source: postlfs/security/nss.xml@ 29d11601

10.0 10.1 11.0 9.1 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 29d11601 was 29d11601, checked in by Bruce Dubbs <bdubbs@…>, 22 months ago

Update to gdb-9.1.
Update to libgpg-error-1.37.
Update to nss-3.50.
Update to firewalld-0.8.1.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22643 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!-- for when .0 is not part of the new tarball name, but always referenced -->
8<!ENTITY nss-url "archive.mozilla.org/pub/security/nss/releases">
9
10<!-- micro versions -->
11<!ENTITY nss-download-http "https://&nss-url;/NSS_3_&nss-minor-version;_&nss-micro-version;_RTM/src/nss-&nss-version;.tar.gz">
12
13<!-- no micro versions
14<!ENTITY nss-download-http "https://&nss-url;/NSS_3_&nss-minor-version;_RTM/src/nss-&nss-version;.tar.gz"> -->
15
16 <!ENTITY nss-download-ftp " ">
17 <!ENTITY nss-md5sum "e0366615e12b147cebc136c915baea37">
18 <!ENTITY nss-size "74 MB">
19 <!-- 50 MB increase is due to new test files, see #12187 -->
20 <!ENTITY nss-buildsize "256 MB">
21 <!ENTITY nss-time "3.4 SBU">
22]>
23
24<sect1 id="nss" xreflabel="NSS-&nss-version;">
25 <?dbhtml filename="nss.html"?>
26
27 <sect1info>
28 <othername>$LastChangedBy$</othername>
29 <date>$Date$</date>
30 </sect1info>
31
32 <title>NSS-&nss-version;</title>
33
34 <indexterm zone="nss">
35 <primary sortas="a-NSS">NSS</primary>
36 </indexterm>
37
38 <sect2 role="package">
39 <title>Introduction to NSS</title>
40
41 <para>
42 The Network Security Services (<application>NSS</application>) package is
43 a set of libraries designed to support cross-platform development of
44 security-enabled client and server applications. Applications built with
45 NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
46 S/MIME, X.509 v3 certificates, and other security standards. This is
47 useful for implementing SSL and S/MIME or other Internet security
48 standards into an application.
49 </para>
50
51 &lfs90_checked;
52
53 <bridgehead renderas="sect3">Package Information</bridgehead>
54 <itemizedlist spacing="compact">
55 <listitem>
56 <para>
57 Download (HTTP): <ulink url="&nss-download-http;"/>
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download (FTP): <ulink url="&nss-download-ftp;"/>
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Download MD5 sum: &nss-md5sum;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Download size: &nss-size;
73 </para>
74 </listitem>
75 <listitem>
76 <para>
77 Estimated disk space required: &nss-buildsize;
78 </para>
79 </listitem>
80 <listitem>
81 <para>
82 Estimated build time: &nss-time;
83 </para>
84 </listitem>
85 </itemizedlist>
86
87 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
88 <itemizedlist spacing="compact">
89 <listitem>
90 <para>
91 Required patch:
92 <ulink url="&patch-root;/nss-&nss-version;-standalone-1.patch"/>
93 </para>
94 </listitem>
95 </itemizedlist>
96
97 <bridgehead renderas="sect3">NSS Dependencies</bridgehead>
98
99 <bridgehead renderas="sect4">Required</bridgehead>
100 <para role="required">
101 <xref linkend="nspr"/>
102 </para>
103
104 <bridgehead renderas="sect4">Recommended</bridgehead>
105 <para role="recommended">
106 <xref linkend="sqlite"/> and
107 <xref role="runtime" linkend="p11-kit"/> (runtime)
108 </para>
109
110 <para condition="html" role="usernotes">
111 User Notes: <ulink url="&blfs-wiki;/nss"/>
112 </para>
113 </sect2>
114
115 <sect2 role="installation">
116 <title>Installation of NSS</title>
117
118 <note>
119 <para>
120 This package does not support parallel build.
121 </para>
122 </note>
123
124 <para>
125 Install <application>NSS</application> by running the following commands:
126 </para>
127
128<screen><userinput>patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
129
130cd nss &amp;&amp;
131
132make -j1 BUILD_OPT=1 \
133 NSPR_INCLUDE_DIR=/usr/include/nspr \
134 USE_SYSTEM_ZLIB=1 \
135 ZLIB_LIBS=-lz \
136 NSS_ENABLE_WERROR=0 \
137 $([ $(uname -m) = x86_64 ] &amp;&amp; echo USE_64=1) \
138 $([ -f /usr/include/sqlite3.h ] &amp;&amp; echo NSS_USE_SYSTEM_SQLITE=1)</userinput></screen>
139
140 <para>
141 <!-- the unittest files get compiled automatically since nss-3.31.0 -->
142 The unit tests were run during the build.
143 </para>
144
145 <para>
146 Now, as the <systemitem class="username">root</systemitem> user:
147 </para>
148
149<screen role="root"><userinput>cd ../dist &amp;&amp;
150
151install -v -m755 Linux*/lib/*.so /usr/lib &amp;&amp;
152install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
153
154install -v -m755 -d /usr/include/nss &amp;&amp;
155cp -v -RL {public,private}/nss/* /usr/include/nss &amp;&amp;
156chmod -v 644 /usr/include/nss/* &amp;&amp;
157
158install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
159
160install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib/pkgconfig</userinput></screen>
161
162 </sect2>
163
164 <sect2 role="commands">
165 <title>Command Explanations</title>
166
167 <para>
168 <parameter>BUILD_OPT=1</parameter>: This option is passed to
169 <command>make</command> so that the build is performed with no debugging
170 symbols built into the binaries and the default compiler optimizations are
171 used.
172 </para>
173
174 <para>
175 <parameter>NSPR_INCLUDE_DIR=/usr/include/nspr</parameter>: This option
176 sets the location of the nspr headers.
177 </para>
178
179 <para>
180 <parameter>USE_SYSTEM_ZLIB=1</parameter>: This option is passed to
181 <command>make</command> to ensure that the
182 <filename class="libraryfile">libssl3.so</filename> library is linked to
183 the system installed <application>zlib</application> instead of the
184 in-tree version.
185 </para>
186
187 <para>
188 <parameter>ZLIB_LIBS=-lz</parameter>: This option provides the
189 linker flags needed to link to the system <application>zlib</application>.
190 </para>
191
192 <para>
193 <command>$([ $(uname -m) = x86_64 ] &amp;&amp; echo USE_64=1)</command>:
194 The <parameter>USE_64=1</parameter> option is <emphasis>required on
195 x86_64</emphasis>, otherwise <command>make</command> will try (and fail)
196 to create 32-bit objects. The [ $(uname -m) = x86_64 ] test ensures it
197 has no effect on a 32 bit system.
198 </para>
199
200 <para>
201 <command>([ -f /usr/include/sqlite3.h ] &amp;&amp; echo
202 NSS_USE_SYSTEM_SQLITE=1)</command>: This tests if
203 <application>sqlite</application> is installed and if so it
204 <command>echo</command>s the option NSS_USE_SYSTEM_SQLITE=1 to
205 <command>make</command> so that
206 <filename class="libraryfile">libsoftokn3.so</filename> will link against
207 the system version of sqlite.
208 </para>
209
210 </sect2>
211
212 <sect2 role="configuration">
213 <title>Configuring NSS</title>
214
215 <para>If <xref linkend="p11-kit"/> is installed, the
216 <application>p11-kit</application> trust module
217 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
218 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
219 transparently make the system CAs available to
220 <application>NSS</application> aware applications, rather than the static
221 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
222 <systemitem class="username">root</systemitem> user, execute the following
223 commands:</para>
224
225<screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
226
227 <para>Additionally, for dependent applications that do not use the internal
228 database (<filename>/usr/lib/libnssckbi.so</filename>), the
229 <filename>/usr/sbin/make-ca</filename> script, included on the
230 <xref linkend="make-ca"/> page can generate a system wide NSS DB with the
231 <parameter>-n</parameter> switch, or by modifying the
232 <filename>/etc/make-ca.conf</filename> file.</para>
233
234 </sect2>
235
236 <sect2 role="content">
237 <title>Contents</title>
238
239 <segmentedlist>
240 <segtitle>Installed Programs</segtitle>
241 <segtitle>Installed Libraries</segtitle>
242 <segtitle>Installed Directories</segtitle>
243
244 <seglistitem>
245 <seg>
246 certutil, nss-config, and pk12util
247 </seg>
248 <seg>
249 libcrmf.a, libfreebl3.so, libfreeblpriv3.so, libgtest1.so,
250 libgtestutil.so, libnss3.so, libnssckbi.so, libnssdbm3.so,
251 libnsssysinit.so, libnssutil3.so, libsmime3.so, libsoftokn3.so,
252 and libssl3.so
253 </seg>
254 <seg>
255 /usr/include/nss
256 </seg>
257 </seglistitem>
258 </segmentedlist>
259
260 <variablelist>
261 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
262 <?dbfo list-presentation="list"?>
263 <?dbhtml list-presentation="table"?>
264
265 <varlistentry id="certutil">
266 <term><command>certutil</command></term>
267 <listitem>
268 <para>
269 is the Mozilla Certificate Database Tool. It is a command-line
270 utility that can create and modify the Netscape Communicator
271 cert8.db and key3.db database files. It can also list, generate,
272 modify, or delete certificates within the cert8.db file and create
273 or change the password, generate new public and private key pairs,
274 display the contents of the key database, or delete key pairs within
275 the key3.db file.
276 </para>
277 <indexterm zone="nss certutil">
278 <primary sortas="b-certutil">certutil</primary>
279 </indexterm>
280 </listitem>
281 </varlistentry>
282
283 <varlistentry id="nss-config">
284 <term><command>nss-config</command></term>
285 <listitem>
286 <para>
287 is used to determine the NSS library settings of the installed NSS
288 libraries.
289 </para>
290 <indexterm zone="nss nss-config">
291 <primary sortas="b-nss-config">nss-config</primary>
292 </indexterm>
293 </listitem>
294 </varlistentry>
295
296 <varlistentry id="pk12util">
297 <term><command>pk12util</command></term>
298 <listitem>
299 <para>
300 is a tool for importing certificates and keys from pkcs #12 files
301 into NSS or exporting them. It can also list certificates and keys
302 in such files.
303 </para>
304 <indexterm zone="nss pk12util">
305 <primary sortas="b-pk12util">pk12util</primary>
306 </indexterm>
307 </listitem>
308 </varlistentry>
309
310 </variablelist>
311
312 </sect2>
313
314</sect1>
Note: See TracBrowser for help on using the repository browser.