summaryrefslogtreecommitdiff
path: root/external/nss/README
diff options
context:
space:
mode:
Diffstat (limited to 'external/nss/README')
-rw-r--r--external/nss/README77
1 files changed, 77 insertions, 0 deletions
diff --git a/external/nss/README b/external/nss/README
new file mode 100644
index 000000000000..77bc8172c976
--- /dev/null
+++ b/external/nss/README
@@ -0,0 +1,77 @@
+Contains the security libraries which are also part of [[moz]]. However nss is meant to be more current.
+
+== Relation between nss, moz, moz_prebuilt ==
+
+nss contains the security libraries which are also part of moz. However nss is
+meant to be more current, that is it to be updated more often. This should be
+easier than doing this with moz.
+
+If nss is built depends on an environment variable (SYSTEM_NSS=NO) which
+is per default set to YES. In this case nss is build before moz. The nss
+libraries/lib files/headers built in moz are then not delivered. Otherwise they
+would overwrite those from nss. That is, the nss libraries build in moz are
+removed from mozruntime.zip (build in moz/solver/bin), they are removed from the
+lib directory (for example moz/unxlngi6.pro/lib), and the nss and nspr headers
+are also removed (inc/nss and inc/nspr). The nss libraries from the nss module
+are then added to mozruntime.zip.
+
+This also applies for moz_prebuilt. Therefore moz and moz_prebuilt must be build
+again after changes have been made to the libraries in the nss module.
+
+Also when moz was updated to use a newer version of mozilla, then one must make
+sure that new files which also belong to nss are not delivered and are removed
+from mozruntime.zip.
+
+
+== Fips 140 and signed libraries ==
+
+Fips 140 mode is not supported. That is, the *.chk files containing the
+checksums for the cryptographic module are not delivered into solver and will
+not be part of the OOo installation sets.
+
+Signing has been turned off because
+- we change the rpath (install names) after signing which breaks the signatures
+(Mac)
+- sqlite conflicts with the system sqlite when signing which breaks the build
+
+
+== libfreebl3 ==
+
+Porting to other platforms may require to deliver other variants of
+libfreebl*. The library name varies according to the platform. Changes need to
+be made to
+ooo/moz/extractfiles.mk
+ooo/moz/zipped/makefile.mk
+sun/moz_prebuilt/zipped/makefile.mk
+
+See also
+[http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html]
+
+
+== Windows builds of nss ==
+
+To build mozilla on windows you'll need the mozilla build tools
+
+Build requirements containing the link to the build tools:
+[https://developer.mozilla.org/en/Windows_Build_Prerequisites#ss2.2]
+
+The direct link:
+[http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-1.3.exe]
+
+
+== libsqlite3 ==
+
+The system sqlite in Mac OS X versions older than 10.6 is incompatible
+with the softokn3 in nss which requires a later version of sqlite.
+Since the baseline is Mac OS X 10.6 we use
+NSS_USE_SYSTEM_SQLITE=1
+to build using the system sqlite.
+
+The problem described here was found on Mac with OS 10.6
+We cannot deliver sqlite in the lib directory of the solver. This directory is
+used by tools of the build environment. Using the sqlite from NSS breaks the
+tools if they use system libraries which are linked with the system
+sqlite. Therefore we deliver it into lib/sqlite on unix systems.
+
+See also issue:
+[https://issues.apache.org/ooo/show_bug.cgi?id=106132]
generated by cgit (git 2.34.1) at 2025-02-12 14:59:42 +0000