From 912efc0c8122abc622ad63db6da7d1faaee5f3da Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Wed, 10 Jul 2013 15:54:17 +0800
Subject: nss: create checksum files for the nss libraries

Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
The shlibsign is invoked to sign the libraries, and it is built for the target
architecture and doesn't support cross-compiling so far.

Invoke shlibsign at target's first boot time to generate checksum files.

https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6
http://en.wikipedia.org/wiki/FIPS_140
https://bugzilla.mozilla.org/show_bug.cgi?id=681624

(From OE-Core rev: a4580f967c8064294a06d406acf5deb24aee2acc)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/nss/nss.inc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'meta/recipes-support/nss/nss.inc')

diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 87cba38bc8..4270743329 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -18,6 +18,7 @@ SRC_URI = "\
 "
 SRC_URI_append_class-target += "\
     file://nss.pc.in \
+    file://signlibs.sh \
 "
 inherit siteinfo
 PR = "r0"
@@ -136,6 +137,14 @@ do_install() {
 }
 
 do_install_append_class-target() {
+    # Create empty .chk files for the NSS libraries at build time. They could
+    # be regenerated at target's boot time.
+    for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
+        touch ${D}/${libdir}/$file
+        chmod 755 ${D}/${libdir}/$file
+    done
+    install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
+
     install -d ${D}${libdir}/pkgconfig/
     sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
     sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
@@ -151,6 +160,13 @@ do_install_append_class-target() {
     rm ./empty_password
 }
 
+pkg_postinst_${PN} () {
+    if [ -n "$D" ]; then
+        exit 1
+    fi
+    signlibs.sh
+}
+
 FILES_${PN} = "\
     ${sysconfdir} \
     ${bindir} \
-- 
cgit v1.2.3-54-g00ecf