markus.lehr/yoctor-layers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added my Recipes

Browse Source
This commit is contained in:
Markus Lehr
2024-07-11 14:16:35 +02:00
parent 38bc4f53ac
commit 09b621d929
7118 changed files with 525762 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
meta-openembedded/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch Normal file
View File

@@ -0,0 +1,57 @@
From 9937e89c22eb2f2db9a936e7bc4442857b4192f5 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 18 Dec 2019 12:29:50 +0100
Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto
Not all current hardware supports it, particularly anything
prior to armv8 does not.
Upstream-Status: Pending
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
nss/lib/freebl/Makefile | 3 +++
nss/lib/freebl/gcm.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
index b38889f..4616aac 100644
--- a/nss/lib/freebl/Makefile
+++ b/nss/lib/freebl/Makefile
@@ -139,6 +139,8 @@ endif
endif
endif
endif
+ifdef NSS_USE_ARM_HW_CRYPTO
+ DEFINES += -DNSS_USE_ARM_HW_CRYPTO
ifeq ($(CPU_ARCH),aarch64)
ifdef CC_IS_CLANG
DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
@@ -180,6 +182,7 @@ endif
endif
endif
endif
+endif
ifeq ($(OS_TARGET),OSF1)
DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c
index ac461b4..04cb180 100644
--- a/nss/lib/freebl/gcm.c
+++ b/nss/lib/freebl/gcm.c
@@ -18,6 +18,7 @@
#include <limits.h>
+#ifdef NSS_USE_ARM_HW_CRYPTO
/* old gcc doesn't support some poly64x2_t intrinsic */
#if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \
(defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6)
@@ -27,6 +28,7 @@
/* We don't test on big endian platform, so disable this on big endian. */
#define USE_ARM_GCM
#endif
+#endif
/* Forward declarations */
SECStatus gcm_HashInit_hw(gcmHashContext *ghash);

51
meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch Normal file
View File

@@ -0,0 +1,51 @@
From 919fc5d674fae99fe21ba1351d98b75e466f425f Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 22 Feb 2017 11:36:11 +0200
Subject: [PATCH] nss: fix support cross compiling
Let some make variables be assigned from outside makefile.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
nss/coreconf/arch.mk | 2 +-
nss/lib/freebl/Makefile | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk
index 2012d18..78fca62 100644
--- a/nss/coreconf/arch.mk
+++ b/nss/coreconf/arch.mk
@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s)
# Attempt to differentiate between sparc and x86 Solaris
#
-OS_TEST := $(shell uname -m)
+OS_TEST ?= $(shell uname -m)
ifeq ($(OS_TEST),i86pc)
OS_RELEASE := $(shell uname -r)_$(OS_TEST)
else
- OS_RELEASE := $(shell uname -r)
+ OS_RELEASE ?= $(shell uname -r)
endif
#
diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
index 0b8c6f4..b38889f 100644
--- a/nss/lib/freebl/Makefile
+++ b/nss/lib/freebl/Makefile
@@ -36,6 +36,12 @@ ifdef USE_64
DEFINES += -DNSS_USE_64
endif
+ifeq ($(OS_TEST),mips)
+ifndef USE_64
+ DEFINES += -DNS_PTR_LE_32
+endif
+endif
+
ifdef USE_ABI32_FPU
DEFINES += -DNSS_USE_ABI32_FPU
endif

BIN
meta-openembedded/meta-oe/recipes-support/nss/nss/blank-cert9.db Normal file
View File

Binary file not shown.

BIN
meta-openembedded/meta-oe/recipes-support/nss/nss/blank-key4.db Normal file
View File

Binary file not shown.

42
meta-openembedded/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch Normal file
View File

@@ -0,0 +1,42 @@
From f613c9a9107435a40d91329f33f12cfb16927f07 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 7 Mar 2020 08:34:02 -0800
Subject: [PATCH] nss,nspr: Add recipes
clang 3.9 add this warning to rightly flag undefined
behavior, we relegate this to be just a warning instead
of error and keep the behavior as it was. Right fix would
be to not pass enum to the function with variadic arguments
as last named argument
Fixes errors like
ocsp.c:2220:22: error: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Werror,-Wvarargs]
va_start(ap, responseType0);
^
ocsp.c:2200:43: note: parameter of type 'SECOidTag' is declared here
SECOidTag responseType0, ...)
see
https://www.securecoding.cert.org/confluence/display/cplusplus/EXP58-CPP.+Pass+an+object+of+the+correct+type+to+va_start
for more details
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Pending
---
nss/coreconf/Werror.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nss/coreconf/Werror.mk b/nss/coreconf/Werror.mk
index a569a49..687fe58 100644
--- a/nss/coreconf/Werror.mk
+++ b/nss/coreconf/Werror.mk
@@ -56,7 +56,7 @@ ifndef WARNING_CFLAGS
ifdef CC_IS_CLANG
# -Qunused-arguments : clang objects to arguments that it doesn't understand
# and fixing this would require rearchitecture
- WARNING_CFLAGS += -Qunused-arguments
+ WARNING_CFLAGS += -Qunused-arguments -Wno-error=varargs
# -Wno-parentheses-equality : because clang warns about macro expansions
WARNING_CFLAGS += $(call disable_warning,parentheses-equality)
ifdef BUILD_OPT

91
meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch Normal file
View File

@@ -0,0 +1,91 @@
From 2ce67b1f4b1f582d556ae058da10698bbaa0edc1 Mon Sep 17 00:00:00 2001
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Date: Mon, 13 Jul 2020 12:12:31 +0300
Subject: [PATCH] nss: fix incorrect shebang of perl
Replace incorrect shebang of perl with `#!/usr/bin/env perl'.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Upstream-Status: Pending
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
nss/cmd/signver/examples/1/form.pl | 2 +-
nss/cmd/signver/examples/1/signedForm.pl | 2 +-
nss/cmd/smimetools/smime | 2 +-
nss/coreconf/version.pl | 2 +-
nss/tests/clean_tbx | 2 +-
nss/tests/iopr/server_scr/client.cgi | 2 +-
nss/tests/path_uniq | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/nss/cmd/signver/examples/1/form.pl b/nss/cmd/signver/examples/1/form.pl
index f2cfddc..af58d54 100755
--- a/nss/cmd/signver/examples/1/form.pl
+++ b/nss/cmd/signver/examples/1/form.pl
@@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#!/usr/bin/env perl
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/cmd/signver/examples/1/signedForm.pl b/nss/cmd/signver/examples/1/signedForm.pl
index 847814c..64a31ff 100755
--- a/nss/cmd/signver/examples/1/signedForm.pl
+++ b/nss/cmd/signver/examples/1/signedForm.pl
@@ -1,4 +1,4 @@
-#! /usr/bin/perl
+#!/usr/bin/env perl
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime
index e67f6be..6cd85e6 100755
--- a/nss/cmd/smimetools/smime
+++ b/nss/cmd/smimetools/smime
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl
index d2a4942..3ba7323 100644
--- a/nss/coreconf/version.pl
+++ b/nss/coreconf/version.pl
@@ -1,4 +1,4 @@
-#!/usr/sbin/perl
+#!/usr/bin/env perl
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx
index 4de9555..c15a069 100755
--- a/nss/tests/clean_tbx
+++ b/nss/tests/clean_tbx
@@ -1,4 +1,4 @@
-#! /bin/perl
+#!/usr/bin/env perl
#######################################################################
#
diff --git a/nss/tests/iopr/server_scr/client.cgi b/nss/tests/iopr/server_scr/client.cgi
index 581ad06..34ea170 100644
--- a/nss/tests/iopr/server_scr/client.cgi
+++ b/nss/tests/iopr/server_scr/client.cgi
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq
index f29f60a..850332a 100755
--- a/nss/tests/path_uniq
+++ b/nss/tests/path_uniq
@@ -1,4 +1,4 @@
-#! /bin/perl
+#!/usr/bin/env perl
########################################################################
#

44
meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch Normal file
View File

@@ -0,0 +1,44 @@
From f9b2b1c738576a17460aebd005f511f427aa1974 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Sat, 7 Mar 2020 08:34:02 -0800
Subject: [PATCH] Fix nss multilib build on openSUSE 11.x 32bit
While building lib64-nss on openSUSE 11.x 32bit, the nsinstall will
fail with error:
* nsinstall.c:1:0: sorry, unimplemented: 64-bit mode not compiled
It caused by the '-m64' option which passed to host gcc.
The nsinstall was built first while nss starting to build, it only runs
on host to install built files, it doesn't need any cross-compling or
multilib build options. Just clean the ARCHFLAG and LDFLAGS to fix this
error.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
===================================================
---
nss/coreconf/nsinstall/Makefile | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/nss/coreconf/nsinstall/Makefile b/nss/coreconf/nsinstall/Makefile
index 08dfbc2..e97fb5f 100644
--- a/nss/coreconf/nsinstall/Makefile
+++ b/nss/coreconf/nsinstall/Makefile
@@ -18,6 +18,13 @@ INTERNAL_TOOLS = 1
include $(DEPTH)/coreconf/config.mk
+# nsinstall is unfit for cross-compiling/multilib-build since it was
+# always run on local host to install built files. This change intends
+# to clean the '-m64' from ARCHFLAG and LDFLAGS.
+ARCHFLAG =
+LDFLAGS =
+# CFLAGS =
+
ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET)))
PROGRAM =
TARGETS =

28
meta-openembedded/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch Normal file
View File

@@ -0,0 +1,28 @@
From 73edfbdf33fe4e41724e7e947033d8caeec8f3d0 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Sat, 7 Mar 2020 08:34:02 -0800
Subject: [PATCH] nss:no rpath for cross compiling
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Upstream-Status: Inappropriate [configuration]
---
nss/cmd/platlibs.mk | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
index 6401778..e5c4e16 100644
--- a/nss/cmd/platlibs.mk
+++ b/nss/cmd/platlibs.mk
@@ -18,9 +18,9 @@ endif
ifeq ($(OS_ARCH), Linux)
ifeq ($(USE_64), 1)
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
else
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
endif
endif

11
meta-openembedded/meta-oe/recipes-support/nss/nss/nss.pc.in Normal file
View File

@@ -0,0 +1,11 @@
prefix=OEPREFIX
exec_prefix=OEEXECPREFIX
libdir=OELIBDIR
includedir=OEINCDIR
Name: NSS
Description: Network Security Services
Version: %NSS_VERSION%
Requires: nspr >= %NSPR_VERSION%
Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3
Cflags: -IOEINCDIR

32
meta-openembedded/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch Normal file
View File

@@ -0,0 +1,32 @@
From cbd367160338847b28fc801a12c74f1c8b5b03ee Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 7 Mar 2020 08:34:02 -0800
Subject: [PATCH] nss does not build on mips with clang because wrong types are
used?
pqg.c:339:16: error: comparison of constant 18446744073709551615 with expression of type 'unsigned long' is always true [-Werror,-Wtautological-constant-out-of-range-compare]
if (addend < MP_DIGIT_MAX) {
~~~~~~ ^ ~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Pending
---
nss/lib/freebl/pqg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/nss/lib/freebl/pqg.c b/nss/lib/freebl/pqg.c
index 1b03278..ad895b7 100644
--- a/nss/lib/freebl/pqg.c
+++ b/nss/lib/freebl/pqg.c
@@ -326,8 +326,8 @@ generate_h_candidate(SECItem *hit, mp_int *H)
static SECStatus
addToSeed(const SECItem *seed,
- unsigned long addend,
- int seedlen, /* g in 186-1 */
+ unsigned long long addend,
+ int seedlen, /* g in 186-1 */
SECItem *seedout)
{
mp_int s, sum, modulus, tmp;

5
meta-openembedded/meta-oe/recipes-support/nss/nss/system-pkcs11.txt Normal file
View File

@@ -0,0 +1,5 @@
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})

290
meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb Normal file
View File

@@ -0,0 +1,290 @@
SUMMARY = "Mozilla's SSL and TLS implementation"
DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
designed to support cross-platform development of \
security-enabled client and server applications. \
Applications built with NSS can support SSL v2 and v3, \
TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
v3 certificates, and other security standards."
HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
SECTION = "libs"
DEPENDS = "sqlite3 nspr zlib nss-native"
DEPENDS:class-native = "sqlite3-native nspr-native zlib-native"
LICENSE = "(MPL-2.0 & MIT) | (MPL-2.0 & GPL-2.0-or-later & MIT) | (MPL-2.0 & LGPL-2.1-or-later & MIT)"
LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132 \
file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=d4096c1e4421ee56e9e0f441a8161f78"
VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
file://nss.pc.in \
file://0001-nss-fix-support-cross-compiling.patch \
file://nss-no-rpath-for-cross-compiling.patch \
file://nss-fix-incorrect-shebang-of-perl.patch \
file://disable-Wvarargs-with-clang.patch \
file://pqg.c-ULL_addend.patch \
file://blank-cert9.db \
file://blank-key4.db \
file://system-pkcs11.txt \
file://nss-fix-nsinstall-build.patch \
file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
"
SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"
UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
inherit siteinfo
TD = "${S}/tentative-dist"
TDS = "${S}/tentative-dist-staging"
TARGET_CC_ARCH += "${LDFLAGS}"
CFLAGS:append:class-native = " -D_XOPEN_SOURCE "
do_configure:prepend:libc-musl () {
sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
}
do_configure:prepend:powerpc64le:toolchain-clang () {
sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
}
do_configure:prepend:powerpc64:toolchain-clang () {
sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
}
do_compile:prepend:class-native() {
export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr
export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
}
do_compile:prepend:class-nativesdk() {
export LDFLAGS=""
}
do_compile:prepend:class-native() {
# Need to set RPATH so that chrpath will do its job correctly
RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
}
do_compile() {
export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr
export CROSS_COMPILE=1
export NATIVE_CC="${BUILD_CC}"
# Additional defines needed on Centos 7
export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux"
export BUILD_OPT=1
# POSIX.1-2001 states that the behaviour of getcwd() when passing a null
# pointer as the buf argument, is unspecified.
export NATIVE_FLAGS="${NATIVE_FLAGS} -DGETCWD_CANT_MALLOC"
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export LIBDIR=${libdir}
export MOZILLA_CLIENT=1
export NS_USE_GCC=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
export NSS_ENABLE_WERROR=0
${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)}
export OS_RELEASE=3.4
export OS_TARGET=Linux
export OS_ARCH=Linux
if [ "${TARGET_ARCH}" = "powerpc" ]; then
OS_TEST=ppc
elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
OS_TEST=ppc64
elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
OS_TEST=mips
elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
OS_TEST="aarch64"
else
OS_TEST="${TARGET_ARCH}"
fi
if [ "${SITEINFO_BITS}" = "64" ]; then
export USE_64=1
elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
export USE_X32=1
fi
export NSS_DISABLE_GTESTS=1
# We can modify CC in the environment, but if we set it via an
# argument to make, nsinstall, a host program, will also build with it!
#
# nss pretty much does its own thing with CFLAGS, so we put them into CC.
# Optimization will get clobbered, but most of the stuff will survive.
# The motivation for this is to point to the correct place for debug
# source files and CFLAGS does that. Nothing uses CCC.
#
export CC="${CC} ${CFLAGS}"
make -C ./nss CCC="${CXX} -g" \
OS_TEST=${OS_TEST} \
RPATH="${RPATH}" \
autobuild
}
do_compile[vardepsexclude] += "SITEINFO_BITS"
do_install:prepend:class-nativesdk() {
export LDFLAGS=""
}
do_install() {
export CROSS_COMPILE=1
export NATIVE_CC="${BUILD_CC}"
export BUILD_OPT=1
export FREEBL_NO_DEPEND=1
export LIBDIR=${libdir}
export MOZILLA_CLIENT=1
export NS_USE_GCC=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
export OS_RELEASE=3.4
export OS_TARGET=Linux
export OS_ARCH=Linux
if [ "${TARGET_ARCH}" = "powerpc" ]; then
OS_TEST=ppc
elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
OS_TEST=ppc64
elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
OS_TEST=mips
elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
CPU_ARCH=aarch64
OS_TEST="aarch64"
else
OS_TEST="${TARGET_ARCH}"
fi
if [ "${SITEINFO_BITS}" = "64" ]; then
export USE_64=1
elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
export USE_X32=1
fi
export NSS_DISABLE_GTESTS=1
make -C ./nss \
CCC="${CXX}" \
OS_TEST=${OS_TEST} \
SOURCE_LIB_DIR="${TD}/${libdir}" \
SOURCE_BIN_DIR="${TD}/${bindir}" \
install
install -d ${D}/${libdir}/
for file in ${S}/dist/*.OBJ/lib/*.so; do
echo "Installing `basename $file`..."
cp $file ${D}/${libdir}/
done
for shared_lib in ${TD}/${libdir}/*.so.*; do
if [ -f $shared_lib ]; then
cp $shared_lib ${D}/${libdir}
ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
fi
done
for shared_lib in ${TD}/${libdir}/*.so; do
if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
cp $shared_lib ${D}/${libdir}
fi
done
install -d ${D}/${includedir}/nss3
install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
install -d ${D}/${bindir}
for binary in ${TD}/${bindir}/*; do
install -m 755 -t ${D}/${bindir} $binary
done
}
do_install[vardepsexclude] += "SITEINFO_BITS"
do_install:append() {
# Create empty .chk files for the NSS libraries at build time. They could
# be regenerated at target's boot time.
for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
touch ${D}/${libdir}/$file
chmod 755 ${D}/${libdir}/$file
done
install -d ${D}${libdir}/pkgconfig/
sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
}
do_install:append:class-target() {
# It used to call certutil to create a blank certificate with empty password at
# build time, but the checksum of key4.db changes every time when certutil is called.
# It causes non-determinism issue, so provide databases with a blank certificate
# which are originally from output of nss in qemux86-64 build. You can get these
# databases by:
# certutil -N -d sql:/database/path/ --empty-password
install -d ${D}${sysconfdir}/pki/nssdb/
install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
}
PACKAGE_WRITE_DEPS += "nss-native"
pkg_postinst:${PN} () {
for I in $D${libdir}/lib*.chk; do
DN=`dirname $I`
BN=`basename $I .chk`
FN=$DN/$BN.so
shlibsign -i $FN
if [ $? -ne 0 ]; then
echo "shlibsign -i $FN failed"
fi
done
}
PACKAGES =+ "${PN}-smime"
FILES:${PN}-smime = "\
${bindir}/smime \
"
FILES:${PN} = "\
${sysconfdir} \
${bindir} \
${libdir}/lib*.chk \
${libdir}/lib*.so \
"
FILES:${PN}-dev = "\
${libdir}/nss \
${libdir}/pkgconfig/* \
${includedir}/* \
"
RDEPENDS:${PN}-smime = "perl"
BBCLASSEXTEND = "native nativesdk"
CVE_PRODUCT += "network_security_services"
# CVE-2006-5201 affects only Sun Solaris
CVE_CHECK_IGNORE += "CVE-2006-5201"
# CVES CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698 only affect
# the legacy db (libnssdbm), only compiled with --enable-legacy-db.
CVE_CHECK_IGNORE += "CVE-2017-11695 CVE-2017-11696 CVE-2017-11697 CVE-2017-11698"