internal/rosa/nss: rename from ssl

The SSL name came from earlier on and is counterintuitive.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/rosa/nss.go

@@ -0,0 +1,121 @@
+package rosa
+
+import (
+	"strings"
+
+	"hakurei.app/internal/pkg"
+)
+
+func (t Toolchain) newNSS() (pkg.Artifact, string) {
+	const (
+		version  = "3.121"
+		checksum = "MTS4Eg-1vBN3T7gdUAdNO0y_e9x9BE3f_k_DHdM_BIovc7y57vhsZTfB5f6BeQfi"
+
+		version0  = "4_38_2"
+		checksum0 = "25x2uJeQnOHIiq_zj17b4sYqKgeoU8-IsySUptoPcdHZ52PohFZfGuIisBreWzx0"
+	)
+	return t.NewPackage("nss", version, pkg.NewHTTPGetTar(
+		nil, "https://github.com/nss-dev/nss/archive/refs/tags/"+
+			"NSS_"+strings.Join(strings.SplitN(version, ".", 2), "_")+"_RTM.tar.gz",
+		mustDecode(checksum),
+		pkg.TarGzip,
+	), &PackageAttr{
+		Paths: []pkg.ExecPath{
+			pkg.Path(AbsUsrSrc.Append("nspr.zip"), false, pkg.NewHTTPGet(
+				nil, "https://hg-edge.mozilla.org/projects/nspr/archive/"+
+					"NSPR_"+version0+"_RTM.zip",
+				mustDecode(checksum0),
+			)),
+		},
+
+		// uses source tree as scratch space
+		Writable: true,
+		Chmod:    true,
+
+		ScriptEarly: `
+unzip /usr/src/nspr.zip -d /usr/src
+mv '/usr/src/nspr-NSPR_` + version0 + `_RTM' /usr/src/nspr
+`,
+	}, &MakeHelper{
+		OmitDefaults:  true,
+		SkipConfigure: true,
+		InPlace:       true,
+
+		SkipCheck: true,
+		Make: []string{
+			"CCC=clang++",
+			"NSDISTMODE=copy",
+			"BUILD_OPT=1",
+			"USE_64=1",
+			"nss_build_all",
+		},
+		Install: `
+mkdir -p /work/system/nss
+cp -r \
+	/usr/src/dist/. \
+	lib/ckfw/builtins/certdata.txt \
+	/work/system/nss
+`,
+	},
+		Perl,
+		Python,
+		Unzip,
+		Gawk,
+		Coreutils,
+
+		Zlib,
+		KernelHeaders,
+	), version
+}
+func init() {
+	artifactsM[NSS] = Metadata{
+		f: Toolchain.newNSS,
+
+		Name:        "nss",
+		Description: "Network Security Services",
+		Website:     "https://firefox-source-docs.mozilla.org/security/nss/index.html",
+
+		ID: 2503,
+	}
+}
+
+func init() {
+	const version = "0.4.0"
+	artifactsM[buildcatrust] = newViaPip(
+		"buildcatrust",
+		"transform certificate stores between formats",
+		version, "py3", "none", "any",
+		"k_FGzkRCLjbTWBkuBLzQJ1S8FPAz19neJZlMHm0t10F2Y0hElmvVwdSBRc03Rjo1",
+		"https://github.com/nix-community/buildcatrust/"+
+			"releases/download/v"+version+"/",
+	)
+}
+
+func (t Toolchain) newNSSCACert() (pkg.Artifact, string) {
+	return t.New("nss-cacert", 0, []pkg.Artifact{
+		t.Load(Zlib),
+		t.Load(Bash),
+		t.Load(Python),
+
+		t.Load(NSS),
+		t.Load(buildcatrust),
+	}, nil, nil, `
+mkdir -p /work/system/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
+buildcatrust \
+	--certdata_input /system/nss/certdata.txt \
+	--ca_bundle_output /work/system/etc/ssl/certs/ca-bundle.crt \
+	--ca_standard_bundle_output /work/system/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
+	--ca_unpacked_output /work/system/etc/ssl/certs/unbundled \
+	--ca_hashed_unpacked_output /work/system/etc/ssl/certs/hashed \
+	--p11kit_output /work/system/etc/ssl/trust-source/ca-bundle.trust.p11-kit
+`), Unversioned
+}
+func init() {
+	artifactsM[NSSCACert] = Metadata{
+		f: Toolchain.newNSSCACert,
+
+		Name:        "nss-cacert",
+		Description: "bundle of X.509 certificates of public Certificate Authorities",
+		Website:     "https://curl.se/docs/caextract.html",
+	}
+}