Changeset 9333a525

Timestamp:

03/04/2012 11:27:16 PM (12 years ago)

Author:

Andrew Benton <andy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

c2d890f4

Parents:

7753fc6

Message:

nss-3.13.3

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9596 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (1 diff)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/nss.xml (modified) (11 diffs)

general.ent

@@ -122 +122 @@
 <!ENTITY mitkrb-version               "1.6">
 <!ENTITY nettle-version               "2.4">
-<!ENTITY nss-version                  "3.13.1">
+<!ENTITY nss-version                  "3.13.3">
 <!ENTITY openssh-version              "5.9p1">
 <!ENTITY openssl-version              "1.0.0g">

introduction/welcome/changelog.xml

@@ -55 +55 @@
           <para>[abenton] - NSPR 4.9.</para>
         </listitem>
+        <listitem>
+          <para>[abenton] - NSS 3.13.3.</para>
+        </listitem>
       </itemizedlist>
     </listitem>

postlfs/security/nss.xml

@@ -5 +5 @@
   %general-entities;
 
-  <!ENTITY nss-download-http "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_1_RTM/src/nss-&nss-version;.tar.gz">
-  <!ENTITY nss-download-ftp  "ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_1_RTM/src/nss-&nss-version;.tar.gz">
-  <!ENTITY nss-md5sum        "c500f96d33ba1390c8a35c667e05e542">
-  <!ENTITY nss-size          "5.7 MB">
-  <!ENTITY nss-buildsize     "44 MB (more than double this to run the test suite)">
-  <!ENTITY nss-time          "0.7 SBU (at least an additional 3.5 SBU to run the test suite)">
+  <!ENTITY nss-download-http
+  "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/nss-&nss-version;.tar.gz">
+  <!ENTITY nss-download-ftp
+  "ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/nss-&nss-version;.tar.gz">
+  <!ENTITY nss-md5sum        "006cb82fa900e9e664b4b14a9b7810ca">
+  <!ENTITY nss-size          "5.8 MB">
+  <!ENTITY nss-buildsize     "70 MB (more than double this to run the test suite)">
+  <!ENTITY nss-time          "1.0 SBU (at least an additional 3.5 SBU to run the test suite)">
 ]>
 
@@ -30 +32 @@
     <title>Introduction to NSS</title>
 
-    <para>The Network Security Services (<application>NSS</application>)
-    package is a set of libraries designed to support cross-platform
-    development of security-enabled client and server applications.
-    Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
-    PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
-    security standards. This is useful for implementing SSL and S/MIME or
-    other Internet security standards into an application.</para>
+    <para>
+      The Network Security Services (<application>NSS</application>) package is
+      a set of libraries designed to support cross-platform development of
+      security-enabled client and server applications. Applications built with
+      NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
+      S/MIME, X.509 v3 certificates, and other security standards. This is
+      useful for implementing SSL and S/MIME or other Internet security
+      standards into an application.
+    </para>
 
     &lfs70_checked;
@@ -43 +47 @@
     <itemizedlist spacing="compact">
       <listitem>
-        <para>Download (HTTP): <ulink url="&nss-download-http;"/></para>
-      </listitem>
-      <listitem>
-        <para>Download (FTP): <ulink url="&nss-download-ftp;"/></para>
-      </listitem>
-      <listitem>
-        <para>Download MD5 sum: &nss-md5sum;</para>
-      </listitem>
-      <listitem>
-        <para>Download size: &nss-size;</para>
-      </listitem>
-      <listitem>
-        <para>Estimated disk space required: &nss-buildsize;</para>
-      </listitem>
-      <listitem>
-        <para>Estimated build time: &nss-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&nss-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&nss-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+        Download MD5 sum: &nss-md5sum;
+      </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &nss-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &nss-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &nss-time;
+        </para>
       </listitem>
     </itemizedlist>
@@ -65 +81 @@
     <itemizedlist spacing="compact">
       <listitem>
-        <para>Required patch: <ulink
-        url="&patch-root;/nss-&nss-version;-standalone-1.patch"/></para>
+        <para>
+          Required patch:
+          <ulink url="&patch-root;/nss-&nss-version;-standalone-1.patch"/>
+        </para>
       </listitem>
     </itemizedlist>
@@ -73 +91 @@
 
     <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required"><xref linkend="nspr"/></para>
+    <para role="required">
+      <xref linkend="nspr"/>
+    </para>
 
     <bridgehead renderas="sect4">Recommended</bridgehead>
-    <para role="recommended"><xref linkend="sqlite"/> (internal sqlite is
-    incompatable with existing or future installations)</para>
-
-
-    <para condition="html" role="usernotes">User Notes:
-    <ulink url="&blfs-wiki;/nss"/></para>
-
+    <para role="recommended">
+      <xref linkend="sqlite"/> (internal <application>sqlite</application> is
+      incompatable with existing or future installations)
+    </para>
+
+
+    <para condition="html" role="usernotes">
+      User Notes: <ulink url="&blfs-wiki;/nss"/>
+    </para>
   </sect2>
 
@@ -88 +110 @@
     <title>Installation of NSS</title>
 
-    <para>Install <application>NSS</application> by running the following
-    commands:</para>
-
-<screen><userinput>bash
-[ $(arch) = x86_64 ] &amp;&amp; export USE_64=1
-export BUILD_OPT=1 &amp;&amp;
-cat /usr/include/sqlite3.h &amp;&gt; /dev/null &amp;&amp;
-export NSS_USE_SYSTEM_SQLITE=1
-export NSPR_INCLUDE_DIR=/usr/include/nspr &amp;&amp;
-export USE_SYSTEM_ZLIB=1 &amp;&amp;
-export ZLIB_LIBS=-lz &amp;&amp;
-patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
-make -C mozilla/security/nss nss_build_all</userinput></screen>
-
-    <para>If you wish to test the results, you'll need to set the domain name of
-    your system in the <envar>DOMSUF</envar> environment variable. Most of the
-    tests will fail if you don't provide the correct domain name. The voluminous
-    output will report how many of the several thousand tests passed, and if any
-    failed.  To review the details of any failures, you may wish to capture
-    stdout and stderr in a file.</para>
-
-    <para>To run the tests, ensure you change the
-    <command>export DOMSUF</command> command below to an appropriate value,
-    e.g., <parameter>mydomain.com</parameter> or, if you do not have any domain
-    in your <filename>/etc/hosts</filename> replace this with the developers'
-    recommendation of
-    <command>"export HOST=localhost DOMSUF=localdomain"</command> and issue the
-    following commands:</para>
+    <para>
+      Install <application>NSS</application> by running the following commands:
+    </para>
+
+<screen><userinput>patch -Np1 -i ../nss-&nss-version;-standalone-1.patch &amp;&amp;
+cd mozilla/security/nss &amp;&amp;
+make nss_build_all $([ $(arch) = x86_64 ] &amp;&amp; echo USE_64=1) BUILD_OPT=1 \
+  NSPR_INCLUDE_DIR=/usr/include/nspr USE_SYSTEM_ZLIB=1 ZLIB_LIBS=-lz \
+  $(cat /usr/include/sqlite3.h &amp;&gt; /dev/null &amp;&amp; echo NSS_USE_SYSTEM_SQLITE=1)</userinput></screen>
+
+    <para>This package does not come with a test suite.</para>
+<!--
+    <para>
+      If you wish to test the results, you'll need to set the domain name of
+      your system in the <envar>DOMSUF</envar> environment variable. Most of the
+      tests will fail if you don't provide the correct domain name. The
+      voluminous output will report how many of the several thousand tests
+      passed, and if any failed.  To review the details of any failures, you may
+      wish to capture stdout and stderr in a file.
+    </para>
+
+    <para>
+      To run the tests, ensure you change the <command>export DOMSUF</command>
+      command below to an appropriate value, e.g.,
+      <parameter>mydomain.com</parameter> or, if you do not have any domain in
+      your <filename>/etc/hosts</filename> replace this with the developers'
+      recommendation of
+      <command>"export HOST=localhost DOMSUF=localdomain"</command> and issue
+      the following commands:
+    </para>
 
 <screen><userinput>bash
@@ -131 +155 @@
 
 exit</userinput></screen>
-
-    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
-
-<screen role="root"><userinput>export NSS_LINUXDIR=$(basename `ls -d $PWD/mozilla/dist/Linux*`) &amp;&amp;
-cd mozilla/dist &amp;&amp;
-install -v -m755 $NSS_LINUXDIR/lib/*.so /usr/lib &amp;&amp;
-install -v -m644 $NSS_LINUXDIR/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
+-->
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
+
+<screen role="root"><userinput>cd ../../dist &amp;&amp;
+install -v -m755 Linux*/lib/*.so /usr/lib &amp;&amp;
+install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib &amp;&amp;
 install -v -m755 -d /usr/include/nss &amp;&amp;
-install -v -m755 $NSS_LINUXDIR/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
-install -v -m644 $NSS_LINUXDIR/lib/pkgconfig/nss.pc /usr/lib/pkgconfig &amp;&amp;
+install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &amp;&amp;
+install -v -m644 Linux*/lib/pkgconfig/nss.pc /usr/lib/pkgconfig &amp;&amp;
 cp -v -RL {public,private}/nss/* /usr/include/nss &amp;&amp;
 chmod 644 /usr/include/nss/*</userinput></screen>
-
-    <para>Now as the unprivileged user, exit the <command>bash</command>
-    shell started at the beginning of the installation to restore the
-    environment to the original state.</para>
-
-<screen><userinput>exit</userinput></screen>
-
   </sect2>
 
@@ -155 +173 @@
     <title>Command Explanations</title>
 
-    <para><command>bash</command>: Shells are started as many environment
-    variables are created during the installation process. Exiting the shells
-    serves the purpose of restoring the environment and returning back to the
-    original directory when the installation is complete.</para>
-
-    <para><command>[ $(arch) = x86_64 ] &amp;&amp; export USE_64=1</command>:
-    This command is <emphasis>required on x86_64</emphasis>, otherwise the
-    build will attempt to create 32-bit objects and fail in a non-multilib
-    system. The [ $(arch) = x86_64 ] test ensures it has no effect on a 32 bit
-    system.</para>
-
-    <para><command>cat /usr/include/sqlite3.h ... </command>: tests if
-    <application>sqlite</application> is installed and if so it sets the
-    environment variable NSS_USE_SYSTEM_SQLITE=1 so that
-    <filename class="libraryfile">libsoftokn3.so</filename> will link against
-    the system version of sqlite.</para>
-
-    <para><command>export BUILD_OPT=1</command>: This variable is set so that
-    the build is performed with no debugging symbols built into the binaries
-    and that the default compiler optimizations are used.</para>
-
-    <para><command>export NSPR_INCLUDE_DIR=/usr/include/nspr</command>: This
-    command sets the location of the nspr headers.</para>
-
-    <para><command>export USE_SYSTEM_ZLIB=1</command>: This command ensures that
-    the system installed library is used instead of the in-tree version.</para>
-
-    <para><command>export ZLIB_LIBS=-lz</command>: This command provides the
-    needed linker flags to link to the system zlib.</para>
-
-    <para><command>export NSS_LINUXDIR=...</command>: This variable is set so
-    that the exact name of the architecture specific directories where the
-    binaries are stored in the source tree can be determined.</para>
-
-    <para><command>make -C mozilla/security/nss nss_build_all</command>: This
-    command builds the <application>NSS</application> libraries and creates a
-    <filename class='directory'>dist</filename> directory which houses all the
-    programs, libraries and interface headers. None of the programs created by
-    this process are installed onto the system using the default instructions
-    (except for <application>nss-config</application>).  If you need any of
-    these programs installed, you can find them in the
-    <filename class='directory'>mozilla/*.OBJ/dist/bin</filename> directory of
-    the source tree.</para>
-
-    <para><command>sed -i 's/gmake/make/' common/init.sh</command>: This
-    command changes the command used to compile some test programs.</para>
-
+    <para>
+      <parameter>[ $(arch) = x86_64 ] &amp;&amp; echo USE_64=1</parameter>:
+      This option is <emphasis>required on x86_64</emphasis>, otherwise the
+      <command>make</command> will attempt to create 32-bit objects and in a
+      non-multilib system it will fail. The [ $(arch) = x86_64 ] test ensures it
+      has no effect on a 32 bit system.
+    </para>
+
+    <para>
+      <command>cat /usr/include/sqlite3.h ... </command>: This tests if
+      <application>sqlite</application> is installed and if so it
+      <command>echo</command>s the option NSS_USE_SYSTEM_SQLITE=1 to
+      <command>make</command> so that
+      <filename class="libraryfile">libsoftokn3.so</filename> will link against
+      the system version of sqlite.
+    </para>
+
+    <para>
+      <parameter>BUILD_OPT=1</parameter>: This option is passed to
+      <command>make</command> so that the build is performed with no debugging
+      symbols built into the binaries and the default compiler optimizations are
+      used.
+    </para>
+
+    <para>
+      <parameter>NSPR_INCLUDE_DIR=/usr/include/nspr</parameter>: This option 
+      sets the location of the nspr headers.
+    </para>
+
+    <para>
+      <parameter>USE_SYSTEM_ZLIB=1</parameter>: This option is passed to
+      <command>make</command> to ensure that the
+      <filename class="libraryfile">libssl3.so</filename> library is linked to
+      the system installed <application>zlib</application> instead of the
+      in-tree version.
+    </para>
+
+    <para>
+      <parameter>ZLIB_LIBS=-lz</parameter>: This option provides the
+      linker flags needed to link to the system <application>zlib</application>.
+    </para>
   </sect2>
 
@@ -213 +225 @@
 
       <seglistitem>
-        <seg>nss-config</seg>
-        <seg>libcrmf.a, libfreebl3.so, libnss3.so, libnssckbi.so,
-        libnssdbm3.so, libnssutil3.so, libsmime3.so, libsoftokn3.so
-        and libssl3.so</seg>
+        <seg>certutil, nss-config and pk12util</seg>
+        <seg>
+          libcrmf.a, libfreebl3.so, libnss3.so, libnssckbi.so, libnssdbm3.so,
+          libnssutil3.so, libsmime3.so, libsoftokn3.so and libssl3.so
+        </seg>
         <seg>/usr/include/nss</seg>
       </seglistitem>
@@ -226 +239 @@
       <?dbhtml list-presentation="table"?>
 
+      <varlistentry id="certutil">
+        <term><command>certutil</command></term>
+        <listitem>
+          <para>
+            is the Mozilla Certificate Database Tool. It is a command-line
+            utility that can create and modify the Netscape Communicator
+            cert8.db and key3.db database files. It can also list, generate,
+            modify, or delete certificates within the cert8.db file and create
+            or change the password, generate new public and private key pairs,
+            display the contents of the key database, or delete key pairs within
+            the key3.db file.
+          </para>
+          <indexterm zone="nss certutil">
+            <primary sortas="b-certutil">certutil</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
       <varlistentry id="nss-config">
         <term><command>nss-config</command></term>
         <listitem>
-          <para>is used to determine the NSS library settings
-          of the installed NSS libraries.</para>
+          <para>
+            is used to determine the NSS library settings of the installed NSS
+            libraries.
+          </para>
           <indexterm zone="nss nss-config">
             <primary sortas="b-nss-config">nss-config</primary>
@@ -236 +269 @@
         </listitem>
       </varlistentry>
+
+      <varlistentry id="pk12util">
+        <term><command>pk12util</command></term>
+        <listitem>
+          <para>
+            is a tool for importing certificates and keys from pkcs #12 files
+            into NSS or exporting them. It can also list certificates and keys
+            in such files. 
+          </para>
+          <indexterm zone="nss pk12util">
+            <primary sortas="b-pk12util">pk12util</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
     </variablelist>
-
-  </sect2>
-
+  </sect2>
 </sect1>