From bbbd5f468dc9c43b203cac3775f6c1b782ca7cba Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 30 Oct 2020 15:42:48 -0500 Subject: meta-openembedded: subtree update:2258c9a767..164a6030b0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alejandro Hernandez Samaniego (1): emacs: Fix packaging for emacs-minimal Andreas Müller (8): fluidsynth: upgrade 2.1.3 -> 2.1.5 hdf5: Shorten SUMMARY and move long text to DESCRIPTION wxwidgets: add opengl PACKAGECONFIG / enable it if opengl is in DISTRO_FEATURES wxwidgets: Add what's necessary so that consumers of wxwidgets_git can find it wxwidgets: upgrade 3.1.3 -> 3.1.4 babl: upgrade 0.1.78 -> 0.1.82 gegl: upgrade 0.4.24 -> 0.4.26 gimp: upgrade 2.10.20 -> 2.10.22 Andrej Valek (2): nss: upgrade 3.56 -> 3.57 nspr: upgrade 4.26 -> 4.29 Chen Qi (2): open-isns: use /run instead of /var/run in systemd service file openhpi: use /run instead of /var/run in systemd service file Daniel Ammann (2): dhex: add homepage pcsc-tools: add new package Fagundes, Paulo (1): vnstat: add recipe Gianfranco Costamagna (1): vboxguestdrivers: upgrade 6.1.14 -> 6.1.16 Gianluca Pacchiella (1): Add missing dependencies for rsnapshot. Khem Raj (5): meta-openembedded: Add gatesgarth to LAYERSERIES_COMPAT apitrace: Disable secuirty flags for clang iscsi-initiator-utils: Silence a clang warning on 64bit systems minifi-cpp: Do not use lld on riscv32 redis: Fix build with clang on riscv32 Leon Anavi (44): python3-aiohttp: Upgrade 3.6.2 -> 3.6.3 python3-ujson: Upgrade 3.2.0 -> 4.0.1 python3-passlib: Upgrade 1.7.2 -> 1.7.4 python3-croniter: Upgrade 0.3.34 -> 0.3.35 python3-isort: Upgrade 5.5.4 -> 5.6.4 python3-prompt-toolkit: Upgrade 3.0.7 -> 3.0.8 python3-yarl: Upgrade 1.6.0 -> 1.6.2 python3-sqlparse: Upgrade 0.3.1 -> 0.4.1 python3-sqlalchemy: Upgrade 1.3.19 -> 1.3.20 python3-sentry-sdk: Upgrade 0.18.0 -> 0.19.0 python3-markdown: Upgrade 3.3 -> 3.3.1 python3-pywbemtools: Upgrade 0.7.3 -> 0.8.0 python3-xlsxwriter: Upgrade 1.3.6 -> 1.3.7 python3-luma-core: Upgrade 1.17.1 -> 1.17.2 python3-graphviz: Upgrade 0.14.1 -> 0.14.2 python3-yappi: Upgrade 1.2.5 -> 1.3.0 python3-iniconfig: Upgrade 1.0.1 -> 1.1.1 transmission: Upgrade 2.94 -> 3.00 python3-regex: Upgrade 2020.10.11 -> 2020.10.15 python3-colorama: Upgrade 0.4.3 -> 0.4.4 python3-zipp: Upgrade 3.3.0 -> 3.3.1 python3-pychromecast: Upgrade 7.5.0 -> 7.5.1 python3-semver: Upgrade 2.10.2 -> 2.13.0 python3-pydicti: Upgrade 1.1.3 -> 1.1.4 python3-humanize: Upgrade 3.0.1 -> 3.1.0 python3-dominate: Upgrade 2.5.2 -> 2.6.0 python3-urllib3: Upgrade 1.25.10 -> 1.25.11 python3-bitarray: Upgrade 1.5.3 -> 1.6.0 python3-markdown: Upgrade 3.3.1 -> 3.3.2 python3-pymisp: Upgrade 2.4.131 -> 2.4.133 python3-typeguard: Upgrade 2.9.1 -> 2.10.0 python3-traitlets: Upgrade 5.0.4 -> 5.0.5 python3-sentry-sdk: Upgrade 0.19.0 -> 0.19.1 python3-lxml: Upgrade 4.5.2 -> 4.6.1 python3-regex: Upgrade 2020.10.15 -> 2020.10.23 python3-google-api-python-client: Upgrade 1.12.3 -> 1.12.5 python3-cryptography: Upgrade 3.1.1 -> 3.2 python3-psutil: Upgrade 5.7.2 -> 5.7.3 python3-pyparted: Upgrade 3.11.6 -> 3.11.7 python3-tqdm: Upgrade 4.50.2 -> 4.51.0 python3-u-msgpack-python: Upgrade 2.7.0 -> 2.7.1 python3-luma-core: Upgrade 1.17.2 -> 1.17.3 python3-zipp: Upgrade 3.3.1 -> 3.4.0 python3-aiohttp: Upgrade 3.6.3 -> 3.7.1 Luca Boccassi (2): Add recipe for fsverity-utils Add new recipe for squashfs-tools-ng Mario Schuknecht (1): wireguard-tools: Fix systemd service installation Martin Jansa (3): packagegroup-meta-multimedia: include fdk-aac and mpd only with commercial in LICENSE_FLAGS_WHITELIST python3-colorama: add native and nativesdk to BBCLASSEXTEND mpd: add commercial LICENSE_FLAGS when ffmpeg or aac PACKAGECONFIG is enabled Michael Tretter (1): apitrace: add new recipe Mingli Yu (1): mariadb: Upgrade to 10.5.6 Pascal Bach (1): fmt: make available as native and nativesdk Pierre-Jean Texier (3): c-periphery: upgrade 2.2.1 -> 2.2.4 c-periphery: fix typo in SUMMARY stunnel: upgrade 5.56 -> 5.57 Qi.Chen@windriver.com (4): php: use /run instead /var/run in systemd service file lmsensors: use /run instead of /var/run for systemd service cyrus-sasl: use /run instead of /var/run for systemd service file freediameter: use /run instead of /var/run in systemd service file Ross Burton (2): mpv: fetch waf in do_fetch glmark2: no need to patch waf Sakib Sajal (1): python3-prettytable: add python3-wcwidth to RDEPENDS Siming Yuan (1): python3-paramiko: fixing runtime dependencies Taisei Nakano (1): anthy: add GPLv2 to LICENSE and add LIC_FILES_CHKSUM Ulrich Ölmann (1): usb-modeswitch, usb-modeswitch-data: fix usrmerge Yi Zhao (2): samba: upgrade 4.10.17 -> 4.10.18 networkmanager: remove PACKAGECONFIG[dhclient] Zang Ruochen (13): firewalld: upgrade 0.9.0 -> 0.9.1 mtr: upgrade 0.93 -> 0.94 wireshark: upgrade 3.2.6 -> 3.2.7 hwdata: upgrade 0.339 -> 0.340 libmbim: upgrade 1.24.2 -> 1.24.4 linuxptp: upgrade 3.0 -> 3.1 memtester: upgrade 4.4.0 -> 4.5.0 paho-mqtt-c: upgrade 1.3.5 -> 1.3.6 mm-common: upgrade 1.0.1 -> 1.0.2 poppler: upgrade 20.09.0 -> 20.10.0 spdlog: upgrade 1.8.0 -> 1.8.1 libcgi-perl: upgrade 4.50 -> 4.51 libcurses-perl: upgrade 1.36 -> 1.37 zangrc (8): gphoto2: upgrade 2.5.23 -> 2.5.26 libgphoto2: upgrade 2.5.25 -> 2.5.26 libmtp: upgrade 1.1.17 -> 1.1.18 libp11: upgrade 0.4.10 -> 0.4.11 libpwquality: upgrade 1.4.2 -> 1.4.4 libqmi: upgrade 1.26.4 -> 1.26.6 nano: upgrade 5.2 -> 5.3 protobuf: upgrade 3.13.0 -> 3.13.0.1 Signed-off-by: Andrew Geissler Change-Id: Ie105cfe99ae7dab0f6f1fd8d88d43a1979faf486 --- .../meta-oe/recipes-support/nss/nss_3.57.bb | 271 +++++++++++++++++++++ 1 file changed, 271 insertions(+) create mode 100644 meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb (limited to 'meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb') diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb new file mode 100644 index 000000000..5d9318a92 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.57.bb @@ -0,0 +1,271 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://blank-cert9.db \ + file://blank-key4.db \ + file://system-pkcs11.txt \ + file://nss-fix-nsinstall-build.patch \ + file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ + " +SRC_URI[sha256sum] = "55a86c01be860381d64bb4e5b94eb198df9b0f098a8af0e58c014df398bdc382" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" + +inherit siteinfo + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a +# which caused -march conflicts in gcc +TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr + export NSS_ENABLE_WERROR=0 + + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + # Additional defines needed on Centos 7 + export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" \ + autobuild +} + +do_compile[vardepsexclude] += "SITEINFO_BITS" + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} + +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # It used to call certutil to create a blank certificate with empty password at + # build time, but the checksum of key4.db changes every time when certutil is called. + # It causes non-determinism issue, so provide databases with a blank certificate + # which are originally from output of nss in qemux86-64 build. You can get these + # databases by: + # certutil -N -d sql:/database/path/ --empty-password + install -d ${D}${sysconfdir}/pki/nssdb/ + install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt +} + +PACKAGE_WRITE_DEPS += "nss-native" + +pkg_postinst_${PN} () { + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + echo "shlibsign -i $FN failed" + fi + done +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" + +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " + +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +RDEPENDS_${PN}-smime = "perl" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3