[OE-core] [PATCH 1/3] nss :improve reproducibility
Hongxu Jia
hongxu.jia at windriver.com
Mon Aug 27 15:31:26 UTC 2018
- Explicitly requests the newer database `sql:' rather than
retrieved from NSS_DEFAULT_DB_TYPE
- Removes build path prefix from pkcs11.txt
Refers certutil manual:
[certutil manual]
-d [prefix]directory
Specify the database directory containing the certificate and key database files.
certutil supports two types of databases: the legacy security databases (cert8.db,
key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).
NSS recognizes the following prefixes:
sql: requests the newer database
dbm: requests the legacy database
If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE.
If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.
[certutil manual]
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
meta/recipes-support/nss/nss_3.38.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-support/nss/nss_3.38.bb b/meta/recipes-support/nss/nss_3.38.bb
index f3e5170..904b621 100644
--- a/meta/recipes-support/nss/nss_3.38.bb
+++ b/meta/recipes-support/nss/nss_3.38.bb
@@ -215,9 +215,11 @@ do_install_append_class-target() {
# Create a blank certificate
mkdir -p ${D}${sysconfdir}/pki/nssdb/
touch ./empty_password
- certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
+ certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
rm ./empty_password
+ # Remove build path prefix
+ sed -i "s:${D}::g" ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
}
PACKAGE_WRITE_DEPS += "nss-native"
--
2.7.4
More information about the Openembedded-core
mailing list