diff options
| -rw-r--r-- | libs/nss/Makefile | 138 | ||||
| -rw-r--r-- | libs/nss/files/blank-cert9.db | bin | 0 -> 28672 bytes | |||
| -rw-r--r-- | libs/nss/files/blank-key4.db | bin | 0 -> 36864 bytes | |||
| -rw-r--r-- | libs/nss/files/system-pkcs11.txt | 5 | ||||
| -rw-r--r-- | libs/nss/patches/001-nss_standalone.patch | 247 | ||||
| -rw-r--r-- | libs/nss/patches/002-os_test.patch | 18 | ||||
| -rw-r--r-- | libs/nss/patches/003-openwrt_fix.patch | 86 |
7 files changed, 494 insertions, 0 deletions
diff --git a/libs/nss/Makefile b/libs/nss/Makefile new file mode 100644 index 000000000..724af3893 --- /dev/null +++ b/libs/nss/Makefile @@ -0,0 +1,138 @@ +# +# Copyright (C) 2019 Lucian Cristian +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +include $(TOPDIR)/rules.mk + +PKG_NAME:=nss +PKG_VERSION:=3.43 +PKG_RELEASE:=1 +PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com> +PKG_LICENCE:=MPL-2.0 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:= \ + https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \ + https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src +PKG_HASH:=f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca + +PKG_BUILD_PARALLEL:=0 + +include $(INCLUDE_DIR)/package.mk + +define Package/libnss + SECTION:=libs + SUBMENU:=SSL + CATEGORY:=Libraries + TITLE:=Mozilla's SSL and TLS implementation + URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS + DEPENDS:=+libpthread +librt +libsqlite3 +nspr +endef + +define Package/nss-utils + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Utilities for Mozilla's SSL and TLS implementation + URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS + DEPENDS:=+libnss +endef + +define Package/libnss/description + Network Security Services (NSS) is a set of libraries designed to support + cross-platform development of security-enabled client and server applications. + Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, + PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards. +endef + +CONFIGURE_PATH = ./nss +MAKE_PATH = ./nss + +LBITS = $(shell $(TARGET_CC) -dM -E - </dev/null | grep -q "__LP64__" && echo 64 || echo 32) + +ifeq ($(LBITS),64) + export USE_64=1 +endif + +TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed + +export CROSS_COMPILE=1 +export BUILD_OPT=1 +export NATIVE_CC=$(HOSTCC) +export NATIVE_FLAGS=$(HOST_CFLAGS) +export NSS_ENABLE_WERROR=0 +export NSS_DISABLE_GTESTS=1 +export NSS_USE_SYSTEM_SQLITE=1 +export OS_TARGET=Linux +export OS_ARCH=Linux +export OS_TEST=$(ARCH) +export CPU_ARCH=$(ARCH) +export fpic=$(FPIC) +export NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr +export SEED_ONLY_DEV_URANDOM=1 +export OS_REL_CFLAGS=$(TARGET_CFLAGS) +export NS_USE_GCC=1 +#size optimisation, seems to not impact speed +export NSS_DISABLE_DBM=1 +export NSS_PKIX_NO_LDAP=1 +export ALLOW_OPT_CODE_SIZE=1 +export OPT_CODE_SIZE=1 + +#native compile nsinstall +define Build/Prepare + $(call Build/Prepare/Default) + USE_NATIVE=1 OS_REL_CFLAGS="$(HOST_CFLAGS)" LDFLAGS="$(HOST_LDFLAGS)" CC="$(HOSTCC)" \ + $(MAKE) -C $(PKG_BUILD_DIR)/nss/coreconf/nsinstall +# $(if $(CONFIG_LIBC_USE_GLIBC),, \ +# $(SED) '/-DHAVE_SYS_CDEFS_H/d' $(PKG_BUILD_DIR)/nss/lib/dbm/config/config.mk) +endef + +define Package/libnss/conffiles +/etc/pki/nssdb +endef + +define Build/InstallDev + $(INSTALL_DIR) \ + $(1)/usr/include/nss \ + $(1)/usr/lib \ + $(1)/usr/lib/pkgconfig + $(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.h \ + -exec $(CP) -a {} $(1)/usr/include/nss/ \; + $(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.so \ + -exec $(CP) -a {} $(1)/usr/lib/ \; + $(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.pc \ + -exec $(CP) -a {} $(1)/usr/lib/pkgconfig/ \; +endef + +define Package/nss-utils/install + $(INSTALL_DIR) \ + $(1)/usr/bin + $(CP) $(PKG_BUILD_DIR)/nss/cmd/certutil/build_dir/certutil $(1)/usr/bin + $(CP) $(PKG_BUILD_DIR)/nss/cmd/pk12util/build_dir/pk12util $(1)/usr/bin +endef + +#for now pack only libreswan needed libs +define Package/libnss/install + $(INSTALL_DIR) \ + $(1)/usr/lib \ + $(1)/etc/pki/nssdb \ + $(1)/etc/ipsec.d + + $(CP) $(PKG_BUILD_DIR)/nss/lib/nss/build_dir/libnss3.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/nss/lib/smime/build_dir/libsmime3.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/nss/lib/ssl/build_dir/libssl3.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/nss/lib/util/build_dir/libnssutil3.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/nss/lib/softoken/build_dir/libsoftokn3.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/nss/lib/freebl/build_dir/$(OS_TARGET)_SINGLE_SHLIB/libfreeblpriv3.so $(1)/usr/lib/ +# Pprovide databases with a blank certificate + $(CP) ./files/blank-cert9.db $(1)/etc/pki/nssdb/cert9.db + $(CP) ./files/blank-key4.db $(1)/etc/pki/nssdb/key4.db + $(CP) ./files/system-pkcs11.txt $(1)/etc/pki/nssdb/pkcs11.txt + ln -s /etc/pki/nssdb/cert9.db $(1)/etc/ipsec.d/cert9.db + ln -s /etc/pki/nssdb/key4.db $(1)/etc/ipsec.d/key4.db + ln -s /etc/pki/nssdb/pkcs11.txt $(1)/etc/ipsec.d/pkcs11.txt +endef + +$(eval $(call BuildPackage,nss-utils)) +$(eval $(call BuildPackage,libnss)) diff --git a/libs/nss/files/blank-cert9.db b/libs/nss/files/blank-cert9.db Binary files differnew file mode 100644 index 000000000..7d4bcf258 --- /dev/null +++ b/libs/nss/files/blank-cert9.db diff --git a/libs/nss/files/blank-key4.db b/libs/nss/files/blank-key4.db Binary files differnew file mode 100644 index 000000000..d47f08d04 --- /dev/null +++ b/libs/nss/files/blank-key4.db diff --git a/libs/nss/files/system-pkcs11.txt b/libs/nss/files/system-pkcs11.txt new file mode 100644 index 000000000..1a264e9cc --- /dev/null +++ b/libs/nss/files/system-pkcs11.txt @@ -0,0 +1,5 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/libs/nss/patches/001-nss_standalone.patch b/libs/nss/patches/001-nss_standalone.patch new file mode 100644 index 000000000..eb3b6fd00 --- /dev/null +++ b/libs/nss/patches/001-nss_standalone.patch @@ -0,0 +1,247 @@ +Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> +Date: 2016-12-27 +Initial Package Version: 3.12.4 +Upstream Status: Not applicable +Origin: Self, rediffed for nss-3.28. +Description: Adds auto-generated nss.pc and nss-config script, and + allows building without nspr in the source tree. + For 3.40.1, Requires: updated to nspr >= 4.20. + +diff -Naurp nss-3.28-orig/nss/Makefile nss-3.28/nss/Makefile +--- nss-3.28-orig/nss/Makefile 2016-12-21 05:56:27.000000000 -0600 ++++ nss-3.28/nss/Makefile 2016-12-26 22:24:52.695146032 -0600 +@@ -46,7 +46,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk + # (7) Execute "local" rules. (OPTIONAL). # + ####################################################################### + +-nss_build_all: build_nspr all latest ++nss_build_all: all latest + + nss_clean_all: clobber_nspr clobber + +diff -Naurp nss-3.28-orig/nss/config/Makefile nss-3.28/nss/config/Makefile +--- nss-3.28-orig/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600 ++++ nss-3.28/nss/config/Makefile 2016-12-26 22:20:40.008205774 -0600 +@@ -0,0 +1,40 @@ ++CORE_DEPTH = .. ++DEPTH = .. ++ ++include $(CORE_DEPTH)/coreconf/config.mk ++ ++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` ++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` ++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` ++PREFIX = /usr ++ ++all: export libs ++ ++export: ++ # Create the nss.pc file ++ mkdir -p $(DIST)/lib/pkgconfig ++ sed -e "s,@prefix@,$(PREFIX)," \ ++ -e "s,@exec_prefix@,\$${prefix}," \ ++ -e "s,@libdir@,\$${prefix}/lib," \ ++ -e "s,@includedir@,\$${prefix}/include/nss," \ ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ ++ nss.pc.in > nss.pc ++ chmod 0644 nss.pc ++ ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig ++ ++ # Create the nss-config script ++ mkdir -p $(DIST)/bin ++ sed -e "s,@prefix@,$(PREFIX)," \ ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ ++ nss-config.in > nss-config ++ chmod 0755 nss-config ++ ln -sf ../../../nss/config/nss-config $(DIST)/bin ++ ++libs: ++ ++dummy: all export libs ++ +diff -Naurp nss-3.28-orig/nss/config/nss-config.in nss-3.28/nss/config/nss-config.in +--- nss-3.28-orig/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600 ++++ nss-3.28/nss/config/nss-config.in 2016-12-26 22:20:40.008205774 -0600 +@@ -0,0 +1,153 @@ ++#!/bin/sh ++ ++prefix=@prefix@ ++ ++major_version=@NSS_MAJOR_VERSION@ ++minor_version=@NSS_MINOR_VERSION@ ++patch_version=@NSS_PATCH_VERSION@ ++ ++usage() ++{ ++ cat <<EOF ++Usage: nss-config [OPTIONS] [LIBRARIES] ++Options: ++ [--prefix[=DIR]] ++ [--exec-prefix[=DIR]] ++ [--includedir[=DIR]] ++ [--libdir[=DIR]] ++ [--version] ++ [--libs] ++ [--cflags] ++Dynamic Libraries: ++ nss ++ nssutil ++ smime ++ ssl ++ softokn ++EOF ++ exit $1 ++} ++ ++if test $# -eq 0; then ++ usage 1 1>&2 ++fi ++ ++lib_nss=yes ++lib_nssutil=yes ++lib_smime=yes ++lib_ssl=yes ++lib_softokn=yes ++ ++while test $# -gt 0; do ++ case "$1" in ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; ++ *) optarg= ;; ++ esac ++ ++ case $1 in ++ --prefix=*) ++ prefix=$optarg ++ ;; ++ --prefix) ++ echo_prefix=yes ++ ;; ++ --exec-prefix=*) ++ exec_prefix=$optarg ++ ;; ++ --exec-prefix) ++ echo_exec_prefix=yes ++ ;; ++ --includedir=*) ++ includedir=$optarg ++ ;; ++ --includedir) ++ echo_includedir=yes ++ ;; ++ --libdir=*) ++ libdir=$optarg ++ ;; ++ --libdir) ++ echo_libdir=yes ++ ;; ++ --version) ++ echo ${major_version}.${minor_version}.${patch_version} ++ ;; ++ --cflags) ++ echo_cflags=yes ++ ;; ++ --libs) ++ echo_libs=yes ++ ;; ++ nss) ++ lib_nss=yes ++ ;; ++ nssutil) ++ lib_nssutil=yes ++ ;; ++ smime) ++ lib_smime=yes ++ ;; ++ ssl) ++ lib_ssl=yes ++ ;; ++ softokn) ++ lib_softokn=yes ++ ;; ++ *) ++ usage 1 1>&2 ++ ;; ++ esac ++ shift ++done ++ ++# Set variables that may be dependent upon other variables ++if test -z "$exec_prefix"; then ++ exec_prefix=`pkg-config --variable=exec_prefix nss` ++fi ++if test -z "$includedir"; then ++ includedir=`pkg-config --variable=includedir nss` ++fi ++if test -z "$libdir"; then ++ libdir=`pkg-config --variable=libdir nss` ++fi ++ ++if test "$echo_prefix" = "yes"; then ++ echo $prefix ++fi ++ ++if test "$echo_exec_prefix" = "yes"; then ++ echo $exec_prefix ++fi ++ ++if test "$echo_includedir" = "yes"; then ++ echo $includedir ++fi ++ ++if test "$echo_libdir" = "yes"; then ++ echo $libdir ++fi ++ ++if test "$echo_cflags" = "yes"; then ++ echo -I$includedir ++fi ++ ++if test "$echo_libs" = "yes"; then ++ libdirs="-L$libdir" ++ if test -n "$lib_nss"; then ++ libdirs="$libdirs -lnss${major_version}" ++ fi ++ if test -n "$lib_nssutil"; then ++ libdirs="$libdirs -lnssutil${major_version}" ++ fi ++ if test -n "$lib_smime"; then ++ libdirs="$libdirs -lsmime${major_version}" ++ fi ++ if test -n "$lib_ssl"; then ++ libdirs="$libdirs -lssl${major_version}" ++ fi ++ if test -n "$lib_softokn"; then ++ libdirs="$libdirs -lsoftokn${major_version}" ++ fi ++ echo $libdirs ++fi ++ +diff -Naurp nss-3.28-orig/nss/config/nss.pc.in nss-3.28/nss/config/nss.pc.in +--- nss-3.28-orig/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600 ++++ nss-3.28/nss/config/nss.pc.in 2016-12-26 22:22:53.300694346 -0600 +@@ -0,0 +1,12 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: NSS ++Description: Network Security Services ++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ ++Requires: nspr >= 4.20 ++Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@ ++Cflags: -I${includedir} ++ +diff -Naurp nss-3.28-orig/nss/manifest.mn nss-3.28/nss/manifest.mn +--- nss-3.28-orig/nss/manifest.mn 2016-12-21 05:56:27.000000000 -0600 ++++ nss-3.28/nss/manifest.mn 2016-12-26 22:24:12.278991843 -0600 +@@ -10,4 +10,4 @@ IMPORTS = nspr20/v4.8 \ + + RELEASE = nss + +-DIRS = coreconf lib cmd cpputil gtests ++DIRS = coreconf lib cmd cpputil gtests config diff --git a/libs/nss/patches/002-os_test.patch b/libs/nss/patches/002-os_test.patch new file mode 100644 index 000000000..ce2b683d1 --- /dev/null +++ b/libs/nss/patches/002-os_test.patch @@ -0,0 +1,18 @@ +--- a/nss/coreconf/arch.mk 2019-04-01 22:20:32.470080052 +0300 ++++ b/nss/coreconf/arch.mk 2019-04-01 22:21:01.730987548 +0300 +@@ -20,13 +20,13 @@ + # Macros for getting the OS architecture + # + +-OS_ARCH := $(subst /,_,$(shell uname -s)) ++OS_ARCH ?= $(subst /,_,$(shell uname -s)) + + # + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST ?= $(shell uname -m) + ifeq ($(OS_TEST),i86pc) + OS_RELEASE := $(shell uname -r)_$(OS_TEST) + else diff --git a/libs/nss/patches/003-openwrt_fix.patch b/libs/nss/patches/003-openwrt_fix.patch new file mode 100644 index 000000000..d4af64253 --- /dev/null +++ b/libs/nss/patches/003-openwrt_fix.patch @@ -0,0 +1,86 @@ +--- a/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:14.797053528 +0300 ++++ b/nss/lib/dbm/src/dirent.h 2017-10-19 17:15:26.156310432 +0300 +@@ -30,7 +30,7 @@ + #define MAXNAMLEN FILENAME_MAX + + #else +-#include <param.h> ++#include <sys/param.h> + #endif + #endif + +--- a/nss/coreconf/rules.mk 2019-03-31 22:39:06.741609534 +0300 ++++ b/nss/coreconf/rules.mk 2019-03-31 22:36:13.260356949 +0300 +@@ -261,7 +261,7 @@ + ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) + $(AR) $(subst /,\\,$(OBJS)) + else +- $(AR) $(OBJS) ++ $(AR) rcs $@ $(OBJS) + endif + $(RANLIB) $@ + +--- a/nss/coreconf/arch.mk 2019-03-31 23:38:34.374931416 +0300 ++++ b/nss/coreconf/arch.mk 2019-03-31 23:38:44.667236102 +0300 +@@ -305,7 +305,7 @@ + OBJDIR_NAME_COMPILER = $(COMPILER_TAG) + endif + OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG) +-OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ ++OBJDIR_NAME = build_dir + + + ifeq (,$(filter-out WIN%,$(OS_TARGET))) +--- a/nss/coreconf/Linux.mk 2019-04-01 10:08:59.129269177 +0300 ++++ b/nss/coreconf/Linux.mk 2019-04-01 10:09:15.557782574 +0300 +@@ -139,6 +139,7 @@ + DEFINES += -D_REENTRANT + endif + ++ifndef USE_NATIVE + DSO_CFLAGS = -fPIC + DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections + # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) +@@ -149,6 +150,7 @@ + ZDEFS_FLAG = -Wl,-z,defs + DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) + LDFLAGS += $(ARCHFLAG) -z noexecstack ++endif + + # On Maemo, we need to use the -rpath-link flag for even the standard system + # library directories. +--- a/nss/coreconf/Linux.mk 2019-04-01 23:10:19.091912203 +0300 ++++ b/nss/coreconf/Linux.mk 2019-04-06 14:07:13.499169075 +0300 +@@ -140,7 +140,7 @@ + endif + + ifndef USE_NATIVE +-DSO_CFLAGS = -fPIC ++DSO_CFLAGS = $(fpic) + DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections + # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) + # incorrectly reports undefined references in the libraries we link with, so +--- a/nss/coreconf/Linux.mk 2019-04-06 20:25:36.431663894 +0300 ++++ b/nss/coreconf/Linux.mk 2019-04-06 20:26:23.397129525 +0300 +@@ -107,11 +107,6 @@ + endif + + ifdef BUILD_OPT +-ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) +- OPTIMIZER = -Os +-else +- OPTIMIZER = -O2 +-endif + ifdef MOZ_DEBUG_SYMBOLS + ifdef MOZ_DEBUG_FLAGS + OPTIMIZER += $(MOZ_DEBUG_FLAGS) +--- a/nss/coreconf/UNIX.mk 2019-04-06 20:34:24.284157646 +0300 ++++ b/nss/coreconf/UNIX.mk 2019-04-06 20:34:34.760485327 +0300 +@@ -10,7 +10,6 @@ + LDOPTS += -L$(SOURCE_LIB_DIR) + + ifdef BUILD_OPT +- OPTIMIZER += -O + DEFINES += -UDEBUG -DNDEBUG + else + OPTIMIZER += -g |