r5584 - in trunk/BOOK: . introduction/welcome postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Sun Jan 22 20:34:55 PST 2006


Author: randy
Date: 2006-01-22 21:34:54 -0700 (Sun, 22 Jan 2006)
New Revision: 5584

Added:
   trunk/BOOK/postlfs/security/nss.xml
Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/introduction/welcome/credits.xml
   trunk/BOOK/postlfs/security/security.xml
Log:
Added new package Network Security Services, NSS-3.11

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2006-01-22 14:35:17 UTC (rev 5583)
+++ trunk/BOOK/general.ent	2006-01-23 04:34:54 UTC (rev 5584)
@@ -1,8 +1,8 @@
-<!ENTITY day          "22">
+<!ENTITY day          "23">
 <!ENTITY month        "01">
 <!ENTITY year         "2006">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "January &day;nd, &year;">
+<!ENTITY releasedate  "January &day;rd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- version|stable|testing|unstable|development] -->
@@ -47,6 +47,7 @@
 <!ENTITY cyrus-sasl-version           "2.1.21">
 <!ENTITY stunnel-version              "4.14">
 <!ENTITY sudo-version                 "1.6.8p12">
+<!ENTITY nss-version                  "3.11">
 
 <!-- Chapter 5 -->
 <!ENTITY reiser-version               "3.6.19">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2006-01-22 14:35:17 UTC (rev 5583)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2006-01-23 04:34:54 UTC (rev 5584)
@@ -42,6 +42,16 @@
 -->
 
     <listitem>
+      <para>January 23rd, 2006</para>
+      <itemizedlist>
+        <listitem>
+          <para>[randy] - Added new package Network Security Services,
+          NSS-3.11.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>January 22nd, 2006</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/introduction/welcome/credits.xml
===================================================================
--- trunk/BOOK/introduction/welcome/credits.xml	2006-01-22 14:35:17 UTC (rev 5583)
+++ trunk/BOOK/introduction/welcome/credits.xml	2006-01-23 04:34:54 UTC (rev 5584)
@@ -229,7 +229,7 @@
         GNOME Keyring Manager, GnuCash (many additions), GOffice, HAL, Heimdal,
         HTML Tidy, ISO Codes, JadeTeX, Java Access Bridge, LessTif (rewrite),
         libexif, libgail-gnome, libgnomecups, Libidn, libmpeg2, libmusicbrainz,
-        MPlayer (extensive overhaul), Other Programming Tools, PDL,
+        MPlayer (extensive overhaul), NSS, Other Programming Tools, PDL,
         Perl Modules, pilot-link, Poppler, PyXML,
         Samba 3 (many additions), SANE (original instructions by Alex Kloss),
         Shadow (rewrite), SLIB, Sound Juicer, Stunnel, Sysstat,

Added: trunk/BOOK/postlfs/security/nss.xml
===================================================================
--- trunk/BOOK/postlfs/security/nss.xml	                        (rev 0)
+++ trunk/BOOK/postlfs/security/nss.xml	2006-01-23 04:34:54 UTC (rev 5584)
@@ -0,0 +1,283 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+
+  <!ENTITY nss-download-http "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/src/nss-&nss-version;.tar.gz">
+  <!ENTITY nss-download-ftp  "ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/src/nss-&nss-version;.tar.gz">
+  <!ENTITY nss-md5sum        "9be73bd73e361e5e36edf77f456fa20a">
+  <!ENTITY nss-size          "5.0 MB">
+  <!ENTITY nss-buildsize     "67.6 MB">
+  <!ENTITY nss-time          "1.0 SBU (additional 0.5 SBU to run the test suite)">
+]>
+
+<sect1 id="nss" xreflabel="nss-&nss-version;">
+  <?dbhtml filename="nss.html"?>
+
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+    <keywordset>
+      <keyword role="package">nss-&nss-version;.tar</keyword>
+      <keyword role="ftpdir">nss</keyword>
+    </keywordset>
+  </sect1info>
+
+  <title>NSS-&nss-version;</title>
+
+  <indexterm zone="nss">
+    <primary sortas="a-NSS">NSS</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title>Introduction to NSS</title>
+
+    <para>The Network Security Services (<application>NSS</application>)
+    package is a set of libraries designed to support cross-platform
+    development of security-enabled client and server applications.
+    Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5,
+    PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
+    security standards. This is useful for implementing SSL and S/MIME or
+    other Internet security standards into an application.</para>
+
+    <para>The <application>NSS</application> package requires the Netscape
+    Portable Runtime (NSPR) libraries as a prerequisite for building. The
+    <application>NSS</application> package tarball contains the code necessary
+    to build the NSPR libraries. These libraries are built and installed using
+    the instructions below. Essentially, the <application>NSS</application>
+    package is now a combined <application>NSS</application>/NSPR
+    installation.</para>
+    
+
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&nss-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&nss-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &nss-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &nss-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &nss-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &nss-time;</para>
+      </listitem>
+    </itemizedlist>
+
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Required patch: <ulink
+        url="&patch-root;/nss-&nss-version;-fedora_fixes-1.patch"/></para>
+      </listitem>
+    </itemizedlist>
+
+    <!--
+    <bridgehead renderas="sect3">NSS Dependencies</bridgehead>
+
+    <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend=""/></para>
+
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><ulink
+    url="http://www.some.url/">DEPENDENCY</ulink></para>
+    -->
+
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of NSS</title>
+
+    <para>Install <application>NSS</application> by running the following
+    commands:</para>
+
+<screen><userinput>bash
+
+export WORKINGDIR=$PWD &&
+export BUILD_OPT=1 &&
+
+patch -Np1 -i ../nss-&nss-version;-fedora_fixes-1.patch &&
+
+cd mozilla/security/nss &&
+make nss_build_all &&
+cd ../.. &&
+
+export NSS_LINUXDIR=$(basename `ls -d $WORKINGDIR/mozilla/dist/Linux*`)</userinput></screen>
+
+    <para>To test the results, you'll need to set the domain name of your
+    system in the <envar>DOMSUF</envar> environment variable. Most of the tests
+    will fail if you don't provide the correct domain name. A self-generated
+    log file will be parsed at the end of the test to display how many tests
+    passed. It should return 770. To run the tests, ensure you change the
+    <command>export DOMSUF</command> command below to an appropriate value,
+    e.g., <parameter>mydomain.com</parameter> and issue the following
+    commands:</para>
+
+<screen><userinput>bash
+
+export DOMSUF=<replaceable>[validdomain.name]</replaceable> &&
+export PATH=$PATH:$WORKINGDIR/mozilla/dist/$NSS_LINUXDIR/bin &&
+export TEST_RESULTSDIR=$WORKINGDIR/mozilla/tests_results/security &&
+
+cd security/nss/tests &&
+sed -i 's/gmake/make/' common/init.sh &&
+./all.sh &&
+
+grep Passed $TEST_RESULTSDIR/$(hostname).1/results.html | wc -l &&
+
+exit</userinput></screen>
+
+    <caution>
+      <para>If you switch to the <systemitem class="username">root</systemitem>
+      user using a method that does not inherit the environment from the
+      unprivileged user, ensure that
+      <systemitem class="username">root</systemitem>'s
+      <envar>NSS_LINUXDIR</envar> environment variable is set correctly before
+      proceeding with the installation commands.</para>
+    </caution>
+
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>install -v -m755 nsprpub/$NSS_LINUXDIR/config/nspr-config \
+                 security/nss/cmd/config/nss-config \
+    /usr/bin &&
+install -v -m644 nsprpub/lib/pkgconfig/nspr.pc \
+                 security/nss/lib/pkgconfig/nss.pc \
+    /usr/lib/pkgconfig &&
+
+cd dist &&
+
+install -v -m755 \
+  $NSS_LINUXDIR/lib/lib{nspr4,plc4,plds4}.so \
+  $NSS_LINUXDIR/lib/lib{freebl3,nss3,nssckbi,smime3,softokn3,ssl3}.so \
+  /usr/lib &&
+install -v -m644 \
+  $NSS_LINUXDIR/lib/lib{freebl3,softokn3}.chk \
+  $NSS_LINUXDIR/lib/libcrmf.a \
+  /usr/lib &&
+
+install -v -m755 -d /usr/include/{nss,nspr} &&
+install -v -m644 {public,private}/nss/* /usr/include/nss &&
+cp -v -RL $NSS_LINUXDIR/include/* /usr/include/nspr &&
+chmod -v 644 /usr/include/nspr/prvrsion.h</userinput></screen>
+
+    <para>Now as the unprivileged user, exit the <command>bash</command>
+    shell started at the beginning of the installation to restore the
+    environment to the original state.</para>
+
+<screen><userinput>exit</userinput></screen>
+
+  </sect2>
+
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+
+    <para><command>bash</command>: Shells are started as many environment
+    variables are created during the installation process. Exiting the shells
+    serves the purpose of restoring the environment and returning back to the
+    original directory when the installation is complete.</para>
+
+    <para><command>export WORKINGDIR=$PWD</command>: This variable is set
+    because many of the commands are dependent on knowing the full path of
+    certain directories. <envar>WORKINGDIR</envar> establishes a known path
+    so that all others can be determined relative to this.</para>
+
+    <para><command>export BUILD_OPT=1</command>: This variable is set so that
+    the build is performed with no debugging symbols built into the binaries
+    and that the default compiler optimizations are used.</para>
+
+    <para><command>export NSS_LINUXDIR=...</command>: This variable is set so
+    that the exact name of the architecture specific directories where the
+    binaries are stored in the source tree can be determined.</para>
+
+    <para><command>make nss_build_all</command>: This command builds the NSPR
+    and <application>NSS</application> libraries and creates a
+    <filename class='directory'>dist</filename> directory which houses all the
+    programs, libraries and interface headers. None of the programs created by
+    this process are installed onto the system using the default instructions.
+    If you need any of these programs installed, you can find them in the
+    <filename class='directory'>mozilla/dist/bin</filename> directory of the
+    source tree.</para>
+
+    <para><command>export PATH=</command>: This command sets the
+    <envar>PATH</envar> environment variable to include the executables in
+    the source tree as some of them are required to run the test suite.</para>
+
+    <para><command>sed -i 's/gmake/make/' common/init.sh</command>: This
+    command changes the command used to compile some test programs.</para>
+
+  </sect2>
+
+  <sect2 role="content">
+    <title>Contents</title>
+
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Directories</segtitle>
+
+      <seglistitem>
+        <seg>nspr-config and nss-config</seg>
+        <seg>libcrmf.a, libfreebl3.so, libnspr4.so, libnss3.so, libnssckbi.so,
+        libplc4.so, libplds4.so, libsmime3.so, libsoftokn3.so and
+        libssl3.so</seg>
+        <seg>/usr/include/nspr and /usr/include/nss</seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+
+      <varlistentry id="nspr-config">
+        <term><command>nspr-config</command></term>
+        <listitem>
+          <para>is used to determine the NSPR installation settings
+          of the installed NSPR libraries.</para>
+          <indexterm zone="nss nspr-config">
+            <primary sortas="b-nspr-config">nspr-config</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="nss-config">
+        <term><command>nss-config</command></term>
+        <listitem>
+          <para>is used to determine the NSS library settings
+          of the installed NSS libraries.</para>
+          <indexterm zone="nss nss-config">
+            <primary sortas="b-nss-config">nss-config</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+      <para>The <filename class='libraryfile'>libnspr4.so</filename>,
+      <filename class='libraryfile'>libplc4.so</filename> and
+      <filename class='libraryfile'>libplds4.so</filename> libraries make up the
+      Netscape Portable Runtime (NSPR) libraries. These libraries provide a
+      platform-neutral API for system level and libc like functions. The API
+      is used in the Mozilla client, many of the Netscape/AOL/iPlanet offerings
+      and other software applications.</para>
+
+      <para>The <filename class='libraryfile'>libcrmf.a</filename>,
+      <filename class='libraryfile'>libfreebl.so</filename>,
+      <filename class='libraryfile'>libnss3.so</filename>,
+      <filename class='libraryfile'>libnssckbi.so</filename>,
+      <filename class='libraryfile'>libsmime3.so</filename>,
+      <filename class='libraryfile'>libsoftokn3.so</filename> and
+      <filename class='libraryfile'>libnssl3.so</filename> libraries make up
+      the <application>NSS</application> libraries.</para>
+
+  </sect2>
+
+</sect1>


Property changes on: trunk/BOOK/postlfs/security/nss.xml
___________________________________________________________________
Name: svn:keywords
   + LastChangedBy Date

Modified: trunk/BOOK/postlfs/security/security.xml
===================================================================
--- trunk/BOOK/postlfs/security/security.xml	2006-01-22 14:35:17 UTC (rev 5583)
+++ trunk/BOOK/postlfs/security/security.xml	2006-01-23 04:34:54 UTC (rev 5584)
@@ -19,7 +19,9 @@
   how to enhance <command>login</command> by setting policies with
   <application>PAM</application> modules.  Access via networks
   can also be secured by policies set by <application>iptables</application>,
-  commonly referred to as a firewall. For applications that don't offer the
+  commonly referred to as a firewall. The Network Security Services (NSS) and
+  Netscape Portable Runtime (NSPR) libraries can be installed and shared among
+  the many applications requiring them. For applications that don't offer the
   best security, you can use the <application>Stunnel</application> package to
   wrap an application daemon inside an SSL tunnel.</para>
 
@@ -45,5 +47,6 @@
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="sudo.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="nss.xml"/>
 
 </chapter>




More information about the blfs-book mailing list