From 93e9729569963355e2cb5526f9613f117205d1d3 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Thu, 5 Jul 2018 07:13:02 -0700 Subject: nss: update to 3.38 remove patch now included in release. includes: CVE-2018-0495 (From OE-Core rev: f0ad38d02da0bbcc1534dcc99d10436675932ed9) Signed-off-by: Armin Kuster Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- ...-Build-FStar.c-when-not-building-with-int.patch | 112 --------- meta/recipes-support/nss/nss_3.37.1.bb | 258 --------------------- meta/recipes-support/nss/nss_3.38.bb | 257 ++++++++++++++++++++ 3 files changed, 257 insertions(+), 370 deletions(-) delete mode 100644 meta/recipes-support/nss/nss/0001-Bug-1432455-Build-FStar.c-when-not-building-with-int.patch delete mode 100644 meta/recipes-support/nss/nss_3.37.1.bb create mode 100644 meta/recipes-support/nss/nss_3.38.bb (limited to 'meta/recipes-support') diff --git a/meta/recipes-support/nss/nss/0001-Bug-1432455-Build-FStar.c-when-not-building-with-int.patch b/meta/recipes-support/nss/nss/0001-Bug-1432455-Build-FStar.c-when-not-building-with-int.patch deleted file mode 100644 index f14792306c..0000000000 --- a/meta/recipes-support/nss/nss/0001-Bug-1432455-Build-FStar.c-when-not-building-with-int.patch +++ /dev/null @@ -1,112 +0,0 @@ -From fe5fd11f3f02d3625b37f8e3c592e5c3e84c1798 Mon Sep 17 00:00:00 2001 -From: Mike Hommey -Date: Sun, 27 May 2018 16:20:00 +0200 -Subject: [PATCH] Bug 1432455 - Build FStar.c when not building with int128 - support. r=fkiefer - ---HG-- -extra : amend_source : b3f739de2f592ecb9ae1f1ce5ee4fb0e04df22cb - -Upstream-Status: Backport -https://hg.mozilla.org/projects/nss/rev/2209bddb98b8d105159998b9be91a155aa6bd283 - -NSS bug https://bugzilla.mozilla.org/show_bug.cgi?format=default&id=1459739 - -Signed-off-by: Armin Kuster - ---- - lib/freebl/Makefile | 6 +++++- - lib/freebl/freebl.gyp | 29 +++++++++++++++++------------ - lib/freebl/freebl_base.gypi | 4 +++- - 3 files changed, 25 insertions(+), 14 deletions(-) - -Index: nss-3.37.1/nss/lib/freebl/Makefile -=================================================================== ---- nss-3.37.1.orig/nss/lib/freebl/Makefile -+++ nss-3.37.1/nss/lib/freebl/Makefile -@@ -541,12 +541,16 @@ ifeq (,$(filter-out i386 x386 x86 x86_64 - # All intel architectures get the 64 bit version - # With custom uint128 if necessary (faster than generic 32 bit version). - ECL_SRCS += curve25519_64.c -- VERIFIED_SRCS += Hacl_Curve25519.c FStar.c -+ VERIFIED_SRCS += Hacl_Curve25519.c - else - # All non intel architectures get the generic 32 bit implementation (slow!) - ECL_SRCS += curve25519_32.c - endif - -+ifndef HAVE_INT128_SUPPORT -+ VERIFIED_SRCS += FStar.c -+endif -+ - ####################################################################### - # (5) Execute "global" rules. (OPTIONAL) # - ####################################################################### -Index: nss-3.37.1/nss/lib/freebl/freebl.gyp -=================================================================== ---- nss-3.37.1.orig/nss/lib/freebl/freebl.gyp -+++ nss-3.37.1/nss/lib/freebl/freebl.gyp -@@ -277,18 +277,10 @@ - 'MP_IS_LITTLE_ENDIAN', - ], - }], -- [ 'OS!="win"', { -- 'conditions': [ -- [ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', { -- 'defines': [ -- # The Makefile does version-tests on GCC, but we're not doing that here. -- 'HAVE_INT128_SUPPORT', -- ], -- }, { -- 'defines': [ -- 'KRML_NOUINT128', -- ], -- }], -+ [ 'have_int128_support==1', { -+ 'defines': [ -+ # The Makefile does version-tests on GCC, but we're not doing that here. -+ 'HAVE_INT128_SUPPORT', - ], - }, { - 'defines': [ -@@ -350,5 +342,18 @@ - }, - 'variables': { - 'module': 'nss', -+ 'conditions': [ -+ [ 'OS!="win"', { -+ 'conditions': [ -+ [ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', { -+ 'have_int128_support%': 1, -+ }, { -+ 'have_int128_support%': 0, -+ }], -+ ], -+ }, { -+ 'have_int128_support%': 0, -+ }], -+ ], - } - } -Index: nss-3.37.1/nss/lib/freebl/freebl_base.gypi -=================================================================== ---- nss-3.37.1.orig/nss/lib/freebl/freebl_base.gypi -+++ nss-3.37.1/nss/lib/freebl/freebl_base.gypi -@@ -60,7 +60,6 @@ - 'shvfy.c', - 'sysrand.c', - 'tlsprfalg.c', -- 'verified/FStar.c', - ], - 'conditions': [ - [ 'OS=="linux" or OS=="android"', { -@@ -220,6 +219,9 @@ - }], - ], - }], -+ [ 'have_int128_support==0', { -+ 'sources': [ 'verified/FStar.c' ], -+ }], - ], - 'ldflags': [ - '-Wl,-Bsymbolic' diff --git a/meta/recipes-support/nss/nss_3.37.1.bb b/meta/recipes-support/nss/nss_3.37.1.bb deleted file mode 100644 index 0e8b5be365..0000000000 --- a/meta/recipes-support/nss/nss_3.37.1.bb +++ /dev/null @@ -1,258 +0,0 @@ -SUMMARY = "Mozilla's SSL and TLS implementation" -DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ -designed to support cross-platform development of \ -security-enabled client and server applications. \ -Applications built with NSS can support SSL v2 and v3, \ -TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ -v3 certificates, and other security standards." -HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" -SECTION = "libs" - -LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" - -LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ - file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ - file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" - -VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" - -SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ - file://nss.pc.in \ - file://signlibs.sh \ - file://0001-nss-fix-support-cross-compiling.patch \ - file://nss-no-rpath-for-cross-compiling.patch \ - file://nss-fix-incorrect-shebang-of-perl.patch \ - file://nss-fix-nsinstall-build.patch \ - file://disable-Wvarargs-with-clang.patch \ - file://pqg.c-ULL_addend.patch \ - file://0001-Bug-1432455-Build-FStar.c-when-not-building-with-int.patch \ - " - -SRC_URI[md5sum] = "e9526d7217d02afa96b90b89924c38df" -SRC_URI[sha256sum] = "097b30e436479ad737b3703b25b6198b6513e202731085c6f097d8853dd20405" - -UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" -UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" - -inherit siteinfo - -DEPENDS = "sqlite3 nspr zlib nss-native" -DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" -RDEPENDS_${PN}-smime = "perl" - -TD = "${S}/tentative-dist" -TDS = "${S}/tentative-dist-staging" - -TARGET_CC_ARCH += "${LDFLAGS}" - -do_configure_prepend_libc-musl () { - sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk -} - -do_compile_prepend_class-native() { - export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE} - export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} - export NSS_ENABLE_WERROR=0 -} - -do_compile_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_compile_prepend_class-native() { - # Need to set RPATH so that chrpath will do its job correctly - RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" -} - -do_compile() { - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - export NATIVE_FLAGS="${BUILD_CFLAGS}" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - export FREEBL_LOWHASH=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - # We can modify CC in the environment, but if we set it via an - # argument to make, nsinstall, a host program, will also build with it! - # - # nss pretty much does its own thing with CFLAGS, so we put them into CC. - # Optimization will get clobbered, but most of the stuff will survive. - # The motivation for this is to point to the correct place for debug - # source files and CFLAGS does that. Nothing uses CCC. - # - export CC="${CC} ${CFLAGS}" - make -C ./nss CCC="${CXX} -g" \ - OS_TEST=${OS_TEST} \ - RPATH="${RPATH}" -} -do_compile[vardepsexclude] += "SITEINFO_BITS" - - -do_install_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_install() { - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - CPU_ARCH=aarch64 - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - make -C ./nss \ - CCC="${CXX}" \ - OS_TEST=${OS_TEST} \ - SOURCE_LIB_DIR="${TD}/${libdir}" \ - SOURCE_BIN_DIR="${TD}/${bindir}" \ - install - - install -d ${D}/${libdir}/ - for file in ${S}/dist/*.OBJ/lib/*.so; do - echo "Installing `basename $file`..." - cp $file ${D}/${libdir}/ - done - - for shared_lib in ${TD}/${libdir}/*.so.*; do - if [ -f $shared_lib ]; then - cp $shared_lib ${D}/${libdir} - ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) - fi - done - for shared_lib in ${TD}/${libdir}/*.so; do - if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then - cp $shared_lib ${D}/${libdir} - fi - done - - install -d ${D}/${includedir}/nss3 - install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* - - install -d ${D}/${bindir} - for binary in ${TD}/${bindir}/*; do - install -m 755 -t ${D}/${bindir} $binary - done -} -do_install[vardepsexclude] += "SITEINFO_BITS" - -do_install_append() { - # Create empty .chk files for the NSS libraries at build time. They could - # be regenerated at target's boot time. - for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do - touch ${D}/${libdir}/$file - chmod 755 ${D}/${libdir}/$file - done - install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh - - install -d ${D}${libdir}/pkgconfig/ - sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc -} - -do_install_append_class-target() { - # Create a blank certificate - mkdir -p ${D}${sysconfdir}/pki/nssdb/ - touch ./empty_password - certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password - chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db - rm ./empty_password -} - -PACKAGE_WRITE_DEPS += "nss-native" -pkg_postinst_${PN} () { - if [ -n "$D" ]; then - for I in $D${libdir}/lib*.chk; do - DN=`dirname $I` - BN=`basename $I .chk` - FN=$DN/$BN.so - shlibsign -i $FN - if [ $? -ne 0 ]; then - exit 1 - fi - done - else - signlibs.sh - fi -} - -PACKAGES =+ "${PN}-smime" -FILES_${PN}-smime = "\ - ${bindir}/smime \ -" -FILES_${PN} = "\ - ${sysconfdir} \ - ${bindir} \ - ${libdir}/lib*.chk \ - ${libdir}/lib*.so \ - " -FILES_${PN}-dev = "\ - ${libdir}/nss \ - ${libdir}/pkgconfig/* \ - ${includedir}/* \ - " - -BBCLASSEXTEND = "native nativesdk" - diff --git a/meta/recipes-support/nss/nss_3.38.bb b/meta/recipes-support/nss/nss_3.38.bb new file mode 100644 index 0000000000..f3e5170a89 --- /dev/null +++ b/meta/recipes-support/nss/nss_3.38.bb @@ -0,0 +1,257 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://signlibs.sh \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://nss-fix-nsinstall-build.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + " + +SRC_URI[md5sum] = "ac9065460a7634ba8eb0f942f404e773" +SRC_URI[sha256sum] = "2c643d3c08d6935f4d325f40743719b6990aa25a79ec2f8f712c99d086672f62" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" + +inherit siteinfo + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" +RDEPENDS_${PN}-smime = "perl" + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE} + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} + export NSS_ENABLE_WERROR=0 +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export NATIVE_FLAGS="${BUILD_CFLAGS}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" +} +do_compile[vardepsexclude] += "SITEINFO_BITS" + + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # Create a blank certificate + mkdir -p ${D}${sysconfdir}/pki/nssdb/ + touch ./empty_password + certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password + chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db + rm ./empty_password +} + +PACKAGE_WRITE_DEPS += "nss-native" +pkg_postinst_${PN} () { + if [ -n "$D" ]; then + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + exit 1 + fi + done + else + signlibs.sh + fi +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +BBCLASSEXTEND = "native nativesdk" + -- cgit v1.2.3-54-g00ecf