...so that the libnss.so that we ship doesn't contain a bunch of command-only stuff. I can get certutil to link for Android with this semi-awful patch: diff --git a/security/build/Makefile.in b/security/build/Makefile.in index 4fce331..6f5ae01 100644 --- a/security/build/Makefile.in +++ b/security/build/Makefile.in @@ -479,6 +479,7 @@ ifeq (WINNT,$(OS_TARGET)) libs-nss/cmd/modutil: libs-nss/lib/zlib endif $(NSS_CMD_TARGETS): libs-nss/cmd/lib +$(NSS_CMD_TARGETS): EXTRA_GMAKE_FLAGS = USE_STATIC_LIBS=1 NSSUTIL_LIB_DIR="$(CURDIR)/../nss/lib/util/ -lnssutil" else $(NSS_CMD_TARGETS): libs-nss/lib libs-nss/cmd/lib endif # MOZ_FOLD_LIBS diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index a87b4b1..29d54bc 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -461,7 +461,7 @@ AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) -const SEC_ASN1Template CERT_OidSeqTemplate[] = { +static const SEC_ASN1Template CERT_OidSeqTemplate[] = { { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids), SEC_ASN1_SUB(SEC_ObjectIDTemplate) } }; diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 2665dd4..891faad 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -37,7 +37,7 @@ extern char *sys_errlist[]; #define ERROR_BREAK rv = SECFailure;break; -const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = { +const SEC_ASN1Template SECKEY_PQGParamsTemplate_local[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, @@ -222,7 +222,7 @@ decode_pqg_params(const char *str) if ((buf == NULL) || (len == 0)) goto loser; - status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len); + status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate_local, buf, len); if (status != SECSuccess) goto loser; The NSS modifications are because, well, I guess nobody compiles this thing with USE_STATIC_LIBS anymore (the manifest.mn has the USE_STATIC_LIBS setting commented out!). So there's some strange multiple-symbol definitions that static-izing things and/or renaming them work around. The Gecko modifications are to hack around the NSS build system thinking that we have libnssutil3.${FOO} available, whereas the nss/lib/util/ directory is creating libnssutil.a (whyyyyyyy). I think this is not awful as solutions go; I'm interested to hear second opinions. We could try and see if we could get the NSS changes folded back upstream, but there's still the libnssutil/libnssutil3 mismatch to work around. Perhaps NSS would consent to linking libnssutil statically if USE_STATIC_LIBS?