[OE-core] [PATCH 05/10] nss: move create blank certificates to pkg_postinst
Kang Kai
Kai.Kang at windriver.com
Tue Oct 2 15:29:24 UTC 2018
On 2018年09月29日 20:44, Richard Purdie wrote:
> On Sat, 2018-09-29 at 13:43 +0800, kai.kang at windriver.com wrote:
>> From: Kai Kang <kai.kang at windriver.com>
>>
>> There is a multilib install file conflict of nss:
>>> file /etc/pki/nssdb/key4.db conflicts between attempted installs of
>>> lib32-nss-3.38-r0.corei7_32 and nss-3.38-r0.corei7_64
>> Move the creation of blank certificates to pkg_postinst. And check if
>> certificates exist already, don't re-create them.
>>
>> Signed-off-by: Kai Kang <kai.kang at windriver.com>
>> ---
>> meta/recipes-support/nss/nss_3.38.bb | 32 +++++++++++++++++---------
>> --
>> 1 file changed, 20 insertions(+), 12 deletions(-)
> This does raise a question - why aren't the generated files the same?
> Is there a determinism problem here? This sounds like the image would
> change with each build and couldn't be reproduced so we have a bigger
> problem?
It calls certutil to create blank certificates:
certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
It should be current time related that create blank certificates in
current directory, the key4.db files are different:
kkang at msp-lpggp1:~/buildarea/bar-build
$ touch empty
kkang at msp-lpggp1:~/buildarea/bar-build
$ ./tmp/sysroots-components/x86_64/nss-native/usr/bin/certutil -N -d
sql:./ -f ./empty
password file contains no data
kkang at msp-lpggp1:~/buildarea/bar-build
$ md5sum *.db
1de1260b3f38349a8633d33acd4e4de7 cert9.db
*7fea1d4dbc99db3ba1b72e30428eb5dc key4.db*
kkang at msp-lpggp1:~/buildarea/bar-build
$ rm *.db
kkang at msp-lpggp1:~/buildarea/bar-build
$ ./tmp/sysroots-components/x86_64/nss-native/usr/bin/certutil -N -d
sql:./ -f ./empty
password file contains no data
kkang at msp-lpggp1:~/buildarea/bar-build
$ md5sum *.db
1de1260b3f38349a8633d33acd4e4de7 cert9.db
*9fbbae3e2d65d29f51e357a2dc4650a2 key4.db*
Regards,
Kai
>
> Cheers,
>
> Richard
>
--
Regards,
Neil | Kai Kang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20181002/ae0805c9/attachment-0002.html>
More information about the Openembedded-core
mailing list