Re: the Seamonkey has left the building
On 10.11.2013 17:59, Andrea Pescetti wrote: On 08/11/2013 Herbert Duerr wrote: As discussed in the thread AOO Security Features without Mozilla I removed the dependency on the ancient Seamonkey-1.1 binaries and use the NSS libraries (Network Security Services) instead. This major rework has been integrated into trunk now. Thank you! This makes two pending blog posts from you, right? Just joking... but it would be nice that the innovation coming in OpenOffice gets appropriate coverage. It certainly was important work. Like the work of a rodent control specialist who solves the problem of rats gnawing people's flesh of their bones while they sleep. Advertising that there even was the need for such a solution is not a good idea IMHO. The sooner that abomination is forgotten the better... I respect the former colleagues that introduced it very much but I never liked that particular approach which was probably a result of a steamroller is really good for cracking nuts and the grass is always greener on the other side of the fence. By the way, I incorporated your notes from that thread into https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1+Release+Notes Thanks! If you are working on trunk you'll notice that the moz module and the configure switch named --disable-mozilla is gone. Yes, but the build is now broken on the Fedora 19 machine that I use for building trunk from time to time. Note that this does not necessarily depend on your changes, but maybe some conflict is triggered. I did a completely clean build. The nss module is built cleanly (warnings aside). Then I see warnings/errors like: Making:idlc ... /lib64/libcrypt.so.1: undefined reference to `NSSLOWHASH_End@NSSRAWHASH_3.12.3' Darn. Major reworks always require some polishing. Maybe adapting the change [1] the Mozilla guys did to make it work on Fedora helps us too? [1] https://bugzilla.mozilla.org/attachment.cgi?id=589009action=diff Please try this patch and rebuild from nss: --- main/nss/makefile.mk +++ main/nss/makefile.mk @@ -88,7 +88,7 @@ BUILD_DIR=mozilla$/security$/nss BUILD_ACTION= $(GNUMAKE) nss_build_all #See #i105566# moz#513024# .IF $(OS)==LINUX -BUILD_ACTION+=FREEBL_NO_DEPEND=1 +BUILD_ACTION+=FREEBL_NO_DEPEND=1 FREEBL_LOWHASH=1 PATCH_FILES+=nss_linux.patch .ENDIF Herbert - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
A followup to my earlier mail: Please try this patch and rebuild from nss: --- main/nss/makefile.mk +++ main/nss/makefile.mk @@ -88,7 +88,7 @@ BUILD_DIR=mozilla$/security$/nss BUILD_ACTION= $(GNUMAKE) nss_build_all #See #i105566# moz#513024# .IF $(OS)==LINUX -BUILD_ACTION+=FREEBL_NO_DEPEND=1 +BUILD_ACTION+=FREEBL_NO_DEPEND=1 FREEBL_LOWHASH=1 PATCH_FILES+=nss_linux.patch .ENDIF On a virtual test system the problem could be reproduced and the patch I suggested works. I already committed it as r1540693 so trunk should build now also on such systems. Herbert - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
Herbert Duerr wrote: On a virtual test system the problem could be reproduced and the patch I suggested works. I already committed it as r1540693 so trunk should build now also on such systems. Indeed it does, thank you Herbert! Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
On 08/11/2013 Herbert Duerr wrote: As discussed in the thread AOO Security Features without Mozilla I removed the dependency on the ancient Seamonkey-1.1 binaries and use the NSS libraries (Network Security Services) instead. This major rework has been integrated into trunk now. Thank you! This makes two pending blog posts from you, right? Just joking... but it would be nice that the innovation coming in OpenOffice gets appropriate coverage. By the way, I incorporated your notes from that thread into https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1+Release+Notes If you are working on trunk you'll notice that the moz module and the configure switch named --disable-mozilla is gone. Yes, but the build is now broken on the Fedora 19 machine that I use for building trunk from time to time. Note that this does not necessarily depend on your changes, but maybe some conflict is triggered. I did a completely clean build. The nss module is built cleanly (warnings aside). Then I see warnings/errors like: Making:idlc ... /lib64/libcrypt.so.1: undefined reference to `NSSLOWHASH_End@NSSRAWHASH_3.12.3' /lib64/libcrypt.so.1: undefined reference to `NSSLOWHASH_NewContext@NSSRAWHASH_3.12.3' /lib64/libcrypt.so.1: undefined reference to `NSSLOWHASH_Update@NSSRAWHASH_3.12.3' /lib64/libcrypt.so.1: undefined reference to `NSSLOW_Init@NSSRAWHASH_3.12.3' /lib64/libcrypt.so.1: undefined reference to `NSSLOWHASH_Destroy@NSSRAWHASH_3.12.3' /lib64/libcrypt.so.1: undefined reference to `NSSLOW_Shutdown@NSSRAWHASH_3.12.3' /lib64/libcrypt.so.1: undefined reference to `NSSLOWHASH_Begin@NSSRAWHASH_3.12.3' ... Module 'idlc' delivered successfully. 2 files copied, 2 files unchanged and = Building module udkapi = ... .../main/solver/410/unxlngx6.pro/bin/idlc: .../main/solver/410/unxlngx6.pro/lib/libfreebl3.so: version `NSSRAWHASH_3.12.3' not found (required by /lib64/libcrypt.so.1) dmake: Error code 1, while making '../../../../unxlngx6.pro/ucr/cssuno.db' Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
Hi Herbert, On 08.11.2013 13:18, Herbert Duerr wrote: As discussed in the thread AOO Security Features without Mozilla I removed the dependency on the ancient Seamonkey-1.1 binaries and use the NSS libraries (Network Security Services) instead. This major rework has been integrated into trunk now. If you are working on trunk you'll notice that the moz module and the configure switch named --disable-mozilla is gone. This switch was sometimes used to build Apache OpenOffice without security services. If you want to continue building without security services please use the --disable-nss-module instead. Whether such an insecure AOO build is something to aim for is dubious though, especially since the biggest hurdles to enable this functionality have been removed which were: - building the Seamonkey-1.1 using special old compiler versions - providing zip-archives of such prebuilt Seamonkey-1.1 binaries are no longer needed. Good riddance. Yippie! Congrats! If you are working on Windows then you'll notice that the --with-mozilla-build option is still there as NSS being part of the Mozilla project needs the Mozilla build environment. If you object to install the Mozilla build environment then you couldn't build the moz+nss modules on Windows then and cannot build nss on Windows now. Please use the --disable-nss-module or the --disable-category-B switches if providing the Mozilla build environment for NSS is out of the question. Is there a way to get around this...? Maybe nss can be 'replaced' somehow...? As shown in the earlier thread on this topic the address books provided via the old Seamonkey binaries were quite bit-rotten and often didn't work on modern systems. There is a good chance that their successors will be ready for AOO 4.1 and solve most current problems. Volunteers who'd like to dive right into AOO's SDBC subsytem and write drivers for Mork, LDAP or MAB address book formats are welcome. Especially power users of the older implementations who suffered their shortcomings may find this chance interesting. With the Seamonkey-1.1 compatibility requirement removed it was now also possible to do an overdue update of the security critical NSS libraries to their latest released version. Thanks to Pedro for his initial patch on the platform-independent part of the library update. Herbert - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
On 11/8/13 1:18 PM, Herbert Duerr wrote: As discussed in the thread AOO Security Features without Mozilla I removed the dependency on the ancient Seamonkey-1.1 binaries and use the NSS libraries (Network Security Services) instead. This major rework has been integrated into trunk now. If you are working on trunk you'll notice that the moz module and the configure switch named --disable-mozilla is gone. This switch was sometimes used to build Apache OpenOffice without security services. If you want to continue building without security services please use the --disable-nss-module instead. Whether such an insecure AOO build is something to aim for is dubious though, especially since the biggest hurdles to enable this functionality have been removed which were: - building the Seamonkey-1.1 using special old compiler versions - providing zip-archives of such prebuilt Seamonkey-1.1 binaries are no longer needed. Good riddance. If you are working on Windows then you'll notice that the --with-mozilla-build option is still there as NSS being part of the Mozilla project needs the Mozilla build environment. If you object to install the Mozilla build environment then you couldn't build the moz+nss modules on Windows then and cannot build nss on Windows now. Please use the --disable-nss-module or the --disable-category-B switches if providing the Mozilla build environment for NSS is out of the question. As shown in the earlier thread on this topic the address books provided via the old Seamonkey binaries were quite bit-rotten and often didn't work on modern systems. There is a good chance that their successors will be ready for AOO 4.1 and solve most current problems. Volunteers who'd like to dive right into AOO's SDBC subsytem and write drivers for Mork, LDAP or MAB address book formats are welcome. Especially power users of the older implementations who suffered their shortcomings may find this chance interesting. With the Seamonkey-1.1 compatibility requirement removed it was now also possible to do an overdue update of the security critical NSS libraries to their latest released version. Thanks to Pedro for his initial patch on the platform-independent part of the library update. thanks Herbert for the update, this are good news ... A further good step would be to get rid of nss and use openssl instead and use the system certificate stores on the different platforms. If I understand it correct that is the main advantage of nss, it has it's own certificate store. But anyway very good news and a further step in the right direction. Maybe some other volunteers are interested or already have knowledge how to use the system cert store and can help ... Juergen - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
On 08.11.2013 13:39, Armin Le Grand wrote: On 08.11.2013 13:18, Herbert Duerr wrote: [...] If you are working on Windows then you'll notice that the --with-mozilla-build option is still there as NSS being part of the Mozilla project needs the Mozilla build environment. If you object to install the Mozilla build environment then you couldn't build the moz+nss modules on Windows then and cannot build nss on Windows now. Please use the --disable-nss-module or the --disable-category-B switches if providing the Mozilla build environment for NSS is out of the question. Is there a way to get around this...? Maybe nss can be 'replaced' somehow...? There are several libraries that could be alternatives, please see [1] for an overview. Evaluating the viability of them for replacing the individual aspects of NSS that are used in AOO could be an interesting task for volunteers. [1] http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Regarding the requirement of having the mozilla build environment for building NSS on Windows: I don't think NSS needs much of that tooling. They require this MingW based environment like we depend on our Cygwin based environment. NSS could certainly be rewritten to use cygwin too. But is it worth the trouble? Downloading MozBuildSetup [2] and running it is not much of an effort and it has the great benefit that we can then consume the source releases of NSS almost directly. The alternative of rewriting NSS for our cygwin environment would be much more intrusive than what is recommended for a category-B licensed library. [2] http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32 Herbert - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
On 8 November 2013 14:09, Herbert Duerr h...@apache.org wrote: On 08.11.2013 13:39, Armin Le Grand wrote: On 08.11.2013 13:18, Herbert Duerr wrote: [...] If you are working on Windows then you'll notice that the --with-mozilla-build option is still there as NSS being part of the Mozilla project needs the Mozilla build environment. If you object to install the Mozilla build environment then you couldn't build the moz+nss modules on Windows then and cannot build nss on Windows now. Please use the --disable-nss-module or the --disable-category-B switches if providing the Mozilla build environment for NSS is out of the question. Is there a way to get around this...? Maybe nss can be 'replaced' somehow...? There are several libraries that could be alternatives, please see [1] for an overview. Evaluating the viability of them for replacing the individual aspects of NSS that are used in AOO could be an interesting task for volunteers. [1] http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations Regarding the requirement of having the mozilla build environment for building NSS on Windows: I don't think NSS needs much of that tooling. They require this MingW based environment like we depend on our Cygwin based environment. NSS could certainly be rewritten to use cygwin too. But is it worth the trouble? Downloading MozBuildSetup [2] and running it is not much of an effort and it has the great benefit that we can then consume the source releases of NSS almost directly. The alternative of rewriting NSS for our cygwin environment would be much more intrusive than what is recommended for a category-B licensed library. Especially considering we have ongoing efforts to remove cygwin, and use visual studio directly. rgds jan I. [2] http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32 Herbert - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: the Seamonkey has left the building
Thats great news. Thanks for doing the effort. :-) Marcus Am 11/08/2013 01:18 PM, schrieb Herbert Duerr: As discussed in the thread AOO Security Features without Mozilla I removed the dependency on the ancient Seamonkey-1.1 binaries and use the NSS libraries (Network Security Services) instead. This major rework has been integrated into trunk now. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
