.. _mozilla_projects_nss_building_ported: Building NSS ============ `Introduction <#introduction>`__ -------------------------------- .. container:: This page has detailed information on how to build NSS. Because NSS is a cross-platform library that builds on many different platforms and has many options, it may be complex to build. Please read these instructions carefully before attempting to build. .. _build_environment: `Build environment <#build_environment>`__ ------------------------------------------ .. container:: NSS needs a C and C++ compiler. It has minimal dependencies, including only standard C and C++ libraries, plus `zlib `__. For building, you also need `make `__. Ideally, also install `gyp `__ and `ninja `__ and put them on your path. This is recommended, as the build is faster and more reliable. `Windows <#windows>`__ ~~~~~~~~~~~~~~~~~~~~~~ .. container:: NSS compilation on Windows uses the same shared build system as Mozilla Firefox. You must first install the `Windows Prerequisites `__, including **MozillaBuild**. You can also build NSS on the Windows Subsystem for Linux, but the resulting binaries aren't usable by other Windows applications. .. _get_the_source: `Get the source <#get_the_source>`__ ------------------------------------ .. container:: NSS and NSPR use Mercurial for source control like other Mozilla projects. To check out the latest sources for NSS and NSPR--which may not be part of a stable release--use the following commands: .. code:: hg clone https://hg.mozilla.org/projects/nspr hg clone https://hg.mozilla.org/projects/nss To get the source of a specific release, see :ref:`mozilla_projects_nss_nss_releases`. `Build <#build>`__ ------------------ .. container:: Build NSS using our build script: .. code:: nss/build.sh This builds both NSPR and NSS. .. _build_with_make: `Build with make <#build_with_make>`__ -------------------------------------- .. container:: Alternatively, there is a ``make`` target called "nss_build_all", which produces a similar result. This supports some alternative options, but can be a lot slower. .. code:: make -C nss nss_build_all USE_64=1 The make-based build system for NSS uses a variety of variables to control the build. Below are some of the variables, along with possible values they may be set to. BUILD_OPT 0 Build a debug (non-optimized) version of NSS. *This is the default.* 1 Build an optimized (non-debug) version of NSS. USE_64 0 Build for a 32-bit environment/ABI. *This is the default.* 1 Build for a 64-bit environment/ABI. *This is recommended.* USE_ASAN 0 Do not create an `AddressSanitizer `__ build. *This is the default.* 1 Create an AddressSanitizer build. .. _unit_testing: `Unit testing <#unit_testing>`__ -------------------------------- .. container:: NSS contains extensive unit tests. Scripts to run these are found in the ``tests`` directory. Run the standard suite by: .. code:: HOST=localhost DOMSUF=localdomain USE_64=1 nss/tests/all.sh .. _unit_test_configuration: `Unit test configuration <#unit_test_configuration>`__ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. container:: | NSS tests are configured using environment variables. | The scripts will attempt to infer values for ``HOST`` and ``DOMSUF``, but can fail. Replace ``localhost`` and ``localdomain`` with the hostname and domain suffix for your host. You need to be able to connect to ``$HOST.$DOMSUF``. If you don't have a domain suffix you can add an entry to ``/etc/hosts`` (on Windows,\ ``c:\Windows\System32\drivers\etc\hosts``) as follows: .. code:: 127.0.0.1 localhost.localdomain Validate this opening a command shell and typing: ``ping localhost.localdomain``. Remove the ``USE_64=1`` override if using a 32-bit build. .. _test_results: `Test results <#test_results>`__ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. container:: Running all tests can take a considerable amount of time. Test output is stored in ``tests_results/security/$HOST.$NUMBER/``. The file ``results.html`` summarizes the results, ``output.log`` captures all the test output. Other subdirectories of ``nss/tests`` contain scripts that run a subset of the full suite. Those can be run directly instead of ``all.sh``, which might save some time at the cost of coverage.