From 35364c0ce9f4fd353bfc59b11a167cf2521f8d85 Mon Sep 17 00:00:00 2001 From: Ovidiu Panait Date: Mon, 13 Jul 2020 17:28:00 +0300 Subject: nss: upgrade 3.51.1 -> 3.54 Upgrade nss 3.51.1 -> 3.54: * Refresh patches * Drop riscv.patch and 0001-Enable-uint128-on-mips64.patch patches as upstream commit [1] should implement that logic * Use "autobuild" as do_compile make target (Makefile logic has changed significantly, so the default target is no longer enough) [1] https://hg.mozilla.org/projects/nss/rev/60aa7df14f119d2a21750668c5ce36fa38ef2c6c Signed-off-by: Ovidiu Panait Signed-off-by: Khem Raj --- .../nss/nss/0001-Enable-uint128-on-mips64.patch | 48 ---- ...a-configure-option-to-disable-ARM-HW-cryp.patch | 22 +- .../nss/0001-nss-fix-support-cross-compiling.patch | 10 +- .../nss/nss/disable-Wvarargs-with-clang.patch | 17 +- .../nss/nss-fix-incorrect-shebang-of-perl.patch | 107 ++++---- .../nss/nss/nss-fix-nsinstall-build.patch | 20 +- .../nss/nss/nss-no-rpath-for-cross-compiling.patch | 10 +- .../recipes-support/nss/nss/pqg.c-ULL_addend.patch | 21 +- meta-oe/recipes-support/nss/nss/riscv.patch | 36 --- meta-oe/recipes-support/nss/nss_3.51.1.bb | 279 --------------------- meta-oe/recipes-support/nss/nss_3.54.bb | 277 ++++++++++++++++++++ 11 files changed, 387 insertions(+), 460 deletions(-) delete mode 100644 meta-oe/recipes-support/nss/nss/0001-Enable-uint128-on-mips64.patch delete mode 100644 meta-oe/recipes-support/nss/nss/riscv.patch delete mode 100644 meta-oe/recipes-support/nss/nss_3.51.1.bb create mode 100644 meta-oe/recipes-support/nss/nss_3.54.bb diff --git a/meta-oe/recipes-support/nss/nss/0001-Enable-uint128-on-mips64.patch b/meta-oe/recipes-support/nss/nss/0001-Enable-uint128-on-mips64.patch deleted file mode 100644 index 90ec379c67..0000000000 --- a/meta-oe/recipes-support/nss/nss/0001-Enable-uint128-on-mips64.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 8cf7afb5417e23cd3ebf8141239bf020f5dd2ac8 Mon Sep 17 00:00:00 2001 -From: Mingli Yu -Date: Thu, 30 Apr 2020 06:56:09 +0000 -Subject: [PATCH] Enable uint128 on mips64 - -Fix below error: -| verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h:22:1: error: 'FStar_UInt128___proj__Mkuint128__item__low' declared 'static' but never defined [-Werror=unused-function] -| 22 | FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee); - -Upstream-Status: Pending - -Signed-off-by: Mingli Yu ---- - .../freebl/verified/kremlin/include/kremlin/internal/types.h | 3 ++- - .../kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h b/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h -index 801e78f..cdac61e 100644 ---- a/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h -+++ b/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h -@@ -57,7 +57,8 @@ typedef const char *Prims_string; - typedef __m128i FStar_UInt128_uint128; - #elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \ - (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ -- (defined(__riscv) && __riscv_xlen == 64)) -+ (defined(__riscv) && __riscv_xlen == 64) || \ -+ defined(__mips64)) - typedef unsigned __int128 FStar_UInt128_uint128; - #else - typedef struct FStar_UInt128_uint128_s { -diff --git a/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h b/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h -index f38fda3..7ca67d2 100644 ---- a/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h -+++ b/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h -@@ -26,7 +26,8 @@ - #include - #if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \ - (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ -- (defined(__riscv) && __riscv_xlen == 64)) -+ (defined(__riscv) && __riscv_xlen == 64) || \ -+ defined(__mips64)) - - /* GCC + using native unsigned __int128 support */ - --- -2.24.1 - diff --git a/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch b/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch index c380c14491..1a87a0577f 100644 --- a/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch +++ b/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch @@ -1,4 +1,4 @@ -From 5595e9651aca39af945931c73eb524a0f8bd130d Mon Sep 17 00:00:00 2001 +From 8b67c22b057e158f61c9fdd5b01f37195c6f5ca4 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 18 Dec 2019 12:29:50 +0100 Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto @@ -8,10 +8,14 @@ prior to armv8 does not. Upstream-Status: Pending Signed-off-by: Alexander Kanavin + --- - nss/lib/freebl/Makefile | 3 +++ - 1 file changed, 3 insertions(+) + nss/lib/freebl/Makefile | 4 ++++ + nss/lib/freebl/gcm.c | 2 ++ + 2 files changed, 6 insertions(+) +diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile +index f99f769..b0ec81b 100644 --- a/nss/lib/freebl/Makefile +++ b/nss/lib/freebl/Makefile @@ -125,6 +125,9 @@ else @@ -22,9 +26,9 @@ Signed-off-by: Alexander Kanavin +ifdef NSS_USE_ARM_HW_CRYPTO + DEFINES += -DNSS_USE_ARM_HW_CRYPTO ifeq ($(CPU_ARCH),aarch64) - DEFINES += -DUSE_HW_AES - EXTRA_SRCS += aes-armv8.c gcm-aarch64.c -@@ -146,6 +149,7 @@ ifeq ($(CPU_ARCH),arm) + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha256-armv8.c +@@ -148,6 +151,7 @@ endif endif endif endif @@ -32,9 +36,11 @@ Signed-off-by: Alexander Kanavin ifeq ($(OS_TARGET),OSF1) DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD +diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c +index c2cc18d..b77f573 100644 --- a/nss/lib/freebl/gcm.c +++ b/nss/lib/freebl/gcm.c -@@ -17,6 +17,7 @@ +@@ -18,6 +18,7 @@ #include @@ -42,7 +48,7 @@ Signed-off-by: Alexander Kanavin /* old gcc doesn't support some poly64x2_t intrinsic */ #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \ (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6) -@@ -25,6 +26,7 @@ +@@ -27,6 +28,7 @@ /* We don't test on big endian platform, so disable this on big endian. */ #define USE_ARM_GCM #endif diff --git a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch index d5403397e7..3d90e2d951 100644 --- a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch +++ b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -1,4 +1,4 @@ -From 0cf47ee432cc26a706864fcc09b2c3adc342a679 Mon Sep 17 00:00:00 2001 +From 8cea16e7550ae14494fbb3a8fe9f5452e6bd1407 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 22 Feb 2017 11:36:11 +0200 Subject: [PATCH] nss: fix support cross compiling @@ -8,13 +8,14 @@ Let some make variables be assigned from outside makefile. Upstream-Status: Inappropriate [configuration] Signed-off-by: Hongxu Jia Signed-off-by: Alexander Kanavin + --- nss/coreconf/arch.mk | 2 +- nss/lib/freebl/Makefile | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk -index 06c276f..9c1eb51 100644 +index 790372d..2563134 100644 --- a/nss/coreconf/arch.mk +++ b/nss/coreconf/arch.mk @@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) @@ -27,7 +28,7 @@ index 06c276f..9c1eb51 100644 # diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile -index 0ce1425..ebeb411 100644 +index 52d827c..f99f769 100644 --- a/nss/lib/freebl/Makefile +++ b/nss/lib/freebl/Makefile @@ -36,6 +36,12 @@ ifdef USE_64 @@ -43,6 +44,3 @@ index 0ce1425..ebeb411 100644 ifdef USE_ABI32_FPU DEFINES += -DNSS_USE_ABI32_FPU endif --- -2.11.0 - diff --git a/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch b/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch index de812d27ba..e87dc9f76b 100644 --- a/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch +++ b/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch @@ -1,3 +1,8 @@ +From c5b2c6327f3692ed07bf8d212123e0bf08485722 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 7 Mar 2020 08:34:02 -0800 +Subject: [PATCH] nss,nspr: Add recipes + clang 3.9 add this warning to rightly flag undefined behavior, we relegate this to be just a warning instead of error and keep the behavior as it was. Right fix would @@ -18,10 +23,14 @@ for more details Signed-off-by: Khem Raj Upstream-Status: Pending -Index: nss-3.37.1/nss/coreconf/Werror.mk -=================================================================== ---- nss-3.37.1.orig/nss/coreconf/Werror.mk -+++ nss-3.37.1/nss/coreconf/Werror.mk +--- + nss/coreconf/Werror.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nss/coreconf/Werror.mk b/nss/coreconf/Werror.mk +index a569a49..687fe58 100644 +--- a/nss/coreconf/Werror.mk ++++ b/nss/coreconf/Werror.mk @@ -56,7 +56,7 @@ ifndef WARNING_CFLAGS ifdef CC_IS_CLANG # -Qunused-arguments : clang objects to arguments that it doesn't understand diff --git a/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch b/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch index 547594d5b6..6f02dbcb4b 100644 --- a/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch +++ b/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch @@ -1,82 +1,56 @@ -nss: fix incorrect shebang of perl +From 028ec9c7e9f7a6f083eec987f3ad7e7623398d9d Mon Sep 17 00:00:00 2001 +From: Ovidiu Panait +Date: Mon, 13 Jul 2020 12:12:31 +0300 +Subject: [PATCH] nss: fix incorrect shebang of perl Replace incorrect shebang of perl with `#!/usr/bin/env perl'. Signed-off-by: Hongxu Jia Upstream-Status: Pending +Signed-off-by: Ovidiu Panait + --- - nss/cmd/smimetools/smime | 2 +- - nss/coreconf/cpdist.pl | 2 +- - nss/coreconf/import.pl | 2 +- - nss/coreconf/jniregen.pl | 2 +- - nss/coreconf/outofdate.pl | 2 +- - nss/coreconf/release.pl | 2 +- - nss/coreconf/version.pl | 2 +- - nss/tests/clean_tbx | 2 +- - nss/tests/path_uniq | 2 +- - 9 files changed, 9 insertions(+), 9 deletions(-) + nss/cmd/signver/examples/1/form.pl | 2 +- + nss/cmd/signver/examples/1/signedForm.pl | 2 +- + nss/cmd/smimetools/smime | 2 +- + nss/coreconf/version.pl | 2 +- + nss/tests/clean_tbx | 2 +- + nss/tests/iopr/server_scr/client.cgi | 2 +- + nss/tests/path_uniq | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) -diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime ---- a/nss/cmd/smimetools/smime -+++ b/nss/cmd/smimetools/smime +diff --git a/nss/cmd/signver/examples/1/form.pl b/nss/cmd/signver/examples/1/form.pl +index f2cfddc..af58d54 100755 +--- a/nss/cmd/signver/examples/1/form.pl ++++ b/nss/cmd/signver/examples/1/form.pl @@ -1,4 +1,4 @@ --#!/usr/local/bin/perl +-#! /usr/bin/perl +#!/usr/bin/env perl - # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this -diff --git a/nss/coreconf/cpdist.pl b/nss/coreconf/cpdist.pl -index 800edfb..652187f 100755 ---- a/nss/coreconf/cpdist.pl -+++ b/nss/coreconf/cpdist.pl + # file, You can obtain one at http://mozilla.org/MPL/2.0/. +diff --git a/nss/cmd/signver/examples/1/signedForm.pl b/nss/cmd/signver/examples/1/signedForm.pl +index 847814c..64a31ff 100755 +--- a/nss/cmd/signver/examples/1/signedForm.pl ++++ b/nss/cmd/signver/examples/1/signedForm.pl @@ -1,4 +1,4 @@ --#! /usr/local/bin/perl -+#!/usr/bin/env perl - # - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this -diff --git a/nss/coreconf/import.pl b/nss/coreconf/import.pl -index dd2d177..428eaa5 100755 ---- a/nss/coreconf/import.pl -+++ b/nss/coreconf/import.pl -@@ -1,4 +1,4 @@ --#! /usr/local/bin/perl -+#!/usr/bin/env perl - # - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this -diff --git a/nss/coreconf/jniregen.pl b/nss/coreconf/jniregen.pl -index 2039180..5f4f69c 100755 ---- a/nss/coreconf/jniregen.pl -+++ b/nss/coreconf/jniregen.pl -@@ -1,4 +1,4 @@ --#!/usr/local/bin/perl +-#! /usr/bin/perl +#!/usr/bin/env perl - # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this -diff --git a/nss/coreconf/outofdate.pl b/nss/coreconf/outofdate.pl -index 33d80bb..01fc097 100755 ---- a/nss/coreconf/outofdate.pl -+++ b/nss/coreconf/outofdate.pl + # file, You can obtain one at http://mozilla.org/MPL/2.0/. +diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime +index e67f6be..6cd85e6 100755 +--- a/nss/cmd/smimetools/smime ++++ b/nss/cmd/smimetools/smime @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl - # - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this -diff --git a/nss/coreconf/release.pl b/nss/coreconf/release.pl -index 7cde19d..b5df2f6 100755 ---- a/nss/coreconf/release.pl -+++ b/nss/coreconf/release.pl -@@ -1,4 +1,4 @@ --#! /usr/local/bin/perl -+#!/usr/bin/env perl - # + # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl -index d2a4942..79359fe 100644 +index d2a4942..3ba7323 100644 --- a/nss/coreconf/version.pl +++ b/nss/coreconf/version.pl @@ -1,4 +1,4 @@ @@ -86,7 +60,7 @@ index d2a4942..79359fe 100644 # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx -index 4de9555..a7def9f 100755 +index 4de9555..c15a069 100755 --- a/nss/tests/clean_tbx +++ b/nss/tests/clean_tbx @@ -1,4 +1,4 @@ @@ -95,8 +69,18 @@ index 4de9555..a7def9f 100755 ####################################################################### # +diff --git a/nss/tests/iopr/server_scr/client.cgi b/nss/tests/iopr/server_scr/client.cgi +index 581ad06..34ea170 100644 +--- a/nss/tests/iopr/server_scr/client.cgi ++++ b/nss/tests/iopr/server_scr/client.cgi +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl ++#!/usr/bin/env perl + + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq -index f29f60a..08fbffa 100755 +index f29f60a..850332a 100755 --- a/nss/tests/path_uniq +++ b/nss/tests/path_uniq @@ -1,4 +1,4 @@ @@ -105,6 +89,3 @@ index f29f60a..08fbffa 100755 ######################################################################## # --- -1.8.1.2 - diff --git a/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch b/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch index 43c09d13ea..fbfa828b23 100644 --- a/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch +++ b/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch @@ -1,4 +1,7 @@ -Fix nss multilib build on openSUSE 11.x 32bit +From 2701905e689cf7c1ee7ca2d116f20b5bbc146431 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Sat, 7 Mar 2020 08:34:02 -0800 +Subject: [PATCH] Fix nss multilib build on openSUSE 11.x 32bit While building lib64-nss on openSUSE 11.x 32bit, the nsinstall will fail with error: @@ -16,10 +19,15 @@ Upstream-Status: Pending Signed-off-by: Wenzong Fan =================================================== -Index: nss-3.24/nss/coreconf/nsinstall/Makefile -=================================================================== ---- nss-3.24.orig/nss/coreconf/nsinstall/Makefile -+++ nss-3.24/nss/coreconf/nsinstall/Makefile + +--- + nss/coreconf/nsinstall/Makefile | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/nss/coreconf/nsinstall/Makefile b/nss/coreconf/nsinstall/Makefile +index 08dfbc2..e97fb5f 100644 +--- a/nss/coreconf/nsinstall/Makefile ++++ b/nss/coreconf/nsinstall/Makefile @@ -18,6 +18,13 @@ INTERNAL_TOOLS = 1 include $(DEPTH)/coreconf/config.mk @@ -33,4 +41,4 @@ Index: nss-3.24/nss/coreconf/nsinstall/Makefile + ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET))) PROGRAM = - else + TARGETS = diff --git a/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch b/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch index 7661dc93a0..7dbc1a3721 100644 --- a/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch +++ b/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch @@ -1,12 +1,17 @@ -nss:no rpath for cross compiling +From dc51214895bcd63fc8eb8d1fe7941cd3e5500620 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Sat, 7 Mar 2020 08:34:02 -0800 +Subject: [PATCH] nss:no rpath for cross compiling Signed-off-by: Hongxu Jia Upstream-Status: Inappropriate [configuration] + --- nss/cmd/platlibs.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk +index 6401778..e5c4e16 100644 --- a/nss/cmd/platlibs.mk +++ b/nss/cmd/platlibs.mk @@ -18,9 +18,9 @@ endif @@ -21,6 +26,3 @@ diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk endif endif --- -1.8.1.2 - diff --git a/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch b/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch index 3a817faaa6..5505ae36ac 100644 --- a/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch +++ b/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch @@ -1,4 +1,8 @@ -nss does not build on mips with clang because wrong types are used? +From a550bdf458f11dff46ebddbac94cf48c27d3471e Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 7 Mar 2020 08:34:02 -0800 +Subject: [PATCH] nss does not build on mips with clang because wrong types are + used? pqg.c:339:16: error: comparison of constant 18446744073709551615 with expression of type 'unsigned long' is always true [-Werror,-Wtautological-constant-out-of-range-compare] if (addend < MP_DIGIT_MAX) { @@ -6,11 +10,16 @@ pqg.c:339:16: error: comparison of constant 18446744073709551615 with expression Signed-off-by: Khem Raj Upstream-Status: Pending -Index: nss-3.37.1/nss/lib/freebl/pqg.c -=================================================================== ---- nss-3.37.1.orig/nss/lib/freebl/pqg.c -+++ nss-3.37.1/nss/lib/freebl/pqg.c -@@ -326,8 +326,8 @@ generate_h_candidate(SECItem *hit, mp_in + +--- + nss/lib/freebl/pqg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nss/lib/freebl/pqg.c b/nss/lib/freebl/pqg.c +index 626b2fb..052ad36 100644 +--- a/nss/lib/freebl/pqg.c ++++ b/nss/lib/freebl/pqg.c +@@ -326,8 +326,8 @@ generate_h_candidate(SECItem *hit, mp_int *H) static SECStatus addToSeed(const SECItem *seed, diff --git a/meta-oe/recipes-support/nss/nss/riscv.patch b/meta-oe/recipes-support/nss/nss/riscv.patch deleted file mode 100644 index aef91a7c37..0000000000 --- a/meta-oe/recipes-support/nss/nss/riscv.patch +++ /dev/null @@ -1,36 +0,0 @@ -Enable uint128 on riscv64 - -Fixes -| verified/kremlin/kremlib/dist/minimal/LowStar_Endianness.h:29:37: error: 'load128_be' declared 'static' but never defined [-Werror=unused-function] -| 29 | inline static FStar_UInt128_uint128 load128_be(uint8_t *x0); -| | ^~~~~~~~~~ - -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- a/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h -+++ b/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h -@@ -56,7 +56,8 @@ typedef const char *Prims_string; - #include - typedef __m128i FStar_UInt128_uint128; - #elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \ -- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__)) -+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ -+ (defined(__riscv) && __riscv_xlen == 64)) - typedef unsigned __int128 FStar_UInt128_uint128; - #else - typedef struct FStar_UInt128_uint128_s { ---- a/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h -+++ b/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h -@@ -23,9 +23,10 @@ - #include "FStar_UInt128.h" - #include "FStar_UInt_8_16_32_64.h" - #include "LowStar_Endianness.h" -- -+#include - #if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \ -- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__)) -+ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ -+ (defined(__riscv) && __riscv_xlen == 64)) - - /* GCC + using native unsigned __int128 support */ - diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb deleted file mode 100644 index 36e6cd8fc5..0000000000 --- a/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ /dev/null @@ -1,279 +0,0 @@ -SUMMARY = "Mozilla's SSL and TLS implementation" -DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ -designed to support cross-platform development of \ -security-enabled client and server applications. \ -Applications built with NSS can support SSL v2 and v3, \ -TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ -v3 certificates, and other security standards." -HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" -SECTION = "libs" - -DEPENDS = "sqlite3 nspr zlib nss-native" -DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" - -LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" - -LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ - file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ - file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" - -VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" - -SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ - file://nss.pc.in \ - file://signlibs.sh \ - file://0001-nss-fix-support-cross-compiling.patch \ - file://nss-no-rpath-for-cross-compiling.patch \ - file://nss-fix-incorrect-shebang-of-perl.patch \ - file://disable-Wvarargs-with-clang.patch \ - file://pqg.c-ULL_addend.patch \ - file://blank-cert9.db \ - file://blank-key4.db \ - file://system-pkcs11.txt \ - file://nss-fix-nsinstall-build.patch \ - file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ - file://riscv.patch \ - file://0001-Enable-uint128-on-mips64.patch \ - " - -SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233" -SRC_URI[sha256sum] = "085c5eaceef040eddea639e2e068e70f0e368f840327a678ef74ae3d6c15ca78" - -UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" -UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" - -inherit siteinfo - -TD = "${S}/tentative-dist" -TDS = "${S}/tentative-dist-staging" - -# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a -# which caused -march conflicts in gcc -TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto" - -TARGET_CC_ARCH += "${LDFLAGS}" - -do_configure_prepend_libc-musl () { - sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk -} - -do_compile_prepend_class-native() { - export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr - export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} - export NSS_ENABLE_WERROR=0 -} - -do_compile_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_compile_prepend_class-native() { - # Need to set RPATH so that chrpath will do its job correctly - RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" -} - -do_compile() { - export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr - - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - # Additional defines needed on Centos 7 - export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - export FREEBL_LOWHASH=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - # We can modify CC in the environment, but if we set it via an - # argument to make, nsinstall, a host program, will also build with it! - # - # nss pretty much does its own thing with CFLAGS, so we put them into CC. - # Optimization will get clobbered, but most of the stuff will survive. - # The motivation for this is to point to the correct place for debug - # source files and CFLAGS does that. Nothing uses CCC. - # - export CC="${CC} ${CFLAGS}" - make -C ./nss CCC="${CXX} -g" \ - OS_TEST=${OS_TEST} \ - RPATH="${RPATH}" -} - -do_compile[vardepsexclude] += "SITEINFO_BITS" - -do_install_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_install() { - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - CPU_ARCH=aarch64 - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - make -C ./nss \ - CCC="${CXX}" \ - OS_TEST=${OS_TEST} \ - SOURCE_LIB_DIR="${TD}/${libdir}" \ - SOURCE_BIN_DIR="${TD}/${bindir}" \ - install - - install -d ${D}/${libdir}/ - for file in ${S}/dist/*.OBJ/lib/*.so; do - echo "Installing `basename $file`..." - cp $file ${D}/${libdir}/ - done - - for shared_lib in ${TD}/${libdir}/*.so.*; do - if [ -f $shared_lib ]; then - cp $shared_lib ${D}/${libdir} - ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) - fi - done - for shared_lib in ${TD}/${libdir}/*.so; do - if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then - cp $shared_lib ${D}/${libdir} - fi - done - - install -d ${D}/${includedir}/nss3 - install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* - - install -d ${D}/${bindir} - for binary in ${TD}/${bindir}/*; do - install -m 755 -t ${D}/${bindir} $binary - done -} - -do_install[vardepsexclude] += "SITEINFO_BITS" - -do_install_append() { - # Create empty .chk files for the NSS libraries at build time. They could - # be regenerated at target's boot time. - for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do - touch ${D}/${libdir}/$file - chmod 755 ${D}/${libdir}/$file - done - install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh - - install -d ${D}${libdir}/pkgconfig/ - sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc -} - -do_install_append_class-target() { - # It used to call certutil to create a blank certificate with empty password at - # build time, but the checksum of key4.db changes every time when certutil is called. - # It causes non-determinism issue, so provide databases with a blank certificate - # which are originally from output of nss in qemux86-64 build. You can get these - # databases by: - # certutil -N -d sql:/database/path/ --empty-password - install -d ${D}${sysconfdir}/pki/nssdb/ - install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db - install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db - install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt -} - -PACKAGE_WRITE_DEPS += "nss-native" -pkg_postinst_${PN} () { - if [ -n "$D" ]; then - for I in $D${libdir}/lib*.chk; do - DN=`dirname $I` - BN=`basename $I .chk` - FN=$DN/$BN.so - shlibsign -i $FN - if [ $? -ne 0 ]; then - exit 1 - fi - done - else - signlibs.sh - fi -} - -PACKAGES =+ "${PN}-smime" -FILES_${PN}-smime = "\ - ${bindir}/smime \ -" - -FILES_${PN} = "\ - ${sysconfdir} \ - ${bindir} \ - ${libdir}/lib*.chk \ - ${libdir}/lib*.so \ - " - -FILES_${PN}-dev = "\ - ${libdir}/nss \ - ${libdir}/pkgconfig/* \ - ${includedir}/* \ - " - -RDEPENDS_${PN}-smime = "perl" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-support/nss/nss_3.54.bb b/meta-oe/recipes-support/nss/nss_3.54.bb new file mode 100644 index 0000000000..4923f68685 --- /dev/null +++ b/meta-oe/recipes-support/nss/nss_3.54.bb @@ -0,0 +1,277 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://signlibs.sh \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://blank-cert9.db \ + file://blank-key4.db \ + file://system-pkcs11.txt \ + file://nss-fix-nsinstall-build.patch \ + file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ + " + +SRC_URI[sha256sum] = "dab18bbfcf5e347934cda664df75ce9fd912a5772686c40d3c805e53c08d6e43" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" + +inherit siteinfo + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a +# which caused -march conflicts in gcc +TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} + export NSS_ENABLE_WERROR=0 +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr + + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + # Additional defines needed on Centos 7 + export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" \ + autobuild +} + +do_compile[vardepsexclude] += "SITEINFO_BITS" + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} + +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # It used to call certutil to create a blank certificate with empty password at + # build time, but the checksum of key4.db changes every time when certutil is called. + # It causes non-determinism issue, so provide databases with a blank certificate + # which are originally from output of nss in qemux86-64 build. You can get these + # databases by: + # certutil -N -d sql:/database/path/ --empty-password + install -d ${D}${sysconfdir}/pki/nssdb/ + install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt +} + +PACKAGE_WRITE_DEPS += "nss-native" +pkg_postinst_${PN} () { + if [ -n "$D" ]; then + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + exit 1 + fi + done + else + signlibs.sh + fi +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" + +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " + +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +RDEPENDS_${PN}-smime = "perl" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf