nss: add nss-tools

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2026-04-30 07:28:39 +01:00 · 2019-04-06 15:08:47 +03:00
parent b154bbc66e
commit b75c860fac
7 changed files with 494 additions and 0 deletions
@@ -0,0 +1,138 @@
+#
+# Copyright (C) 2019 Lucian Cristian
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nss
+PKG_VERSION:=3.43
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
+PKG_LICENCE:=MPL-2.0
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= \
+    https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \
+    https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src
+PKG_HASH:=f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca
+
+PKG_BUILD_PARALLEL:=0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libnss
+  SECTION:=libs
+  SUBMENU:=SSL
+  CATEGORY:=Libraries
+  TITLE:=Mozilla's SSL and TLS implementation
+  URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+  DEPENDS:=+libpthread +librt +libsqlite3 +nspr
+endef
+
+define Package/nss-utils
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Utilities for Mozilla's SSL and TLS implementation
+  URL:=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+  DEPENDS:=+libnss
+endef
+
+define Package/libnss/description
+  Network Security Services (NSS) is a set of libraries designed to support 
+  cross-platform development of security-enabled client and server applications.
+  Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
+  PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
+endef
+
+CONFIGURE_PATH = ./nss
+MAKE_PATH = ./nss
+
+LBITS = $(shell $(TARGET_CC) -dM -E - </dev/null | grep -q "__LP64__" && echo 64 || echo 32)
+
+ifeq ($(LBITS),64)
+    export USE_64=1
+endif
+
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
+export CROSS_COMPILE=1
+export BUILD_OPT=1
+export NATIVE_CC=$(HOSTCC)
+export NATIVE_FLAGS=$(HOST_CFLAGS)
+export NSS_ENABLE_WERROR=0
+export NSS_DISABLE_GTESTS=1
+export NSS_USE_SYSTEM_SQLITE=1
+export OS_TARGET=Linux
+export OS_ARCH=Linux
+export OS_TEST=$(ARCH)
+export CPU_ARCH=$(ARCH)
+export fpic=$(FPIC)
+export NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr
+export SEED_ONLY_DEV_URANDOM=1
+export OS_REL_CFLAGS=$(TARGET_CFLAGS)
+export NS_USE_GCC=1
+#size optimisation, seems to not impact speed
+export NSS_DISABLE_DBM=1
+export NSS_PKIX_NO_LDAP=1
+export ALLOW_OPT_CODE_SIZE=1
+export OPT_CODE_SIZE=1
+
+#native compile nsinstall
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	USE_NATIVE=1 OS_REL_CFLAGS="$(HOST_CFLAGS)" LDFLAGS="$(HOST_LDFLAGS)" CC="$(HOSTCC)" \
+	    $(MAKE) -C $(PKG_BUILD_DIR)/nss/coreconf/nsinstall
+#	$(if $(CONFIG_LIBC_USE_GLIBC),, \
+#		$(SED) '/-DHAVE_SYS_CDEFS_H/d' $(PKG_BUILD_DIR)/nss/lib/dbm/config/config.mk)
+endef
+
+define Package/libnss/conffiles
+/etc/pki/nssdb
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) \
+	 $(1)/usr/include/nss \
+	 $(1)/usr/lib \
+	 $(1)/usr/lib/pkgconfig
+	$(FIND) $(PKG_BUILD_DIR)/nss  -type f -name *.h \
+	    -exec $(CP) -a {} $(1)/usr/include/nss/ \;
+	$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.so \
+	    -exec $(CP) -a {} $(1)/usr/lib/ \;
+	$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.pc \
+	    -exec $(CP) -a {} $(1)/usr/lib/pkgconfig/ \;
+endef
+
+define Package/nss-utils/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/bin
+	$(CP) $(PKG_BUILD_DIR)/nss/cmd/certutil/build_dir/certutil $(1)/usr/bin
+	$(CP) $(PKG_BUILD_DIR)/nss/cmd/pk12util/build_dir/pk12util $(1)/usr/bin
+endef
+
+#for now pack only libreswan needed libs
+define Package/libnss/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/lib \
+	 $(1)/etc/pki/nssdb \
+	 $(1)/etc/ipsec.d
+
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/nss/build_dir/libnss3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/smime/build_dir/libsmime3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/ssl/build_dir/libssl3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/util/build_dir/libnssutil3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/softoken/build_dir/libsoftokn3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/freebl/build_dir/$(OS_TARGET)_SINGLE_SHLIB/libfreeblpriv3.so $(1)/usr/lib/
+#	Pprovide databases with a blank certificate
+	$(CP)	./files/blank-cert9.db $(1)/etc/pki/nssdb/cert9.db
+	$(CP)	./files/blank-key4.db $(1)/etc/pki/nssdb/key4.db
+	$(CP)	./files/system-pkcs11.txt $(1)/etc/pki/nssdb/pkcs11.txt
+	ln -s /etc/pki/nssdb/cert9.db $(1)/etc/ipsec.d/cert9.db
+	ln -s /etc/pki/nssdb/key4.db $(1)/etc/ipsec.d/key4.db
+	ln -s /etc/pki/nssdb/pkcs11.txt $(1)/etc/ipsec.d/pkcs11.txt
+endef
+
+$(eval $(call BuildPackage,nss-utils))
+$(eval $(call BuildPackage,libnss))