NSS Android build

Setting up the Cross build environment

Downloading the NDK

Download and extract the Android NDK. NDK rev 5 has been tested and are known to work. Builders currently use NDKr5c.

wget http://dl.google.com/android/ndk/android-ndk-r5c-linux-x86.tar.bz2
tar -xjf android-ndk-r5c-linux-x86.tar.bz2

Getting the Runtime

If you are on Linux 32 bit, you are done. If you are Linux 64 bit, you may need to get the following packages:

glibc.i686 zlib.i686 libstdc++.i686

On Fedora or RHEL you can get this with

yum install glibc.i686 zlib.i686 libstdc++.i686

Set up your environment

You must set the environment variable ANDROID_NDK to the path where you extracted the NDK. Also, to tell the build to build android rather than native linux, you need to set BUILD_ANDROID to 1.

  export BUILD_ANDROID=1
  export ANDROID_NDK={path to your ndk}

Setting up your Android device

Getting SSHDroid

The android test system uses sftp and ssh to talk to our android device In order to use these, you must first install SSHDroid. You can find SSHDroid in Google Play at https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en . You can install it with Google Play.

Once it's installed, lauch the app and note the filed marked 'Address'. It will look something like:

sftp://root@10.23.45.123:2222

The 2222 is the port, and root@10.23.45.123 is the address. You will want to set those environment as the environment variables ANDROID_PORT and ANDROID_ADDR on your Linux host:

export ANDROID_ADDR=root@10.23.45.123

Be sure to use the your actual values (not my examples).

Setting up certificates

First you need to follow the instructions [1] to set up a pair of SSH keys on your Linux host. If you already have SSH keys set up, then you can skip this step.

Now you need to install the ssh keys into your SSHDroid. Start your SSHDroid App, then run the following on your Linux host. (NOTE: you will be prompted for a password. The default is 'admin', which the server will tell you).

cd ~/.ssh
sftp -o PORT=$ANDROID_PORT $ANDROID_ADDR
put id_rsa.pub /sdcard
exit

Now in the SSHDroid App on your Android:

select the menu, 
select "Manage keys", 
select menu, 
select "Import key", 
select "Browse"
scroll down and select id_rsa.pub
select "OK"

Once you've installed your certificate, you should also change your password on your android device.

select the menu
select "Options"
either select "Password: to change your password 
 or unclick "Enable Password" to disable password login

Building

Get your nss tree as normal. You'll need to get nss, nspr, and dbm. These instructions are for NSS 3.14. The easiest way to get and NSS tree is with cvs:

cvs checkout -d pserver:anonymous@cvs.mozilla.org:/cvsroot mozilla/nsprpub
 mozilla/dbm mozilla/security/coreconf mozilla/security/nss mozilla/security/dbm

Apply the patch located here[2].

Use the NSS Makefile to build android as you would normally:

make nss_build_all

Running the tests

Once NSS for Android has built, you can run the tests on your android device as follows:

make android_install
make android_run_tests
make android_get_result

The android_install target copies the NSS built on the host and tests from the host to the android device. The android_run_tests target logins into the android device and runs the tests. The android_get_result target fetches the tests results directory from android to the host.

Once you've installed the NSS tests and binaries, you can run tests multiple times on those binaries. You only need to run make android_install again if you've made changes to the NSS tests or NSS itself.

You can control the NSS tests ran with the stand variables used by all.sh on the make command line (NSS_CYCLES, NSS_TESTS, NSS_SSL_TESTS, NSS_SSL_RUN).

NOTE: The tests fips tests do not run because PR_GetLibraryFilePathname() currently does not work on android. In android NDK versions before 8 dladdr wasn't support. In versions after 8, dladdr does not correctly return the full path to the library, which is what we are trying to get in PR_GetLibraryFilePathname(). For now these tests are disabled if you use the above instructions.

NOTE: Many tests will fail if the test suite is ran on a FAT filesystem (like /sdcard). This is because we can't set the permissions on the files there.

Customizations

Adjusting things to your environment

There are other environment variables you can set to change some of the defaults:

• ANDROID_PORT - By default this is 2222 in sshdroid. You can change it with the options menu. If you do you will need to set the ANDROID_PORT value.
• ANDROID_VERSION - By default this is 8. You can change the NDK version you build against by changing this value.

Controlling the tests you run

You can control the NSS tests ran with the stand variables used by all.sh on the make command line (NSS_CYCLES, NSS_TESTS, NSS_SSL_TESTS, NSS_SSL_RUN). For example to just run the blapi TESTS:

 make android_run_tests NSS_CYCLES=standard NSS_TESTS=cipher

Manual operations

You can run various tests and programs manually on your android. First you log in using SSH:

ssh -p 2222 $ANDROID_ADDR

This will give you a busybox shell. I found the android system shell to be better, so you can type 'exit' to drop into the real shell.

Manually running the tests

To run the tests manually, you need to add the following to your environment:

 export OBJDIR=Android_arm_DBG.OBJ 

or if you built with BUILD_OPT=1

 export OBJDIR=Android_arm_OPT.OBJ

There is no make on android, so it can't use the make system to find the value of OBJDIR. The make targets described above have access to these variables, and automatically sets them when they build android. Other variables which the build system gets from make are found in $HOME/nsstest/dist/$OBJDIR/platform.cfg.

You can now cd into nsstest, where you'll find a dist tree, and a security tree, which looks just like the /mozilla directory in a normal NSS build system. You and run any of the tests just like you would on the host system by changing to the appropriate directory and running the test shell script. It's best to use the system shell (/system/bin/sh) to start these shell scripts, for example:

  cd system/nss/tests/ciphers
  /system/bin/sh ./ciphers.sh

Will run the blapi tests.

Manually running NSS commands

To run NSS commands you would need to adjust the following environment variables:

1. Add $HOME/nsstest/dist/$OBJDIR/bin to your path (NOTE this assumes you have set OBJDIR already as described in "Manually running the tests" above). For example:

  export PATH=$PATH:$HOME/nsstest/dist/$OBJDIR/bin

2. Add $HOME/nsstest/dist/$OBJDIR/lib to your LD_LIBRARY_PATH. For example:

  export LD_LIBRARY_PATH=$HOME/nsstest/dist/$OBJDIR/lib

You can now execute any nss commands in your android shell.

Partial rebuilds

You can rebuild any part of the NSS tree just as you would normally, as long as you have the BUILD_ANROID and ANDROID_NDK environment variables set. You do, however, need to run make android_install to install the changes. make android_install will update all the binaries, not just the newly built one.