From eef6386ca7c8a62f37fc84a0a5a68842183cdfb0 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 29 Jan 2021 15:58:13 -0600 Subject: meta-openembedded: subtree update:4599fea881..fd123c9bb2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adrian (1): networkmanager: add missing readline depends Adrian Freihofer (2): nftables: upgrade 0.9.7 -> 0.9.8 firewalld: upgrade 0.9.2 -> 0.9.3 Adrian Herrera (2): cppunit: add support for native version protobuf: apply fix for pkg-config pthread flags Alejandro Enedino Hernandez Samaniego (2): remmina: Update to 1.4.10 imapfilter: Upgrade 2.6.16 -> 2.7.5 Anatol Belski (1): xmlsec1: Fix configure QA error caused by host lookup path Andreas Müller (24): libunique: remove xfce4-screenshooter: replace gtk+ -> gtk+3 in DEPENDS libxfce4ui: Fix sporadic install error poppler: upgrade 20.12.1 -> 21.01.0 dconf: upgrade 0.36.0 -> 0.38.0 dconf-editor: upgrade 3.36.2 -> 3.38.2 amtk: upgrade 5.1.1 -> 5.2.0 evince: upgrade 3.36.7 -> 3.38.0 catfish: upgrade 1.4.13 -> 4.16.0 xfwm4: upgrade 4.16.0 -> 4.16.1 parole: upgrade 1.0.5 -> 4.16.0 garcon: upgrade 0.8.0 -> 4.16.1 xfce4-whiskermenu-plugin: upgrade 2.5.1 -> 2.5.2 thunar: upgrade 4.16.0 -> 4.16.2 jack: upgrade 1.19.16 -> 1.19.17 networkmanager: upgrade 1.22.14 -> 1.28.0 appstream-glib: upgrade 0.7.17 -> 0.7.18 vlc: upgrade 3.0.11.1 -> 3.0.12 python3-mypy-extensions: Initial add 0.4.3 python3-mypy: initial add 0.800 python3-send2trash_ initial add 1.5.0 python3-asttokens: initial add 2.0.4 python3-typed-ast: Initial add 1.4.1 packagegroup-meta-python: Add asttokens/mypy/mypy-extensions/typed-ast/send2trash Andrew Jeffery (2): meta-python: Add hexdump package meta-python: Add jstyleson Armin Kuster (3): wireshark: Several securtiy fixes ipset: add recipe lua: update to 5.3.6 Clément Péron (2): re2: Add recipe for Google RE2 library abseil-cpp: bump to LTS 2020_09_23 Patch Release 3 Daniel Gomez (2): zbar: Add support for mchehab/zbar zbar: Remove support for 0.10 version Diego Santa Cruz (1): net-snmp: control smux via PACKAGECONFIG Gianfranco (2): vboxguestdrivers: upgrade 6.1.16 -> 6.1.18 vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386 Gianfranco Costamagna (1): dlt-daemon: update to new release 2.18.6 Harpritkaur Bhandari (1): rapidjson: Upgrade SRCREV to latest He Zhe (2): lmbench: Fix webpage-lm and manual page typos lmbench: lat_fifo: Fix cleanup sequence Junjie Mao (1): python3-xmlschema: Yocto recipes for validating against XSD 1.1 Kai Kang (4): xfce4-panel-profiles: fix do install failure with dash xfce4-panel-profiles: update remove-bashisms.patch for centos 7 blueman: refresh patch mariadb: add package config zstd Khem Raj (6): influxdb: Fix build on mips packagegroup-meta-oe: Add new package influxdb packagegroup-meta-networking: Add ipset packagegroup-meta-oe: Add re2 autoconf-2.13-native,xserver-xorg-cvt-native: Move inheriting native to the end dfu-util-native: Adjust Inherit order Leon Anavi (75): python3-aiohttp: Upgrade 3.7.2 -> 3.7.3 python3-coloredlogs: Upgrade 14.0 -> 15.0 python3-jsonrpcserver: Upgrade 4.1.3 -> 4.2.0 python3-pymisp: Upgrade 2.4.133 -> 2.4.135.3 python3-parso: Upgrade 0.8.0 -> 0.8.1 python3-pillow: Upgrade 7.2.0 -> 8.1.0 python3-croniter: Upgrade 0.3.37 -> 1.0.1 python3-pychromecast: Upgrade 7.7.1 -> 7.7.2 python3-hyperlink: Upgrade 20.0.1 -> 21.0.0 python3-dnspython: Upgrade 2.0.0 -> 2.1.0 python3-prompt-toolkit: Upgrade 3.0.9 -> 3.0.10 python3-ptyprocess: Upgrade 0.6.0 -> 0.7.0 python3-certifi: Upgrade 2020.11.8 -> 2020.12.5 python3-jedi: Upgrade 0.17.2 -> 0.18.0 python3-mock: Upgrade 4.0.2 -> 4.0.3 python3-pyscaffold: Upgrade 3.2.3 -> 3.3 python3-cffi: Upgrade 1.14.3 -> 1.14.4 python3-rsa: Upgrade 4.6 -> 4.7 python3-pyjwt: Upgrade 1.7.1 -> 2.0.0 python3-isort: Upgrade 5.6.4 -> 5.7.0 python3-lz4: Upgrade 3.1.0 -> 3.1.1 python3-msgpack: Upgrade 1.0.0 -> 1.0.2 python3-pyopenssl: Upgrade 19.1.0 -> 20.0.1 python3-ecdsa: Upgrade 0.16.0 -> 0.16.1 python3-regex: Upgrade 2020.10.28 -> 2020.11.13 python3-cryptography: Upgrade 3.2 -> 3.3.1 python3-cryptography-vectors: Upgrade 3.2 -> 3.3.1 python3-wheel: Upgrade 0.35.1 -> 0.36.2 python3-pyzmq: Upgrade 19.0.2 -> 20.0.0 python3-greenlet: Upgrade 0.4.17 -> 1.0.0 python3-parse: Upgrade 1.18.0 -> 1.19.0 python3-colorlog: Upgrade 4.6.2 -> 4.7.2 python3-pyephem: Upgrade 3.7.7.0 -> 3.7.7.1 python3-pyperf: Upgrade 2.0.0 -> 2.1.0 python3-cheetah: Upgrade 3.2.5 -> 3.2.6 python3-pyscaffold: Upgrade 3.3 -> 3.3.1 python3-lxml: Upgrade 4.6.1 -> 4.6.2 python3-openpyxl: Upgrade 3.0.5 -> 3.0.6 python3-pymysql: Upgrade 0.10.1 -> 1.0.2 python3-dbus-next: Upgrade 0.1.4 -> 0.2.2 python3-yappi: Upgrade 1.3.0 -> 1.3.2 python3-pyyaml: Upgrade 5.3.1 -> 5.4 python3-google-api-python-client: Upgrade 1.12.5 -> 1.12.8 python3-evdev: Upgrade 1.3.0 -> 1.4.0 python3-pyusb: Upgrade 1.1.0 -> 1.1.1 python3-pyserial: Upgrade 3.4 -> 3.5 python3-pandas: Upgrade 1.2.0 -> 1.2.1 python3-alembic: Upgrade 1.4.3 -> 1.5.1 python3-coverage: Upgrade 5.3 -> 5.3.1 python3-lz4: Upgrade 3.1.1 -> 3.1.3 python3-bitarray: Upgrade 1.6.1 -> 1.6.3 python3-pykwalify: Upgrade 1.7.0 -> 1.8.0 python3-croniter: Upgrade 1.0.1 -> 1.0.2 python3-ujson: Upgrade 4.0.1 -> 4.0.2 python3-smbus2: Upgrade 0.4.0 -> 0.4.1 python3-pyzmq: Upgrade 20.0.0 -> 21.0.1 python3-alembic: Upgrade 1.5.1 -> 1.5.2 python3-prompt-toolkit: Upgrade 3.0.10 -> 3.0.11 python3-pyjwt: Upgrade 2.0.0 -> 2.0.1 python3-pyyaml: Upgrade 5.4 -> 5.4.1 python3-natsort: Upgrade 7.1.0 -> 7.1.1 python3-pymisp: Upgrade 2.4.135.3 -> 2.4.137.1 python3-socketio: Upgrade 4.6.0 -> 5.0.4 python3-lazy-object-proxy: Upgrade 1.5.1 -> 1.5.2 python3-custom-inherit: Upgrade 2.3.0 -> 2.3.1 python3-cachetools: Upgrade 4.2.0 -> 4.2.1 python3-coverage: Upgrade 5.3.1 -> 5.4 python3-diskcache: Upgrade 5.1.0 -> 5.2.1 python3-aenum: Upgrade 2.2.6 -> 3.0.0 python3-xmlschema: Upgrade 1.4.1 -> 1.4.2 python3-intervals: Upgrade 1.10.0 -> 1.10.0.post1 python3-portion: Add recipe python3-pako: Upgrade 0.2.3 -> 0.3.0 python3-typed-ast: Upgrade 1.4.1 -> 1.4.2 python3-pyzmq: Upgrade 21.0.1 -> 21.0.2 Luca Boccassi (4): dbus-broker: enable SO_PEERSEC usage by default fsverity: update to 1.3 fsverity: fix MinGW build dbus-broker: update to v26 Mario Schuknecht (1): dnsmasq: Fix systemd service Mikko Rapeli (3): fuse: set CVE_PRODUCT to "fuse_project:fuse" flatbuffers: whitelist CVE-2020-35864 giflib: apply patch for CVE-2019-15133 and set CVE_PRODUCT Mingli Yu (2): mcelog: fix the pfa test hang mariadb: upgrade to 10.5.8 Nicolas Jeker (1): networkmanager: Add Wireless Extensions to PACKAGECONFIG[wifi] Oleksiy Obitotskyy (1): libsmi: set awk as target path Robert Joslyn (1): htop: Update to 3.0.4 Ross Burton (1): libmicrohttpd: allow native/nativesdk builds S. Lockwood-Childs (1): sip3: simplify recipe Shlomi Vaknin (1): python3-sh: remove python3-tests from RDEPENDS Stefano Babic (1): libconfig: split package for C++ Søren Andersen (1): zram: fix sourcing of zram parameters Thomas Perrot (1): influxdb: add new recipe Trevor Gamblin (2): packagegroup-meta-python: sort package names, add notes packagegroup-meta-python: add ptest packages to ptest group Wang Mingyu (1): dovecot: upgrade 2.2.36.4 -> 2.3.13 Yi Zhao (1): nss: upgrade 3.60 -> 3.60.1 Zang Ruochen (9): c-periphery: upgrade 2.3.0 -> 2.3.1 htop: upgrade 3.0.4 -> 3.0.5 hwdata: upgrade 0.342 -> 0.343 spitools: upgrade 0.8.6 -> 0.8.7 librole-tiny-perl: upgrade 2.001004 -> 2.002003 python3-smbus: upgrade 4.1 -> 4.2 python3-snappy: upgrade 0.5.4 -> 0.6.0 python3-zopeinterface: upgrade 5.1.0 -> 5.2.0 python3-nmap: upgrade 1.4.8 -> 1.5.0 Zheng Ruoqin (7): cifs-utils: upgrade 6.11 -> 6.12 firewalld: upgrade 0.9.1 -> 0.9.2 igmpproxy: upgrade 0.2.1 -> 0.3 mdns: upgrade 1096.40.7 -> 1310.40.42 opensc: Fix the wrong version number. python3-djangorestframework: upgrade 3.12.1 -> 3.12.2 python3-ipy: upgrade 1.00 -> 1.01 changqing.li@windriver.com (1): celt051: update SRC_URI zangrc (6): libnftnl: upgrade 1.1.8 -> 1.1.9 czmq: upgrade 4.2.0 -> 4.2.1 dialog: upgrade 1.3-20201126 -> 1.3-20210117 modemanager: upgrade 1.14.8 -> 1.14.10 monit: upgrade 5.27.1 -> 5.27.2 python3-networkmanager: upgrade 2.1 -> 2.2 zhengruoqin (3): openldap: upgrade 2.4.56 -> 2.4.57 satyr: upgrade 0.35 -> 0.36 zeromq: upgrade 4.3.3 -> 4.3.4 Signed-off-by: Andrew Geissler Change-Id: I2469d162f1db8072fec106f629872618082bbeac --- .../meta-oe/recipes-support/nss/nss_3.60.1.bb | 271 +++++++++++++++++++++ .../meta-oe/recipes-support/nss/nss_3.60.bb | 271 --------------------- 2 files changed, 271 insertions(+), 271 deletions(-) create mode 100644 meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.1.bb delete mode 100644 meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.bb (limited to 'meta-openembedded/meta-oe/recipes-support/nss') diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.1.bb new file mode 100644 index 000000000..dc147efea --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.1.bb @@ -0,0 +1,271 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://blank-cert9.db \ + file://blank-key4.db \ + file://system-pkcs11.txt \ + file://nss-fix-nsinstall-build.patch \ + file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ + " +SRC_URI[sha256sum] = "2051c20b61112df24bad533ac37f6c66c1bc0d6ea70bb9d9cad102d20324279d" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" + +inherit siteinfo + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a +# which caused -march conflicts in gcc +TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr + export NSS_ENABLE_WERROR=0 + + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + # Additional defines needed on Centos 7 + export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" \ + autobuild +} + +do_compile[vardepsexclude] += "SITEINFO_BITS" + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} + +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # It used to call certutil to create a blank certificate with empty password at + # build time, but the checksum of key4.db changes every time when certutil is called. + # It causes non-determinism issue, so provide databases with a blank certificate + # which are originally from output of nss in qemux86-64 build. You can get these + # databases by: + # certutil -N -d sql:/database/path/ --empty-password + install -d ${D}${sysconfdir}/pki/nssdb/ + install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt +} + +PACKAGE_WRITE_DEPS += "nss-native" + +pkg_postinst_${PN} () { + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + echo "shlibsign -i $FN failed" + fi + done +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" + +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " + +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +RDEPENDS_${PN}-smime = "perl" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.bb deleted file mode 100644 index 112f67629..000000000 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.60.bb +++ /dev/null @@ -1,271 +0,0 @@ -SUMMARY = "Mozilla's SSL and TLS implementation" -DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ -designed to support cross-platform development of \ -security-enabled client and server applications. \ -Applications built with NSS can support SSL v2 and v3, \ -TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ -v3 certificates, and other security standards." -HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" -SECTION = "libs" - -DEPENDS = "sqlite3 nspr zlib nss-native" -DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" - -LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" - -LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ - file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ - file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" - -VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" - -SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ - file://nss.pc.in \ - file://0001-nss-fix-support-cross-compiling.patch \ - file://nss-no-rpath-for-cross-compiling.patch \ - file://nss-fix-incorrect-shebang-of-perl.patch \ - file://disable-Wvarargs-with-clang.patch \ - file://pqg.c-ULL_addend.patch \ - file://blank-cert9.db \ - file://blank-key4.db \ - file://system-pkcs11.txt \ - file://nss-fix-nsinstall-build.patch \ - file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ - " -SRC_URI[sha256sum] = "84abd5575ab874c53ae511bd461e5d0868d1a1b384ee40753154cdd1d590fe3d" - -UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" -UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes" - -inherit siteinfo - -TD = "${S}/tentative-dist" -TDS = "${S}/tentative-dist-staging" - -# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a -# which caused -march conflicts in gcc -TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto" - -TARGET_CC_ARCH += "${LDFLAGS}" - -do_configure_prepend_libc-musl () { - sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk -} - -do_compile_prepend_class-native() { - export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr - export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} -} - -do_compile_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_compile_prepend_class-native() { - # Need to set RPATH so that chrpath will do its job correctly - RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" -} - -do_compile() { - export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr - export NSS_ENABLE_WERROR=0 - - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - # Additional defines needed on Centos 7 - export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - export FREEBL_LOWHASH=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - # We can modify CC in the environment, but if we set it via an - # argument to make, nsinstall, a host program, will also build with it! - # - # nss pretty much does its own thing with CFLAGS, so we put them into CC. - # Optimization will get clobbered, but most of the stuff will survive. - # The motivation for this is to point to the correct place for debug - # source files and CFLAGS does that. Nothing uses CCC. - # - export CC="${CC} ${CFLAGS}" - make -C ./nss CCC="${CXX} -g" \ - OS_TEST=${OS_TEST} \ - RPATH="${RPATH}" \ - autobuild -} - -do_compile[vardepsexclude] += "SITEINFO_BITS" - -do_install_prepend_class-nativesdk() { - export LDFLAGS="" -} - -do_install() { - export CROSS_COMPILE=1 - export NATIVE_CC="${BUILD_CC}" - export BUILD_OPT=1 - - export FREEBL_NO_DEPEND=1 - - export LIBDIR=${libdir} - export MOZILLA_CLIENT=1 - export NS_USE_GCC=1 - export NSS_USE_SYSTEM_SQLITE=1 - export NSS_ENABLE_ECC=1 - - export OS_RELEASE=3.4 - export OS_TARGET=Linux - export OS_ARCH=Linux - - if [ "${TARGET_ARCH}" = "powerpc" ]; then - OS_TEST=ppc - elif [ "${TARGET_ARCH}" = "powerpc64" ]; then - OS_TEST=ppc64 - elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then - OS_TEST=mips - elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then - CPU_ARCH=aarch64 - OS_TEST="aarch64" - else - OS_TEST="${TARGET_ARCH}" - fi - if [ "${SITEINFO_BITS}" = "64" ]; then - export USE_64=1 - elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then - export USE_X32=1 - fi - - export NSS_DISABLE_GTESTS=1 - - make -C ./nss \ - CCC="${CXX}" \ - OS_TEST=${OS_TEST} \ - SOURCE_LIB_DIR="${TD}/${libdir}" \ - SOURCE_BIN_DIR="${TD}/${bindir}" \ - install - - install -d ${D}/${libdir}/ - for file in ${S}/dist/*.OBJ/lib/*.so; do - echo "Installing `basename $file`..." - cp $file ${D}/${libdir}/ - done - - for shared_lib in ${TD}/${libdir}/*.so.*; do - if [ -f $shared_lib ]; then - cp $shared_lib ${D}/${libdir} - ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) - fi - done - for shared_lib in ${TD}/${libdir}/*.so; do - if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then - cp $shared_lib ${D}/${libdir} - fi - done - - install -d ${D}/${includedir}/nss3 - install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* - - install -d ${D}/${bindir} - for binary in ${TD}/${bindir}/*; do - install -m 755 -t ${D}/${bindir} $binary - done -} - -do_install[vardepsexclude] += "SITEINFO_BITS" - -do_install_append() { - # Create empty .chk files for the NSS libraries at build time. They could - # be regenerated at target's boot time. - for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do - touch ${D}/${libdir}/$file - chmod 755 ${D}/${libdir}/$file - done - - install -d ${D}${libdir}/pkgconfig/ - sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc - sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc -} - -do_install_append_class-target() { - # It used to call certutil to create a blank certificate with empty password at - # build time, but the checksum of key4.db changes every time when certutil is called. - # It causes non-determinism issue, so provide databases with a blank certificate - # which are originally from output of nss in qemux86-64 build. You can get these - # databases by: - # certutil -N -d sql:/database/path/ --empty-password - install -d ${D}${sysconfdir}/pki/nssdb/ - install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db - install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db - install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt -} - -PACKAGE_WRITE_DEPS += "nss-native" - -pkg_postinst_${PN} () { - for I in $D${libdir}/lib*.chk; do - DN=`dirname $I` - BN=`basename $I .chk` - FN=$DN/$BN.so - shlibsign -i $FN - if [ $? -ne 0 ]; then - echo "shlibsign -i $FN failed" - fi - done -} - -PACKAGES =+ "${PN}-smime" -FILES_${PN}-smime = "\ - ${bindir}/smime \ -" - -FILES_${PN} = "\ - ${sysconfdir} \ - ${bindir} \ - ${libdir}/lib*.chk \ - ${libdir}/lib*.so \ - " - -FILES_${PN}-dev = "\ - ${libdir}/nss \ - ${libdir}/pkgconfig/* \ - ${includedir}/* \ - " - -RDEPENDS_${PN}-smime = "perl" - -BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3