internal/rosa: nss artifacts

Not used by anything for now, but will be part of Rosa OS.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/mbf/main.go

@@ -200,6 +200,10 @@ func main() {
 				p = rosa.Make
 			case "meson":
 				p = rosa.Meson
+			case "nss":
+				p = rosa.NSS
+			case "nss-cacert":
+				p = rosa.NSSCACert
 			case "ninja":
 				p = rosa.Ninja
 			case "packaging":

internal/rosa/all.go

@@ -36,6 +36,8 @@ const (
 	M4
 	Make
 	Meson
+	NSS
+	NSSCACert
 	Ninja
 	Packaging
 	Patch
@@ -54,6 +56,8 @@ const (
 	Xproto
 	Zlib
 
+	buildcatrust
+
 	// _presetEnd is the total number of presets and does not denote a preset.
 	_presetEnd
 )

internal/rosa/ssl.go

@@ -0,0 +1,80 @@
+package rosa
+
+import (
+	"hakurei.app/internal/pkg"
+)
+
+func (t Toolchain) newNSS() pkg.Artifact {
+	const (
+		version  = "3_120"
+		checksum = "9M0SNMrj9BJp6RH2rQnMm6bZWtP0Kgj64D5JNPHF7Cxr2_8kfy3msubIcvEPwC35"
+
+		version0  = "4_38_2"
+		checksum0 = "25x2uJeQnOHIiq_zj17b4sYqKgeoU8-IsySUptoPcdHZ52PohFZfGuIisBreWzx0"
+	)
+	return t.New("nss-"+version, false, []pkg.Artifact{
+		t.Load(Make),
+		t.Load(Perl),
+		t.Load(Python),
+
+		t.Load(Zlib),
+		t.Load(KernelHeaders),
+	}, nil, nil, `
+unzip /usr/src/nspr.zip -d /usr/src
+mv '/usr/src/nspr-NSPR_`+version0+`_RTM' /usr/src/nspr
+
+chmod -R +w /usr/src/nss
+cd /usr/src/nss
+
+make \
+	"-j$(nproc)" \
+	CCC="clang++" \
+	NSDISTMODE=copy \
+	BUILD_OPT=1 \
+	USE_64=1 \
+	nss_build_all
+mkdir -p /work/system/nss
+cp -r \
+	/usr/src/dist/. \
+	lib/ckfw/builtins/certdata.txt \
+	/work/system/nss
+`, pkg.Path(AbsUsrSrc.Append("nss"), true, pkg.NewHTTPGetTar(
+		nil, "https://github.com/nss-dev/nss/archive/refs/tags/"+
+			"NSS_"+version+"_RTM.tar.gz",
+		mustDecode(checksum),
+		pkg.TarGzip,
+	)), pkg.Path(AbsUsrSrc.Append("nspr.zip"), false, pkg.NewHTTPGet(
+		nil, "https://hg-edge.mozilla.org/projects/nspr/archive/"+
+			"NSPR_"+version0+"_RTM.zip",
+		mustDecode(checksum0),
+	)))
+}
+func init() { artifactsF[NSS] = Toolchain.newNSS }
+
+func (t Toolchain) newBuildCATrust() pkg.Artifact {
+	const version = "0.4.0"
+	return t.newViaPip("buildcatrust", version, "none", "any",
+		"k_FGzkRCLjbTWBkuBLzQJ1S8FPAz19neJZlMHm0t10F2Y0hElmvVwdSBRc03Rjo1",
+		"https://github.com/nix-community/buildcatrust/"+
+			"releases/download/v"+version+"/")
+}
+func init() { artifactsF[buildcatrust] = Toolchain.newBuildCATrust }
+
+func (t Toolchain) newNSSCACert() pkg.Artifact {
+	return t.New("nss-cacert", false, []pkg.Artifact{
+		t.Load(Python),
+
+		t.Load(NSS),
+		t.Load(buildcatrust),
+	}, nil, nil, `
+mkdir -p /work/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
+buildcatrust \
+	--certdata_input /system/nss/certdata.txt \
+	--ca_bundle_output /work/etc/ssl/certs/ca-bundle.crt \
+	--ca_standard_bundle_output /work/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
+	--ca_unpacked_output /work/etc/ssl/certs/unbundled \
+	--ca_hashed_unpacked_output /work/etc/ssl/certs/hashed \
+	--p11kit_output /work/etc/ssl/trust-source/ca-bundle.trust.p11-kit
+`)
+}
+func init() { artifactsF[NSSCACert] = Toolchain.newNSSCACert }