source: postlfs/security/nss.xml@ 5b9b502

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 12.2 8.4 9.0 9.1 bdubbs/svn elogind gimp3 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/for-12.3 xry111/intltool xry111/llvm18 xry111/soup3 xry111/spidermonkey128 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 5b9b502 was 5b9b502, checked in by Ken Moffat <ken@…>, 6 years ago

nss-3.40.1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20775 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!-- for when .0 is not part of the new tarball name, but always referenced -->
8 <!ENTITY nss-url "archive.mozilla.org/pub/security/nss/releases">
9
10<!-- micro versions -->
11<!ENTITY nss-download-http "https://&nss-url;/NSS_3_&nss-minor-version;_&nss-micro-version;_RTM/src/nss-&nss-version;.tar.gz">
12
13<!-- no micro versions -->
14<!-- <!ENTITY nss-download-http "https://&nss-url;/NSS_3_&nss-minor-version;_RTM/src/nss-&nss-version;.tar.gz"> -->
15
16 <!ENTITY nss-download-ftp " ">
17 <!ENTITY nss-md5sum "589ab784db168e876bd9ae4eef294728">
18 <!ENTITY nss-size "23 MB">
19 <!ENTITY nss-buildsize "138 MB">
20 <!ENTITY nss-time "2.2 SBU">
21]>
22
23<sect1 id="nss" xreflabel="NSS-&nss-version;">
24 <?dbhtml filename="nss.html"?>
25
26 <sect1info>
27 <othername>$LastChangedBy$</othername>
28 <date>$Date$</date>
29 </sect1info>
30
31 <title>NSS-&nss-version;</title>
32
33 <indexterm zone="nss">
34 <primary sortas="a-NSS">NSS</primary>
35 </indexterm>
36
37 <sect2 role="package">
38 <title>Introduction to NSS</title>
39
40 <para>
41 The Network Security Services (<application>NSS</application>) package is
42 a set of libraries designed to support cross-platform development of
43 security-enabled client and server applications. Applications built with
44 NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
45 S/MIME, X.509 v3 certificates, and other security standards. This is
46 useful for implementing SSL and S/MIME or other Internet security
47 standards into an application.
48 </para>
49
50 &lfs83_checked;
51
52 <bridgehead renderas="sect3">Package Information</bridgehead>
53 <itemizedlist spacing="compact">
54 <listitem>
55 <para>
56 Download (HTTP): <ulink url="&nss-download-http;"/>
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download (FTP): <ulink url="&nss-download-ftp;"/>
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Download MD5 sum: &nss-md5sum;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Download size: &nss-size;
72 </para>
73 </listitem>
74 <listitem>
75 <para>
76 Estimated disk space required: &nss-buildsize;
77 </para>
78 </listitem>
79 <listitem>
80 <para>
81 Estimated build time: &nss-time;
82 </para>
83 </listitem>
84 </itemizedlist>
85
86 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
87 <itemizedlist spacing="compact">
88 <listitem>
89 <para>
90 Required patch:
91 <ulink url="&patch-root;/nss-&nss-version;-standalone-1.patch"/>
92 </para>
93 </listitem>
94 </itemizedlist>
95
96 <bridgehead renderas="sect3">NSS Dependencies</bridgehead>
97
98 <bridgehead renderas="sect4">Required</bridgehead>
99 <para role="required">
100 <xref linkend="nspr"/>
101 </para>
102
103 <bridgehead renderas="sect4">Recommended</bridgehead>
104 <para role="recommended">
105 <xref linkend="sqlite"/> and
106 <xref role="runtime" linkend="p11-kit"/> (runtime)
107 </para>
108
109 <para condition="html" role="usernotes">
110 User Notes: <ulink url="&blfs-wiki;/nss"/>
111 </para>
112 </sect2>
113
114 <sect2 role="installation">
115 <title>Installation of NSS</title>
116
117 <note>
118 <para>
119 This package does not support parallel build.
120 </para>
121 </note>
122
123 <para>
124 Install <application>NSS</application> by running the following commands:
125 </para>
126
127<screen><userinput>patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
128
129cd nss &amp;&amp;
130
131make -j1 BUILD_OPT=1 \
132 NSPR_INCLUDE_DIR=/usr/include/nspr \
133 USE_SYSTEM_ZLIB=1 \
134 ZLIB_LIBS=-lz \
135 NSS_ENABLE_WERROR=0 \
136 $([ $(uname -m) = x86_64 ] &amp;&amp; echo USE_64=1) \
137 $([ -f /usr/include/sqlite3.h ] &amp;&amp; echo NSS_USE_SYSTEM_SQLITE=1)</userinput></screen>
138
139 <!-- change this to point to the wiki if details (debug build, with
140 nspr in nspr/ beside nss/ ) get added to the wiki -->
141 <para>
142 The package does not come with a standalone test suite.
143 </para>
144
145 <para>
146 Now, as the <systemitem class="username">root</systemitem> user:
147 </para>
148
149<screen role="root"><userinput>cd ../dist &amp;&amp;
150
151install -v -m755 Linux*/lib/*.so /usr/lib &amp;&amp;
152install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
153
154install -v -m755 -d /usr/include/nss &amp;&amp;
155cp -v -RL {public,private}/nss/* /usr/include/nss &amp;&amp;
156chmod -v 644 /usr/include/nss/* &amp;&amp;
157
158install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
159
160install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib/pkgconfig</userinput></screen>
161
162 </sect2>
163
164 <sect2 role="commands">
165 <title>Command Explanations</title>
166
167 <para>
168 <parameter>BUILD_OPT=1</parameter>: This option is passed to
169 <command>make</command> so that the build is performed with no debugging
170 symbols built into the binaries and the default compiler optimizations are
171 used.
172 </para>
173
174 <para>
175 <parameter>NSPR_INCLUDE_DIR=/usr/include/nspr</parameter>: This option
176 sets the location of the nspr headers.
177 </para>
178
179 <para>
180 <parameter>USE_SYSTEM_ZLIB=1</parameter>: This option is passed to
181 <command>make</command> to ensure that the
182 <filename class="libraryfile">libssl3.so</filename> library is linked to
183 the system installed <application>zlib</application> instead of the
184 in-tree version.
185 </para>
186
187 <para>
188 <parameter>ZLIB_LIBS=-lz</parameter>: This option provides the
189 linker flags needed to link to the system <application>zlib</application>.
190 </para>
191
192 <para>
193 <command>$([ $(uname -m) = x86_64 ] &amp;&amp; echo USE_64=1)</command>:
194 The <parameter>USE_64=1</parameter> option is <emphasis>required on
195 x86_64</emphasis>, otherwise <command>make</command> will try (and fail)
196 to create 32-bit objects. The [ $(uname -m) = x86_64 ] test ensures it
197 has no effect on a 32 bit system.
198 </para>
199
200 <para>
201 <command>([ -f /usr/include/sqlite3.h ] &amp;&amp; echo
202 NSS_USE_SYSTEM_SQLITE=1)</command>: This tests if
203 <application>sqlite</application> is installed and if so it
204 <command>echo</command>s the option NSS_USE_SYSTEM_SQLITE=1 to
205 <command>make</command> so that
206 <filename class="libraryfile">libsoftokn3.so</filename> will link against
207 the system version of sqlite.
208 </para>
209
210 </sect2>
211
212 <sect2 role="configuration">
213 <title>Configuring NSS</title>
214
215 <para>If <xref linkend="p11-kit"/> is installed, the
216 <application>p11-kit</application> trust module
217 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
218 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
219 transparently make the system CAs available to
220 <application>NSS</application> aware applications, rather than the static
221 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
222 <systemitem class="username">root</systemitem> user, execute the following
223 commands:</para>
224
225<screen role="root"><userinput>if [ -e /usr/lib/libp11-kit.so ]; then
226 readlink /usr/lib/libnssckbi.so ||
227 rm -v /usr/lib/libnssckbi.so &amp;&amp;
228 ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so
229fi</userinput></screen>
230
231 <para>Additionally, for dependent applications that do not use the internal
232 database (<filename>/usr/lib/libnssckbi.so</filename>), the
233 <filename>/usr/sbin/make-ca</filename> script, included on the
234 <xref linkend="make-ca"/> page, will generate a system wide NSS DB.</para>
235
236 </sect2>
237
238 <sect2 role="content">
239 <title>Contents</title>
240
241 <segmentedlist>
242 <segtitle>Installed Programs</segtitle>
243 <segtitle>Installed Libraries</segtitle>
244 <segtitle>Installed Directories</segtitle>
245
246 <seglistitem>
247 <seg>
248 certutil, nss-config, and pk12util
249 </seg>
250 <seg>
251 libcrmf.a, libfreebl3.so, libfreeblpriv3.so, libgtest1.so, libnss3.so,
252 libnssckbi.so, libnssdbm3.so, libnsssysinit.so,
253 libnssutil3.so, libsmime3.so, libsoftokn3.so, and libssl3.so
254 </seg>
255 <seg>
256 /usr/include/nss
257 </seg>
258 </seglistitem>
259 </segmentedlist>
260
261 <variablelist>
262 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
263 <?dbfo list-presentation="list"?>
264 <?dbhtml list-presentation="table"?>
265
266 <varlistentry id="certutil">
267 <term><command>certutil</command></term>
268 <listitem>
269 <para>
270 is the Mozilla Certificate Database Tool. It is a command-line
271 utility that can create and modify the Netscape Communicator
272 cert8.db and key3.db database files. It can also list, generate,
273 modify, or delete certificates within the cert8.db file and create
274 or change the password, generate new public and private key pairs,
275 display the contents of the key database, or delete key pairs within
276 the key3.db file.
277 </para>
278 <indexterm zone="nss certutil">
279 <primary sortas="b-certutil">certutil</primary>
280 </indexterm>
281 </listitem>
282 </varlistentry>
283
284 <varlistentry id="nss-config">
285 <term><command>nss-config</command></term>
286 <listitem>
287 <para>
288 is used to determine the NSS library settings of the installed NSS
289 libraries.
290 </para>
291 <indexterm zone="nss nss-config">
292 <primary sortas="b-nss-config">nss-config</primary>
293 </indexterm>
294 </listitem>
295 </varlistentry>
296
297 <varlistentry id="pk12util">
298 <term><command>pk12util</command></term>
299 <listitem>
300 <para>
301 is a tool for importing certificates and keys from pkcs #12 files
302 into NSS or exporting them. It can also list certificates and keys
303 in such files.
304 </para>
305 <indexterm zone="nss pk12util">
306 <primary sortas="b-pk12util">pk12util</primary>
307 </indexterm>
308 </listitem>
309 </varlistentry>
310
311 </variablelist>
312
313 </sect2>
314
315</sect1>
Note: See TracBrowser for help on using the repository browser.