From f1758a6fa8621777cb9129443b6de193c885228f Mon Sep 17 00:00:00 2001 From: Ophestra Date: Tue, 27 Jan 2026 08:10:18 +0900 Subject: [PATCH] internal/rosa: nss artifacts Not used by anything for now, but will be part of Rosa OS. Signed-off-by: Ophestra --- cmd/mbf/main.go | 4 +++ internal/rosa/all.go | 4 +++ internal/rosa/ssl.go | 80 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 internal/rosa/ssl.go diff --git a/cmd/mbf/main.go b/cmd/mbf/main.go index fe4774b..fc61818 100644 --- a/cmd/mbf/main.go +++ b/cmd/mbf/main.go @@ -200,6 +200,10 @@ func main() { p = rosa.Make case "meson": p = rosa.Meson + case "nss": + p = rosa.NSS + case "nss-cacert": + p = rosa.NSSCACert case "ninja": p = rosa.Ninja case "packaging": diff --git a/internal/rosa/all.go b/internal/rosa/all.go index 95bf318..7d9fde5 100644 --- a/internal/rosa/all.go +++ b/internal/rosa/all.go @@ -36,6 +36,8 @@ const ( M4 Make Meson + NSS + NSSCACert Ninja Packaging Patch @@ -54,6 +56,8 @@ const ( Xproto Zlib + buildcatrust + // _presetEnd is the total number of presets and does not denote a preset. _presetEnd ) diff --git a/internal/rosa/ssl.go b/internal/rosa/ssl.go new file mode 100644 index 0000000..76d4f35 --- /dev/null +++ b/internal/rosa/ssl.go @@ -0,0 +1,80 @@ +package rosa + +import ( + "hakurei.app/internal/pkg" +) + +func (t Toolchain) newNSS() pkg.Artifact { + const ( + version = "3_120" + checksum = "9M0SNMrj9BJp6RH2rQnMm6bZWtP0Kgj64D5JNPHF7Cxr2_8kfy3msubIcvEPwC35" + + version0 = "4_38_2" + checksum0 = "25x2uJeQnOHIiq_zj17b4sYqKgeoU8-IsySUptoPcdHZ52PohFZfGuIisBreWzx0" + ) + return t.New("nss-"+version, false, []pkg.Artifact{ + t.Load(Make), + t.Load(Perl), + t.Load(Python), + + t.Load(Zlib), + t.Load(KernelHeaders), + }, nil, nil, ` +unzip /usr/src/nspr.zip -d /usr/src +mv '/usr/src/nspr-NSPR_`+version0+`_RTM' /usr/src/nspr + +chmod -R +w /usr/src/nss +cd /usr/src/nss + +make \ + "-j$(nproc)" \ + CCC="clang++" \ + NSDISTMODE=copy \ + BUILD_OPT=1 \ + USE_64=1 \ + nss_build_all +mkdir -p /work/system/nss +cp -r \ + /usr/src/dist/. \ + lib/ckfw/builtins/certdata.txt \ + /work/system/nss +`, pkg.Path(AbsUsrSrc.Append("nss"), true, pkg.NewHTTPGetTar( + nil, "https://github.com/nss-dev/nss/archive/refs/tags/"+ + "NSS_"+version+"_RTM.tar.gz", + mustDecode(checksum), + pkg.TarGzip, + )), pkg.Path(AbsUsrSrc.Append("nspr.zip"), false, pkg.NewHTTPGet( + nil, "https://hg-edge.mozilla.org/projects/nspr/archive/"+ + "NSPR_"+version0+"_RTM.zip", + mustDecode(checksum0), + ))) +} +func init() { artifactsF[NSS] = Toolchain.newNSS } + +func (t Toolchain) newBuildCATrust() pkg.Artifact { + const version = "0.4.0" + return t.newViaPip("buildcatrust", version, "none", "any", + "k_FGzkRCLjbTWBkuBLzQJ1S8FPAz19neJZlMHm0t10F2Y0hElmvVwdSBRc03Rjo1", + "https://github.com/nix-community/buildcatrust/"+ + "releases/download/v"+version+"/") +} +func init() { artifactsF[buildcatrust] = Toolchain.newBuildCATrust } + +func (t Toolchain) newNSSCACert() pkg.Artifact { + return t.New("nss-cacert", false, []pkg.Artifact{ + t.Load(Python), + + t.Load(NSS), + t.Load(buildcatrust), + }, nil, nil, ` +mkdir -p /work/etc/ssl/{certs/unbundled,certs/hashed,trust-source} +buildcatrust \ + --certdata_input /system/nss/certdata.txt \ + --ca_bundle_output /work/etc/ssl/certs/ca-bundle.crt \ + --ca_standard_bundle_output /work/etc/ssl/certs/ca-no-trust-rules-bundle.crt \ + --ca_unpacked_output /work/etc/ssl/certs/unbundled \ + --ca_hashed_unpacked_output /work/etc/ssl/certs/hashed \ + --p11kit_output /work/etc/ssl/trust-source/ca-bundle.trust.p11-kit +`) +} +func init() { artifactsF[NSSCACert] = Toolchain.newNSSCACert }