From: Hongxu Jia <hongxu.jia@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [PATCH 4/5] nss: create checksum files for the nss libraries
Date: Wed, 10 Jul 2013 16:03:41 +0800 [thread overview]
Message-ID: <fb33ec7730da4eec3aeb2a73295a851ed15af941.1373443071.git.hongxu.jia@windriver.com> (raw)
In-Reply-To: <cover.1373443071.git.hongxu.jia@windriver.com>
Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
The shlibsign is invoked to sign the libraries, and it is built for the target
architecture and doesn't support cross-compiling so far.
Invoke shlibsign at target's first boot time to generate checksum files.
https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6
http://en.wikipedia.org/wiki/FIPS_140
https://bugzilla.mozilla.org/show_bug.cgi?id=681624
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
meta/recipes-support/nss/files/signlibs.sh | 20 ++++++++++++++++++++
meta/recipes-support/nss/nss.inc | 16 ++++++++++++++++
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-support/nss/files/signlibs.sh
diff --git a/meta/recipes-support/nss/files/signlibs.sh b/meta/recipes-support/nss/files/signlibs.sh
new file mode 100644
index 0000000..1ec79f4
--- /dev/null
+++ b/meta/recipes-support/nss/files/signlibs.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# signlibs.sh
+#
+# (c)2010 Wind River Systems, Inc.
+#
+# regenerates the .chk files for the NSS libraries that require it
+# since the ones that are built have incorrect checksums that were
+# calculated on the host where they really need to be done on the
+# target
+
+CHK_FILES=`find /lib* /usr/lib* -name "*.chk"`
+SIGN_BINARY=`which shlibsign`
+for I in $CHK_FILES
+do
+ DN=`dirname $I`
+ BN=`basename $I .chk`
+ FN=$DN/$BN.so
+ $SIGN_BINARY -i $FN
+done
diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc
index 87cba38..4270743 100644
--- a/meta/recipes-support/nss/nss.inc
+++ b/meta/recipes-support/nss/nss.inc
@@ -18,6 +18,7 @@ SRC_URI = "\
"
SRC_URI_append_class-target += "\
file://nss.pc.in \
+ file://signlibs.sh \
"
inherit siteinfo
PR = "r0"
@@ -136,6 +137,14 @@ do_install() {
}
do_install_append_class-target() {
+ # Create empty .chk files for the NSS libraries at build time. They could
+ # be regenerated at target's boot time.
+ for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
+ touch ${D}/${libdir}/$file
+ chmod 755 ${D}/${libdir}/$file
+ done
+ install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
+
install -d ${D}${libdir}/pkgconfig/
sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
@@ -151,6 +160,13 @@ do_install_append_class-target() {
rm ./empty_password
}
+pkg_postinst_${PN} () {
+ if [ -n "$D" ]; then
+ exit 1
+ fi
+ signlibs.sh
+}
+
FILES_${PN} = "\
${sysconfdir} \
${bindir} \
--
1.8.1.2
next prev parent reply other threads:[~2013-07-10 8:03 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-10 8:03 [PATCH V2 0/5] add nss for LSB library check Hongxu Jia
2013-07-10 8:03 ` [PATCH 1/5] nspr: add native version Hongxu Jia
2013-07-10 8:03 ` [PATCH 2/5] packagegroup-core-lsb: add nss for LSB library check Hongxu Jia
2013-07-10 8:03 ` [PATCH 3/5] nss: add version 3.15.1 Hongxu Jia
2013-07-11 10:40 ` Burton, Ross
2013-07-11 10:41 ` Burton, Ross
2013-07-11 10:45 ` Phil Blundell
2013-07-11 11:14 ` Burton, Ross
2013-07-11 11:27 ` Hongxu Jia
2013-07-11 11:34 ` Phil Blundell
2013-07-11 13:41 ` Burton, Ross
2013-07-10 8:03 ` Hongxu Jia [this message]
2013-07-12 12:39 ` [PATCH 4/5] nss: create checksum files for the nss libraries Burton, Ross
2013-07-12 12:45 ` Hongxu Jia
2013-07-10 8:03 ` [PATCH 5/5] nss: fix incorrect shebang line of perl script Hongxu Jia
2013-07-11 8:39 ` Trevor Woerner
2013-07-11 8:58 ` Hongxu Jia
2013-07-11 9:23 ` Paul Eggleton
2013-07-11 9:28 ` Hongxu Jia
2013-07-11 12:04 ` [PATCH V3 0/5] add nss for LSB library check (cover letter only) Hongxu Jia
-- strict thread matches above, loose matches on Subject: below --
2013-07-09 12:30 [PATCH 0/5]add nss for LSB library check Hongxu Jia
2013-07-09 12:30 ` [PATCH 4/5] nss: Create checksum files for the NSS libraries Hongxu Jia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb33ec7730da4eec3aeb2a73295a851ed15af941.1373443071.git.hongxu.jia@windriver.com \
--to=hongxu.jia@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.