Hacking NSS

From Libreswan
Revision as of 21:11, 26 October 2021 by Andrew Cagney (talk | contribs) (fill in the rpm section)
Jump to navigation Jump to search

Using NSS from Pluto

use lsw_nss_error*() to report errors

It includes both the error symbol name and the error message (the former is really useful when reading the code^D^D^D^D documentation when tracking down why the error was returned).

Debugging NSS

Linking libreswan against a custom NSS build

Building and Installing a Custom NSS RPMs

Below are notes on building the latest Fedora RPM on the build machine.

Build Custom NSS RPM

... using fedpkg local and the build machine

log into the build machine:

$ ./kvm sh build

install fedpkg (if not already):

# dnf install -y fedpkg

pick somewhere to build (here I'm using /pool aka KVM_POOLDIR, but /testing and /root should all work) and download:

# cd /pool
# fedpkg clone --anonymous nss
# cd nss

In theory, all that's left is install the dependencies and kick off the build. Unfortunately, not so easy: - disable tests (so --without tests isn't needed) - fix %[expr] which seems to be new - tone down optimization - screw around with compiler flags - ignore xmlto's exit code Here's a diff of what might need to be changed:

continuing, pull in the dependencies (something better?):

# dnf builddep nss

and build:

# fedpkg local --without tests:

or, breaking it down:

# fedpkg prep --without tests
# fedpkg compile --short-circuit --without tests

... using fedpkg mock and the Fedora host

Hmm, something goes here!

fedpkg mock-config
fedpkg mockbuild

Install Custom NSS RPMs

Distribute Custom NSS RPMs

For legal reasons, tar up both the .rpm and .srpm files into a single archive and make that available - it forces whoever is using the RPMs to also download the sources.