diff options
Diffstat (limited to '')
-rw-r--r-- | security/nss/doc/rst/build.rst | 230 |
1 files changed, 230 insertions, 0 deletions
diff --git a/security/nss/doc/rst/build.rst b/security/nss/doc/rst/build.rst new file mode 100644 index 0000000000..e07f6971e9 --- /dev/null +++ b/security/nss/doc/rst/build.rst @@ -0,0 +1,230 @@ +.. _mozilla_projects_nss_building: + +Building NSS +============ + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + This page has detailed information on how to build NSS. Because NSS is a + cross-platform library that builds on many different platforms and has many + options, it may be complex to build._ Two build systems are maintained + concurrently: a ``Make`` based and a ``gyp`` based system. + +.. _build_environment: + +`Prerequisites <#build_environment>`__ +------------------------------------------ + +.. container:: + + NSS needs a C and C++ compiler. It has minimal dependencies, including only + standard C and C++ libraries, plus `zlib <https://www.zlib.net/>`__. + For building, you also need `make <https://www.gnu.org/software/make/>`__. + Ideally, also install `gyp-next <https://github.com/nodejs/gyp-next>`__ and `ninja + <https://ninja-build.org/>`__ and put them on your path. This is + recommended, as the build is faster and more reliable. + Please, note that we ``gyp`` is currently unmaintained and that our support for + ``gyp-next`` is experimental and might be unstable. + + To install prerequisites on different platforms, one can run the following + commands: + + **On Linux:** + + .. code:: + + sudo apt install mercurial git ninja-build python3-pip + python3 -m pip install gyp-next + + **On MacOS:** + + .. code:: + + brew install mercurial git ninja python3-pip + python3 -m pip install gyp-next + + It is also necessary to make sure that a `python` (not just `python3`) + executable is in the path. + The Homebrew Python installation has the necessary symlink but may require + explicit adding to the PATH variable, for example like this: + + .. code:: + + export PATH="/opt/homebrew/opt/python/libexec/bin:$PATH" + + **On Windows:** + + .. code:: + + <TODO> + +.. note:: + To retrieve the source code from the project repositories, users will need to + download a release or pull the source code with their favourite Version + Control System (git or Mercurial). Installing a VCS is not necessary to build + an NSS release when downloaded as a compressed archive. + + By default Mozilla uses a Mercurial repository for NSS. If you whish to + contribute to NSS and use ``git`` instead of Mercurial, we encourage you to + install `git-cinnabar <https://github.com/glandium/git-cinnabar>`__. + +.. + `Windows <#windows>`__ + ~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + NSS compilation on Windows uses the same shared build system as Mozilla + Firefox. You must first install the `Windows Prerequisites + <https://firefox-source-docs.mozilla.org/setup/windows_build.html>`__, + including **MozillaBuild**. + + You can also build NSS on the Windows Subsystem for Linux, but the resulting binaries aren't + usable by other Windows applications. + +.. _get_the_source: + +`Source code <#get_the_source>`__ +--------------------------------- + +.. container:: + + NSS and NSPR use Mercurial for source control like other Mozilla projects. To + check out the latest sources for NSS and NSPR--which may not be part of a + stable release--use the following commands: + + .. code:: + + hg clone https://hg.mozilla.org/projects/nspr + hg clone https://hg.mozilla.org/projects/nss + + + **To get the source of a specific release, see:** + ref:`mozilla_projects_nss_releases` **.** + + To download the source using ``git-cinnabar`` instead: + + .. code:: + + git clone hg::https://hg.mozilla.org/projects/nspr + git clone hg::https://hg.mozilla.org/projects/nss + + +`Build with gyp and ninja <#build>`__ +------------------------------------- + +.. container:: + + Build NSS and NSPR using our build script from the ``nss`` directory: + + .. code:: + + cd nss + ./build.sh + + This builds both NSPR and NSS in a parent directory called ``dist``. + + Build options are available for this script: ``-o`` will build in **Release** + mode instead of the **Debug** mode and ``-c`` will **clean** the ``dist`` + directory before the build. + + Other build options can be displayed by running ``./build.sh --help`` + +.. _build_with_make: + +`Build with make <#build_with_make>`__ +-------------------------------------- + +.. container:: + + Alternatively, there is a ``make`` target, which produces a similar + result. This supports some alternative options, but can be a lot slower. + + .. code:: + + USE_64=1 make -j + + The make-based build system for NSS uses a variety of variables to control + the build. Below are some of the variables, along with possible values they + may be set to. + +.. csv-table:: + :header: "BUILD_OPT", "" + :widths: 10,50 + + "0", "Build a debug (non-optimized) version of NSS. **This is the default.**" + "1", "Build an optimized (non-debug) version of NSS." + +.. csv-table:: + :header: "USE_64", "" + :widths: 10,50 + + "0", "Build for a 32-bit environment/ABI. **This is the default.**" + "1", "Build for a 64-bit environment/ABI. *This is recommended.*" + +.. csv-table:: + :header: "USE_ASAN", "" + :widths: 10,50 + + "0", "Do not create an `AddressSanitizer + <http://clang.llvm.org/docs/AddressSanitizer.html>`__ build. **This is the default.**" + "1", "Create an AddressSanitizer build." + + +.. _unit_testing: + +`Unit testing <#unit_testing>`__ +-------------------------------- + +.. container:: + + NSS contains extensive unit tests. Scripts to run these are found in the ``tests`` directory. + Run the standard suite by: + + .. code:: + + HOST=localhost DOMSUF=localdomain USE_64=1 ./tests/all.sh + +.. _unit_test_configuration: + +`Unit test configuration <#unit_test_configuration>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + NSS tests are configured using environment variables. + The scripts will attempt to infer values for ``HOST`` and ``DOMSUF``, but + can fail. Replace ``localhost`` and ``localdomain`` with the hostname and + domain suffix for your host. You need to be able to connect to + ``$HOST.$DOMSUF``. + + If you don't have a domain suffix you can add an entry to ``/etc/hosts`` (on + Windows,\ ``c:\Windows\System32\drivers\etc\hosts``) as follows: + + .. code:: + + 127.0.0.1 localhost.localdomain + + Validate this opening a command shell and typing: ``ping localhost.localdomain``. + + Remove the ``USE_64=1`` override if using a 32-bit build. + +.. _test_results: + +`Test results <#test_results>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Running all tests can take a considerable amount of time. + + Test output is stored in ``tests_results/security/$HOST.$NUMBER/``. The file + ``results.html`` summarizes the results, ``output.log`` captures all the test + output. + + Other subdirectories of ``nss/tests`` contain scripts that run a subset of + the full suite. Those can be run directly instead of ``all.sh``, which might + save some time at the cost of coverage. |