summaryrefslogtreecommitdiff
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-support/nss/nss/blank-cert9.dbbin0 -> 28672 bytes
-rw-r--r--meta/recipes-support/nss/nss/blank-key4.dbbin0 -> 36864 bytes
-rw-r--r--meta/recipes-support/nss/nss/system-pkcs11.txt5
-rw-r--r--meta/recipes-support/nss/nss_3.38.bb21
4 files changed, 18 insertions, 8 deletions
diff --git a/meta/recipes-support/nss/nss/blank-cert9.db b/meta/recipes-support/nss/nss/blank-cert9.db
new file mode 100644
index 0000000000..7d4bcf2582
--- /dev/null
+++ b/meta/recipes-support/nss/nss/blank-cert9.db
Binary files differ
diff --git a/meta/recipes-support/nss/nss/blank-key4.db b/meta/recipes-support/nss/nss/blank-key4.db
new file mode 100644
index 0000000000..d47f08d04f
--- /dev/null
+++ b/meta/recipes-support/nss/nss/blank-key4.db
Binary files differ
diff --git a/meta/recipes-support/nss/nss/system-pkcs11.txt b/meta/recipes-support/nss/nss/system-pkcs11.txt
new file mode 100644
index 0000000000..1a264e9cc4
--- /dev/null
+++ b/meta/recipes-support/nss/nss/system-pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/meta/recipes-support/nss/nss_3.38.bb b/meta/recipes-support/nss/nss_3.38.bb
index 904b621a07..e0ee209106 100644
--- a/meta/recipes-support/nss/nss_3.38.bb
+++ b/meta/recipes-support/nss/nss_3.38.bb
@@ -25,6 +25,9 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://nss-fix-nsinstall-build.patch \
file://disable-Wvarargs-with-clang.patch \
file://pqg.c-ULL_addend.patch \
+ file://blank-cert9.db \
+ file://blank-key4.db \
+ file://system-pkcs11.txt \
"
SRC_URI[md5sum] = "ac9065460a7634ba8eb0f942f404e773"
@@ -212,14 +215,16 @@ do_install_append() {
}
do_install_append_class-target() {
- # Create a blank certificate
- mkdir -p ${D}${sysconfdir}/pki/nssdb/
- touch ./empty_password
- certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
- chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
- rm ./empty_password
- # Remove build path prefix
- sed -i "s:${D}::g" ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
+ # It used to call certutil to create a blank certificate with empty password at
+ # build time, but the checksum of key4.db changes every time when certutil is called.
+ # It causes non-determinism issue, so provide databases with a blank certificate
+ # which are originally from output of nss in qemux86-64 build. You can get these
+ # databases by:
+ # certutil -N -d sql:/database/path/ --empty-password
+ install -d ${D}${sysconfdir}/pki/nssdb/
+ install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
+ install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
+ install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
}
PACKAGE_WRITE_DEPS += "nss-native"
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 03:57:55 +0000