diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/nss')
14 files changed, 674 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch new file mode 100644 index 000000000..c380c1449 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch @@ -0,0 +1,52 @@ +From 5595e9651aca39af945931c73eb524a0f8bd130d Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 18 Dec 2019 12:29:50 +0100 +Subject: [PATCH] freebl: add a configure option to disable ARM HW crypto + +Not all current hardware supports it, particularly anything +prior to armv8 does not. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + nss/lib/freebl/Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/nss/lib/freebl/Makefile ++++ b/nss/lib/freebl/Makefile +@@ -125,6 +125,9 @@ else + DEFINES += -DNSS_X86 + endif + endif ++ ++ifdef NSS_USE_ARM_HW_CRYPTO ++ DEFINES += -DNSS_USE_ARM_HW_CRYPTO + ifeq ($(CPU_ARCH),aarch64) + DEFINES += -DUSE_HW_AES + EXTRA_SRCS += aes-armv8.c gcm-aarch64.c +@@ -146,6 +149,7 @@ ifeq ($(CPU_ARCH),arm) + endif + endif + endif ++endif + + ifeq ($(OS_TARGET),OSF1) + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD +--- a/nss/lib/freebl/gcm.c ++++ b/nss/lib/freebl/gcm.c +@@ -17,6 +17,7 @@ + + #include <limits.h> + ++#ifdef NSS_USE_ARM_HW_CRYPTO + /* old gcc doesn't support some poly64x2_t intrinsic */ + #if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \ + (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6) +@@ -25,6 +26,7 @@ + /* We don't test on big endian platform, so disable this on big endian. */ + #define USE_ARM_GCM + #endif ++#endif + + /* Forward declarations */ + SECStatus gcm_HashInit_hw(gcmHashContext *ghash); diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch new file mode 100644 index 000000000..d5403397e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -0,0 +1,48 @@ +From 0cf47ee432cc26a706864fcc09b2c3adc342a679 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 22 Feb 2017 11:36:11 +0200 +Subject: [PATCH] nss: fix support cross compiling + +Let some make variables be assigned from outside makefile. + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + nss/coreconf/arch.mk | 2 +- + nss/lib/freebl/Makefile | 6 ++++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk +index 06c276f..9c1eb51 100644 +--- a/nss/coreconf/arch.mk ++++ b/nss/coreconf/arch.mk +@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) + ifeq ($(OS_TEST),i86pc) + OS_RELEASE := $(shell uname -r)_$(OS_TEST) + else +- OS_RELEASE := $(shell uname -r) ++ OS_RELEASE ?= $(shell uname -r) + endif + + # +diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile +index 0ce1425..ebeb411 100644 +--- a/nss/lib/freebl/Makefile ++++ b/nss/lib/freebl/Makefile +@@ -36,6 +36,12 @@ ifdef USE_64 + DEFINES += -DNSS_USE_64 + endif + ++ifeq ($(OS_TEST),mips) ++ifndef USE_64 ++ DEFINES += -DNS_PTR_LE_32 ++endif ++endif ++ + ifdef USE_ABI32_FPU + DEFINES += -DNSS_USE_ABI32_FPU + endif +-- +2.11.0 + diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/blank-cert9.db b/meta-openembedded/meta-oe/recipes-support/nss/nss/blank-cert9.db Binary files differnew file mode 100644 index 000000000..7d4bcf258 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/blank-cert9.db diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/blank-key4.db b/meta-openembedded/meta-oe/recipes-support/nss/nss/blank-key4.db Binary files differnew file mode 100644 index 000000000..d47f08d04 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/blank-key4.db diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch new file mode 100644 index 000000000..de812d27b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/disable-Wvarargs-with-clang.patch @@ -0,0 +1,33 @@ +clang 3.9 add this warning to rightly flag undefined +behavior, we relegate this to be just a warning instead +of error and keep the behavior as it was. Right fix would +be to not pass enum to the function with variadic arguments +as last named argument + +Fixes errors like +ocsp.c:2220:22: error: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Werror,-Wvarargs] + va_start(ap, responseType0); + ^ +ocsp.c:2200:43: note: parameter of type 'SECOidTag' is declared here + SECOidTag responseType0, ...) + +see +https://www.securecoding.cert.org/confluence/display/cplusplus/EXP58-CPP.+Pass+an+object+of+the+correct+type+to+va_start +for more details + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending + +Index: nss-3.37.1/nss/coreconf/Werror.mk +=================================================================== +--- nss-3.37.1.orig/nss/coreconf/Werror.mk ++++ nss-3.37.1/nss/coreconf/Werror.mk +@@ -56,7 +56,7 @@ ifndef WARNING_CFLAGS + ifdef CC_IS_CLANG + # -Qunused-arguments : clang objects to arguments that it doesn't understand + # and fixing this would require rearchitecture +- WARNING_CFLAGS += -Qunused-arguments ++ WARNING_CFLAGS += -Qunused-arguments -Wno-error=varargs + # -Wno-parentheses-equality : because clang warns about macro expansions + WARNING_CFLAGS += $(call disable_warning,parentheses-equality) + ifdef BUILD_OPT diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch new file mode 100644 index 000000000..547594d5b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-incorrect-shebang-of-perl.patch @@ -0,0 +1,110 @@ +nss: fix incorrect shebang of perl + +Replace incorrect shebang of perl with `#!/usr/bin/env perl'. + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Upstream-Status: Pending +--- + nss/cmd/smimetools/smime | 2 +- + nss/coreconf/cpdist.pl | 2 +- + nss/coreconf/import.pl | 2 +- + nss/coreconf/jniregen.pl | 2 +- + nss/coreconf/outofdate.pl | 2 +- + nss/coreconf/release.pl | 2 +- + nss/coreconf/version.pl | 2 +- + nss/tests/clean_tbx | 2 +- + nss/tests/path_uniq | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime +--- a/nss/cmd/smimetools/smime ++++ b/nss/cmd/smimetools/smime +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/env perl + + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/cpdist.pl b/nss/coreconf/cpdist.pl +index 800edfb..652187f 100755 +--- a/nss/coreconf/cpdist.pl ++++ b/nss/coreconf/cpdist.pl +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/import.pl b/nss/coreconf/import.pl +index dd2d177..428eaa5 100755 +--- a/nss/coreconf/import.pl ++++ b/nss/coreconf/import.pl +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/jniregen.pl b/nss/coreconf/jniregen.pl +index 2039180..5f4f69c 100755 +--- a/nss/coreconf/jniregen.pl ++++ b/nss/coreconf/jniregen.pl +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/outofdate.pl b/nss/coreconf/outofdate.pl +index 33d80bb..01fc097 100755 +--- a/nss/coreconf/outofdate.pl ++++ b/nss/coreconf/outofdate.pl +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/release.pl b/nss/coreconf/release.pl +index 7cde19d..b5df2f6 100755 +--- a/nss/coreconf/release.pl ++++ b/nss/coreconf/release.pl +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl +index d2a4942..79359fe 100644 +--- a/nss/coreconf/version.pl ++++ b/nss/coreconf/version.pl +@@ -1,4 +1,4 @@ +-#!/usr/sbin/perl ++#!/usr/bin/env perl + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx +index 4de9555..a7def9f 100755 +--- a/nss/tests/clean_tbx ++++ b/nss/tests/clean_tbx +@@ -1,4 +1,4 @@ +-#! /bin/perl ++#!/usr/bin/env perl + + ####################################################################### + # +diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq +index f29f60a..08fbffa 100755 +--- a/nss/tests/path_uniq ++++ b/nss/tests/path_uniq +@@ -1,4 +1,4 @@ +-#! /bin/perl ++#!/usr/bin/env perl + + ######################################################################## + # +-- +1.8.1.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch new file mode 100644 index 000000000..43c09d13e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-fix-nsinstall-build.patch @@ -0,0 +1,36 @@ +Fix nss multilib build on openSUSE 11.x 32bit + +While building lib64-nss on openSUSE 11.x 32bit, the nsinstall will +fail with error: + +* nsinstall.c:1:0: sorry, unimplemented: 64-bit mode not compiled + +It caused by the '-m64' option which passed to host gcc. + +The nsinstall was built first while nss starting to build, it only runs +on host to install built files, it doesn't need any cross-compling or +multilib build options. Just clean the ARCHFLAG and LDFLAGS to fix this +error. + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +=================================================== +Index: nss-3.24/nss/coreconf/nsinstall/Makefile +=================================================================== +--- nss-3.24.orig/nss/coreconf/nsinstall/Makefile ++++ nss-3.24/nss/coreconf/nsinstall/Makefile +@@ -18,6 +18,13 @@ INTERNAL_TOOLS = 1 + + include $(DEPTH)/coreconf/config.mk + ++# nsinstall is unfit for cross-compiling/multilib-build since it was ++# always run on local host to install built files. This change intends ++# to clean the '-m64' from ARCHFLAG and LDFLAGS. ++ARCHFLAG = ++LDFLAGS = ++# CFLAGS = ++ + ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET))) + PROGRAM = + else diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch new file mode 100644 index 000000000..7661dc93a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss-no-rpath-for-cross-compiling.patch @@ -0,0 +1,26 @@ +nss:no rpath for cross compiling + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Upstream-Status: Inappropriate [configuration] +--- + nss/cmd/platlibs.mk | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk +--- a/nss/cmd/platlibs.mk ++++ b/nss/cmd/platlibs.mk +@@ -18,9 +18,9 @@ endif + + ifeq ($(OS_ARCH), Linux) + ifeq ($(USE_64), 1) +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' + else +-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' ++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' + endif + endif + +-- +1.8.1.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/nss.pc.in b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss.pc.in new file mode 100644 index 000000000..402b4ecb3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/nss.pc.in @@ -0,0 +1,11 @@ +prefix=OEPREFIX +exec_prefix=OEEXECPREFIX +libdir=OELIBDIR +includedir=OEINCDIR + +Name: NSS +Description: Network Security Services +Version: %NSS_VERSION% +Requires: nspr >= %NSPR_VERSION% +Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3 +Cflags: -IOEINCDIR diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch new file mode 100644 index 000000000..3a817faaa --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/pqg.c-ULL_addend.patch @@ -0,0 +1,23 @@ +nss does not build on mips with clang because wrong types are used? + +pqg.c:339:16: error: comparison of constant 18446744073709551615 with expression of type 'unsigned long' is always true [-Werror,-Wtautological-constant-out-of-range-compare] + if (addend < MP_DIGIT_MAX) { + ~~~~~~ ^ ~~~~~~~~~~~~ + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending +Index: nss-3.37.1/nss/lib/freebl/pqg.c +=================================================================== +--- nss-3.37.1.orig/nss/lib/freebl/pqg.c ++++ nss-3.37.1/nss/lib/freebl/pqg.c +@@ -326,8 +326,8 @@ generate_h_candidate(SECItem *hit, mp_in + + static SECStatus + addToSeed(const SECItem *seed, +- unsigned long addend, +- int seedlen, /* g in 186-1 */ ++ unsigned long long addend, ++ int seedlen, /* g in 186-1 */ + SECItem *seedout) + { + mp_int s, sum, modulus, tmp; diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/riscv.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/riscv.patch new file mode 100644 index 000000000..aef91a7c3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/riscv.patch @@ -0,0 +1,36 @@ +Enable uint128 on riscv64 + +Fixes +| verified/kremlin/kremlib/dist/minimal/LowStar_Endianness.h:29:37: error: 'load128_be' declared 'static' but never defined [-Werror=unused-function] +| 29 | inline static FStar_UInt128_uint128 load128_be(uint8_t *x0); +| | ^~~~~~~~~~ + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- a/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h ++++ b/nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h +@@ -56,7 +56,8 @@ typedef const char *Prims_string; + #include <emmintrin.h> + typedef __m128i FStar_UInt128_uint128; + #elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \ +- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__)) ++ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ ++ (defined(__riscv) && __riscv_xlen == 64)) + typedef unsigned __int128 FStar_UInt128_uint128; + #else + typedef struct FStar_UInt128_uint128_s { +--- a/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h ++++ b/nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h +@@ -23,9 +23,10 @@ + #include "FStar_UInt128.h" + #include "FStar_UInt_8_16_32_64.h" + #include "LowStar_Endianness.h" +- ++#include <stdint.h> + #if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \ +- (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__)) ++ (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ ++ (defined(__riscv) && __riscv_xlen == 64)) + + /* GCC + using native unsigned __int128 support */ + diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/signlibs.sh b/meta-openembedded/meta-oe/recipes-support/nss/nss/signlibs.sh new file mode 100644 index 000000000..a74e499f8 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/signlibs.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# signlibs.sh +# +# (c)2010 Wind River Systems, Inc. +# +# regenerates the .chk files for the NSS libraries that require it +# since the ones that are built have incorrect checksums that were +# calculated on the host where they really need to be done on the +# target + +CHK_FILES=`ls /lib*/*.chk /usr/lib*/*.chk 2>/dev/null` +SIGN_BINARY=`which shlibsign` +for I in $CHK_FILES +do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + $SIGN_BINARY -i $FN +done diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/system-pkcs11.txt b/meta-openembedded/meta-oe/recipes-support/nss/nss/system-pkcs11.txt new file mode 100644 index 000000000..1a264e9cc --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/system-pkcs11.txt @@ -0,0 +1,5 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb new file mode 100644 index 000000000..001124011 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb @@ -0,0 +1,274 @@ +SUMMARY = "Mozilla's SSL and TLS implementation" +DESCRIPTION = "Network Security Services (NSS) is a set of libraries \ +designed to support cross-platform development of \ +security-enabled client and server applications. \ +Applications built with NSS can support SSL v2 and v3, \ +TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \ +v3 certificates, and other security standards." +HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/" +SECTION = "libs" + +DEPENDS = "sqlite3 nspr zlib nss-native" +DEPENDS_class-native = "sqlite3-native nspr-native zlib-native" + +LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)" + +LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \ + file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \ + file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132" + +VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}" + +SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \ + file://nss.pc.in \ + file://signlibs.sh \ + file://0001-nss-fix-support-cross-compiling.patch \ + file://nss-no-rpath-for-cross-compiling.patch \ + file://nss-fix-incorrect-shebang-of-perl.patch \ + file://disable-Wvarargs-with-clang.patch \ + file://pqg.c-ULL_addend.patch \ + file://blank-cert9.db \ + file://blank-key4.db \ + file://system-pkcs11.txt \ + file://nss-fix-nsinstall-build.patch \ + file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \ + file://riscv.patch \ + " + +SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233" +SRC_URI[sha256sum] = "085c5eaceef040eddea639e2e068e70f0e368f840327a678ef74ae3d6c15ca78" + +UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases" +UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes" + +inherit siteinfo + +TD = "${S}/tentative-dist" +TDS = "${S}/tentative-dist-staging" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_configure_prepend_libc-musl () { + sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk +} + +do_compile_prepend_class-native() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr + export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE} + export NSS_ENABLE_WERROR=0 +} + +do_compile_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_compile_prepend_class-native() { + # Need to set RPATH so that chrpath will do its job correctly + RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}" +} + +do_compile() { + export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr + + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + # Additional defines needed on Centos 7 + export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + export FREEBL_LOWHASH=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)} + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + # We can modify CC in the environment, but if we set it via an + # argument to make, nsinstall, a host program, will also build with it! + # + # nss pretty much does its own thing with CFLAGS, so we put them into CC. + # Optimization will get clobbered, but most of the stuff will survive. + # The motivation for this is to point to the correct place for debug + # source files and CFLAGS does that. Nothing uses CCC. + # + export CC="${CC} ${CFLAGS}" + make -C ./nss CCC="${CXX} -g" \ + OS_TEST=${OS_TEST} \ + RPATH="${RPATH}" +} + +do_compile[vardepsexclude] += "SITEINFO_BITS" + +do_install_prepend_class-nativesdk() { + export LDFLAGS="" +} + +do_install() { + export CROSS_COMPILE=1 + export NATIVE_CC="${BUILD_CC}" + export BUILD_OPT=1 + + export FREEBL_NO_DEPEND=1 + + export LIBDIR=${libdir} + export MOZILLA_CLIENT=1 + export NS_USE_GCC=1 + export NSS_USE_SYSTEM_SQLITE=1 + export NSS_ENABLE_ECC=1 + + export OS_RELEASE=3.4 + export OS_TARGET=Linux + export OS_ARCH=Linux + + if [ "${TARGET_ARCH}" = "powerpc" ]; then + OS_TEST=ppc + elif [ "${TARGET_ARCH}" = "powerpc64" ]; then + OS_TEST=ppc64 + elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then + OS_TEST=mips + elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then + CPU_ARCH=aarch64 + OS_TEST="aarch64" + else + OS_TEST="${TARGET_ARCH}" + fi + if [ "${SITEINFO_BITS}" = "64" ]; then + export USE_64=1 + elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then + export USE_X32=1 + fi + + export NSS_DISABLE_GTESTS=1 + + make -C ./nss \ + CCC="${CXX}" \ + OS_TEST=${OS_TEST} \ + SOURCE_LIB_DIR="${TD}/${libdir}" \ + SOURCE_BIN_DIR="${TD}/${bindir}" \ + install + + install -d ${D}/${libdir}/ + for file in ${S}/dist/*.OBJ/lib/*.so; do + echo "Installing `basename $file`..." + cp $file ${D}/${libdir}/ + done + + for shared_lib in ${TD}/${libdir}/*.so.*; do + if [ -f $shared_lib ]; then + cp $shared_lib ${D}/${libdir} + ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe) + fi + done + for shared_lib in ${TD}/${libdir}/*.so; do + if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then + cp $shared_lib ${D}/${libdir} + fi + done + + install -d ${D}/${includedir}/nss3 + install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/* + + install -d ${D}/${bindir} + for binary in ${TD}/${bindir}/*; do + install -m 755 -t ${D}/${bindir} $binary + done +} + +do_install[vardepsexclude] += "SITEINFO_BITS" + +do_install_append() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh + + install -d ${D}${libdir}/pkgconfig/ + sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc + sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc +} + +do_install_append_class-target() { + # It used to call certutil to create a blank certificate with empty password at + # build time, but the checksum of key4.db changes every time when certutil is called. + # It causes non-determinism issue, so provide databases with a blank certificate + # which are originally from output of nss in qemux86-64 build. You can get these + # databases by: + # certutil -N -d sql:/database/path/ --empty-password + install -d ${D}${sysconfdir}/pki/nssdb/ + install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db + install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db + install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt +} + +PACKAGE_WRITE_DEPS += "nss-native" +pkg_postinst_${PN} () { + if [ -n "$D" ]; then + for I in $D${libdir}/lib*.chk; do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + shlibsign -i $FN + if [ $? -ne 0 ]; then + exit 1 + fi + done + else + signlibs.sh + fi +} + +PACKAGES =+ "${PN}-smime" +FILES_${PN}-smime = "\ + ${bindir}/smime \ +" + +FILES_${PN} = "\ + ${sysconfdir} \ + ${bindir} \ + ${libdir}/lib*.chk \ + ${libdir}/lib*.so \ + " + +FILES_${PN}-dev = "\ + ${libdir}/nss \ + ${libdir}/pkgconfig/* \ + ${includedir}/* \ + " + +RDEPENDS_${PN}-smime = "perl" + +BBCLASSEXTEND = "native nativesdk" |