Hacking NSS: Difference between revisions
(updates) |
(working process on f32) |
||
Line 13: | Line 13: | ||
Below are notes on building the latest Fedora RPM on the build machine. | Below are notes on building the latest Fedora RPM on the build machine. | ||
=== Build Custom NSS RPM === | === Build Custom NSS RPM ... === | ||
==== ... using <tt>fedpkg local</tt> and | ==== ... using <tt>fedpkg local</tt> and a KVM ==== | ||
Here, we use the <tt>build</tt> machine (it has lots of memory and network access) and the 9p mounted directory <tt>/pool</tt> (aka <tt>$(KVM_POOLDIR)</tt>, but /testing and /root should also work). Just remember that any changes to build aren't permanent, we'll get to that later. | |||
First lets set things up: | |||
$ ./kvm sh build | $ ./kvm sh build | ||
build# cd /pool | |||
build# dnf install -y fedpkg | |||
# dnf install -y fedpkg | build# cat /etc/fedora-release | ||
# | Fedora release 32 (Thirty Two) | ||
build# fedpkg clone --branch f32 --anonymous nss | |||
build# cd nss | |||
build# dnf builddep nss | |||
# | |||
Next is to hack <tt>xmlto</tt> so that it doesn't try to preserve permissions when copying files within the 9p file system (remember, <tt>./kvm uninstall install</tt> will wipe this): | |||
build# sed -i -e 's/ -p / /' \ | |||
/usr/share/xmlto/format/docbook/man \ | |||
/usr/share/xmlto/format/docbook/html | |||
optionally, hobble tests during the build: | |||
build# sed -i -e 's/bcond_without tests/bcond_with tests/' nss.spec | |||
finally build (something better?): | |||
build# fedpkg local --without tests: | |||
or: | |||
build# fedpkg prep --without tests | |||
build# fedpkg compile --short-circuit --without tests | |||
==== ... using <tt>fedpkg mock</tt> and the Fedora host ==== | ==== ... using <tt>fedpkg mock</tt> and the Fedora host ==== |
Revision as of 19:26, 27 October 2021
Using NSS from Pluto
use lsw_nss_error*() to report errors
It includes both the error symbol name and the error message (the former is really useful when reading the code^D^D^D^D documentation when tracking down why the error was returned).
Debugging NSS
Linking libreswan against a custom NSS build
Building and Installing a Custom NSS RPMs
Below are notes on building the latest Fedora RPM on the build machine.
Build Custom NSS RPM ...
... using fedpkg local and a KVM
Here, we use the build machine (it has lots of memory and network access) and the 9p mounted directory /pool (aka $(KVM_POOLDIR), but /testing and /root should also work). Just remember that any changes to build aren't permanent, we'll get to that later.
First lets set things up:
$ ./kvm sh build build# cd /pool build# dnf install -y fedpkg build# cat /etc/fedora-release Fedora release 32 (Thirty Two) build# fedpkg clone --branch f32 --anonymous nss build# cd nss build# dnf builddep nss
Next is to hack xmlto so that it doesn't try to preserve permissions when copying files within the 9p file system (remember, ./kvm uninstall install will wipe this):
build# sed -i -e 's/ -p / /' \ /usr/share/xmlto/format/docbook/man \ /usr/share/xmlto/format/docbook/html
optionally, hobble tests during the build:
build# sed -i -e 's/bcond_without tests/bcond_with tests/' nss.spec
finally build (something better?):
build# fedpkg local --without tests:
or:
build# fedpkg prep --without tests build# fedpkg compile --short-circuit --without tests
... using fedpkg mock and the Fedora host
Hmm, something goes here!
fedpkg mock-config fedpkg mockbuild
Making the Custom NSS RPs Stick
Distribute Custom NSS RPMs
For legal reasons, tar up both the .rpm and .srpm files into a single archive and make that available - it forces whoever is using the RPMs to also download the sources.