All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH V2 0/5] add nss for LSB library check
@ 2013-07-10  8:03 Hongxu Jia
  2013-07-10  8:03 ` [PATCH 1/5] nspr: add native version Hongxu Jia
                   ` (5 more replies)
  0 siblings, 6 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-10  8:03 UTC (permalink / raw)
  To: openembedded-core

Change from V1:
1) Rename the title of patch 1/5
2) Use ${libdir} rather than ${base_libdir} as the lib location
   which references the nss in meta-browser.

//Hongxu

The following changes since commit dc86293f0444384e8ae5131fdd10b6cb077164b0:

  bitbake: HOB:Proper handle of SIGINT (2013-07-05 15:52:48 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib hongxu/fix-nss
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-nss

Hongxu Jia (5):
  nspr: add native version
  packagegroup-core-lsb: add nss for LSB library check
  nss: add version 3.15.1
  nss: create checksum files for the nss libraries
  nss: fix incorrect shebang line of perl script

 .../packagegroups/packagegroup-core-lsb.bb         |   1 +
 meta/recipes-support/nspr/nspr_4.10.bb             |   2 +
 .../files/nss-fix-incorrect-shebang-of-perl.patch  | 110 ++++++++++++
 .../files/nss-fix-support-cross-compiling.patch    |  71 ++++++++
 .../files/nss-no-rpath-for-cross-compiling.patch   |  26 +++
 meta/recipes-support/nss/files/nss.pc.in           |  11 ++
 meta/recipes-support/nss/files/signlibs.sh         |  20 +++
 meta/recipes-support/nss/nss.inc                   | 187 +++++++++++++++++++++
 meta/recipes-support/nss/nss_3.15.1.bb             |   9 +
 9 files changed, 437 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch
 create mode 100644 meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch
 create mode 100644 meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch
 create mode 100644 meta/recipes-support/nss/files/nss.pc.in
 create mode 100644 meta/recipes-support/nss/files/signlibs.sh
 create mode 100644 meta/recipes-support/nss/nss.inc
 create mode 100644 meta/recipes-support/nss/nss_3.15.1.bb

-- 
1.8.1.2



^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH 1/5] nspr: add native version
  2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
@ 2013-07-10  8:03 ` Hongxu Jia
  2013-07-10  8:03 ` [PATCH 2/5] packagegroup-core-lsb: add nss for LSB library check Hongxu Jia
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-10  8:03 UTC (permalink / raw)
  To: openembedded-core

It is required by nss-native.

[YOCTO #4096]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-support/nspr/nspr_4.10.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/nspr/nspr_4.10.bb b/meta/recipes-support/nspr/nspr_4.10.bb
index 3936d67..fcecb95 100644
--- a/meta/recipes-support/nspr/nspr_4.10.bb
+++ b/meta/recipes-support/nspr/nspr_4.10.bb
@@ -173,3 +173,5 @@ FILES_${PN} = "${libdir}/lib*.so"
 FILES_${PN}-dev = "${bindir}/* ${libdir}/nspr/tests/* ${libdir}/pkgconfig \
                 ${includedir}/* ${datadir}/aclocal/* "
 FILES_${PN}-dbg += "${libdir}/nspr/tests/.debug/*"
+
+BBCLASSEXTEND = "native"
-- 
1.8.1.2



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [PATCH 2/5] packagegroup-core-lsb: add nss for LSB library check
  2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
  2013-07-10  8:03 ` [PATCH 1/5] nspr: add native version Hongxu Jia
@ 2013-07-10  8:03 ` Hongxu Jia
  2013-07-10  8:03 ` [PATCH 3/5] nss: add version 3.15.1 Hongxu Jia
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-10  8:03 UTC (permalink / raw)
  To: openembedded-core

Add nss for LSB library check.
...
Unable to find library libnss3.so
Unable to find library libssl3.so
...

[YOCTO 4096]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb b/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb
index d71db26..4d79592 100644
--- a/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb
+++ b/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb
@@ -167,6 +167,7 @@ RDEPENDS_packagegroup-core-lsb-core = "\
     zlib \
     nspr \
     libpng12 \
+    nss \
 "
 
 SUMMARY_packagegroup-core-lsb-perl = "LSB Runtime Languages (Perl)"
-- 
1.8.1.2



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [PATCH 3/5] nss: add version 3.15.1
  2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
  2013-07-10  8:03 ` [PATCH 1/5] nspr: add native version Hongxu Jia
  2013-07-10  8:03 ` [PATCH 2/5] packagegroup-core-lsb: add nss for LSB library check Hongxu Jia
@ 2013-07-10  8:03 ` Hongxu Jia
  2013-07-11 10:40   ` Burton, Ross
  2013-07-10  8:03 ` [PATCH 4/5] nss: create checksum files for the nss libraries Hongxu Jia
                   ` (2 subsequent siblings)
  5 siblings, 1 reply; 21+ messages in thread
From: Hongxu Jia @ 2013-07-10  8:03 UTC (permalink / raw)
  To: openembedded-core

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.

[YOCTO #4096]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 .../files/nss-fix-support-cross-compiling.patch    |  71 +++++++++
 .../files/nss-no-rpath-for-cross-compiling.patch   |  26 ++++
 meta/recipes-support/nss/files/nss.pc.in           |  11 ++
 meta/recipes-support/nss/nss.inc                   | 170 +++++++++++++++++++++
 meta/recipes-support/nss/nss_3.15.1.bb             |   9 ++
 5 files changed, 287 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch
 create mode 100644 meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch
 create mode 100644 meta/recipes-support/nss/files/nss.pc.in
 create mode 100644 meta/recipes-support/nss/nss.inc
 create mode 100644 meta/recipes-support/nss/nss_3.15.1.bb

diff --git a/meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch b/meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch
new file mode 100644
index 0000000..f0b3550
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch
@@ -0,0 +1,71 @@
+nss: fix support cross compiling
+
+Let some make variables be assigned from outside makefile.
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Upstream-Status: Inappropriate [configuration]
+---
+ nss/coreconf/Linux.mk   | 12 +++++++++++-
+ nss/coreconf/arch.mk    |  2 +-
+ nss/lib/freebl/Makefile |  6 ++++++
+ 3 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
+--- a/nss/coreconf/Linux.mk
++++ b/nss/coreconf/Linux.mk
+@@ -16,11 +16,21 @@ ifeq ($(USE_PTHREADS),1)
+ 	IMPL_STRATEGY = _PTH
+ endif
+ 
++ifndef CC
+ CC			= gcc
++endif
++
++ifdef CXX
++CCC			= $(CXX)
++else
+ CCC			= g++
++endif
++
++ifndef RANLIB
+ RANLIB			= ranlib
++endif
+ 
+-DEFAULT_COMPILER = gcc
++DEFAULT_COMPILER = $(CC)
+ 
+ ifeq ($(OS_TARGET),Android)
+ ifndef ANDROID_NDK
+diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk
+index 6557348..b722412 100644
+--- a/nss/coreconf/arch.mk
++++ b/nss/coreconf/arch.mk
+@@ -37,7 +37,7 @@ OS_TEST := $(shell uname -m)
+ ifeq ($(OS_TEST),i86pc)
+     OS_RELEASE := $(shell uname -r)_$(OS_TEST)
+ else
+-    OS_RELEASE := $(shell uname -r)
++    OS_RELEASE ?= $(shell uname -r)
+ endif
+ 
+ #
+diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
+index 0d293f1..678f506 100644
+--- a/nss/lib/freebl/Makefile
++++ b/nss/lib/freebl/Makefile
+@@ -36,6 +36,12 @@ ifdef USE_64
+ 	DEFINES += -DNSS_USE_64
+ endif
+ 
++ifeq ($(OS_TEST),mips)
++ifndef USE_64
++	DEFINES += -DNS_PTR_LE_32
++endif
++endif
++
+ ifdef USE_ABI32_FPU
+ 	DEFINES += -DNSS_USE_ABI32_FPU
+ endif
+-- 
+1.8.1.2
+
diff --git a/meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch b/meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch
new file mode 100644
index 0000000..7661dc9
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch
@@ -0,0 +1,26 @@
+nss:no rpath for cross compiling
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Upstream-Status: Inappropriate [configuration]
+---
+ nss/cmd/platlibs.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
+--- a/nss/cmd/platlibs.mk
++++ b/nss/cmd/platlibs.mk
+@@ -18,9 +18,9 @@ endif
+ 
+ ifeq ($(OS_ARCH), Linux)
+ ifeq ($(USE_64), 1)
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
+ else
+-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
++#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
+ endif
+ endif
+ 
+-- 
+1.8.1.2
+
diff --git a/meta/recipes-support/nss/files/nss.pc.in b/meta/recipes-support/nss/files/nss.pc.in
new file mode 100644
index 0000000..200f635
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss.pc.in
@@ -0,0 +1,11 @@
+prefix=OEPREFIX
+exec_prefix=OEEXECPREFIX
+libdir=OELIBDIR
+includedir=OEINCDIR
+
+Name: NSS
+Description: Network Security Services
+Version: %NSS_VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3
+Cflags: -IOEINCDIR
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
new file mode 100644
index 0000000..87cba38
--- /dev/null
+++ b/meta/recipes-support/nss/nss.inc
@@ -0,0 +1,170 @@
+SUMMARY = "Mozilla's SSL and TLS implementation"
+DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
+designed to support cross-platform development of \
+security-enabled client and server applications. \
+Applications built with NSS can support SSL v2 and v3, \
+TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
+v3 certificates, and other security standards."
+HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
+SECTION = "libs"
+
+LICENSE = "MPL-1.1 GPL-2.0 LGPL-2.1"
+
+LIC_FILES_CHKSUM = "file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
+                    file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=6bf96825e3d7ce4de25621ae886cc859"
+SRC_URI = "\
+    file://nss-fix-support-cross-compiling.patch \
+    file://nss-no-rpath-for-cross-compiling.patch \
+"
+SRC_URI_append_class-target += "\
+    file://nss.pc.in \
+"
+inherit siteinfo
+PR = "r0"
+DEPENDS = "sqlite3 nspr zlib nss-native"
+DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
+RDEPENDS_${PN} = "perl"
+
+TD = "${S}/tentative-dist"
+TDS = "${S}/tentative-dist-staging"
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+
+do_compile_prepend_class-native() {
+    export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}
+    export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
+}
+
+do_compile() {
+    export CROSS_COMPILE=1
+    export NATIVE_CC="gcc"
+    export BUILD_OPT=1
+
+    export FREEBL_NO_DEPEND=1
+    export FREEBL_LOWHASH=1
+
+    export LIBDIR=${libdir}
+    export MOZILLA_CLIENT=1
+    export NS_USE_GCC=1
+    export NSS_USE_SYSTEM_SQLITE=1
+    export NSS_ENABLE_ECC=1
+
+    export OS_RELEASE=3.4
+    export OS_TARGET=Linux
+    export OS_ARCH=Linux
+
+    if [ "${TARGET_ARCH}" = "powerpc" ]; then
+        OS_TEST=ppc
+    elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
+        OS_TEST=ppc64
+    elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
+        OS_TEST=mips
+    else
+        OS_TEST="${TARGET_ARCH}"
+    fi
+
+    if [ "${SITEINFO_BITS}" = "64" ]; then
+        export USE_64=1
+    fi
+
+    make -C ./nss CCC="${CXX}" \
+        OS_TEST=${OS_TEST} \
+}
+
+do_install() {
+    export CROSS_COMPILE=1
+    export NATIVE_CC="gcc"
+    export BUILD_OPT=1
+
+    export FREEBL_NO_DEPEND=1
+
+    export LIBDIR=${libdir}
+    export MOZILLA_CLIENT=1
+    export NS_USE_GCC=1
+    export NSS_USE_SYSTEM_SQLITE=1
+    export NSS_ENABLE_ECC=1
+
+    export OS_RELEASE=3.4
+    export OS_TARGET=Linux
+    export OS_ARCH=Linux
+
+    if [ "${TARGET_ARCH}" = "powerpc" ]; then
+        OS_TEST=ppc
+    elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
+        OS_TEST=ppc64
+    elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
+        OS_TEST=mips
+    else
+        OS_TEST="${TARGET_ARCH}"
+    fi
+    if [ "${SITEINFO_BITS}" = "64" ]; then
+        export USE_64=1
+    fi
+
+    make -C ./nss \
+        CCC="${CXX}" \
+        OS_TEST=${OS_TEST} \
+        SOURCE_LIB_DIR="${TD}/${libdir}" \
+        SOURCE_BIN_DIR="${TD}/${bindir}" \
+        install
+
+    install -d ${D}/${libdir}/
+    for file in ${S}/dist/*.OBJ/lib/*.so; do
+        echo "Installing `basename $file`..."
+        cp $file  ${D}/${libdir}/
+    done
+
+    for shared_lib in ${TD}/${libdir}/*.so.*; do
+        if [ -f $shared_lib ]; then
+            cp $shared_lib ${D}/${libdir}
+            ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
+        fi
+    done
+    for shared_lib in ${TD}/${libdir}/*.so; do
+        if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
+            cp $shared_lib ${D}/${libdir}
+        fi
+    done
+
+    install -d ${D}/${includedir}/nss3
+    install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
+
+    install -d ${D}/${bindir}
+    for binary in ${TD}/${bindir}/*; do
+        install -m 755 -t ${D}/${bindir} $binary
+    done
+}
+
+do_install_append_class-target() {
+    install -d ${D}${libdir}/pkgconfig/
+    sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
+    sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
+    sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
+    sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
+    sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
+
+    # Create a blank certificate
+    mkdir -p ${D}/etc/pki/nssdb/
+    touch ./empty_password
+    certutil -N -d ${D}/etc/pki/nssdb/ -f ./empty_password
+    chmod 644 ${D}/etc/pki/nssdb/*.db
+    rm ./empty_password
+}
+
+FILES_${PN} = "\
+    ${sysconfdir} \
+    ${bindir} \
+    ${libdir}/lib*.chk \
+    ${libdir}/lib*.so \
+    "
+FILES_${PN}-dev = "\
+    ${libdir}/nss \
+    ${libdir}/pkgconfig/* \
+    ${includedir}/* \
+    "
+FILES_${PN}-dbg = "\
+    ${bindir}/.debug/* \
+    ${libdir}/.debug/* \
+    "
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-support/nss/nss_3.15.1.bb b/meta/recipes-support/nss/nss_3.15.1.bb
new file mode 100644
index 0000000..7b06f00
--- /dev/null
+++ b/meta/recipes-support/nss/nss_3.15.1.bb
@@ -0,0 +1,9 @@
+require nss.inc
+
+SRC_URI += "\
+    http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/${BPN}-${PV}.tar.gz \
+"
+
+SRC_URI[md5sum] = "fb68f4d210ac9397dd0d3c39c4f938eb"
+SRC_URI[sha256sum] = "f994106a33d1f3210f4151bbb3419a1c28fd1cb545caa7dc9afdebd6da626284"
+
-- 
1.8.1.2



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [PATCH 4/5] nss: create checksum files for the nss libraries
  2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
                   ` (2 preceding siblings ...)
  2013-07-10  8:03 ` [PATCH 3/5] nss: add version 3.15.1 Hongxu Jia
@ 2013-07-10  8:03 ` Hongxu Jia
  2013-07-12 12:39   ` Burton, Ross
  2013-07-10  8:03 ` [PATCH 5/5] nss: fix incorrect shebang line of perl script Hongxu Jia
  2013-07-11 12:04 ` [PATCH V3 0/5] add nss for LSB library check (cover letter only) Hongxu Jia
  5 siblings, 1 reply; 21+ messages in thread
From: Hongxu Jia @ 2013-07-10  8:03 UTC (permalink / raw)
  To: openembedded-core

Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
The shlibsign is invoked to sign the libraries, and it is built for the target
architecture and doesn't support cross-compiling so far.

Invoke shlibsign at target's first boot time to generate checksum files.

https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6
http://en.wikipedia.org/wiki/FIPS_140
https://bugzilla.mozilla.org/show_bug.cgi?id=681624

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-support/nss/files/signlibs.sh | 20 ++++++++++++++++++++
 meta/recipes-support/nss/nss.inc           | 16 ++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/signlibs.sh

diff --git a/meta/recipes-support/nss/files/signlibs.sh b/meta/recipes-support/nss/files/signlibs.sh
new file mode 100644
index 0000000..1ec79f4
--- /dev/null
+++ b/meta/recipes-support/nss/files/signlibs.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# signlibs.sh
+#
+# (c)2010 Wind River Systems, Inc.
+#
+# regenerates the .chk files for the NSS libraries that require it
+# since the ones that are built have incorrect checksums that were
+# calculated on the host where they really need to be done on the
+# target
+
+CHK_FILES=`find /lib* /usr/lib* -name "*.chk"`
+SIGN_BINARY=`which shlibsign`
+for I in $CHK_FILES
+do
+       DN=`dirname $I`
+       BN=`basename $I .chk`
+       FN=$DN/$BN.so
+       $SIGN_BINARY -i $FN
+done
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 87cba38..4270743 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -18,6 +18,7 @@ SRC_URI = "\
 "
 SRC_URI_append_class-target += "\
     file://nss.pc.in \
+    file://signlibs.sh \
 "
 inherit siteinfo
 PR = "r0"
@@ -136,6 +137,14 @@ do_install() {
 }
 
 do_install_append_class-target() {
+    # Create empty .chk files for the NSS libraries at build time. They could
+    # be regenerated at target's boot time.
+    for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
+        touch ${D}/${libdir}/$file
+        chmod 755 ${D}/${libdir}/$file
+    done
+    install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
+
     install -d ${D}${libdir}/pkgconfig/
     sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
     sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
@@ -151,6 +160,13 @@ do_install_append_class-target() {
     rm ./empty_password
 }
 
+pkg_postinst_${PN} () {
+    if [ -n "$D" ]; then
+        exit 1
+    fi
+    signlibs.sh
+}
+
 FILES_${PN} = "\
     ${sysconfdir} \
     ${bindir} \
-- 
1.8.1.2



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [PATCH 5/5] nss: fix incorrect shebang line of perl script
  2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
                   ` (3 preceding siblings ...)
  2013-07-10  8:03 ` [PATCH 4/5] nss: create checksum files for the nss libraries Hongxu Jia
@ 2013-07-10  8:03 ` Hongxu Jia
  2013-07-11  8:39   ` Trevor Woerner
  2013-07-11 12:04 ` [PATCH V3 0/5] add nss for LSB library check (cover letter only) Hongxu Jia
  5 siblings, 1 reply; 21+ messages in thread
From: Hongxu Jia @ 2013-07-10  8:03 UTC (permalink / raw)
  To: openembedded-core

Replace incorrect shebang line with `#!/usr/bin/perl'.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 .../files/nss-fix-incorrect-shebang-of-perl.patch  | 110 +++++++++++++++++++++
 meta/recipes-support/nss/nss.inc                   |   1 +
 2 files changed, 111 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch

diff --git a/meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch b/meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch
new file mode 100644
index 0000000..ae2a6e5
--- /dev/null
+++ b/meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch
@@ -0,0 +1,110 @@
+nss: fix incorrect shebang of perl
+
+Replace incorrect shebang of perl with `#!/usr/bin/perl'.
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Upstream-Status: Pending
+---
+ nss/cmd/smimetools/smime  | 2 +-
+ nss/coreconf/cpdist.pl    | 2 +-
+ nss/coreconf/import.pl    | 2 +-
+ nss/coreconf/jniregen.pl  | 2 +-
+ nss/coreconf/outofdate.pl | 2 +-
+ nss/coreconf/release.pl   | 2 +-
+ nss/coreconf/version.pl   | 2 +-
+ nss/tests/clean_tbx       | 2 +-
+ nss/tests/path_uniq       | 2 +-
+ 9 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime
+--- a/nss/cmd/smimetools/smime
++++ b/nss/cmd/smimetools/smime
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/coreconf/cpdist.pl b/nss/coreconf/cpdist.pl
+index 800edfb..652187f 100755
+--- a/nss/coreconf/cpdist.pl
++++ b/nss/coreconf/cpdist.pl
+@@ -1,4 +1,4 @@
+-#! /usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/coreconf/import.pl b/nss/coreconf/import.pl
+index dd2d177..428eaa5 100755
+--- a/nss/coreconf/import.pl
++++ b/nss/coreconf/import.pl
+@@ -1,4 +1,4 @@
+-#! /usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/coreconf/jniregen.pl b/nss/coreconf/jniregen.pl
+index 2039180..5f4f69c 100755
+--- a/nss/coreconf/jniregen.pl
++++ b/nss/coreconf/jniregen.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/coreconf/outofdate.pl b/nss/coreconf/outofdate.pl
+index 33d80bb..01fc097 100755
+--- a/nss/coreconf/outofdate.pl
++++ b/nss/coreconf/outofdate.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/coreconf/release.pl b/nss/coreconf/release.pl
+index 7cde19d..b5df2f6 100755
+--- a/nss/coreconf/release.pl
++++ b/nss/coreconf/release.pl
+@@ -1,4 +1,4 @@
+-#! /usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl
+index d2a4942..79359fe 100644
+--- a/nss/coreconf/version.pl
++++ b/nss/coreconf/version.pl
+@@ -1,4 +1,4 @@
+-#!/usr/sbin/perl
++#!/usr/bin/perl
+ #
+ # This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx
+index 4de9555..a7def9f 100755
+--- a/nss/tests/clean_tbx
++++ b/nss/tests/clean_tbx
+@@ -1,4 +1,4 @@
+-#! /bin/perl
++#!/usr/bin/perl
+ 
+ #######################################################################
+ #
+diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq
+index f29f60a..08fbffa 100755
+--- a/nss/tests/path_uniq
++++ b/nss/tests/path_uniq
+@@ -1,4 +1,4 @@
+-#! /bin/perl
++#!/usr/bin/perl
+ 
+ ########################################################################
+ #
+-- 
+1.8.1.2
+
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 4270743..e2f3891 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466a
 SRC_URI = "\
     file://nss-fix-support-cross-compiling.patch \
     file://nss-no-rpath-for-cross-compiling.patch \
+    file://nss-fix-incorrect-shebang-of-perl.patch \
 "
 SRC_URI_append_class-target += "\
     file://nss.pc.in \
-- 
1.8.1.2



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* Re: [PATCH 5/5] nss: fix incorrect shebang line of perl script
  2013-07-10  8:03 ` [PATCH 5/5] nss: fix incorrect shebang line of perl script Hongxu Jia
@ 2013-07-11  8:39   ` Trevor Woerner
  2013-07-11  8:58     ` Hongxu Jia
  0 siblings, 1 reply; 21+ messages in thread
From: Trevor Woerner @ 2013-07-11  8:39 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
> Replace incorrect shebang line with `#!/usr/bin/perl'.


I thought using 'env' was the preferred method?


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 5/5] nss: fix incorrect shebang line of perl script
  2013-07-11  8:39   ` Trevor Woerner
@ 2013-07-11  8:58     ` Hongxu Jia
  2013-07-11  9:23       ` Paul Eggleton
  0 siblings, 1 reply; 21+ messages in thread
From: Hongxu Jia @ 2013-07-11  8:58 UTC (permalink / raw)
  To: Trevor Woerner; +Cc: openembedded-core

On 07/11/2013 04:39 PM, Trevor Woerner wrote:
> On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
>> Replace incorrect shebang line with `#!/usr/bin/perl'.
>
> I thought using 'env' was the preferred method?
If use 'env', should we add 'coreutils' on nss's DEPENDS?
The coreutils provides env.

//Hongxu


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 5/5] nss: fix incorrect shebang line of perl script
  2013-07-11  8:58     ` Hongxu Jia
@ 2013-07-11  9:23       ` Paul Eggleton
  2013-07-11  9:28         ` Hongxu Jia
  0 siblings, 1 reply; 21+ messages in thread
From: Paul Eggleton @ 2013-07-11  9:23 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

On Thursday 11 July 2013 16:58:15 Hongxu Jia wrote:
> On 07/11/2013 04:39 PM, Trevor Woerner wrote:
> > On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
> >> Replace incorrect shebang line with `#!/usr/bin/perl'.
> > 
> > I thought using 'env' was the preferred method?
> 
> If use 'env', should we add 'coreutils' on nss's DEPENDS?
> The coreutils provides env.

Our busybox configuration enables its version of env as well. I think it's 
pretty safe to assume this is available without the need for additional 
dependencies.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 5/5] nss: fix incorrect shebang line of perl script
  2013-07-11  9:23       ` Paul Eggleton
@ 2013-07-11  9:28         ` Hongxu Jia
  0 siblings, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-11  9:28 UTC (permalink / raw)
  To: Paul Eggleton; +Cc: openembedded-core

On 07/11/2013 05:23 PM, Paul Eggleton wrote:
> On Thursday 11 July 2013 16:58:15 Hongxu Jia wrote:
>> On 07/11/2013 04:39 PM, Trevor Woerner wrote:
>>> On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
>>>> Replace incorrect shebang line with `#!/usr/bin/perl'.
>>> I thought using 'env' was the preferred method?
>> If use 'env', should we add 'coreutils' on nss's DEPENDS?
>> The coreutils provides env.
> Our busybox configuration enables its version of env as well. I think it's
> pretty safe to assume this is available without the need for additional
> dependencies.
Got it, use 'env' and without additional dependencies, I will fix this.

Thanks
Hongxu
> Cheers,
> Paul
>



^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-10  8:03 ` [PATCH 3/5] nss: add version 3.15.1 Hongxu Jia
@ 2013-07-11 10:40   ` Burton, Ross
  2013-07-11 10:41     ` Burton, Ross
  0 siblings, 1 reply; 21+ messages in thread
From: Burton, Ross @ 2013-07-11 10:40 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
> Network Security Services (NSS) is a set of libraries designed to support
> cross-platform development of security-enabled client and server applications.
> Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
> PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.

What's the rationale for putting this into oe-core instead of updating
the recipe in meta-browser?

Ross


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-11 10:40   ` Burton, Ross
@ 2013-07-11 10:41     ` Burton, Ross
  2013-07-11 10:45       ` Phil Blundell
  0 siblings, 1 reply; 21+ messages in thread
From: Burton, Ross @ 2013-07-11 10:41 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

On 11 July 2013 11:40, Burton, Ross <ross.burton@intel.com> wrote:
> On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
>> Network Security Services (NSS) is a set of libraries designed to support
>> cross-platform development of security-enabled client and server applications.
>> Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
>> PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
>
> What's the rationale for putting this into oe-core instead of updating
> the recipe in meta-browser?

Of course if I actually read the other mails I'd see it was for LSB.

Ross


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-11 10:41     ` Burton, Ross
@ 2013-07-11 10:45       ` Phil Blundell
  2013-07-11 11:14         ` Burton, Ross
  0 siblings, 1 reply; 21+ messages in thread
From: Phil Blundell @ 2013-07-11 10:45 UTC (permalink / raw)
  To: Burton, Ross; +Cc: openembedded-core

On Thu, 2013-07-11 at 11:41 +0100, Burton, Ross wrote:
> On 11 July 2013 11:40, Burton, Ross <ross.burton@intel.com> wrote:
> > On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
> >> Network Security Services (NSS) is a set of libraries designed to support
> >> cross-platform development of security-enabled client and server applications.
> >> Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7,
> >> PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security standards.
> >
> > What's the rationale for putting this into oe-core instead of updating
> > the recipe in meta-browser?
> 
> Of course if I actually read the other mails I'd see it was for LSB.

I think you could still legitimately question whether having recipes in
oe-core that are "just for LSB" is sensible and/or desirable, not least
because dangling libraries that don't have any users are hard to test.

p.




^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-11 10:45       ` Phil Blundell
@ 2013-07-11 11:14         ` Burton, Ross
  2013-07-11 11:27           ` Hongxu Jia
  2013-07-11 11:34           ` Phil Blundell
  0 siblings, 2 replies; 21+ messages in thread
From: Burton, Ross @ 2013-07-11 11:14 UTC (permalink / raw)
  To: Phil Blundell; +Cc: openembedded-core

On 11 July 2013 11:45, Phil Blundell <pb@pbcl.net> wrote:
> I think you could still legitimately question whether having recipes in
> oe-core that are "just for LSB" is sensible and/or desirable, not least
> because dangling libraries that don't have any users are hard to test.

I was just pondering the idea of a "meta-lsb"...

Ross


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-11 11:14         ` Burton, Ross
@ 2013-07-11 11:27           ` Hongxu Jia
  2013-07-11 11:34           ` Phil Blundell
  1 sibling, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-11 11:27 UTC (permalink / raw)
  To: Burton, Ross; +Cc: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 683 bytes --]

On 07/11/2013 07:14 PM, Burton, Ross wrote:
> On 11 July 2013 11:45, Phil Blundell <pb@pbcl.net> wrote:
>> I think you could still legitimately question whether having recipes in
>> oe-core that are "just for LSB" is sensible and/or desirable, not least
>> because dangling libraries that don't have any users are hard to test.
> I was just pondering the idea of a "meta-lsb"...
The reason why I choose to put nss into oe-core is I found  nspr in oe-core.
They both used for lsb-test and come from mozilla.

Anyone has a better idea about where to put?

https://developer.mozilla.org/en-US/docs/NSS
https://developer.mozilla.org/en-US/docs/NSPR

//Hongxu
>
> Ross


[-- Attachment #2: Type: text/html, Size: 1743 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-11 11:14         ` Burton, Ross
  2013-07-11 11:27           ` Hongxu Jia
@ 2013-07-11 11:34           ` Phil Blundell
  2013-07-11 13:41             ` Burton, Ross
  1 sibling, 1 reply; 21+ messages in thread
From: Phil Blundell @ 2013-07-11 11:34 UTC (permalink / raw)
  To: Burton, Ross; +Cc: openembedded-core

On Thu, 2013-07-11 at 12:14 +0100, Burton, Ross wrote:
> On 11 July 2013 11:45, Phil Blundell <pb@pbcl.net> wrote:
> > I think you could still legitimately question whether having recipes in
> > oe-core that are "just for LSB" is sensible and/or desirable, not least
> > because dangling libraries that don't have any users are hard to test.
> 
> I was just pondering the idea of a "meta-lsb"...

Yeah, I was thinking about that too.  The obvious downside of this plan
is that this layer would end up containing a random-looking grab-bag of
recipes with nothing in common other than that they're needed for LSB
conformance and not in oe-core.  

In practice that's probably going to mean that the majority of them
would duplicate recipes from other layers (e.g. meta-browser in the nss
case) which doesn't seem like a very satisfactory state of affairs.

p.




^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH V3 0/5] add nss for LSB library check (cover letter only)
  2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
                   ` (4 preceding siblings ...)
  2013-07-10  8:03 ` [PATCH 5/5] nss: fix incorrect shebang line of perl script Hongxu Jia
@ 2013-07-11 12:04 ` Hongxu Jia
  5 siblings, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-11 12:04 UTC (permalink / raw)
  To: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 1982 bytes --]

Change in V3:
1) Replace incorrect shebang line with `#!/usr/bin/env perl'.

Change in V2:
1) Rename the title of patch 1/5
2) Use ${libdir} rather than ${base_libdir} as the lib location
    which references the nss in meta-browser.


The following changes since commit dc86293f0444384e8ae5131fdd10b6cb077164b0:

   bitbake: HOB:Proper handle of SIGINT (2013-07-05 15:52:48 +0100)

are available in the git repository at:

   git://git.pokylinux.org/poky-contrib hongxu/fix-nss
   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-nss

Hongxu Jia (5):
   nspr: add native version
   packagegroup-core-lsb: add nss for LSB library check
   nss: add version 3.15.1
   nss: create checksum files for the nss libraries
   nss: fix incorrect shebang line of perl script

  .../packagegroups/packagegroup-core-lsb.bb         |   1 +
  meta/recipes-support/nspr/nspr_4.10.bb             |   2 +
  .../files/nss-fix-incorrect-shebang-of-perl.patch  | 110 ++++++++++++
  .../files/nss-fix-support-cross-compiling.patch    |  71 ++++++++
  .../files/nss-no-rpath-for-cross-compiling.patch   |  26 +++
  meta/recipes-support/nss/files/nss.pc.in           |  11 ++
  meta/recipes-support/nss/files/signlibs.sh         |  20 +++
  meta/recipes-support/nss/nss.inc                   | 187 +++++++++++++++++++++
  meta/recipes-support/nss/nss_3.15.1.bb             |   9 +
  9 files changed, 437 insertions(+)
  create mode 100644 meta/recipes-support/nss/files/nss-fix-incorrect-shebang-of-perl.patch
  create mode 100644 meta/recipes-support/nss/files/nss-fix-support-cross-compiling.patch
  create mode 100644 meta/recipes-support/nss/files/nss-no-rpath-for-cross-compiling.patch
  create mode 100644 meta/recipes-support/nss/files/nss.pc.in
  create mode 100644 meta/recipes-support/nss/files/signlibs.sh
  create mode 100644 meta/recipes-support/nss/nss.inc
  create mode 100644 meta/recipes-support/nss/nss_3.15.1.bb

-- 1.8.1.2


[-- Attachment #2: Type: text/html, Size: 2462 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 3/5] nss: add version 3.15.1
  2013-07-11 11:34           ` Phil Blundell
@ 2013-07-11 13:41             ` Burton, Ross
  0 siblings, 0 replies; 21+ messages in thread
From: Burton, Ross @ 2013-07-11 13:41 UTC (permalink / raw)
  To: Phil Blundell; +Cc: openembedded-core

On 11 July 2013 12:34, Phil Blundell <pb@pbcl.net> wrote:
>> I was just pondering the idea of a "meta-lsb"...
>
> Yeah, I was thinking about that too.  The obvious downside of this plan
> is that this layer would end up containing a random-looking grab-bag of
> recipes with nothing in common other than that they're needed for LSB
> conformance and not in oe-core.
>
> In practice that's probably going to mean that the majority of them
> would duplicate recipes from other layers (e.g. meta-browser in the nss
> case) which doesn't seem like a very satisfactory state of affairs.

That's pretty much exactly my thoughts.   Two less than ideal
situations, one less worse than the other (LSB in oe-core being less
worse, in my opinion).

Ross


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 4/5] nss: create checksum files for the nss libraries
  2013-07-10  8:03 ` [PATCH 4/5] nss: create checksum files for the nss libraries Hongxu Jia
@ 2013-07-12 12:39   ` Burton, Ross
  2013-07-12 12:45     ` Hongxu Jia
  0 siblings, 1 reply; 21+ messages in thread
From: Burton, Ross @ 2013-07-12 12:39 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
> Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
> The shlibsign is invoked to sign the libraries, and it is built for the target
> architecture and doesn't support cross-compiling so far.
>
> Invoke shlibsign at target's first boot time to generate checksum files.

As NSS depends on nss-native, can't you use that?  The bug you link to
implies that's what someone else has done when building NSS for iOS.

Ross


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [PATCH 4/5] nss: create checksum files for the nss libraries
  2013-07-12 12:39   ` Burton, Ross
@ 2013-07-12 12:45     ` Hongxu Jia
  0 siblings, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-12 12:45 UTC (permalink / raw)
  To: Burton, Ross; +Cc: openembedded-core

On 07/12/2013 08:39 PM, Burton, Ross wrote:
> On 10 July 2013 09:03, Hongxu Jia <hongxu.jia@windriver.com> wrote:
>> Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
>> The shlibsign is invoked to sign the libraries, and it is built for the target
>> architecture and doesn't support cross-compiling so far.
>>
>> Invoke shlibsign at target's first boot time to generate checksum files.
> As NSS depends on nss-native, can't you use that?  The bug you link to
> implies that's what someone else has done when building NSS for iOS.
Yes, invoke 'certutil' to create a blank certificate at build time.

//Hongxu
>
> Ross



^ permalink raw reply	[flat|nested] 21+ messages in thread

* [PATCH 4/5] nss: Create checksum files for the NSS libraries
  2013-07-09 12:30 [PATCH 0/5]add nss for LSB library check Hongxu Jia
@ 2013-07-09 12:30 ` Hongxu Jia
  0 siblings, 0 replies; 21+ messages in thread
From: Hongxu Jia @ 2013-07-09 12:30 UTC (permalink / raw)
  To: openembedded-core

Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
The shlibsign is invoked to sign the libraries, and it is built for the target
architecture and doesn't support cross-compiling so far.

Invoke shlibsign at target's boot time to generate checksum files.

https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6
http://en.wikipedia.org/wiki/FIPS_140
https://bugzilla.mozilla.org/show_bug.cgi?id=681624

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/recipes-support/nss/files/signlibs.sh | 20 ++++++++++++++++++++
 meta/recipes-support/nss/nss.inc           | 16 ++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-support/nss/files/signlibs.sh

diff --git a/meta/recipes-support/nss/files/signlibs.sh b/meta/recipes-support/nss/files/signlibs.sh
new file mode 100644
index 0000000..1ec79f4
--- /dev/null
+++ b/meta/recipes-support/nss/files/signlibs.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# signlibs.sh
+#
+# (c)2010 Wind River Systems, Inc.
+#
+# regenerates the .chk files for the NSS libraries that require it
+# since the ones that are built have incorrect checksums that were
+# calculated on the host where they really need to be done on the
+# target
+
+CHK_FILES=`find /lib* /usr/lib* -name "*.chk"`
+SIGN_BINARY=`which shlibsign`
+for I in $CHK_FILES
+do
+       DN=`dirname $I`
+       BN=`basename $I .chk`
+       FN=$DN/$BN.so
+       $SIGN_BINARY -i $FN
+done
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 71b7250..a0ea374 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -18,6 +18,7 @@ SRC_URI = "\
 "
 SRC_URI_append_class-target += "\
     file://nss.pc.in \
+    file://signlibs.sh \
 "
 inherit siteinfo
 PR = "r0"
@@ -135,6 +136,14 @@ do_install() {
 }
 
 do_install_append_class-target() {
+    # Create empty .chk files for the NSS libraries at build time. They could
+    # be regenerated at target's boot time.
+    for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
+        touch ${D}/${base_libdir}/$file
+        chmod 755 ${D}/${base_libdir}/$file
+    done
+    install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
+
     install -d ${D}${libdir}/pkgconfig/
     sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
     sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
@@ -150,6 +159,13 @@ do_install_append_class-target() {
     rm ./empty_password
 }
 
+pkg_postinst_${PN} () {
+    if [ -n "$D" ]; then
+        exit 1
+    fi
+    signlibs.sh
+}
+
 FILES_${PN} = "\
     ${sysconfdir} \
     ${bindir} \
-- 
1.8.1.2



^ permalink raw reply related	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2013-07-12 12:45 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-10  8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
2013-07-10  8:03 ` [PATCH 1/5] nspr: add native version Hongxu Jia
2013-07-10  8:03 ` [PATCH 2/5] packagegroup-core-lsb: add nss for LSB library check Hongxu Jia
2013-07-10  8:03 ` [PATCH 3/5] nss: add version 3.15.1 Hongxu Jia
2013-07-11 10:40   ` Burton, Ross
2013-07-11 10:41     ` Burton, Ross
2013-07-11 10:45       ` Phil Blundell
2013-07-11 11:14         ` Burton, Ross
2013-07-11 11:27           ` Hongxu Jia
2013-07-11 11:34           ` Phil Blundell
2013-07-11 13:41             ` Burton, Ross
2013-07-10  8:03 ` [PATCH 4/5] nss: create checksum files for the nss libraries Hongxu Jia
2013-07-12 12:39   ` Burton, Ross
2013-07-12 12:45     ` Hongxu Jia
2013-07-10  8:03 ` [PATCH 5/5] nss: fix incorrect shebang line of perl script Hongxu Jia
2013-07-11  8:39   ` Trevor Woerner
2013-07-11  8:58     ` Hongxu Jia
2013-07-11  9:23       ` Paul Eggleton
2013-07-11  9:28         ` Hongxu Jia
2013-07-11 12:04 ` [PATCH V3 0/5] add nss for LSB library check (cover letter only) Hongxu Jia
  -- strict thread matches above, loose matches on Subject: below --
2013-07-09 12:30 [PATCH 0/5]add nss for LSB library check Hongxu Jia
2013-07-09 12:30 ` [PATCH 4/5] nss: Create checksum files for the NSS libraries Hongxu Jia

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.