Solved

building NSS for tools like certutil and pk12util

Posted on 2014-01-20
16
885 Views
Last Modified: 2014-01-21
Hi Experts,
I want to build Mozilla NSS with its dependencies statically linked so that I don't need to install the VC runtime in order to use the NSS tools (on client computers).  Can someone help me to get this done on Windows 7 using VS2008?

Thank you!
Mike
0
Comment
Question by:thready
  • 9
  • 7
16 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 39795182
You'd basically have to change the 'Code Generation' settings for each .vcproj. Open the solution, right click on every project, choose "Properties|Configuration Properties|C/C++|Code Generation" and change "Multi-threaded DLL" to "Multi-threaded" and rebuild.
0
 
LVL 1

Author Comment

by:thready
ID: 39795227
There are no vcproj files for this - the project uses makefiles...  So I've got 2 challenges here...

1-  Figure out how to build on windows with make....  (do I use minGW for this)?
2-  Patch the source so that I don't get build errors when building statically:
        (https://bugzilla.mozilla.org/show_bug.cgi?id=534471)

Thanks,
Mike
0
 
LVL 86

Expert Comment

by:jkr
ID: 39795238
Ah, OK. In that case, open the Makefile and replace all '/MD' options with '/MT' .
And yes, you could use MinGW, but then the VC runtime does not matter anyway...
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:thready
ID: 39795389
I looked for /MD somewhere in the source tree for NSS - not a single one of them unfortunately.  The first makefile includes other makefiles and you soon realize you're going much deeper down the rabbit hole than you'd ever care to know.  And then you forget what you were looking for in the first place.

I'm wondering if there's not a better way to do this.. I've got all this .c code... Would it be easier to create my own vcproj?  I'm doubting that too.  But Chrome supposedly builds this stuff in its build (statically).  Maybe that's my best bet....

Maybe build Chrome and grab the output of the statically linked NSS outputted files and use them in a new Visual Studio project of my own...  What do you think?
0
 
LVL 86

Expert Comment

by:jkr
ID: 39795404
I'd check the 'configure' script that creates the makefiles. But anyway, after reading over the Bugzilla entry again, I'd rather not do that - seriously, what is that patch/build orgy worth compared to installing a runtime on the client computers? Especially the paragraph

WARNING: NSS uses shared libraries heavily.  The NSS team
only supports NSS in shared library form.  I'm providing
these patches without support.  The patches in this bug
could be hard to maintain as NSS evolves.

would make me refrain from that...
0
 
LVL 1

Author Comment

by:thready
ID: 39795997
Yeah. I know.  Read that too.  But I figured you were jkr and you'd have a magic button that takes care of things like this.  But I guess not even you can create a rock you can't lift...  ;-)
0
 
LVL 1

Author Comment

by:thready
ID: 39796001
I wonder if there would be a way to create a sort of general purpose wrapper around an exe that would static-librify it by placing all its dependencies in the same folder where they'd all be redistributable...

The problem is, we can't elevate to admin on standard users machines...
0
 
LVL 86

Expert Comment

by:jkr
ID: 39796002
Oh, we could do that, yet I am just not sure that it's worth the efford - by far. And, sorry, as an engineer, that is against my most basic principles ;o)

Err, well, on the other hand... *duck*
0
 
LVL 1

Author Comment

by:thready
ID: 39796003
Just copying the dlls required is a big no no right?   Just brainstorming here...
0
 
LVL 86

Expert Comment

by:jkr
ID: 39796007
Err, it is actually a big YES. Adding some DLLs to your installer will cost you a couple of minutes. Patching and maintaing that code will cost you quite a couple of hours, not taking into account what the future might bring. Talk efficiency ;o)
0
 
LVL 1

Author Comment

by:thready
ID: 39796010
Hang on, I'm talking about dlls from VS2010 runtime....  it's that allowed?  Would that even work?
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 39796018
It is allowed and MS even offers downloads for all runtimes to be redistributed: http://www.microsoft.com/en-us/download/details.aspx?id=26999 -

Just 'run' that package during the setup in 'silent' mode.
0
 
LVL 1

Author Comment

by:thready
ID: 39796047
Are you saying that's supposed to work even for non admin users? I did try to run the vs2010 runtime on a standard user machine and it wouldn't let me do the install.... I had to login as admin for it to work.  although I didn't try it in silent mode...
0
 
LVL 1

Author Closing Comment

by:thready
ID: 39796078
Haven't tried it yet, but even if I can't run the full silent mode install, I am allowed to copy individual dlls needed in my application folder.  Sweet.  Thanks again jkr.  http://msdn.microsoft.com/en-us/library/dd293565.aspx
0
 
LVL 1

Author Comment

by:thready
ID: 39797125
Confirmed - one cannot run the VC++2010 redist as standard user.  Now I'm trying to find the DLLs needed and placing them directly in the same folder as the exe.  I'm posting another question shortly about dependency walker soon...  (I've copied mfc100.dll, mfc100u.dll, msvcr100.dll, msvcp100.dll and msvcr100_clr0400.dll to the same folder and getting Exception 0xc000007b when starting...)
0
 
LVL 86

Expert Comment

by:jkr
ID: 39797256
What installer are you using? (Sorry, that was a bit late yesterday) Most of them allow to specify 'Admin' as the required privilege, which is definitely necessary for the runtime as you noticed...
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question