diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-10-30 23:42:48 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-10-30 23:43:27 +0300 |
commit | bbbd5f468dc9c43b203cac3775f6c1b782ca7cba (patch) | |
tree | c1102cd773825fb6d69caaff22011b069e71a646 /meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb | |
parent | 157744bac930642ebf7952ec8dc3df2faffd0928 (diff) | |
download | openbmc-bbbd5f468dc9c43b203cac3775f6c1b782ca7cba.tar.xz |
meta-openembedded: subtree update:2258c9a767..164a6030b0
Alejandro Hernandez Samaniego (1):
emacs: Fix packaging for emacs-minimal
Andreas Müller (8):
fluidsynth: upgrade 2.1.3 -> 2.1.5
hdf5: Shorten SUMMARY and move long text to DESCRIPTION
wxwidgets: add opengl PACKAGECONFIG / enable it if opengl is in DISTRO_FEATURES
wxwidgets: Add what's necessary so that consumers of wxwidgets_git can find it
wxwidgets: upgrade 3.1.3 -> 3.1.4
babl: upgrade 0.1.78 -> 0.1.82
gegl: upgrade 0.4.24 -> 0.4.26
gimp: upgrade 2.10.20 -> 2.10.22
Andrej Valek (2):
nss: upgrade 3.56 -> 3.57
nspr: upgrade 4.26 -> 4.29
Chen Qi (2):
open-isns: use /run instead of /var/run in systemd service file
openhpi: use /run instead of /var/run in systemd service file
Daniel Ammann (2):
dhex: add homepage
pcsc-tools: add new package
Fagundes, Paulo (1):
vnstat: add recipe
Gianfranco Costamagna (1):
vboxguestdrivers: upgrade 6.1.14 -> 6.1.16
Gianluca Pacchiella (1):
Add missing dependencies for rsnapshot.
Khem Raj (5):
meta-openembedded: Add gatesgarth to LAYERSERIES_COMPAT
apitrace: Disable secuirty flags for clang
iscsi-initiator-utils: Silence a clang warning on 64bit systems
minifi-cpp: Do not use lld on riscv32
redis: Fix build with clang on riscv32
Leon Anavi (44):
python3-aiohttp: Upgrade 3.6.2 -> 3.6.3
python3-ujson: Upgrade 3.2.0 -> 4.0.1
python3-passlib: Upgrade 1.7.2 -> 1.7.4
python3-croniter: Upgrade 0.3.34 -> 0.3.35
python3-isort: Upgrade 5.5.4 -> 5.6.4
python3-prompt-toolkit: Upgrade 3.0.7 -> 3.0.8
python3-yarl: Upgrade 1.6.0 -> 1.6.2
python3-sqlparse: Upgrade 0.3.1 -> 0.4.1
python3-sqlalchemy: Upgrade 1.3.19 -> 1.3.20
python3-sentry-sdk: Upgrade 0.18.0 -> 0.19.0
python3-markdown: Upgrade 3.3 -> 3.3.1
python3-pywbemtools: Upgrade 0.7.3 -> 0.8.0
python3-xlsxwriter: Upgrade 1.3.6 -> 1.3.7
python3-luma-core: Upgrade 1.17.1 -> 1.17.2
python3-graphviz: Upgrade 0.14.1 -> 0.14.2
python3-yappi: Upgrade 1.2.5 -> 1.3.0
python3-iniconfig: Upgrade 1.0.1 -> 1.1.1
transmission: Upgrade 2.94 -> 3.00
python3-regex: Upgrade 2020.10.11 -> 2020.10.15
python3-colorama: Upgrade 0.4.3 -> 0.4.4
python3-zipp: Upgrade 3.3.0 -> 3.3.1
python3-pychromecast: Upgrade 7.5.0 -> 7.5.1
python3-semver: Upgrade 2.10.2 -> 2.13.0
python3-pydicti: Upgrade 1.1.3 -> 1.1.4
python3-humanize: Upgrade 3.0.1 -> 3.1.0
python3-dominate: Upgrade 2.5.2 -> 2.6.0
python3-urllib3: Upgrade 1.25.10 -> 1.25.11
python3-bitarray: Upgrade 1.5.3 -> 1.6.0
python3-markdown: Upgrade 3.3.1 -> 3.3.2
python3-pymisp: Upgrade 2.4.131 -> 2.4.133
python3-typeguard: Upgrade 2.9.1 -> 2.10.0
python3-traitlets: Upgrade 5.0.4 -> 5.0.5
python3-sentry-sdk: Upgrade 0.19.0 -> 0.19.1
python3-lxml: Upgrade 4.5.2 -> 4.6.1
python3-regex: Upgrade 2020.10.15 -> 2020.10.23
python3-google-api-python-client: Upgrade 1.12.3 -> 1.12.5
python3-cryptography: Upgrade 3.1.1 -> 3.2
python3-psutil: Upgrade 5.7.2 -> 5.7.3
python3-pyparted: Upgrade 3.11.6 -> 3.11.7
python3-tqdm: Upgrade 4.50.2 -> 4.51.0
python3-u-msgpack-python: Upgrade 2.7.0 -> 2.7.1
python3-luma-core: Upgrade 1.17.2 -> 1.17.3
python3-zipp: Upgrade 3.3.1 -> 3.4.0
python3-aiohttp: Upgrade 3.6.3 -> 3.7.1
Luca Boccassi (2):
Add recipe for fsverity-utils
Add new recipe for squashfs-tools-ng
Mario Schuknecht (1):
wireguard-tools: Fix systemd service installation
Martin Jansa (3):
packagegroup-meta-multimedia: include fdk-aac and mpd only with commercial in LICENSE_FLAGS_WHITELIST
python3-colorama: add native and nativesdk to BBCLASSEXTEND
mpd: add commercial LICENSE_FLAGS when ffmpeg or aac PACKAGECONFIG is enabled
Michael Tretter (1):
apitrace: add new recipe
Mingli Yu (1):
mariadb: Upgrade to 10.5.6
Pascal Bach (1):
fmt: make available as native and nativesdk
Pierre-Jean Texier (3):
c-periphery: upgrade 2.2.1 -> 2.2.4
c-periphery: fix typo in SUMMARY
stunnel: upgrade 5.56 -> 5.57
Qi.Chen@windriver.com (4):
php: use /run instead /var/run in systemd service file
lmsensors: use /run instead of /var/run for systemd service
cyrus-sasl: use /run instead of /var/run for systemd service file
freediameter: use /run instead of /var/run in systemd service file
Ross Burton (2):
mpv: fetch waf in do_fetch
glmark2: no need to patch waf
Sakib Sajal (1):
python3-prettytable: add python3-wcwidth to RDEPENDS
Siming Yuan (1):
python3-paramiko: fixing runtime dependencies
Taisei Nakano (1):
anthy: add GPLv2 to LICENSE and add LIC_FILES_CHKSUM
Ulrich Ölmann (1):
usb-modeswitch, usb-modeswitch-data: fix usrmerge
Yi Zhao (2):
samba: upgrade 4.10.17 -> 4.10.18
networkmanager: remove PACKAGECONFIG[dhclient]
Zang Ruochen (13):
firewalld: upgrade 0.9.0 -> 0.9.1
mtr: upgrade 0.93 -> 0.94
wireshark: upgrade 3.2.6 -> 3.2.7
hwdata: upgrade 0.339 -> 0.340
libmbim: upgrade 1.24.2 -> 1.24.4
linuxptp: upgrade 3.0 -> 3.1
memtester: upgrade 4.4.0 -> 4.5.0
paho-mqtt-c: upgrade 1.3.5 -> 1.3.6
mm-common: upgrade 1.0.1 -> 1.0.2
poppler: upgrade 20.09.0 -> 20.10.0
spdlog: upgrade 1.8.0 -> 1.8.1
libcgi-perl: upgrade 4.50 -> 4.51
libcurses-perl: upgrade 1.36 -> 1.37
zangrc (8):
gphoto2: upgrade 2.5.23 -> 2.5.26
libgphoto2: upgrade 2.5.25 -> 2.5.26
libmtp: upgrade 1.1.17 -> 1.1.18
libp11: upgrade 0.4.10 -> 0.4.11
libpwquality: upgrade 1.4.2 -> 1.4.4
libqmi: upgrade 1.26.4 -> 1.26.6
nano: upgrade 5.2 -> 5.3
protobuf: upgrade 3.13.0 -> 3.13.0.1
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ie105cfe99ae7dab0f6f1fd8d88d43a1979faf486
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb')
-rw-r--r-- | meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb | 271 |
1 files changed, 271 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb new file mode 100644 index 000000000..5d9318a92 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb @@ -0,0 +1,271 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://blank-cert9.db \ + file://blank-key4.db \ + file://system-pkcs11.txt \ + file://nss-fix-nsinstall-build.patch \ + file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ + " +SRC_URI[sha256sum] = "55a86c01be860381d64bb4e5b94eb198df9b0f098a8af0e58c014df398bdc382" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes" + +inherit siteinfo + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a +# which caused -march conflicts in gcc +TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr + export NSS_ENABLE_WERROR=0 + + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + # Additional defines needed on Centos 7 + export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" \ + autobuild +} + +do_compile[vardepsexclude] += "SITEINFO_BITS" + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} + +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # It used to call certutil to create a blank certificate with empty password at + # build time, but the checksum of key4.db changes every time when certutil is called. + # It causes non-determinism issue, so provide databases with a blank certificate + # which are originally from output of nss in qemux86-64 build. You can get these + # databases by: + # certutil -N -d sql:/database/path/ --empty-password + install -d ${D}${sysconfdir}/pki/nssdb/ + install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt +} + +PACKAGE_WRITE_DEPS += "nss-native" + +pkg_postinst_${PN} () { + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + echo "shlibsign -i $FN failed" + fi + done +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" + +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " + +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +RDEPENDS_${PN}-smime = "perl" + +BBCLASSEXTEND = "native nativesdk" |