nss: add nss-tools a pre-req for libreswan

The Network Security Services (NSS) package is a set of libraries designed
to support cross-platform development of security-enabled client and server
applications. Applications built with NSS can support SSL v2 and v3, TLS,
PKCS openwrt#5, PKCS openwrt#7, PKCS openwrt#11, PKCS openwrt#12, S/MIME, X.509 v3 certificates, and
other security standards. This is useful for implementing SSL and S/MIME
or other Internet security standards into an application.

Signed-off-by: Lucian Cristian <[email protected]>

libs/nss/Makefile

@@ -0,0 +1,135 @@
+#
+# Copyright (C) 2019 Lucian Cristian
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nss
+PKG_VERSION:=3.43
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Lucian Cristian <[email protected]>
+PKG_LICENCE:=MPL-2.0
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= \
+    https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \
+    https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src
+PKG_HASH:=f30bc1b7330887b75de9fec37dbc173001758dc43fb095ffbc45dac4093fe2ca
+
+PKG_BUILD_PARALLEL:=0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libnss
+  SECTION:=libs
+  SUBMENU:=SSL
+  CATEGORY:=Libraries
+  TITLE:=Mozilla's SSL and TLS implementation
+  URL:=http://www.mozilla.org/projects/security/pki/nss/
+  DEPENDS:=+libpthread +librt +libsqlite3 +nspr
+endef
+
+define Package/nss-utils
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Mozilla's SSL and TLS implementation itilities
+  URL:=http://www.mozilla.org/projects/security/pki/nss/
+  DEPENDS:=+libnss
+endef
+
+define Package/libnss/description
+  Network Security Services (NSS) is a set of libraries designed to support 
+  cross-platform development of security-enabled client and server applications.
+  Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
+  PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
+endef
+
+CONFIGURE_PATH = ./nss
+MAKE_PATH = ./nss
+
+LBITS = $(shell $(TARGET_CC) -dM -E - </dev/null | grep -q "__LP64__" && echo 64 || echo 32)
+ifeq ($(LBITS),64)
+	export USE_64=1
+endif
+
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
+export CROSS_COMPILE=1
+export BUILD_OPT=1
+export NATIVE_CC=$(HOSTCC)
+export NATIVE_FLAGS=$(HOST_CFLAGS)
+export NSS_ENABLE_WERROR=0
+export NSS_DISABLE_GTESTS=1
+export NSS_USE_SYSTEM_SQLITE=1
+export OS_TARGET=Linux
+export OS_ARCH=Linux
+export OS_TEST=$(ARCH)
+export CPU_ARCH=$(ARCH)
+export NSPR_INCLUDE_DIR=$(STAGING_DIR)/usr/include/nspr
+export SEED_ONLY_DEV_URANDOM=1
+export OS_REL_CFLAGS=$(TARGET_CFLAGS)
+export NS_USE_GCC=1
+#size optimisation, seems to not impact speed 
+export NSS_DISABLE_DBM=1
+export NSS_PKIX_NO_LDAP=1
+export ALLOW_OPT_CODE_SIZE=1
+export OPT_CODE_SIZE=1
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	USE_NATIVE=1 OS_REL_CFLAGS="$(HOST_CFLAGS)" LDFLAGS="$(HOST_LDFLAGS)" CC="$(HOSTCC)" \
+	    $(MAKE) -C $(PKG_BUILD_DIR)/nss/coreconf/nsinstall
+#	$(if $(CONFIG_LIBC_USE_GLIBC),, \
+#		$(SED) '/-DHAVE_SYS_CDEFS_H/d' $(PKG_BUILD_DIR)/nss/lib/dbm/config/config.mk)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) \
+	 $(1)/usr/include/nss \
+	 $(1)/usr/lib \
+	 $(1)/usr/lib/pkgconfig
+	$(FIND) $(PKG_BUILD_DIR)/nss  -type f -name *.h \
+	    -exec $(CP) -a {} $(1)/usr/include/nss/ \;
+	$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.so \
+	    -exec $(CP) -a {} $(1)/usr/lib/ \;
+	$(FIND) $(PKG_BUILD_DIR)/nss -type f -name *.pc \
+	    -exec $(CP) -a {} $(1)/usr/lib/pkgconfig/ \;
+endef
+
+define Package/libnss/conffiles
+/etc/pki/nssdb
+endef
+
+define Package/nss-utils/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/bin
+	$(CP) $(PKG_BUILD_DIR)/nss/cmd/certutil/build_dir/certutil $(1)/usr/bin
+	$(CP) $(PKG_BUILD_DIR)/nss/cmd/pk12util/build_dir/pk12util $(1)/usr/bin
+endef
+
+#for now pack only libreswan needed libs
+define Package/libnss/install
+	$(INSTALL_DIR) \
+	 $(1)/usr/lib \
+	 $(1)/etc/pki/nssdb \
+	 $(1)/etc/ipsec.d
+
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/nss/build_dir/libnss3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/smime/build_dir/libsmime3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/ssl/build_dir/libssl3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/util/build_dir/libnssutil3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/softoken/build_dir/libsoftokn3.so $(1)/usr/lib/
+	$(CP) $(PKG_BUILD_DIR)/nss/lib/freebl/build_dir/$(OS_TARGET)_SINGLE_SHLIB/libfreeblpriv3.so $(1)/usr/lib/
+#	Pprovide databases with a blank certificate
+	$(CP)	./files/blank-cert9.db $(1)/etc/pki/nssdb/cert9.db
+	$(CP)	./files/blank-key4.db $(1)/etc/pki/nssdb/key4.db
+	$(CP)	./files/system-pkcs11.txt $(1)/etc/pki/nssdb/pkcs11.txt
+	ln -s /etc/pki/nssdb/cert9.db $(1)/etc/ipsec.d/cert9.db
+	ln -s /etc/pki/nssdb/key4.db $(1)/etc/ipsec.d/key4.db
+	ln -s /etc/pki/nssdb/pkcs11.txt $(1)/etc/ipsec.d/pkcs11.txt
+endef
+
+$(eval $(call BuildPackage,nss-utils))
+$(eval $(call BuildPackage,libnss))

libs/nss/files/system-pkcs11.txt

@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+

libs/nss/patches/001-nss_standalone.patch

@@ -0,0 +1,247 @@
+Submitted By:            DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
+Date:                    2016-12-27
+Initial Package Version: 3.12.4
+Upstream Status:         Not applicable
+Origin:                  Self, rediffed for nss-3.28.
+Description:             Adds auto-generated nss.pc and nss-config script, and
+                         allows building without nspr in the source tree.
+                         For 3.40.1, Requires: updated to nspr >= 4.20.
+
+diff -Naurp nss-3.28-orig/nss/Makefile nss-3.28/nss/Makefile
+--- nss-3.28-orig/nss/Makefile	2016-12-21 05:56:27.000000000 -0600
++++ nss-3.28/nss/Makefile	2016-12-26 22:24:52.695146032 -0600
+@@ -46,7 +46,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (7) Execute "local" rules. (OPTIONAL).                              #
+ #######################################################################
+
+-nss_build_all: build_nspr all latest
++nss_build_all: all latest
+
+ nss_clean_all: clobber_nspr clobber
+
+diff -Naurp nss-3.28-orig/nss/config/Makefile nss-3.28/nss/config/Makefile
+--- nss-3.28-orig/nss/config/Makefile	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.28/nss/config/Makefile	2016-12-26 22:20:40.008205774 -0600
+@@ -0,0 +1,40 @@
++CORE_DEPTH = ..
++DEPTH      = ..
++
++include $(CORE_DEPTH)/coreconf/config.mk
++
++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'`
++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'`
++PREFIX = /usr
++
++all: export libs
++
++export:
++	# Create the nss.pc file
++	mkdir -p $(DIST)/lib/pkgconfig
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@exec_prefix@,\$${prefix}," \
++	    -e "s,@libdir@,\$${prefix}/lib," \
++	    -e "s,@includedir@,\$${prefix}/include/nss," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss.pc.in > nss.pc
++	chmod 0644 nss.pc
++	ln -sf ../../../../nss/config/nss.pc $(DIST)/lib/pkgconfig
++
++	# Create the nss-config script
++	mkdir -p $(DIST)/bin
++	sed -e "s,@prefix@,$(PREFIX)," \
++	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \
++	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
++	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
++	    nss-config.in > nss-config
++	chmod 0755 nss-config
++	ln -sf ../../../nss/config/nss-config $(DIST)/bin
++
++libs:
++
++dummy: all export libs
++
+diff -Naurp nss-3.28-orig/nss/config/nss-config.in nss-3.28/nss/config/nss-config.in
+--- nss-3.28-orig/nss/config/nss-config.in	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.28/nss/config/nss-config.in	2016-12-26 22:20:40.008205774 -0600
+@@ -0,0 +1,153 @@
++#!/bin/sh
++
++prefix=@prefix@
++
++major_version=@NSS_MAJOR_VERSION@
++minor_version=@NSS_MINOR_VERSION@
++patch_version=@NSS_PATCH_VERSION@
++
++usage()
++{
++	cat <<EOF
++Usage: nss-config [OPTIONS] [LIBRARIES]
++Options:
++	[--prefix[=DIR]]
++	[--exec-prefix[=DIR]]
++	[--includedir[=DIR]]
++	[--libdir[=DIR]]
++	[--version]
++	[--libs]
++	[--cflags]
++Dynamic Libraries:
++	nss
++	nssutil
++	smime
++	ssl
++	softokn
++EOF
++	exit $1
++}
++
++if test $# -eq 0; then
++	usage 1 1>&2
++fi
++
++lib_nss=yes
++lib_nssutil=yes
++lib_smime=yes
++lib_ssl=yes
++lib_softokn=yes
++
++while test $# -gt 0; do
++  case "$1" in
++  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
++  *) optarg= ;;
++  esac
++
++  case $1 in
++    --prefix=*)
++      prefix=$optarg
++      ;;
++    --prefix)
++      echo_prefix=yes
++      ;;
++    --exec-prefix=*)
++      exec_prefix=$optarg
++      ;;
++    --exec-prefix)
++      echo_exec_prefix=yes
++      ;;
++    --includedir=*)
++      includedir=$optarg
++      ;;
++    --includedir)
++      echo_includedir=yes
++      ;;
++    --libdir=*)
++      libdir=$optarg
++      ;;
++    --libdir)
++      echo_libdir=yes
++      ;;
++    --version)
++      echo ${major_version}.${minor_version}.${patch_version}
++      ;;
++    --cflags)
++      echo_cflags=yes
++      ;;
++    --libs)
++      echo_libs=yes
++      ;;
++    nss)
++      lib_nss=yes
++      ;;
++    nssutil)
++      lib_nssutil=yes
++      ;;
++    smime)
++      lib_smime=yes
++      ;;
++    ssl)
++      lib_ssl=yes
++      ;;
++    softokn)
++      lib_softokn=yes
++      ;;
++    *)
++      usage 1 1>&2
++      ;;
++  esac
++  shift
++done
++
++# Set variables that may be dependent upon other variables
++if test -z "$exec_prefix"; then
++    exec_prefix=`pkg-config --variable=exec_prefix nss`
++fi
++if test -z "$includedir"; then
++    includedir=`pkg-config --variable=includedir nss`
++fi
++if test -z "$libdir"; then
++    libdir=`pkg-config --variable=libdir nss`
++fi
++
++if test "$echo_prefix" = "yes"; then
++    echo $prefix
++fi
++
++if test "$echo_exec_prefix" = "yes"; then
++    echo $exec_prefix
++fi
++
++if test "$echo_includedir" = "yes"; then
++    echo $includedir
++fi
++
++if test "$echo_libdir" = "yes"; then
++    echo $libdir
++fi
++
++if test "$echo_cflags" = "yes"; then
++    echo -I$includedir
++fi
++
++if test "$echo_libs" = "yes"; then
++      libdirs="-L$libdir"
++      if test -n "$lib_nss"; then
++	libdirs="$libdirs -lnss${major_version}"
++      fi
++      if test -n "$lib_nssutil"; then
++        libdirs="$libdirs -lnssutil${major_version}"
++      fi
++      if test -n "$lib_smime"; then
++	libdirs="$libdirs -lsmime${major_version}"
++      fi
++      if test -n "$lib_ssl"; then
++	libdirs="$libdirs -lssl${major_version}"
++      fi
++      if test -n "$lib_softokn"; then
++        libdirs="$libdirs -lsoftokn${major_version}"
++      fi
++      echo $libdirs
++fi      
++
+diff -Naurp nss-3.28-orig/nss/config/nss.pc.in nss-3.28/nss/config/nss.pc.in
+--- nss-3.28-orig/nss/config/nss.pc.in	1969-12-31 18:00:00.000000000 -0600
++++ nss-3.28/nss/config/nss.pc.in	2016-12-26 22:22:53.300694346 -0600
+@@ -0,0 +1,12 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: NSS
++Description: Network Security Services
++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@
++Requires: nspr >= 4.20
++Libs: -L@libdir@ -lnss@NSS_MAJOR_VERSION@ -lnssutil@NSS_MAJOR_VERSION@ -lsmime@NSS_MAJOR_VERSION@ -lssl@NSS_MAJOR_VERSION@ -lsoftokn@NSS_MAJOR_VERSION@
++Cflags: -I${includedir}
++
+diff -Naurp nss-3.28-orig/nss/manifest.mn nss-3.28/nss/manifest.mn
+--- nss-3.28-orig/nss/manifest.mn	2016-12-21 05:56:27.000000000 -0600
++++ nss-3.28/nss/manifest.mn	2016-12-26 22:24:12.278991843 -0600
+@@ -10,4 +10,4 @@ IMPORTS =	nspr20/v4.8 \
+
+ RELEASE = nss
+
+-DIRS = coreconf lib cmd cpputil gtests
++DIRS = coreconf lib cmd cpputil gtests config