Mozilla

• Roadmap
• Projects
• Coding
  • Module Owners
  • Hacking
  • Get the Source
  • Build It
• Testing
  • Releases
  • Nightly Builds
  • Report A Problem
• Tools
  • Bugzilla
  • Tinderbox
  • Bonsai
  • LXR
• FAQs

Build Instructions for NSS 3.2 Release

Newsgroup: mozilla.dev.tech.crypto
Main technical contact: Ian McGreer
Manager: Wan-Teh Chang

The instructions that follow describe how to build the standalone NSS libraries (including a new implementation of RSA) without the BSAFE library. These instructions have been tested on Unix and Windows. They will be updated as testing proceeds on other platforms.

For detailed information about the NSS 3.2 release, see NSS 3.2 Release Notes.

To build NSS with the RSA BSAFE Crypto-C library, first follow the instructions at Build Instructions for NSS Using RSA BSAFE Crypto-C, then continue with the instructions on this page.

Important: Before you build NSS, you should be familiar with the Mozilla CVS system; see source code via CVS for details.

Perl Version:You must be using Perl 5.004 or greater for the instructions given here to work correctly.

NSPR Version: NSS 3.2 is compatible with NSPR 4.0.1 or higher. We recommend using NSPR 4.1, as shown in the build instructions below. However, it's possible to use other NSPR tags, such as NSPRPUB_RELEASE_4_0_1 or NSPRPUB_CLIENT_BRANCH.

Unix Build Instructions
Windows Build Instructions
Basic Tests

---

Unix Build Instructions

The following procedure performs a debug build using the GNU C compiler (gcc). See the notes that follow on how to generate an optimized build or choose a native compiler.

To build NSS and the necessary components from Mozilla on Unix/Linux without pulling and configuring the entire Mozilla source tree, follow these steps:

Note: Before building NSS 3.2, make sure that the MOZILLA_CLIENT environment variable is not defined.

1. setenv CVSROOT :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
   
   
2. cvs login
   At the password prompt, type anonymous
   
   
3. cvs co -r NSS_3_2_RTM mozilla/client.mk
   
   
4. cd mozilla
   
   
5. gmake -f client.mk pull_all BUILD_MODULES=dbm MOZ_CO_TAG=NSS_3_2_RTM NSPR_CO_TAG=NSPRPUB_RELEASE_4_1
   This step pulls NSPR and dbm (the modules that NSS requires).
   
   
6. For Linux only:
   
   ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm --disable-elf-dynstr-gc
   
   For the following platforms, only the native compiler is supported, requiring the following modifications:
   • Solaris:
     
     env CC=cc CXX=CC ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
     
     
   • AIX:
     
     env CC=xlC_r CXX=xlC_r ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
     
     
   • HP-UX:
     
     env CC=cc CXX=aCC ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
     
     
   • OSF1:
     
     env CC=cc CXX=cxx ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm
   If you get an error after this step, try again with the additional option --disable-pedantic.
   
   
7. gmake
   Builds NSPR and dbm.
   
   
8. cd ..
   
   
9. cvs co -r NSS_3_2_RTM mozilla/security/coreconf mozilla/security/nss
   Pulls the NSS module with the CVS tag for the NSS 3.2 release.
   
   
10. cd mozilla/security/coreconf
    
    
11. gmake
    Builds nsinstall, which is used by the NSS build system.
    
    
12. cd ../nss
    
    
13. gmake moz_import
    Tells NSS where to find the NSPR and dbm header files and libraries.
    
    
14. gmake
    Builds NSS.

Generating an Optimized Build

The above procedure generates a debug build (the default). To perform an optimized build, modify the procedure as follows:

• In step 6, add these options to the configure script command line:
  
  --disable-debug --enable-optimize
  
  
• Before step 11, do this:
  
  setenv BUILD_OPT 1

Choosing a Compiler

By default, mozilla's configure script uses the GNU C compiler (gcc) while NSS uses the native C amd C++ compilers. NSS does not support GCC at all except for Linux.

If you would like to add GCC support for a particular platform, let us know. In this case you need to run mozilla's configure script without the added environment variable, as follows:

./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm

Also, before Step 10 above you must specify GCC as the compiler again by setting the following environment variables:

setenv NS_USE_GCC 1
setenv NO_MDUPDATE 1

If you use the native compilers, you don't need to do anything with NSS, but you need to tell Mozilla's configure script the names of the native compilers. Step 6 above shows some examples. By setting the environment for the configure script with the command env, you override the CC and CXX variables as follows:

env CC=cc CXX=CC ./configure --without-gtk --without-libIDL --without-x --enable-modules=dbm

---

Windows Build Instructions

The Windows build procedure requires the following tools:

• MASM (ml.exe).
  Make sure you have you have Visual C++ Pro. If you have the standard version, these instructions might not work.
  1. If you're not sure you have Service Pack 5 already installed, go to http://msdn.microsoft.com/vstudio/sp/vs6sp5/full.asp?id=01 and install it anyway.
  2. Then go to http://msdn.microsoft.com/vstudio/downloads/ppack/download.asp and click on the link to download the VCPP for Service Pack 5.
  This will put ml.exe into the directory where all the your orther command line compile executables live.
  It the above information doesn't work for you, there is more information about pc tools available at http://www.easystreet.com/~jkirwan/pctools.html

To build NSS and the necessary components from Mozilla on Windows, make sure you have the tools listed above installed in your system, and follow these steps:

Note: Before building NSS 3.2, make sure that the MOZILLA_CLIENT environment variable is not defined.

1. Set up the environment variables as described in the section "Set Up the Build Environment" of Building Mozilla on Microsoft Windows 32-bit platforms.
   
   
2. Set CVSROOT.
   set CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
   
   
3. Log into CVS.
   cvs login
   At the password prompt, type anonymous
   
   
4. Set the environment variables that control the kind of build:
   
   • set OS_TARGET=WIN95
     
     
   • NSS and the Mozilla dbm have different build options for indicating whether you want to generate a debug or optimized build. Therefore, the outcome depends on the way you combine several variables.
     
     In the following table, RTL stands for the C run-time library of MSVC, "debug RTL" corresponds to the /MDd compiler option, and "release RTL" corresponds to the /MD compiler option. To achieve the result shown in the left column, you must set the environment variables as shown in both the other columns of the same row.
     
     

     Build type	Mozillas dbm	NSS
     Debug, debug RTL	set MOZ_DEBUG=1	set USE_DEBUG_RTL=1
     Debug, release RTL	set MOZ_DEBUG=1 set MOZ_NO_DEBUG_RTL=1	None
     Optimized (release RTL)	None	set BUILD_OPT=1

5. Pull the following files (mozilla/config contains shared makefiles, mozilla/nsprpub is a module that dbm depends on, and mozilla/dbm is the dbm module itself):
   
   cvs co -r NSS_3_2_RTM mozilla/config
   cvs co -r NSPRPUB_RELEASE_4_1 mozilla/nsprpub
   cvs co -r NSS_3_2_RTM mozilla/dbm
   
   
6. Build NSPR and then dbm:
   
   cd mozilla\nsprpub
   nmake /f makefile.win
   cd ..\dbm
   nmake /f makefile.win
   
   
7. Pull the NSS module with the CVS tag for the NSS 3.2 release:
   
   cd ..\..
   cvs co -r NSS_3_2_RTM mozilla/security/coreconf mozilla/security/nss
   
   
8. cd mozilla\security\nss
   Note: It's not necessary to build nsinstall on Windows.
   
   
9. gmake moz_import
   Tells NSS where to find the NSPR and dbm header files and libraries.
   
   
10. gmake
    Builds NSS.

---

Basic Tests

Once you have successfully built NSS, follow these steps to test the core functionality of the certutil tool and the setup and use of a basic SSL connection:

1. Build NSS as described above and make sure that mozilla/dist/$(OBJDIR)/lib is in your shared library search path, which is specified by the LD_LIBRARY_PATH environment variable on most Unix platforms, by SHLIB_PATH on HP-UX, by LIBPATH on AIX, and by PATH on Windows.
   
   
2. cd mozilla/security/nss/cmd/SSLsample
   
   
3. gmake
   
   
4. To create an SSL server certificate, you will need to include the host and domain names of the host you want to run the server on. For example, if your machine name is myhost.domain.com, you would set the two variables as follows:
   
   setenv HOSTNAME myhost (on UNIX this is most likely set already)
   setenv MYDOMAIN domain.com
   
   These variables must be set correctly for your SSL server to work.
   
   
5. sh gencerts
   gencerts is a shell script that will generate a CA certificate, an SSL server certificate, and an SSL client certificate.
   
   
6. You are now ready to run the sample SSL server. This is a sample command line:
   
   server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
   
   
7. You can now connect to the server with client processes. This is a sample command line:
   
   client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 myhost.domain.com

For instructions on running more extensive NSS tests, see NSS Test Suite.

---