NSS:Android
NSS Android build
Setting up the Cross build environment
Downloading the NDK
Download and extract the Android NDK. NDK rev 5 has been tested and are known to work. Builders currently use NDKr5c.
wget http://dl.google.com/android/ndk/android-ndk-r5c-linux-x86.tar.bz2 tar -xjf android-ndk-r5c-linux-x86.tar.bz2
Getting the Runtime
If you are on Linux 32 bit, you are done. If you are Linux 64 bit, you may need to get the following packages:
glibc.i686 zlib.i686 libstdc++.i686
On Fedora or RHEL you can get this with
yum install glibc.i686 zlib.i686 libstdc++.i686
Set up your environment
You must set the environment variable ANDROID_NDK to the path where you extracted the NDK. Also, to tell the build to build android rather than native linux, you need to set BUILD_ANDROID to 1.
export BUILD_ANDROID=1
export ANDROID_NDK={path to your ndk}
Setting up your Android device
Getting SSHDroid
The android test system uses sftp and ssh to talk to our android device In order to use these, you must first install SSHDroid. You can find SSHDroid in Google Play at https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en . You can install it with Google Play.
Once it's installed, lauch the app and note the filed marked 'Address'. It will look something like:
sftp://root@10.23.45.123:2222
The 2222 is the port, and root@10.23.45.123 is the address. You will want to set those environment as the environment variables ANDROID_PORT and ANDROID_ADDR on your Linux host:
export ANDROID_ADDR=root@10.23.45.123
Be sure to use the your actual values (not my examples).
Setting up certificates
First you need to follow the instructions [1] to set up a pair of SSH keys on your Linux host. If you already have SSH keys set up, then you can skip this step.
Now you need to install the ssh keys into your SSHDroid. Start your SSHDroid App, then run the following on your Linux host. (NOTE: you will be prompted for a password. The default is 'admin', which the server will tell you).
cd ~/.ssh sftp -o PORT=$ANDROID_PORT $ANDROID_ADDR put id_rsa.pub /sdcard exit
Now in the SSHDroid App on your Android:
select the menu, select "Manage keys", select menu, select "Import key", select "Browse" scroll down and select id_rsa.pub select "OK"
Once you've installed your certificate, you should also change your password on your android device.
select the menu select "Options" either select "Password: to change your password or unclick "Enable Password" to disable password login
Building
Get your nss tree as normal. You'll need to get nss, nspr, and dbm. These instructions are for NSS 3.14. The easiest way to get and NSS tree is with cvs:
cvs checkout -d pserver:anonymous@cvs.mozilla.org:/cvsroot mozilla/nsprpub mozilla/dbm mozilla/security/coreconf mozilla/security/nss mozilla/security/dbm
Apply the patch located here[2].
Use the NSS Makefile to build android as you would normally:
make nss_build_all
Running the tests
Once NSS for Android has built, you can run the tests on your android device as follows:
make android_install make android_run_tests
NOTE: The tests fips tests do not run because PR_GetLibraryFilePathname() currently does not work on android. In android NDK versions before 8 dladdr wasn't support. In versions after 8, dladdr does not correctly return the full path to the library, which is what we are trying to get in PR_GetLibraryFilePathname(). For now these tests are disabled if you use the above instructions.
NOTE: Many tests will fail if the test suite is ran on a FAT filesystem (like /sdcard). This is because we can't set the permissions on the files there.
Adjusting things to your environment
There are other environment variables you can set to change some of the defaults:
- ANDROID_PORT - By default this is 2222 in sshdroid. You can change it with the options menu. If you do you will need to set the ANDROID_PORT value.
- ANDROID_VERSION - By default this is 8. You can change the NDK version you build against by changing this value.