Gaming Linux® From Scratch (System V Edition) - Version #8c24

Chapter 3. Networking

NSS-3.115

Introduction to NSS

The Network Security Services (NSS) package is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This is useful for implementing SSL and S/MIME or other Internet security standards into an application.

[Note]

Note

This may take a while to build. Feel free to do something else while this is building.

Additional Downloads

NSS Dependencies

Required

NSPR-4.37

Recommended

SQLite-3.50.4 (required for Firefox; make sure to reinstall Python-3.13.7)

Installation of NSS

[Important]

Important

If you're rebuilding NSS and you have not installed SQLite-3.50.4, run the following command to remove a problematic library as the root user: 

sqlite3 --version > /dev/null 2>&1 || 
if [ -f /usr/lib/libsqlite3.so ]; then
  rm -vf /usr/lib/libsqlite3.*
fi

Install NSS by running the following commands: 

patch -Np1 -i ../nss-standalone-1.patch &&

cd nss &&

make BUILD_OPT=1                     \
  NSPR_INCLUDE_DIR=/usr/include/nspr \
  USE_SYSTEM_ZLIB=1                  \
  ZLIB_LIBS=-lz                      \
  NSS_ENABLE_WERROR=0                \
  USE_64=1                           \
  $([ -f /usr/lib/libsqlite3.so ] && echo NSS_USE_SYSTEM_SQLITE=1)

Now, as the root user: 

cd ../dist                                                          &&

install -v -m755 Linux*/lib/*.so              /usr/lib              &&
install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib              &&

install -v -m755 -d                           /usr/include/nss      &&
cp -v -RL {public,private}/nss/*              /usr/include/nss      &&

install -v -m755 Linux*/bin/{certutil,nss-config,pk12util} /usr/bin &&

install -v -m644 Linux*/lib/pkgconfig/nss.pc  /usr/lib/pkgconfig
[Important]

Important

If you install SQLite-3.50.4 after building this package and wish to build Firefox, then recompile this package or else an error during compilation will appear.

lib32 Installation of NSS

[Important]

Important

If you're rebuilding NSS, run the following command to remove a problematic library as the root user: 

sqlite3 --version > /dev/null 2>&1 || 
if [ -f /usr/lib32/libsqlite3.so ]; then
  rm -vf /usr/lib32/libsqlite3.*
fi

Install lib32-NSS by running the following commands: 

cd ../nss                                         &&
find -name "Linux*.OBJ" -type d -exec rm -rf {} + &&
rm -rf ../dist                                    &&

CC="gcc -m32" CXX="g++ -m32"   \
make BUILD_OPT=1                      \
NSPR_INCLUDE_DIR=/usr/include/nspr  \
  USE_SYSTEM_ZLIB=1                   \
  ZLIB_LIBS=-lz                       \
  NSS_ENABLE_WERROR=0                 \
$([ -f /usr/lib32/libsqlite3.so ] && echo NSS_USE_SYSTEM_SQLITE=1)

Now, as the root user: 

cd ../dist &&

install -v -m755 Linux*/lib/*.so              /usr/lib32           &&
install -v -m644 Linux*/lib/{*.chk,libcrmf.a} /usr/lib32           &&
sed -i 's/lib/lib32/g' Linux*/lib/pkgconfig/nss.pc                 &&
install -v -m644 Linux*/lib/pkgconfig/nss.pc  /usr/lib32/pkgconfig &&
ldconfig

Command Explanations

[Note]

Note

For a full list of options, inspect the Makefile and the various files in nss-3.115/nss/coreconf/.

BUILD_OPT=1: This option is passed to make so that the build is performed with no debugging symbols built into the binaries and the default compiler optimizations are used.

NSPR_INCLUDE_DIR=/usr/include/nspr: This option sets the location of the nspr headers.

USE_SYSTEM_ZLIB=1: This option is passed to make to ensure that the libssl3.so library is linked to the system installed zlib instead of the in-tree version.

ZLIB_LIBS=-lz: This option provides the linker flags needed to link to the system zlib.

USE_64=1: This is required on x86_64, otherwise make will try (and fail) to create 32-bit objects for the normal installation.

NSS_ENABLE_WERROR=0: This option disables -Werror (warnings being counted as errors).

$([ -f /usr/lib{,32}/libsqlite3.so ] && echo NSS_USE_SYSTEM_SQLITE=1): This tests if sqlite is installed and if so it echos the option NSS_USE_SYSTEM_SQLITE=1 to make so that libsoftokn3.so will link against the system version of sqlite.

Contents

Installed Programs: certutil, nss-config, and pk12util
Installed Libraries: libcrmf (static), libfreebl3, libfreeblpriv3, libnss3, libnssckbi, libnssckbi-testlib, libnssdbm3, libnsssysinit, libnssutil3, libpkcs11testmodule, libsmime3, libsoftokn3, and libssl3
Installed Directories: /usr/include/nss

Short Descriptions

certutil

is the Mozilla Certificate Database Tool. It is a command-line utility that can create and modify the Netscape Communicator cert8.db and key3.db database files. It can also list, generate, modify, or delete certificates within the cert8.db file and create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key3.db file

nss-config

is used to determine the NSS library settings of the installed NSS libraries

pk12util

is a tool for importing certificates and keys from pkcs #12 files into NSS or exporting them. It can also list certificates and keys in such files