nss: update to 3.33.0

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.33_release_notes * TLS compression is no longer supported. API calls that attempt to enable compression are accepted without failure. However, TLS compression will remain disabled. * This version of NSS uses a formally verified implementation of Curve25519 on 64-bit systems. * The compile time flag DISABLE_ECC has been removed. * When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not performed anymore. * Fixes CVE-2017-7805, a potential use-after-free in TLS 1.2 server when verifying client authentication https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes The Websites (TLS/SSL) trust bit was turned off for the following root certificates. * CN = AddTrust Class 1 CA Root SHA-256 Fingerprint: 8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7 * CN = Swisscom Root CA 2 SHA-256 Fingerprint: F0:9B:12:2C:71:14:F4:A0:9B:D4:EA:4F:4A:99:D5:58:B4:6E:4C:25:CD:81:14:0D:29:C0:56:13:91:4C:38:41 The following CA certificates were Removed: * CN = AddTrust Public CA Root SHA-256 Fingerprint: 07:91:CA:07:49:B2:07:82:AA:D3:C7:D7:BD:0C:DF:C9:48:58:35:84:3E:B2:D7:99:60:09:CE:43:AB:6C:69:27 * CN = AddTrust Qualified CA Root SHA-256 Fingerprint: 80:95:21:08:05:DB:4B:BC:35:5E:44:28:D8:FD:6E:C2:CD:E3:AB:5F:B9:7A:99:42:98:8E:B8:F4:DC:D0:60:16 * CN = China Internet Network Information Center EV Certificates Root SHA-256 Fingerprint: 1C:01:C6:F4:DB:B2:FE:FC:22:55:8B:2B:CA:32:56:3F:49:84:4A:CF:C3:2B:7B:E4:B0:FF:59:9F:9E:8C:7A:F7 * CN = CNNIC ROOT SHA-256 Fingerprint: E2:83:93:77:3D:A8:45:A6:79:F2:08:0C:C7:FB:44:A3:B7:A1:C3:79:2C:B7:EB:77:29:FD:CB:6A:8D:99:AE:A7 * CN = ComSign Secured CA SHA-256 Fingerprint: 50:79:41:C7:44:60:A0:B4:70:86:22:0D:4E:99:32:57:2A:B5:D1:B5:BB:CB:89:80:AB:1C:B1:76:51:A8:44:D2 * CN = GeoTrust Global CA 2 SHA-256 Fingerprint: CA:2D:82:A0:86:77:07:2F:8A:B6:76:4F:F0:35:67:6C:FE:3E:5E:32:5E:01:21:72:DF:3F:92:09:6D:B7:9B:85 * CN = Secure Certificate Services SHA-256 Fingerprint: BD:81:CE:3B:4F:65:91:D1:1A:67:B5:FC:7A:47:FD:EF:25:52:1B:F9:AA:4E:18:B9:E3:DF:2E:34:A7:80:3B:E8 * CN = Swisscom Root CA 1 SHA-256 Fingerprint: 21:DB:20:12:36:60:BB:2E:D4:18:20:5D:A1:1E:E7:A8:5A:65:E2:BC:6E:55:B5:AF:7E:78:99:C8:A2:66:D9:2E * CN = Swisscom Root EV CA 2 SHA-256 Fingerprint: D9:5F:EA:3C:A4:EE:DC:E7:4C:D7:6E:75:FC:6D:1F:F6:2C:44:1F:0F:A8:BC:77:F0:34:B1:9E:5D:B2:58:01:5D * CN = Trusted Certificate Services SHA-256 Fingerprint: 3F:06:E5:56:81:D4:96:F5:BE:16:9E:B5:38:9F:9F:2B:8F:F6:1E:17:08:DF:68:81:72:48:49:CD:5D:27:CB:69 * CN = UTN-USERFirst-Hardware SHA-256 Fingerprint: 6E:A5:47:41:D0:04:66:7E:ED:1B:48:16:63:4A:A3:A7:9E:6E:4B:96:95:0F:82:79:DA:FC:8D:9B:D8:81:21:37 * CN = UTN-USERFirst-Object SHA-256 Fingerprint: 6F:FF:78:E4:00:A7:0C:11:01:1C:D8:59:77:C4:59:FB:5A:F9:6A:3D:F0:54:08:20:D0:F4:B8:60:78:75:E5:8F (From OE-Core rev: 83d79f449c33eff7bba92dfda8ffd4b699fb6462) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-11-03 12:54:45 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-11-07 13:25:31 +0000
commit: 2e2ba4597e80b451e98d8197a66ef9011a4701c1 (patch)
tree: 18ab9612b3bd0781007cf7388b7f1f40bd79b8e5 /meta/recipes-support/nss/nss_3.31.1.bb
parent: 4e6d285e091ed6508a751b20d4b3cecc99a53eae (diff)
download: poky-2e2ba4597e80b451e98d8197a66ef9011a4701c1.tar.gz
1 files changed, 0 insertions, 248 deletions
diff --git a/meta/recipes-support/nss/nss_3.31.1.bb b/meta/recipes-support/nss/nss_3.31.1.bb
deleted file mode 100644
index 588708fc31..0000000000
--- a/meta/recipes-support/nss/nss_3.31.1.bb
+++ /dev/null
@@ -1,248 +0,0 @@
-SUMMARY = "Mozilla's SSL and TLS implementation"
-DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
-designed to support cross-platform development of \
-security-enabled client and server applications. \
-Applications built with NSS can support SSL v2 and v3, \
-TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
-v3 certificates, and other security standards."
-HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
-SECTION = "libs"
-LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)"
-LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
-                    file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
-                    file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
-VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
-SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
-           file://nss.pc.in \
-           file://signlibs.sh \
-           file://0001-nss-fix-support-cross-compiling.patch \
-           file://nss-no-rpath-for-cross-compiling.patch \
-           file://nss-fix-incorrect-shebang-of-perl.patch \
-           file://nss-fix-nsinstall-build.patch \
-           file://disable-Wvarargs-with-clang.patch \
-           file://pqg.c-ULL_addend.patch \
-           file://Fix-compilation-for-X32.patch \
-           "
-SRC_URI[md5sum] = "ebb44f1394250d2cf6ec3c2e3d71fa20"
-SRC_URI[sha256sum] = "933439214dc03ee60e86d1419c19e1568998b0776dde987f41fa70ced6cd08dc"
-UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
-UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
-inherit siteinfo
-DEPENDS = "sqlite3 nspr zlib nss-native"
-DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
-RDEPENDS_${PN}-smime = "perl"
-TD = "${S}/tentative-dist"
-TDS = "${S}/tentative-dist-staging"
-TARGET_CC_ARCH += "${LDFLAGS}"
-do_configure_prepend_libc-musl () {
-    sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
-}
-do_compile_prepend_class-native() {
-    export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}
-    export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
-    export NSS_ENABLE_WERROR=0
-}
-do_compile_prepend_class-nativesdk() {
-    export LDFLAGS=""
-}
-do_compile_prepend_class-native() {
-    # Need to set RPATH so that chrpath will do its job correctly
-    RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
-}
-do_compile() {
-    export CROSS_COMPILE=1
-    export NATIVE_CC="${BUILD_CC}"
-    export NATIVE_FLAGS="${BUILD_CFLAGS}"
-    export BUILD_OPT=1
-    export FREEBL_NO_DEPEND=1
-    export FREEBL_LOWHASH=1
-    export LIBDIR=${libdir}
-    export MOZILLA_CLIENT=1
-    export NS_USE_GCC=1
-    export NSS_USE_SYSTEM_SQLITE=1
-    export NSS_ENABLE_ECC=1
-    export OS_RELEASE=3.4
-    export OS_TARGET=Linux
-    export OS_ARCH=Linux
-    if [ "${TARGET_ARCH}" = "powerpc" ]; then
-        OS_TEST=ppc
-    elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
-        OS_TEST=ppc64
-    elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
-        OS_TEST=mips
-    else
-        OS_TEST="${TARGET_ARCH}"
-    fi
-    if [ "${SITEINFO_BITS}" = "64" ]; then
-        export USE_64=1
-    elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
-        export USE_X32=1
-    fi
-    export NSS_DISABLE_GTESTS=1
-    # We can modify CC in the environment, but if we set it via an
-    # argument to make, nsinstall, a host program, will also build with it!
-    #
-    export CC="${CC} -g"
-    make -C ./nss CCC="${CXX} -g" \
-        OS_TEST=${OS_TEST} \
-        RPATH="${RPATH}"
-}
-do_compile[vardepsexclude] += "SITEINFO_BITS"
-do_install_prepend_class-nativesdk() {
-    export LDFLAGS=""
-}
-do_install() {
-    export CROSS_COMPILE=1
-    export NATIVE_CC="${BUILD_CC}"
-    export BUILD_OPT=1
-    export FREEBL_NO_DEPEND=1
-    export LIBDIR=${libdir}
-    export MOZILLA_CLIENT=1
-    export NS_USE_GCC=1
-    export NSS_USE_SYSTEM_SQLITE=1
-    export NSS_ENABLE_ECC=1
-    export OS_RELEASE=3.4
-    export OS_TARGET=Linux
-    export OS_ARCH=Linux
-    if [ "${TARGET_ARCH}" = "powerpc" ]; then
-        OS_TEST=ppc
-    elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
-        OS_TEST=ppc64
-    elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
-        OS_TEST=mips
-    else
-        OS_TEST="${TARGET_ARCH}"
-    fi
-    if [ "${SITEINFO_BITS}" = "64" ]; then
-        export USE_64=1
-    elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
-        export USE_X32=1
-    fi
-    export NSS_DISABLE_GTESTS=1
-    make -C ./nss \
-        CCC="${CXX}" \
-        OS_TEST=${OS_TEST} \
-        SOURCE_LIB_DIR="${TD}/${libdir}" \
-        SOURCE_BIN_DIR="${TD}/${bindir}" \
-        install
-    install -d ${D}/${libdir}/
-    for file in ${S}/dist/*.OBJ/lib/*.so; do
-        echo "Installing `basename $file`..."
-        cp $file  ${D}/${libdir}/
-    done
-    for shared_lib in ${TD}/${libdir}/*.so.*; do
-        if [ -f $shared_lib ]; then
-            cp $shared_lib ${D}/${libdir}
-            ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
-        fi
-    done
-    for shared_lib in ${TD}/${libdir}/*.so; do
-        if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
-            cp $shared_lib ${D}/${libdir}
-        fi
-    done
-    install -d ${D}/${includedir}/nss3
-    install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
-    install -d ${D}/${bindir}
-    for binary in ${TD}/${bindir}/*; do
-        install -m 755 -t ${D}/${bindir} $binary
-    done
-}
-do_install[vardepsexclude] += "SITEINFO_BITS"
-do_install_append() {
-    # Create empty .chk files for the NSS libraries at build time. They could
-    # be regenerated at target's boot time.
-    for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
-        touch ${D}/${libdir}/$file
-        chmod 755 ${D}/${libdir}/$file
-    done
-    install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
-    install -d ${D}${libdir}/pkgconfig/
-    sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
-    sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
-    sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
-    sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
-    sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
-}
-do_install_append_class-target() {
-    # Create a blank certificate
-    mkdir -p ${D}${sysconfdir}/pki/nssdb/
-    touch ./empty_password
-    certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
-    chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
-    rm ./empty_password
-}
-PACKAGE_WRITE_DEPS += "nss-native"
-pkg_postinst_${PN} () {
-    if [ -n "$D" ]; then
-        for I in $D${libdir}/lib*.chk; do
-            DN=`dirname $I`
-            BN=`basename $I .chk`
-            FN=$DN/$BN.so
-            shlibsign -i $FN
-            if [ $? -ne 0 ]; then
-                exit 1
-            fi
-        done
-    else
-        signlibs.sh
-    fi
-}
-PACKAGES =+ "${PN}-smime"
-FILES_${PN}-smime = "\
-    ${bindir}/smime \
-"
-FILES_${PN} = "\
-    ${sysconfdir} \
-    ${bindir} \
-    ${libdir}/lib*.chk \
-    ${libdir}/lib*.so \
-    "
-FILES_${PN}-dev = "\
-    ${libdir}/nss \
-    ${libdir}/pkgconfig/* \
-    ${includedir}/* \
-    "
-BBCLASSEXTEND = "native nativesdk"
author	Armin Kuster <akuster808@gmail.com>	2017-11-03 12:54:45 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-11-07 13:25:31 +0000
commit	2e2ba4597e80b451e98d8197a66ef9011a4701c1 (patch)
tree	18ab9612b3bd0781007cf7388b7f1f40bd79b8e5 /meta/recipes-support/nss/nss_3.31.1.bb
parent	4e6d285e091ed6508a751b20d4b3cecc99a53eae (diff)
download	poky-2e2ba4597e80b451e98d8197a66ef9011a4701c1.tar.gz

diff --git a/meta/recipes-support/nss/nss_3.31.1.bb b/meta/recipes-support/nss/nss_3.31.1.bb deleted file mode 100644 index 588708fc31..0000000000 --- a/meta/recipes-support/nss/nss_3.31.1.bb +++ /dev/null
@@ -1,248 +0,0 @@
1	SUMMARY = "Mozilla's SSL and TLS implementation"
2	DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
3	designed to support cross-platform development of \
4	security-enabled client and server applications. \
5	Applications built with NSS can support SSL v2 and v3, \
6	TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
7	v3 certificates, and other security standards."
8	HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
9	SECTION = "libs"
10
11	LICENSE = "MPL-2.0 \| (MPL-2.0 & GPL-2.0+) \| (MPL-2.0 & LGPL-2.1+)"
12
13	LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
14	file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
15	file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
16
17	VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
18
19	SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
20	file://nss.pc.in \
21	file://signlibs.sh \
22	file://0001-nss-fix-support-cross-compiling.patch \
23	file://nss-no-rpath-for-cross-compiling.patch \
24	file://nss-fix-incorrect-shebang-of-perl.patch \
25	file://nss-fix-nsinstall-build.patch \
26	file://disable-Wvarargs-with-clang.patch \
27	file://pqg.c-ULL_addend.patch \
28	file://Fix-compilation-for-X32.patch \
29	"
30
31	SRC_URI[md5sum] = "ebb44f1394250d2cf6ec3c2e3d71fa20"
32	SRC_URI[sha256sum] = "933439214dc03ee60e86d1419c19e1568998b0776dde987f41fa70ced6cd08dc"
33
34	UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
35	UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
36
37	inherit siteinfo
38
39	DEPENDS = "sqlite3 nspr zlib nss-native"
40	DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
41	RDEPENDS_${PN}-smime = "perl"
42
43	TD = "${S}/tentative-dist"
44	TDS = "${S}/tentative-dist-staging"
45
46	TARGET_CC_ARCH += "${LDFLAGS}"
47
48	do_configure_prepend_libc-musl () {
49	sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
50	}
51
52	do_compile_prepend_class-native() {
53	export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}
54	export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
55	export NSS_ENABLE_WERROR=0
56	}
57
58	do_compile_prepend_class-nativesdk() {
59	export LDFLAGS=""
60	}
61
62	do_compile_prepend_class-native() {
63	# Need to set RPATH so that chrpath will do its job correctly
64	RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
65	}
66
67	do_compile() {
68	export CROSS_COMPILE=1
69	export NATIVE_CC="${BUILD_CC}"
70	export NATIVE_FLAGS="${BUILD_CFLAGS}"
71	export BUILD_OPT=1
72
73	export FREEBL_NO_DEPEND=1
74	export FREEBL_LOWHASH=1
75
76	export LIBDIR=${libdir}
77	export MOZILLA_CLIENT=1
78	export NS_USE_GCC=1
79	export NSS_USE_SYSTEM_SQLITE=1
80	export NSS_ENABLE_ECC=1
81
82	export OS_RELEASE=3.4
83	export OS_TARGET=Linux
84	export OS_ARCH=Linux
85
86	if [ "${TARGET_ARCH}" = "powerpc" ]; then
87	OS_TEST=ppc
88	elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
89	OS_TEST=ppc64
90	elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
91	OS_TEST=mips
92	else
93	OS_TEST="${TARGET_ARCH}"
94	fi
95
96	if [ "${SITEINFO_BITS}" = "64" ]; then
97	export USE_64=1
98	elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
99	export USE_X32=1
100	fi
101
102	export NSS_DISABLE_GTESTS=1
103
104	# We can modify CC in the environment, but if we set it via an
105	# argument to make, nsinstall, a host program, will also build with it!
106	#
107	export CC="${CC} -g"
108	make -C ./nss CCC="${CXX} -g" \
109	OS_TEST=${OS_TEST} \
110	RPATH="${RPATH}"
111	}
112	do_compile[vardepsexclude] += "SITEINFO_BITS"
113
114
115	do_install_prepend_class-nativesdk() {
116	export LDFLAGS=""
117	}
118
119	do_install() {
120	export CROSS_COMPILE=1
121	export NATIVE_CC="${BUILD_CC}"
122	export BUILD_OPT=1
123
124	export FREEBL_NO_DEPEND=1
125
126	export LIBDIR=${libdir}
127	export MOZILLA_CLIENT=1
128	export NS_USE_GCC=1
129	export NSS_USE_SYSTEM_SQLITE=1
130	export NSS_ENABLE_ECC=1
131
132	export OS_RELEASE=3.4
133	export OS_TARGET=Linux
134	export OS_ARCH=Linux
135
136	if [ "${TARGET_ARCH}" = "powerpc" ]; then
137	OS_TEST=ppc
138	elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
139	OS_TEST=ppc64
140	elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
141	OS_TEST=mips
142	else
143	OS_TEST="${TARGET_ARCH}"
144	fi
145	if [ "${SITEINFO_BITS}" = "64" ]; then
146	export USE_64=1
147	elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
148	export USE_X32=1
149	fi
150
151	export NSS_DISABLE_GTESTS=1
152
153	make -C ./nss \
154	CCC="${CXX}" \
155	OS_TEST=${OS_TEST} \
156	SOURCE_LIB_DIR="${TD}/${libdir}" \
157	SOURCE_BIN_DIR="${TD}/${bindir}" \
158	install
159
160	install -d ${D}/${libdir}/
161	for file in ${S}/dist/.OBJ/lib/.so; do
162	echo "Installing `basename $file`..."
163	cp $file ${D}/${libdir}/
164	done
165
166	for shared_lib in ${TD}/${libdir}/.so.; do
167	if [ -f $shared_lib ]; then
168	cp $shared_lib ${D}/${libdir}
169	ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
170	fi
171	done
172	for shared_lib in ${TD}/${libdir}/*.so; do
173	if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
174	cp $shared_lib ${D}/${libdir}
175	fi
176	done
177
178	install -d ${D}/${includedir}/nss3
179	install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
180
181	install -d ${D}/${bindir}
182	for binary in ${TD}/${bindir}/*; do
183	install -m 755 -t ${D}/${bindir} $binary
184	done
185	}
186	do_install[vardepsexclude] += "SITEINFO_BITS"
187
188	do_install_append() {
189	# Create empty .chk files for the NSS libraries at build time. They could
190	# be regenerated at target's boot time.
191	for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
192	touch ${D}/${libdir}/$file
193	chmod 755 ${D}/${libdir}/$file
194	done
195	install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
196
197	install -d ${D}${libdir}/pkgconfig/
198	sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in \| sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
199	sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
200	sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
201	sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
202	sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
203	}
204
205	do_install_append_class-target() {
206	# Create a blank certificate
207	mkdir -p ${D}${sysconfdir}/pki/nssdb/
208	touch ./empty_password
209	certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
210	chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
211	rm ./empty_password
212	}
213
214	PACKAGE_WRITE_DEPS += "nss-native"
215	pkg_postinst_${PN} () {
216	if [ -n "$D" ]; then
217	for I in $D${libdir}/lib*.chk; do
218	DN=`dirname $I`
219	BN=`basename $I .chk`
220	FN=$DN/$BN.so
221	shlibsign -i $FN
222	if [ $? -ne 0 ]; then
223	exit 1
224	fi
225	done
226	else
227	signlibs.sh
228	fi
229	}
230
231	PACKAGES =+ "${PN}-smime"
232	FILES_${PN}-smime = "\
233	${bindir}/smime \
234	"
235	FILES_${PN} = "\
236	${sysconfdir} \
237	${bindir} \
238	${libdir}/lib*.chk \
239	${libdir}/lib*.so \
240	"
241	FILES_${PN}-dev = "\
242	${libdir}/nss \
243	${libdir}/pkgconfig/* \
244	${includedir}/* \
245	"
246
247	BBCLASSEXTEND = "native nativesdk"
248