blob: 77bc8172c9763390c4f5413778ddbe27bf23c975 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
Contains the security libraries which are also part of [[moz]]. However nss is meant to be more current.
== Relation between nss, moz, moz_prebuilt ==
nss contains the security libraries which are also part of moz. However nss is
meant to be more current, that is it to be updated more often. This should be
easier than doing this with moz.
If nss is built depends on an environment variable (SYSTEM_NSS=NO) which
is per default set to YES. In this case nss is build before moz. The nss
libraries/lib files/headers built in moz are then not delivered. Otherwise they
would overwrite those from nss. That is, the nss libraries build in moz are
removed from mozruntime.zip (build in moz/solver/bin), they are removed from the
lib directory (for example moz/unxlngi6.pro/lib), and the nss and nspr headers
are also removed (inc/nss and inc/nspr). The nss libraries from the nss module
are then added to mozruntime.zip.
This also applies for moz_prebuilt. Therefore moz and moz_prebuilt must be build
again after changes have been made to the libraries in the nss module.
Also when moz was updated to use a newer version of mozilla, then one must make
sure that new files which also belong to nss are not delivered and are removed
from mozruntime.zip.
== Fips 140 and signed libraries ==
Fips 140 mode is not supported. That is, the *.chk files containing the
checksums for the cryptographic module are not delivered into solver and will
not be part of the OOo installation sets.
Signing has been turned off because
- we change the rpath (install names) after signing which breaks the signatures
(Mac)
- sqlite conflicts with the system sqlite when signing which breaks the build
== libfreebl3 ==
Porting to other platforms may require to deliver other variants of
libfreebl*. The library name varies according to the platform. Changes need to
be made to
ooo/moz/extractfiles.mk
ooo/moz/zipped/makefile.mk
sun/moz_prebuilt/zipped/makefile.mk
See also
[http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html]
== Windows builds of nss ==
To build mozilla on windows you'll need the mozilla build tools
Build requirements containing the link to the build tools:
[https://developer.mozilla.org/en/Windows_Build_Prerequisites#ss2.2]
The direct link:
[http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-1.3.exe]
== libsqlite3 ==
The system sqlite in Mac OS X versions older than 10.6 is incompatible
with the softokn3 in nss which requires a later version of sqlite.
Since the baseline is Mac OS X 10.6 we use
NSS_USE_SYSTEM_SQLITE=1
to build using the system sqlite.
The problem described here was found on Mac with OS 10.6
We cannot deliver sqlite in the lib directory of the solver. This directory is
used by tools of the build environment. Using the sqlite from NSS breaks the
tools if they use system libraries which are linked with the system
sqlite. Therefore we deliver it into lib/sqlite on unix systems.
See also issue:
[https://issues.apache.org/ooo/show_bug.cgi?id=106132]
|
