Introduction to NSS

The Network Security Services (NSS) package is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This is useful for implementing SSL and S/MIME or other Internet security standards into an application.

The NSS package requires the Netscape Portable Runtime (NSPR) libraries as a prerequisite for building. The NSS package tarball contains the code necessary to build the NSPR libraries. These libraries are built and installed using the instructions below. Essentially, the NSS package is now a combined NSS/NSPR installation.

Package Information

Additional Downloads

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/nss

Installation of NSS

Install NSS by running the following commands:


export BUILD_OPT=1 &&

patch -Np1 -i ../nss-3.11.3-with-nspr-4.6.3-fedora_fixes-1.patch &&

cd mozilla/security/nss &&
make nss_build_all &&
cd ../.. &&

export NSS_LINUXDIR=$(basename `ls -d $WORKINGDIR/mozilla/dist/Linux*`)

To test the results, you'll need to set the domain name of your system in the DOMSUF environment variable. Most of the tests will fail if you don't provide the correct domain name. A self-generated log file will be parsed at the end of the test to display how many tests passed. It should return 800. To run the tests, ensure you change the export DOMSUF command below to an appropriate value, e.g., mydomain.com and issue the following commands:


export DOMSUF=<validdomain.name> &&
export PATH=$PATH:$WORKINGDIR/mozilla/dist/$NSS_LINUXDIR/bin &&
export TEST_RESULTSDIR=$WORKINGDIR/mozilla/tests_results/security &&

cd security/nss/tests &&
sed -i 's/gmake/make/' common/init.sh &&
./all.sh &&

grep Passed $TEST_RESULTSDIR/$(hostname).1/results.html | wc -l &&



If you switch to the root user using a method that does not inherit the environment from the unprivileged user, ensure that root's NSS_LINUXDIR environment variable is set correctly before proceeding with the installation commands.

Now, as the root user:

install -v -m755 nsprpub/$NSS_LINUXDIR/config/nspr-config \
                 security/nss/cmd/config/nss-config \
    /usr/bin &&
install -v -m755 -d /usr/lib/pkgconfig &&
install -v -m644 nsprpub/lib/pkgconfig/nspr.pc \
                 security/nss/lib/pkgconfig/nss.pc \
    /usr/lib/pkgconfig &&

cd dist &&

install -v -m755 $NSS_LINUXDIR/lib/*.so /usr/lib &&
install -v -m644 $NSS_LINUXDIR/lib/{*.chk,libcrmf.a} /usr/lib &&

install -v -m755 -d /usr/include/{nss,nspr} &&
install -v -m644 {public,private}/nss/* /usr/include/nss &&
cp -v -RL $NSS_LINUXDIR/include/* /usr/include/nspr &&
chmod -v 644 /usr/include/nspr/prvrsion.h

Now as the unprivileged user, exit the bash shell started at the beginning of the installation to restore the environment to the original state.


Command Explanations

bash: Shells are started as many environment variables are created during the installation process. Exiting the shells serves the purpose of restoring the environment and returning back to the original directory when the installation is complete.

export WORKINGDIR=$PWD: This variable is set because many of the commands are dependent on knowing the full path of certain directories. WORKINGDIR establishes a known path so that all others can be determined relative to this.

export BUILD_OPT=1: This variable is set so that the build is performed with no debugging symbols built into the binaries and that the default compiler optimizations are used.

export NSS_LINUXDIR=...: This variable is set so that the exact name of the architecture specific directories where the binaries are stored in the source tree can be determined.

make nss_build_all: This command builds the NSPR and NSS libraries and creates a dist directory which houses all the programs, libraries and interface headers. None of the programs created by this process are installed onto the system using the default instructions. If you need any of these programs installed, you can find them in the mozilla/dist/bin directory of the source tree.

export PATH=...: This command sets the PATH environment variable to include the executables in the source tree as some of them are required to run the test suite.

sed -i 's/gmake/make/' common/init.sh: This command changes the command used to compile some test programs.


Installed Programs: nspr-config and nss-config
Installed Libraries: libcrmf.a, libfreebl3.so, libnspr4.so, libnss3.so, libnssckbi.so, libplc4.so, libplds4.so, libsmime3.so, libsoftokn3.so and libssl3.so
Installed Directories: /usr/include/nspr and /usr/include/nss

Short Descriptions


is used to determine the NSPR installation settings of the installed NSPR libraries.


is used to determine the NSS library settings of the installed NSS libraries.

The libnspr4.so, libplc4.so and libplds4.so libraries make up the Netscape Portable Runtime (NSPR) libraries. These libraries provide a platform-neutral API for system level and libc like functions. The API is used in the Mozilla client, many of the Netscape/AOL/iPlanet offerings and other software applications.

The libcrmf.a, libfreebl.so, libnss3.so, libnssckbi.so, libsmime3.so, libsoftokn3.so and libnssl3.so libraries make up the NSS libraries.

Last updated on 2007-01-18 13:38:19 -0600