diff options
| author | Hongxu Jia <hongxu.jia@windriver.com> | 2013-07-10 15:54:17 +0800 |
|---|---|---|
| committer | Saul Wold <sgw@linux.intel.com> | 2013-07-12 10:12:11 -0700 |
| commit | a4580f967c8064294a06d406acf5deb24aee2acc (patch) | |
| tree | 27fe2c0c8b9e4b97e7a655e72bf3a31fb71f850f /meta | |
| parent | 22c146fd3e829b89c07a2019005e180e93fece5d (diff) | |
| download | openembedded-core-a4580f967c8064294a06d406acf5deb24aee2acc.tar.gz openembedded-core-a4580f967c8064294a06d406acf5deb24aee2acc.tar.bz2 openembedded-core-a4580f967c8064294a06d406acf5deb24aee2acc.zip | |
nss: create checksum files for the nss libraries
Add checksum files required for the NSS softoken to operate in FIPS 140 mode.
The shlibsign is invoked to sign the libraries, and it is built for the target
architecture and doesn't support cross-compiling so far.
Invoke shlibsign at target's first boot time to generate checksum files.
https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note6
http://en.wikipedia.org/wiki/FIPS_140
https://bugzilla.mozilla.org/show_bug.cgi?id=681624
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-support/nss/files/signlibs.sh | 20 | ||||
| -rw-r--r-- | meta/recipes-support/nss/nss.inc | 16 |
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-support/nss/files/signlibs.sh b/meta/recipes-support/nss/files/signlibs.sh new file mode 100644 index 0000000000..1ec79f4576 --- /dev/null +++ b/meta/recipes-support/nss/files/signlibs.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# signlibs.sh +# +# (c)2010 Wind River Systems, Inc. +# +# regenerates the .chk files for the NSS libraries that require it +# since the ones that are built have incorrect checksums that were +# calculated on the host where they really need to be done on the +# target + +CHK_FILES=`find /lib* /usr/lib* -name "*.chk"` +SIGN_BINARY=`which shlibsign` +for I in $CHK_FILES +do + DN=`dirname $I` + BN=`basename $I .chk` + FN=$DN/$BN.so + $SIGN_BINARY -i $FN +done diff --git a/meta/recipes-support/nss/nss.inc b/meta/recipes-support/nss/nss.inc index 87cba38bc8..4270743329 100644 --- a/meta/recipes-support/nss/nss.inc +++ b/meta/recipes-support/nss/nss.inc @@ -18,6 +18,7 @@ SRC_URI = "\ " SRC_URI_append_class-target += "\ file://nss.pc.in \ + file://signlibs.sh \ " inherit siteinfo PR = "r0" @@ -136,6 +137,14 @@ do_install() { } do_install_append_class-target() { + # Create empty .chk files for the NSS libraries at build time. They could + # be regenerated at target's boot time. + for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do + touch ${D}/${libdir}/$file + chmod 755 ${D}/${libdir}/$file + done + install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh + install -d ${D}${libdir}/pkgconfig/ sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc @@ -151,6 +160,13 @@ do_install_append_class-target() { rm ./empty_password } +pkg_postinst_${PN} () { + if [ -n "$D" ]; then + exit 1 + fi + signlibs.sh +} + FILES_${PN} = "\ ${sysconfdir} \ ${bindir} \ |