Skip to content

Commit

Permalink
support system NSS packages
Browse files Browse the repository at this point in the history 
Add support for useing pkgconfig to find system installed
versions of NSS, this is based on the current openssl
support.
This removes the need to specify --with-nss-dir but that
option is still available if a custom NSS build is required.

On osx brew installs nss to a seperate location to avoid possible
conflicts with firefox so --with-nss-dir or PKG_CONFIG_PATH needs
to be used.

Update travis scripts to use system packages.
  • Loading branch information
@pabuhler
pabuhler committed Aug 23, 2018
1 parent 82be8fc commit a946b3f
Show file tree
Hide file tree
Showing 3 changed files with 144 additions and 35 deletions.
25 changes: 4 additions & 21 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,18 +62,9 @@ matrix:
- ubuntu-toolchain-r-test
packages:
- gcc-6
before_install:
- wget https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_38_RTM/src/nss-3.38-with-nspr-4.19.tar.gz
- tar -xzvf nss-3.38-with-nspr-4.19.tar.gz
- pushd nss-3.38/nss
- USE_64=1 make nss_build_all
- pushd ../dist/$(<../dist/latest)
- export NSS_DIR=$(pwd)
- echo $NSS_DIR
- popd
- popd
- libnss3-dev
script:
- CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure --enable-nss --with-nss-dir=$NSS_DIR
- CC=gcc-6 EXTRA_CFLAGS=-Werror ./configure --enable-nss
- make
- make runtest

Expand All @@ -93,17 +84,9 @@ matrix:
- TEST="osx (nss)"
osx_image: xcode8.2
before_install:
- wget https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_38_RTM/src/nss-3.38-with-nspr-4.19.tar.gz
- tar -xzvf nss-3.38-with-nspr-4.19.tar.gz
- pushd nss-3.38/nss
- USE_64=1 make nss_build_all
- pushd ../dist/$(<../dist/latest)
- export NSS_DIR=$(pwd)
- echo $NSS_DIR
- popd
- popd
- brew install nss
script:
- EXTRA_CFLAGS=-Werror ./configure --enable-nss --with-nss-dir=$NSS_DIR
- PKG_CONFIG_PATH=/usr/local/opt/nss/lib/pkgconfig EXTRA_CFLAGS=-Werror ./configure --enable-nss
- make
- make runtest

Expand Down
127 changes: 119 additions & 8 deletions configure
View file
Original file line number Diff line number Diff line change
Expand Up @@ -627,6 +627,8 @@ PCAP_LIB
HAVE_PCAP
HMAC_OBJS
AES_ICM_OBJS
nss_LIBS
nss_CFLAGS
CRYPTO_LIBDIR
USE_EXTERNAL_CRYPTO
crypto_LIBS
Expand Down Expand Up @@ -725,7 +727,9 @@ PKG_CONFIG
PKG_CONFIG_PATH
PKG_CONFIG_LIBDIR
crypto_CFLAGS
crypto_LIBS'
crypto_LIBS
nss_CFLAGS
nss_LIBS'


# Initialize some variables set by options.
Expand Down Expand Up @@ -1372,6 +1376,8 @@ Some influential environment variables:
crypto_CFLAGS
C compiler flags for crypto, overriding pkg-config
crypto_LIBS linker flags for crypto, overriding pkg-config
nss_CFLAGS C compiler flags for nss, overriding pkg-config
nss_LIBS linker flags for nss, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Expand Down Expand Up @@ -5711,15 +5717,23 @@ $as_echo_n "checking for user specified NSS directory... " >&6; }
# Check whether --with-nss-dir was given.
if test "${with_nss_dir+set}" = set; then :
withval=$with_nss_dir; if test -d $with_nss_dir/lib; then
CFLAGS="$CFLAGS -I$with_nss_dir/include/"
CFLAGS="$CFLAGS -I$with_nss_dir/../public/nss/"
withval=$with_nss_dir; if test "x$PKG_CONFIG" != "x" && test -f $with_nss_dir/lib/pkgconfig/nss.pc; then
if test "x$PKG_CONFIG_PATH" = "x"; then
export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig"
else
export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig:$PKG_CONFIG_PATH"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nss_dir" >&5
$as_echo "$with_nss_dir" >&6; }
elif test -d $with_nss_dir/lib; then
CFLAGS="$CFLAGS -I$with_nss_dir/include"
CFLAGS="$CFLAGS -I$with_nss_dir/../public/nss"
if test "x$LDFLAGS" = "x"; then
LDFLAGS="-L$with_nss_dir/lib"
else
LDFLAGS="$LDFLAGS -L$with_nss_dir/lib"
fi
LIBS="-lnss3 -lnssutil3 -lnspr4 $LIBS"
nss_skip_pkg_config=yes
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nss_dir" >&5
$as_echo "$with_nss_dir" >&6; }
else
Expand All @@ -5729,13 +5743,112 @@ $as_echo "invalid" >&6; }
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "Invalid NSS location: $with_nss_dir
See \`config.log' for more details" "$LINENO" 5; }
fi
fi
CRYPTO_LIBDIR=$with_nss_dir/lib
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
if test "x$PKG_CONFIG" != "x" && test "$nss_skip_pkg_config" != "yes"; then
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss" >&5
$as_echo_n "checking for nss... " >&6; }
if test -n "$nss_CFLAGS"; then
pkg_cv_nss_CFLAGS="$nss_CFLAGS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
($PKG_CONFIG --exists --print-errors "nss") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_nss_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test -n "$nss_LIBS"; then
pkg_cv_nss_LIBS="$nss_LIBS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
($PKG_CONFIG --exists --print-errors "nss") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
pkg_cv_nss_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test $pkg_failed = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
nss_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "nss" 2>&1`
else
nss_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "nss" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$nss_PKG_ERRORS" >&5
as_fn_error $? "Package requirements (nss) were not met:
$nss_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables nss_CFLAGS
and nss_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details." "$LINENO" 5
elif test $pkg_failed = untried; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively, you may set the environment variables nss_CFLAGS
and nss_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
See \`config.log' for more details" "$LINENO" 5; }
else
nss_CFLAGS=$pkg_cv_nss_CFLAGS
nss_LIBS=$pkg_cv_nss_LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
CFLAGS="$CFLAGS $nss_CFLAGS"
LIBS="$nss_LIBS $LIBS"
fi
else
LIBS="-lnss3 -lnssutil3 -lnspr4 $LIBS"
fi
$as_echo "#define GCM 1" >>confdefs.h
Expand All @@ -5751,8 +5864,6 @@ $as_echo "#define NSS 1" >>confdefs.h
USE_EXTERNAL_CRYPTO=1
CRYPTO_LIBDIR=$with_nss_dir/lib
else
AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o"
HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
Expand Down
27 changes: 21 additions & 6 deletions configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,22 +301,38 @@ elif test "$enable_nss" = "yes"; then
AC_MSG_CHECKING([for user specified NSS directory])
AC_ARG_WITH([nss-dir],
[AS_HELP_STRING([--with-nss-dir], [Location of NSS installation])],
[if test -d $with_nss_dir/lib; then
CFLAGS="$CFLAGS -I$with_nss_dir/include/"
CFLAGS="$CFLAGS -I$with_nss_dir/../public/nss/"
[if test "x$PKG_CONFIG" != "x" && test -f $with_nss_dir/lib/pkgconfig/nss.pc; then
if test "x$PKG_CONFIG_PATH" = "x"; then
export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig"
else
export PKG_CONFIG_PATH="$with_nss_dir/lib/pkgconfig:$PKG_CONFIG_PATH"
fi
AC_MSG_RESULT([$with_nss_dir])
elif test -d $with_nss_dir/lib; then
CFLAGS="$CFLAGS -I$with_nss_dir/include"
CFLAGS="$CFLAGS -I$with_nss_dir/../public/nss"
if test "x$LDFLAGS" = "x"; then
LDFLAGS="-L$with_nss_dir/lib"
else
LDFLAGS="$LDFLAGS -L$with_nss_dir/lib"
fi
LIBS="-lnss3 -lnssutil3 -lnspr4 $LIBS"
nss_skip_pkg_config=yes
AC_MSG_RESULT([$with_nss_dir])
else
AC_MSG_RESULT([invalid])
AC_MSG_FAILURE([Invalid NSS location: $with_nss_dir])
fi],
fi
AC_SUBST([CRYPTO_LIBDIR], [$with_nss_dir/lib])],
[AC_MSG_RESULT([no])])

if test "x$PKG_CONFIG" != "x" && test "$nss_skip_pkg_config" != "yes"; then
PKG_CHECK_MODULES([nss], [nss],
[CFLAGS="$CFLAGS $nss_CFLAGS"
LIBS="$nss_LIBS $LIBS"])
else
LIBS="-lnss3 -lnssutil3 -lnspr4 $LIBS"
fi

AC_DEFINE([GCM], [1], [Define this to use AES-GCM.])
AC_DEFINE([NSS], [1], [Define this to use NSS crypto.])
AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o"
Expand All @@ -327,7 +343,6 @@ elif test "$enable_nss" = "yes"; then
# TODO(RLB): Use NSS for KDF

AC_SUBST([USE_EXTERNAL_CRYPTO], [1])
AC_SUBST([CRYPTO_LIBDIR], [$with_nss_dir/lib])
else
AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o"
HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
Expand Down

0 comments on commit a946b3f

Please sign in to comment.