
Update to stunnel-5.29 (merged from trunk r16797)
Update to ssh-askpass-4.1p2 (merged from trunk r16811)
Update to p11-kit-0.23.2 (merged from trunk r16716)
Update to OpenSSL-1.0.2e (merged from trunk r16708)
Update to OpenSSH-7.1p2 (merged from trunk r16811)
Update to NSS-3.21 (merged from trunk r16627)
Update to MIT Kerberos V5-1.14 (merged from trunk r16679)
Update to iptables-1.6.0 (merged from trunk r16742)
Update to GPGME-1.6.0 (merged from trunk r16360)
Update to GnuTLS-3.4.8 (merged from trunk r16797)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16833 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 9.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!-- for when .0 is not part of the new tarball name -->
8 <!ENTITY nss-url "ftp.mozilla.org/pub/mozilla.org/security/nss/releases">
9
10<!ENTITY nss-download-http "https://&nss-url;/NSS_3_&nss-minor-version;_RTM/src/nss-&nss-version;.tar.gz">
11<!ENTITY nss-download-ftp " ">
12<!-- <!ENTITY nss-download-ftp "ftp://&nss-url;/NSS_3_&nss-minor-version;_&nss-micro-version;_RTM/src/nss-&nss-version;.tar.gz"> -->
13<!-- no micro versions -->
14<!-- <!ENTITY nss-download-http "https://&nss-url;/NSS_3_&nss-minor-version;_RTM/src/nss-&nss-version;.tar.gz">
15<!ENTITY nss-download-ftp "ftp://&nss-url;/NSS_3_&nss-minor-version;_RTM/src/nss-&nss-version;.tar.gz"> -->
16
17 <!ENTITY nss-md5sum "3c8b2ed880dd3a8d86c9e0151afe6eba">
18 <!ENTITY nss-size "6.7 MB">
19 <!ENTITY nss-buildsize "91 MB">
20 <!ENTITY nss-time "0.9 SBU">
21]>
22
23<sect1 id="nss" xreflabel="NSS-&nss-version;">
24 <?dbhtml filename="nss.html"?>
25
26 <sect1info>
27 <othername>$LastChangedBy$</othername>
28 <date>$Date$</date>
29 </sect1info>
30
31 <title>NSS-&nss-version;</title>
32
33 <indexterm zone="nss">
34 <primary sortas="a-NSS">NSS</primary>
35 </indexterm>
36
37 <sect2 role="package">
38 <title>Introduction to NSS</title>
39
40 <para>
41 The Network Security Services (<application>NSS</application>) package is
42 a set of libraries designed to support cross-platform development of
43 security-enabled client and server applications. Applications built with
44 NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
45 S/MIME, X.509 v3 certificates, and other security standards. This is
46 useful for implementing SSL and S/MIME or other Internet security
47 standards into an application.
48 </para>
49
50 &lfs77_checked;
51
52 <bridgehead renderas="sect3">Package Information</bridgehead>
53 <itemizedlist spacing="compact">
54 <listitem>
55 <para>
56 Download (HTTP): <ulink url="&nss-download-http;"/>
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download (FTP): <ulink url="&nss-download-ftp;"/>
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Download MD5 sum: &nss-md5sum;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Download size: &nss-size;
72 </para>
73 </listitem>
74 <listitem>
75 <para>
76 Estimated disk space required: &nss-buildsize;
77 </para>
78 </listitem>
79 <listitem>
80 <para>
81 Estimated build time: &nss-time;
82 </para>
83 </listitem>
84 </itemizedlist>
85
86 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
87 <itemizedlist spacing="compact">
88 <listitem>
89 <para>
90 Required patch:
91 <ulink url="&patch-root;/nss-&nss-version;-standalone-1.patch"/>
92 </para>
93 </listitem>
94 </itemizedlist>
95
96 <bridgehead renderas="sect3">NSS Dependencies</bridgehead>
97
98 <bridgehead renderas="sect4">Required</bridgehead>
99 <para role="required">
100 <xref linkend="nspr"/>
101 </para>
102
103 <bridgehead renderas="sect4">Recommended</bridgehead>
104 <para role="recommended">
105 <xref linkend="sqlite"/>
106 </para>
107
108 <para condition="html" role="usernotes">
109 User Notes: <ulink url="&blfs-wiki;/nss"/>
110 </para>
111 </sect2>
112
113 <sect2 role="installation">
114 <title>Installation of NSS</title>
115
116 <note>
117 <para>
118 This package does not support parallel build.
119 </para>
120 </note>
121
122 <para>
123 Install <application>NSS</application> by running the following commands:
124 </para>
125
126<screen><userinput>patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
127
128cd nss &amp;&amp;
129make BUILD_OPT=1 \
130 NSPR_INCLUDE_DIR=/usr/include/nspr \
131 USE_SYSTEM_ZLIB=1 \
132 ZLIB_LIBS=-lz \
133 $([ $(uname -m) = x86_64 ] &amp;&amp; echo USE_64=1) \
134 $([ -f /usr/include/sqlite3.h ] &amp;&amp; echo NSS_USE_SYSTEM_SQLITE=1) -j1</userinput></screen>
135
136 <para>
137 This package does not come with a test suite.
138 </para>
139
140 <para>
141 Now, as the <systemitem class="username">root</systemitem> user:
142 </para>
143
144<screen role="root"><userinput>cd ../dist &amp;&amp;
145install -v -m755 Linux*/lib/*.so /usr/lib &amp;&amp;
146install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
147install -v -m755 -d /usr/include/nss &amp;&amp;
148cp -v -RL {public,private}/nss/* /usr/include/nss &amp;&amp;
149chmod -v 644 /usr/include/nss/* &amp;&amp;
150install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
151install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib/pkgconfig</userinput></screen>
152
153 </sect2>
154
155 <sect2 role="commands">
156 <title>Command Explanations</title>
157
158 <para>
159 <parameter>BUILD_OPT=1</parameter>: This option is passed to
160 <command>make</command> so that the build is performed with no debugging
161 symbols built into the binaries and the default compiler optimizations are
162 used.
163 </para>
164
165 <para>
166 <parameter>NSPR_INCLUDE_DIR=/usr/include/nspr</parameter>: This option
167 sets the location of the <application>NSPR</application> headers.
168 </para>
169
170 <para>
171 <parameter>USE_SYSTEM_ZLIB=1</parameter>: This option is passed to
172 <command>make</command> to ensure that the
173 <filename class="libraryfile">libssl3.so</filename> library is linked to
174 the system installed <application>Zlib</application> instead of the
175 in-tree version.
176 </para>
177
178 <para>
179 <parameter>ZLIB_LIBS=-lz</parameter>: This option provides the
180 linker flags needed to link to the system <application>Zlib</application>.
181 </para>
182
183 <para>
184 <command>$([ $(uname -m) = x86_64 ] &amp;&amp; echo USE_64=1)</command>:
185 The <parameter>USE_64=1</parameter> option is <emphasis>required on
186 x86_64</emphasis>, otherwise <command>make</command> will try (and fail)
187 to create 32-bit objects. The [ $(uname -m) = x86_64 ] test ensures it
188 has no effect on a 32 bit system.
189 </para>
190
191 <para>
192 <command>([ -f /usr/include/sqlite3.h ] &amp;&amp; echo
193 NSS_USE_SYSTEM_SQLITE=1)</command>: This tests if
194 <application>SQLite</application> is installed and if so it
195 <command>echo</command>s the option NSS_USE_SYSTEM_SQLITE=1 to
196 <command>make</command> so that
197 <filename class="libraryfile">libsoftokn3.so</filename> will link against
198 the system version of <application>SQLite</application>.
199 </para>
200
201 </sect2>
202
203 <sect2 role="content">
204 <title>Contents</title>
205
206 <segmentedlist>
207 <segtitle>Installed Programs</segtitle>
208 <segtitle>Installed Libraries</segtitle>
209 <segtitle>Installed Directories</segtitle>
210
211 <seglistitem>
212 <seg>
213 certutil,
214 nss-config,
215 and pk12util
216 </seg>
217 <seg>
218 libcrmf.a,
219 libfreebl3.so,
220 libgtest1.so,
221 libnss3.so,
222 libnssckbi.so,
223 libnssdbm3.so,
224 libnsssysinit.so,
225 libnssutil3.so,
226 libsmime3.so,
227 libsoftokn3.so,
228 and libssl3.so
229 </seg>
230 <seg>
231 /usr/include/nss
232 </seg>
233 </seglistitem>
234 </segmentedlist>
235
236 <variablelist>
237 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
238 <?dbfo list-presentation="list"?>
239 <?dbhtml list-presentation="table"?>
240
241 <varlistentry id="certutil">
242 <term><command>certutil</command></term>
243 <listitem>
244 <para>
245 is the Mozilla Certificate Database Tool. It is a command-line
246 utility that can create and modify the Netscape Communicator
247 cert8.db and key3.db database files. It can also list, generate,
248 modify, or delete certificates within the cert8.db file and create
249 or change the password, generate new public and private key pairs,
250 display the contents of the key database, or delete key pairs within
251 the key3.db file.
252 </para>
253 <indexterm zone="nss certutil">
254 <primary sortas="b-certutil">certutil</primary>
255 </indexterm>
256 </listitem>
257 </varlistentry>
258
259 <varlistentry id="nss-config">
260 <term><command>nss-config</command></term>
261 <listitem>
262 <para>
263 is used to determine the NSS library settings of the installed NSS
264 libraries.
265 </para>
266 <indexterm zone="nss nss-config">
267 <primary sortas="b-nss-config">nss-config</primary>
268 </indexterm>
269 </listitem>
270 </varlistentry>
271
272 <varlistentry id="pk12util">
273 <term><command>pk12util</command></term>
274 <listitem>
275 <para>
276 is a tool for importing certificates and keys from pkcs #12 files
277 into NSS or exporting them. It can also list certificates and keys
278 in such files.
279 </para>
280 <indexterm zone="nss pk12util">
281 <primary sortas="b-pk12util">pk12util</primary>
282 </indexterm>
283 </listitem>
284 </varlistentry>
285
286 </variablelist>
287
288 </sect2>
289
290</sect1>
Note: See TracBrowser for help on using the repository browser.