Custom Building NSS Lib for Mozilla Products

Mozilla in their great wisdom doesn't build their utility (addbuiltin) for adding extra root certificates when they build their main binaries (firefox/thunderbird) so you will need to do this prior to rebuilding libnss...

Step 1, getting the libnss source code: 

wget ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_10_RTM/src/nss-3.10.tar.gz
wget ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.6/src/nspr-4.6.tar.gz

Next extract both tar balls: 

cd /usr/src
tar xzvf nss-3.10.tar.gz
tar xzvf nspr-4.6.tar.gz

You'll also need to more the nspr source tree into nss directory: 

mv nspr-4.6/mozilla/nsprpub nss-3.10/mozilla/

Finally to build things you will need to do run make commands: 

cd nss-3.10/mozilla/security/nss
make nss_build_all
cd cmd/addbuiltin
make

To run addbuiltin without installing mozilla libs you will need to do the following: 

echo /usr/src/nss-3.10/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/lib >> /etc/ld.so.conf
ldconfig
cp -a Linux2.6_x86_glibc_PTH_DBG.OBJ/addbuiltin /usr/bin

Download a copy of the CAcert root certificate in DER format only. Then run the addbuiltin program that comes with NSS code: 

addbuiltin -n "CAcert Inc." -t "CT,C,C" < CAcert.der >> certdata.txt

This will append the our root certificate to: 

nss-3.9.2/mozilla/security/nss/lib/ckfw/builtins/certdata.txt

Then you need to run: (make sure you are in the mozilla/security/nss/lib/ckfw/builtins directory) 

make generate

Then build NSS. The end result is in a new libnssckbi library, which depending on your architecture will end up in a file like: 

nss-3.9.2/mozilla/security/nss/lib/ckfw/builtins/Darwin7.8.0_OPT.OBJ/libnssckbi.dylib

Debian/Ubuntu Specific Notes

You need to grab a few packages on a fresh install: 

apt-get -y install build-essential zip

NSSLib (last edited 2008-05-22 22:16:46 by anonymous)