security/nss/help.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

Usage: build.sh [-hcv] [-cc] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
                [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
                [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
                [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
                [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
                [--enable-fips]

This script builds NSS with gyp and ninja.

This build system is still under development.  It does not yet support all
the features or platforms that NSS supports.

NSS build tool options:

    -h               display this help and exit
    -c               clean before build
    -cc              clean without building
    -v               verbose build
    -j <n>           run at most <n> concurrent jobs
    --nspr           force a rebuild of NSPR
    --gyp|-g         force a rerun of gyp
    --opt|-o         do an opt build
    -m32             do a 32-bit build on a 64-bit system
    --clang          build with clang and clang++
    --gcc            build with gcc and g++
    --test           ignore map files and export everything we have
    --fuzz           build fuzzing targets (this always enables test builds)
                     --fuzz=tls to enable TLS fuzzing mode
                     --fuzz=oss to build for OSS-Fuzz
    --pprof          build with gperftool support
    --ct-verif       build with valgrind for ct-verif
    --scan-build     run the build with scan-build (scan-build has to be in the path)
                     --scan-build=/out/path sets the output path for scan-build
    --asan           do an asan build
    --ubsan          do an ubsan build
                     --ubsan=bool,shift,... sets specific UB sanitizers
    --msan           do an msan build
    --sancov         do sanitize coverage builds
                     --sancov=func sets coverage to function level for example
    --disable-tests  don't build tests and corresponding cmdline utils
    --system-sqlite  use system sqlite
    --no-zdefs       don't set -Wl,-z,defs
    --with-nspr      don't build NSPR but use the one at the given location, e.g.
                     --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
    --system-nspr    use system nspr. This requires an installation of NSPR and
                     might not work on all systems.
    --enable-libpkix make libpkix part of the build.
    --enable-fips    don't disable FIPS checks.