Please wait for a v2, I found a mismatched dependency in ecryptfs. - Roland
On Tue, Sep 24, 2019 at 05:14:27PM +0200, Roland Hieber wrote: > Most NSS modules are only needed if any software links to them, or loads > them at runtime (e.g. as a PKCS#11 module). In extreme cases, we can > slim down the installation by more than 1 MiB, and also get rid of the > SQLite dependency. > > Qt5WebEngine and ecryptfs-utils are currently the only users of NSS, pin > down their respective sub-dependencies. > > Signed-off-by: Roland Hieber <[email protected]> > --- > rules/ecryptfs-utils.in | 2 ++ > rules/nss.in | 56 ++++++++++++++++++++++++++++++++++++++--- > rules/nss.make | 22 +++++++++------- > rules/qt5.in | 2 ++ > 4 files changed, 70 insertions(+), 12 deletions(-) > > diff --git a/rules/ecryptfs-utils.in b/rules/ecryptfs-utils.in > index 5087f79d3ca2..7ac44e11bdf3 100644 > --- a/rules/ecryptfs-utils.in > +++ b/rules/ecryptfs-utils.in > @@ -5,6 +5,8 @@ menuconfig ECRYPTFS_UTILS > prompt "ecryptfs-utils " > select KEYUTILS > select NSS > + select NSS_INSTALL_LIBSSL > + select NSS_INSTALL_LIBSMIME > select HOST_INTLTOOL > select BASH if ECRYPTFS_UTILS_TESTS > select COREUTILS if ECRYPTFS_UTILS_TESTS > diff --git a/rules/nss.in b/rules/nss.in > index 3e4a07a75404..0f44a2b7d1c8 100644 > --- a/rules/nss.in > +++ b/rules/nss.in > @@ -1,13 +1,63 @@ > ## SECTION=networking > > -config NSS > +menuconfig NSS > tristate > - prompt "nss" > + prompt "nss " > select NSPR > - select SQLITE > + select SQLITE if NSS_INSTALL_LIBSOFTOKN > help > Network Security Services (NSS) is a set of libraries designed to > support cross-platform development of security-enabled client and > server applications. Applications built with NSS can support > SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, > X.509 v3 certificates, and other security standards. > + > +if NSS > + > +config NSS_INSTALL_LIBSMIME > + bool > + prompt "install libsmime" > + default y > + help > + Install libsmime3.so, which adds about ~90 kiB to the footprint. > + > + libsmime provides functionality related to S/MIME (Cryptographic > + Message Syntax, PKCS#7) used by secure email and some instant > + messaging implementations. > + > +config NSS_INSTALL_LIBSSL > + bool > + prompt "install libssl" > + default y > + help > + Install libssl3.so, which adds about ~200 kiB to the footprint. > + > + libssl implements the Secure Sockets Layer/Transport Layer Security > + network protocols. > + > +config NSS_INSTALL_LIBNSSCKBI > + bool > + prompt "install libnssckbi" > + default y > + help > + Install libnssckbi.so, which adds about ~350 kiB to the footprint. > + > + CKBI is a PKCS#11 module which provides a set of trust anchors (Root > + CAs) and their trust assignments. > + > +config NSS_INSTALL_LIBSOFTOKN > + bool > + prompt "install libsoftokn" > + default y > + help > + Install libfreebl3.so, libfreeblpriv3.so, libsoftokn3.so, and > + libnssdbm3.so, which add about ~530 kB to the footprint, as well as an > + additional dependency on SQLite. > + > + FreeBL is a base library providing hash functions, big number > + calculations, and cryptographic algorithms. DBM is a legacy library > + providing database storage. Softoken is an NSS module that exposes > + most FreeBL functionality as a PKCS#11 module, and can make use of DBM > + or SQLite at runtime. > + > +endif > diff --git a/rules/nss.make b/rules/nss.make > index 49406fb956c7..f9f322d94179 100644 > --- a/rules/nss.make > +++ b/rules/nss.make > @@ -45,12 +45,17 @@ NSS_MAKE_ENV := \ > BUILD_OPT=1 \ > MOZILLA_CLIENT=1 \ > NS_USE_GCC=1 \ > - NSS_USE_SYSTEM_SQLITE=1 \ > NSS_ENABLE_ECC=1 \ > NSS_DISABLE_GTESTS=1 \ > NSPR_INCLUDE_DIR=$(SYSROOT)/usr/include/nspr \ > USE_64=$(call ptx/ifdef, PTXCONF_ARCH_LP64,1) > > +# unless needed, prevent an additional runtime dependency by using the > bundled, > +# statically-linked sqlite, but not installing anything that links to it > +ifndef PTXCONF_NSS_INSTALL_LIBSOFTOKN > +NSS_MAKE_ENV += NSS_USE_SYSTEM_SQLITE=1 > +endif > + > NSS_MAKE_PAR := NO > NSS_MAKE_OPT := \ > OS_ARCH=Linux \ > @@ -68,14 +73,13 @@ NSS_INSTALL_OPT := \ > NSS_LIBS := \ > libnss3 \ > libnssutil3 \ > - libsmime3 \ > - libssl3 \ > - libfreebl3 \ > - libfreeblpriv3 \ > - libnssckbi \ > - libnssdbm3 \ > - libsoftokn3 > - > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBSMIME, libsmime3,) \ > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBSSL, libssl3,) \ > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBNSSCKBI, libnssckbi,) \ > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBSOFTOKN, libfreebl3,) \ > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBSOFTOKN, libfreeblpriv3,) \ > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBSOFTOKN, libnssdbm3,) \ > + $(call ptx/ifdef, PTXCONF_NSS_INSTALL_LIBSOFTOKN, libsoftokn3,) > > $(STATEDIR)/nss.install: > @$(call targetinfo) > diff --git a/rules/qt5.in b/rules/qt5.in > index 6c2de3cde04f..aa9b63f2fdf7 100644 > --- a/rules/qt5.in > +++ b/rules/qt5.in > @@ -57,6 +57,8 @@ menuconfig QT5 > select NSPR if QT5_MODULE_QTWEBENGINE > select HOST_NSPR if QT5_MODULE_QTWEBENGINE > select NSS if QT5_MODULE_QTWEBENGINE > + select NSS_INSTALL_LIBNSSCKBI if QT5_MODULE_QTWEBENGINE > + select NSS_INSTALL_LIBSMIME if QT5_MODULE_QTWEBENGINE > select HOST_NSS if QT5_MODULE_QTWEBENGINE > select HOST_NINJA if QT5_MODULE_QTWEBENGINE > select ALSA_LIB if QT5_MODULE_QTMULTIMEDIA || > QT5_MODULE_QTWEBENGINE_MEDIA > -- > 2.23.0 > > > _______________________________________________ > ptxdist mailing list > [email protected] > -- Roland Hieber | [email protected] | Pengutronix e.K. | https://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5086 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list [email protected]
