Upgraded nss to 3.72 via Alpine build method

2025-08-20 14:31:47 +00:00 · 2021-12-07 10:55:15 -06:00
parent fe45d5f0a6
commit 145392cb6d
5 changed files with 121 additions and 84 deletions
--- a/build-scripts/nss.build
+++ b/build-scripts/nss.build
@ -1,7 +1,8 @@
 #! /bin/bash

 # NSS 
-# Source: https://archive.mozilla.org/pub/security/nss/releases/NSS_3_69_RTM/src/nss-3.69.tar.gz
+# Source: https://archive.mozilla.org/pub/security/nss/releases/NSS_3_72_RTM/src/nss-3.72.tar.gz
+# Build Method: Alpine
 #
 # $BUILD = Directory to temporarily install
 # $PKGS  = Directory to store built packages
@ -11,91 +12,102 @@
 # Recommended:  NONE
 # Optional:     NONE

-patch -Np1 -i ../patches/nss-lfs/nss-3.69-standalone-1.patch &&
+# Respect LDFLAGS
+sed 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' -i nss/coreconf/rules.mk

-export NSS_VER=3.69
-export NSPR_VER=4.32
-export NS_USE_GCC=1
-export LIBRUNPATH=
+# Fix missing includes
+echo 'INCLUDES += -I../include' >> nss/lib/dbm/src/manifest.mn
+sed 's|-Ideprecated|-Ideprecated -I../util -I../softoken -I.|' -i nss/lib/freebl/Makefile
+echo 'INCLUDES += -I../util' >> nss/lib/sysinit/manifest.mn
+
+unset CFLAGS CXXFLAGS
+
+# Don't do a debug build
 export BUILD_OPT=1
+# Use -Os instead of -O2 where possible
+export OPT_CODE_SIZE=1
+# Explicitly link freebl lib with nspr
+export FREEBL_NO_DEPEND=0
 export NSS_USE_SYSTEM_SQLITE=1
-export NSS_ENABLE_WERROR=0
-export NSS_ENABLE_ECC=1
-export FREEBL_NO_DEPEND=1
-
-case $(uname -m) in
-	x86_64*)    export USE_64=1
-		    export NSS_DISABLE_AVX2=1
-		    ;;
-	  aarch64*) export USE_64=1
-		    ;;
-	    ppc*)   export NSS_DISABLE_ALTIVEC=1
-		    ;;
+export NSS_DISABLE_GTESTS=1
+# Disable deprecated cipher
+export NSS_DISABLE_DEPRECATED_SEED=1
+export NSS_DISABLE_DEPRECATED_RC2=1
+export NSPR_INCLUDE_DIR=$(pkg-config --cflags-only-I nspr | sed 's/-I//')
+export NSPR_LIB_DIR=$(pkg-config --libs-only-L nspr | sed 's/-L//')
+case "$CARCH" in
+	*64* | s390x) export USE_64=1;;
 esac

-sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
-    -i nss/coreconf/rules.mk
+# Build
+make -C nss/coreconf    && \
+make -C nss/lib/util    && \
+make -C nss/lib/dbm     && \
+make -C nss/lib/sysinit && \
+# "all" really doesn't build all targets, so we have to list the others we want above
+make -C nss all

-cd nss &&
+# Install pkgconfig files
+# Easier to run as super-user
+su 
+install -m755 -d ${BUILD}/usr/lib/pkgconfig
+install -m755 -d ${BUILD}/usr/bin
+install -m755 -d ${BUILD}/usr/include/nss/private
+mkdir -v ${BUILD}/install

-make  -C coreconf &&
+NSS_VMAJOR=$(awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h)
+NSS_VMINOR=$(awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h)
+NSS_VPATCH=$(awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h)

-export NSPR_INCLUDE_DIR=/usr/include/nspr &&
-export NSPR_LIB_DIR=/usr/lib &&
-make all
-
-unset NS_USE_GCC LIBRUNPATH BUILD_OPT NSS_USE_SYSTEM_SQLITE     &&
-unset NSS_ENABLE_WERROR NSS_ENABLE_ECC FREEBL_NO_DEPEND USE_64  &&
-unset USE_64 NSS_DISABLE_ALTIVEC NSPR_INCLUDE_DIR NSPR_LIB_DIR  &&
-
-read -p "Install?" &&
-
-sudo -S mkdir -pv ${BUILD}/usr/lib/pkgconfig &&
-sudo -S mkdir -pv ${BUILD}/usr/bin           &&
-sudo -S mkdir -pv ${BUILD}/usr/include/nss    &&
-sudo -S mkdir -pv ${BUILD}/install           &&
-
-
-export NSS_VMAJOR=$(grep "#define.*NSS_VMAJOR" lib/nss/nss.h | awk '{print $3}')
-export NSS_VMINOR=$(grep "#define.*NSS_VMINOR" lib/nss/nss.h | awk '{print $3}')
-export NSS_VPATCH=$(grep "#define.*NSS_VPATCH" lib/nss/nss.h | awk '{print $3}')
-
-sed ../../files/nss-void/nss.pc.in \
-	-e "s,%libdir%,/usr/lib,g" \
-	-e "s,%prefix%,/usr,g" \
-	-e "s,%exec_prefix%,/usr/bin,g" \
-	-e "s,%includedir%,/usr/include/nss,g" \
-	-e "s,%NSPR_VERSION%,${NSS_VER},g" \
-	-e "s,%NSS_VERSION%,${NSPR_VER},g" > \
-	${BUILD}/usr/lib/pkgconfig/nss.pc &&
-ln -sf nss.pc ${BUILD}/usr/lib/pkgconfig/mozilla-nss.pc &&
-chmod 644 ${BUILD}/usr/lib/pkgconfig/*.pc &&
-
-sed ../../files/nss-void/nss-config.in \
-         -e "s,@libdir@,/usr/lib,g" \
-	 -e "s,@prefix@,/usr/bin,g" \
-	 -e "s,@exec_prefix@,/usr/bin,g" \
-	 -e "s,@includedir@,/usr/include/nss,g" \
-	 -e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
-	 -e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
-	 -e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
-	 > ${BUILD}/usr/bin/nss-config &&
-chmod 755 ${BUILD}/usr/bin/nss-config  &&
-
-for f in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
-	libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so; do
-	install -m755 ../dist/*.OBJ/lib/${f} ${BUILD}/usr/lib
+for pc in nss nss-util nss-softoken; do
+	sed ../../files/nss-alpine/${pc}.in \
+		-e "s,%libdir%,/usr/lib,g" \
+		-e "s,%prefix%,/usr,g" \
+		-e "s,%exec_prefix%,/usr/bin,g" \
+		-e "s,%includedir%,/usr/include/nss,g" \
+		-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
+		-e "s,%NSPR_VERSION%,$pkgver,g" \
+		-e "s,%NSS_VERSION%,$pkgver,g" \
+		-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
+		> ${BUILD}/usr/lib/pkgconfig/${pc}.pc
 done

-install -m644 ../dist/*.OBJ/lib/libcrmf.a ${BUILD}/usr/lib &&
-for f in certutil cmsutil crlutil modutil pk12util shlibsign \
-	signtool signver ssltap; do
-        install -m755 ../dist/*.OBJ/bin/${f} ${BUILD}/usr/bin
+ln -svf nss.pc ${BUILD}/usr/lib/pkgconfig/mozilla-nss.pc
+chmod -v 644   ${BUILD}/usr/lib/pkgconfig/*.pc
+
+# Install nss-config
+sed ../../files/nss-alpine/nss-config.in \
+	-e "s,@libdir@,/usr/lib,g" \
+	-e "s,@prefix@,/usr/bin,g" \
+	-e "s,@exec_prefix@,/usr/bin,g" \
+	-e "s,@includedir@,/usr/include/nss,g" \
+	-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
+	-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
+	-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
+	> ${BUILD}/usr/bin/nss-config
+chmod -v 755 ${BUILD}/usr/bin/nss-config
+
+# Install libraries
+install -m644 dist/*.OBJ/lib/*.a   ${BUILD}/usr/lib/
+install -m644 dist/*.OBJ/lib/*.chk ${BUILD}/usr/lib/
+
+for file in certutil cmsutil crlutil modutil pk12util shlibsign signtool signver ssltap; do
+	install -m755 dist/*.OBJ/bin/$file ${BUILD}/usr/bin/
 done

-install -m644 ../dist/public/nss/*.h ${BUILD}/usr/include/nss &&
-unset NSS_ENABLE_ECC _target BUILD_OPT NSS_USE_SYSTEM_SQLITE NSS_ENABLE_WERROR &&
-unset FREEBL_NO_DEPEND NSS_VER NSPR_VER &&
+install -m644 dist/public/nss/*.h ${BUILD}/usr/include/nss/
+install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h ${BUILD}/usr/include/nss/private/
+
+# ???
+#	local minor=${pkgver#*.}
+#	minor=${minor%.*}
+#	for file in $(find dist/*.OBJ/lib -name "*.so"); do
+#		install -m755 $file \
+#			${BUILD}/usr/lib/${file##*/}.$minor
+#		ln -s ${file##*/}.$minor ${BUILD}/usr/lib/${file##*/}
+#	done
+## ???
+
 cd $BUILD &&
 cat > /tmp/slack-desc << "EOF"
 # HOW TO EDIT THIS FILE:
@ -108,15 +120,18 @@ cat > /tmp/slack-desc << "EOF"
   |-----handy-ruler------------------------------------------------------|
 nss: nss (Network Security Services)
 nss:
-nss: The Network Security Services (NSS) package is a set of libraries 
-nss: designed to support cross-platform development of security-enabled 
-nss: client and server applications. Applications built with NSS can 
-nss: support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, 
-nss: S/MIME, X.509 v3 certificates, and other security standards. This is 
-nss: useful for implementing SSL and S/MIME or other Internet security 
+nss: The Network Security Services (NSS) package is a set of libraries
+nss: designed to support cross-platform development of security-enabled
+nss: client and server applications. Applications built with NSS can
+nss: support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
+nss: S/MIME, X.509 v3 certificates, and other security standards. This is
+nss: useful for implementing SSL and S/MIME or other Internet security
 nss: standards into an application.
 nss:
 EOF
-sudo -S mv -v /tmp/slack-desc install/ &&
-sudo -S makepkg -l y -c n $PKGS/nss-3.69-$(uname -m)-mlfs.txz &&
-sudo -S rm -rf ${BUILD}/*
+mv -v /tmp/slack-desc install/ &&
+makepkg -l y -c n $PKGS/nss-3.72-$(uname -m)-mlfs.txz &&
+rm -rf ${BUILD}/*
+
+# Exit super user
+exit
--- a/files/nss-alpine/nss-config.in
+++ b/files/nss-alpine/nss-config.in
--- a/files/nss-alpine/nss-softokn.pc.in
+++ b/files/nss-alpine/nss-softokn.pc.in
@ -0,0 +1,11 @@
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS-SOFTOKN
+Description: Network Security Services Softoken PKCS #11 Module
+Version: %SOFTOKEN_VERSION%
+Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
+Libs: -lfreebl3 -lnssdbm3 -lsoftokn3
+Cflags: -I${includedir}/private
--- a/files/nss-alpine/nss-util.pc.in
+++ b/files/nss-alpine/nss-util.pc.in
@ -0,0 +1,11 @@
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS-UTIL
+Description: Network Security Services Utility Library
+Version: %NSSUTIL_VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -L${libdir} -lnssutil3
+Cflags: -I${includedir}
--- a/files/nss-alpine/nss.pc.in
+++ b/files/nss-alpine/nss.pc.in
@ -7,5 +7,5 @@ Name: NSS
 Description: Network Security Services
 Version: %NSS_VERSION%
 Requires: nspr >= %NSPR_VERSION%
-Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
 Cflags: -I${includedir}