wbrawner/homebrew-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
homebrew-core/Formula/nss.rb
Michael Anselmi 95f698eb46 nss: support logging TLS secrets 
As described at
[NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format),
starting with NSS 3.24, optimized builds using the Makefile must set
the make variable `NSS_ALLOW_SSLKEYLOGFILE=1` to support logging TLS
secrets.

Please note that with this change, users must still set the
`SSLKEYLOGFILE` environment variable at runtime to enable logging of TLS
secrets.

## Example

### Before change

```
% env CURL_SSL_BACKEND=nss SSLKEYLOGFILE="${HOME}/tls-secrets.log" curl -s https://www.google.com > /dev/null

% cat "${HOME}/tls-secrets.log"
cat: /Users/manselmi/tls-secrets.log: No such file or directory
```

### After change

```
% env CURL_SSL_BACKEND=nss SSLKEYLOGFILE="${HOME}/tls-secrets.log" curl -s https://www.google.com > /dev/null

% cat "${HOME}/tls-secrets.log"
# SSL/TLS secrets log file, generated by NSS
CLIENT_RANDOM a0388fe83d79a1e70f18fc86398e5081e6dda7bc35f740244b5f62d150a7ec6f 4b53a5750c892d74ef16ced6e356abb8b9b1885763a38c65cddf169e395ab89a2ac1e2ab5c0c1f8af5217a4d90acb94e
```

Closes #40454.

Signed-off-by: FX Coudert <fxcoudert@gmail.com>
2019-05-30 12:50:41 +02:00

106 lines
3.1 KiB
Ruby
Raw Blame History

class Nss < Formula
desc "Libraries for security-enabled client and server applications"
homepage "https://developer.mozilla.org/docs/NSS"
url "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_44_RTM/src/nss-3.44.tar.gz"
sha256 "a5620e59b6eeedfd5a12c9298b50ad92e9898b223e214eb675e36f4ffb5b6aff"
bottle do
cellar :any
sha256 "dc1de35954b16b59b5f7839451b519e629877af6a10d1d0edeccc2fcbb8a07aa" => :mojave
sha256 "9db06579132e91d670c4128f583e69849427e8e7e02f74609dc2b9b8e4d0e560" => :high_sierra
sha256 "c6d4e00ad36d5cc0dd60d324ce2b9d497404fe5b1d07c639c5c32f7777229fe3" => :sierra
end
keg_only <<~EOS
Firefox can pick this up instead of the built-in library, resulting in
random crashes without meaningful explanation.
Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1142646 for details
EOS
depends_on "nspr"
def install
ENV.deparallelize
cd "nss"
args = %W[
BUILD_OPT=1
NSS_ALLOW_SSLKEYLOGFILE=1
NSS_USE_SYSTEM_SQLITE=1
NSPR_INCLUDE_DIR=#{Formula["nspr"].opt_include}/nspr
NSPR_LIB_DIR=#{Formula["nspr"].opt_lib}
USE_64=1
]
# Remove the broken (for anyone but Firefox) install_name
inreplace "coreconf/Darwin.mk", "-install_name @executable_path", "-install_name #{lib}"
inreplace "lib/freebl/config.mk", "@executable_path", lib
system "make", "all", *args
# We need to use cp here because all files get cross-linked into the dist
# hierarchy, and Homebrew's Pathname.install moves the symlink into the keg
# rather than copying the referenced file.
cd "../dist"
bin.mkpath
Dir.glob("Darwin*/bin/*") do |file|
cp file, bin unless file.include? ".dylib"
end
include_target = include + "nss"
include_target.mkpath
Dir.glob("public/{dbm,nss}/*") { |file| cp file, include_target }
lib.mkpath
libexec.mkpath
Dir.glob("Darwin*/lib/*") do |file|
if file.include? ".chk"
cp file, libexec
else
cp file, lib
end
end
# resolves conflict with openssl, see #28258
rm lib/"libssl.a"
(bin/"nss-config").write config_file
(lib/"pkgconfig/nss.pc").write pc_file
end
test do
# See: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil
(testpath/"passwd").write("It's a secret to everyone.")
system "#{bin}/certutil", "-N", "-d", pwd, "-f", "passwd"
system "#{bin}/certutil", "-L", "-d", pwd
end
# A very minimal nss-config for configuring firefox etc. with this nss,
# see https://bugzil.la/530672 for the progress of upstream inclusion.
def config_file; <<~EOS
#!/bin/sh
for opt; do :; done
case "$opt" in
--version) opt="--modversion";;
--cflags|--libs) ;;
*) exit 1;;
esac
pkg-config "$opt" nss
EOS
end
def pc_file; <<~EOS
prefix=#{prefix}
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include/nss
Name: NSS
Description: Mozilla Network Security Services
Version: #{version}
Requires: nspr >= 4.12
Libs: -L${libdir} -lnss3 -lnssutil3 -lsmime3 -lssl3
Cflags: -I${includedir}
EOS
end
end
Reference in a new issue View git blame Copy permalink