--- a/build.sh
+++ b/build.sh
@@ -88,16 +88,17 @@ while [ $# -gt 0 ]; do
--sancov=?*) enable_sancov "${1#*=}" ;;
--pprof) gyp_params+=(-Duse_pprof=1) ;;
--ct-verif) gyp_params+=(-Dct_verif=1) ;;
--disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
--no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
--system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
--with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
--system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
+ --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
*) show_help; exit 2 ;;
esac
shift
done
if [ "$opt_build" = 1 ]; then
target=Release
else
--- a/cmd/platlibs.gypi
+++ b/cmd/platlibs.gypi
@@ -28,39 +28,25 @@
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/softoken/softoken.gyp:softokn',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/freebl/freebl.gyp:freebl',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'disable_dbm==0', {
'dependencies': [
'<(DEPTH)/lib/dbm/src/src.gyp:dbm',
'<(DEPTH)/lib/softoken/legacydb/legacydb.gyp:nssdbm',
],
}],
- [ 'disable_libpkix==0', {
- 'dependencies': [
- '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
- '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
- '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
- '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
- '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
- '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
- '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
- '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
- ],
- }],
]},{ # !use_static_libs
'conditions': [
['moz_fold_libs==0', {
'dependencies': [
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
'<(DEPTH)/lib/smime/smime.gyp:smime3',
'<(DEPTH)/lib/nss/nss.gyp:nss3',
],
--- a/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/gtests/freebl_gtest/freebl_gtest.gyp
@@ -46,16 +46,17 @@
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'OS=="win"', {
'libraries': [
'advapi32.lib',
],
}],
],
--- a/gtests/nss_bogo_shim/nss_bogo_shim.gyp
+++ b/gtests/nss_bogo_shim/nss_bogo_shim.gyp
@@ -30,39 +30,25 @@
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/softoken/softoken.gyp:softokn',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/freebl/freebl.gyp:freebl',
- '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+ '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'disable_dbm==0', {
'dependencies': [
'<(DEPTH)/lib/dbm/src/src.gyp:dbm',
],
}],
- [ 'disable_libpkix==0', {
- 'dependencies': [
- '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
- '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
- '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
- '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
- '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
- '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
- '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
- '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
- ],
- }],
],
}
],
'target_defaults': {
'defines': [
'NSS_USE_STATIC_LIBS'
],
'include_dirs': [
--- a/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/gtests/ssl_gtest/ssl_gtest.gyp
@@ -57,16 +57,17 @@
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
'<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'test_build==1', {
'dependencies': [
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
],
}, {
'dependencies': [
@@ -76,31 +77,16 @@
'<(DEPTH)/lib/freebl/freebl.gyp:freebl',
],
}],
[ 'disable_dbm==0', {
'dependencies': [
'<(DEPTH)/lib/dbm/src/src.gyp:dbm',
],
}],
- [ 'disable_libpkix==0', {
- 'dependencies': [
- '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
- '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
- '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
- '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
- '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
- '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
- '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
- '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
- ],
- }],
],
}
],
'target_defaults': {
'include_dirs': [
'../../lib/ssl'
],
'defines': [
--- a/gtests/util_gtest/util_gtest.gyp
+++ b/gtests/util_gtest/util_gtest.gyp
@@ -24,16 +24,17 @@
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'OS=="win"', {
'libraries': [
'advapi32.lib',
],
}],
],
--- a/help.txt
+++ b/help.txt
@@ -1,13 +1,13 @@
Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
[--test] [--pprof] [--scan-build[=output]] [--ct-verif]
[--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
[--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
- [--no-zdefs] [--with-nspr] [--system-nspr]
+ [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
This script builds NSS with gyp and ninja.
This build system is still under development. It does not yet support all
the features or platforms that NSS supports.
NSS build tool options:
@@ -35,8 +35,9 @@ NSS build tool options:
--sancov=func sets coverage to function level for example
--disable-tests don't build tests and corresponding cmdline utils
--system-sqlite use system sqlite
--no-zdefs don't set -Wl,-z,defs
--with-nspr don't build NSPR but use the one at the given location, e.g.
--with-nspr=/path/to/nspr/include:/path/to/nspr/lib
--system-nspr use system nspr. This requires an installation of NSPR and
might not work on all systems.
+ --enable-libpkix make libpkix part of the build.
new file mode 100644
--- /dev/null
+++ b/lib/libpkix/libpkix.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'libpkix',
+ 'type': 'none',
+ 'conditions': [
+ [ 'disable_libpkix==0', {
+ 'dependencies': [
+ 'pkix/certsel/certsel.gyp:pkixcertsel',
+ 'pkix/checker/checker.gyp:pkixchecker',
+ 'pkix/crlsel/crlsel.gyp:pkixcrlsel',
+ 'pkix/params/params.gyp:pkixparams',
+ 'pkix/results/results.gyp:pkixresults',
+ 'pkix/store/store.gyp:pkixstore',
+ 'pkix/top/top.gyp:pkixtop',
+ 'pkix/util/util.gyp:pkixutil',
+ 'pkix_pl_nss/module/module.gyp:pkixmodule',
+ 'pkix_pl_nss/pki/pki.gyp:pkixpki',
+ 'pkix_pl_nss/system/system.gyp:pkixsystem',
+ ],
+ }],
+ ],
+ },
+ ],
+}
\ No newline at end of file
--- a/lib/nss/nss.gyp
+++ b/lib/nss/nss.gyp
@@ -28,34 +28,18 @@
'nss_static',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/base/base.gyp:nssb',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
- 'conditions': [
- [ 'disable_libpkix==0', {
- 'dependencies': [
- '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
- '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
- '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
- '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
- '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
- '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
- '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
- '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
- '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
- ],
- }],
- ],
},
{
'target_name': 'nss3',
'type': 'shared_library',
'dependencies': [
'nss3_deps',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
],
--- a/mach
+++ b/mach
@@ -95,17 +95,23 @@ class buildAction(argparse.Action):
cwd = os.path.dirname(os.path.abspath(__file__))
subprocess.check_call([cwd + "/build.sh"] + values)
class testAction(argparse.Action):
def runTest(self, test, cycles="standard"):
cwd = os.path.dirname(os.path.abspath(__file__))
domsuf = os.getenv('DOMSUF', "localdomain")
- env = {"NSS_TESTS": test, "NSS_CYCLES": cycles, "DOMSUF": domsuf}
+ host = os.getenv('HOST', "localhost")
+ env = {
+ "NSS_TESTS": test,
+ "NSS_CYCLES": cycles,
+ "DOMSUF": domsuf,
+ "HOST": host
+ }
command = cwd + "/tests/all.sh"
subprocess.check_call(command, env=env)
def __call__(self, parser, args, values, option_string=None):
self.runTest(values)
def parse_arguments():
@@ -126,17 +132,17 @@ def parse_arguments():
'cf_args',
nargs='*',
help="clang-format folders and noroot if you don't want to use sudo",
action=cfAction)
parser_test = subparsers.add_parser(
'tests', help='Run tests through tests/all.sh.')
tests = [
- "cipher", "lowhash", "libpkix", "cert", "dbtests", "tools", "fips",
+ "cipher", "lowhash", "chains", "cert", "dbtests", "tools", "fips",
"sdr", "crmf", "smime", "ssl", "ocsp", "merge", "pkits", "ec",
"gtests", "ssl_gtests"
]
parser_test.add_argument(
'test', choices=tests, help="Available tests", action=testAction)
return parser.parse_args()
--- a/nss.gyp
+++ b/nss.gyp
@@ -54,45 +54,31 @@
'lib/nss/nss.gyp:nss_static',
'lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'lib/pkcs12/pkcs12.gyp:pkcs12',
'lib/pkcs7/pkcs7.gyp:pkcs7',
'lib/pki/pki.gyp:nsspki',
'lib/smime/smime.gyp:smime',
'lib/softoken/softoken.gyp:softokn',
'lib/ssl/ssl.gyp:ssl',
- 'lib/util/util.gyp:nssutil'
+ 'lib/util/util.gyp:nssutil',
+ 'lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'OS=="linux"', {
'dependencies': [
'lib/sysinit/sysinit.gyp:nsssysinit_static',
],
}],
[ 'disable_dbm==0', {
'dependencies': [
'lib/dbm/src/src.gyp:dbm',
'lib/softoken/legacydb/legacydb.gyp:nssdbm',
],
}],
- [ 'disable_libpkix==0', {
- 'dependencies': [
- 'lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
- 'lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
- 'lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
- 'lib/libpkix/pkix/params/params.gyp:pkixparams',
- 'lib/libpkix/pkix/results/results.gyp:pkixresults',
- 'lib/libpkix/pkix/store/store.gyp:pkixstore',
- 'lib/libpkix/pkix/top/top.gyp:pkixtop',
- 'lib/libpkix/pkix/util/util.gyp:pkixutil',
- 'lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
- 'lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
- 'lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
- ],
- }],
[ 'use_system_sqlite==0', {
'dependencies': [
'lib/sqlite/sqlite.gyp:sqlite',
],
}],
[ 'moz_fold_libs==1', {
'dependencies': [
'lib/nss/nss.gyp:nss3_static',
--- a/readme.md
+++ b/readme.md
@@ -37,19 +37,20 @@ After changing into the NSS directory a
Once the build is done the build output is found in the directory
`../dist/Debug` for debug builds and `../dist/Release` for opt builds.
Exported header files can be found in the `include` directory, library files in
directory `lib`, and tools in directory `bin`. In order to run the tools, set
your system environment to use the libraries of your build from the "lib"
directory, e.g., using the `LD_LIBRARY_PATH` or `DYLD_LIBRARY_PATH`.
Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
- [--test] [--fuzz] [--pprof] [--scan-build[=output]]
+ [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
[--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
- [--ct-verif] [--disable-tests]
+ [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
+ [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
This script builds NSS with gyp and ninja.
This build system is still under development. It does not yet support all
the features or platforms that NSS supports.
NSS build tool options:
@@ -57,28 +58,37 @@ directory, e.g., using the `LD_LIBRARY_P
-c clean before build
-v verbose build
-j <n> run at most <n> concurrent jobs
--nspr force a rebuild of NSPR
--gyp|-g force a rerun of gyp
--opt|-o do an opt build
-m32 do a 32-bit build on a 64-bit system
--test ignore map files and export everything we have
- --fuzz enable fuzzing mode. this always enables test builds
+ --fuzz build fuzzing targets (this always enables test builds)
+ --fuzz=tls to enable TLS fuzzing mode
+ --fuzz=oss to build for OSS-Fuzz
--pprof build with gperftool support
--ct-verif build with valgrind for ct-verif
--scan-build run the build with scan-build (scan-build has to be in the path)
--scan-build=/out/path sets the output path for scan-build
--asan do an asan build
--ubsan do an ubsan build
--ubsan=bool,shift,... sets specific UB sanitizers
--msan do an msan build
--sancov do sanitize coverage builds
--sancov=func sets coverage to function level for example
--disable-tests don't build tests and corresponding cmdline utils
+ --system-sqlite use system sqlite
+ --no-zdefs don't set -Wl,-z,defs
+ --with-nspr don't build NSPR but use the one at the given location, e.g.
+ --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
+ --system-nspr use system nspr. This requires an installation of NSPR and
+ might not work on all systems.
+ --enable-libpkix make libpkix part of the build.
## Building NSS (legacy build system)
After changing into the NSS directory a typical build of 32-bit NSS is done as
follows:
make nss_build_all