aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHongxu Jia <hongxu.jia@windriver.com>2018-08-27 23:31:26 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-29 10:40:08 +0100
commite9b99efe4b5cf7e810156f7bb55736e01be36a45 (patch)
tree029af49ab05df6955d5bfdc1d5507d676ea5a485
parent9bc3a8ec4a007fe75dc8f44faf6357517b1fb020 (diff)
downloadopenembedded-core-contrib-e9b99efe4b5cf7e810156f7bb55736e01be36a45.tar.gz
openembedded-core-contrib-e9b99efe4b5cf7e810156f7bb55736e01be36a45.tar.bz2
openembedded-core-contrib-e9b99efe4b5cf7e810156f7bb55736e01be36a45.zip
nss :improve reproducibility
- Explicitly requests the newer database `sql:' rather than retrieved from NSS_DEFAULT_DB_TYPE - Removes build path prefix from pkcs11.txt Refers certutil manual: [certutil manual] -d [prefix]directory Specify the database directory containing the certificate and key database files. certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). NSS recognizes the following prefixes: sql: requests the newer database dbm: requests the legacy database If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. [certutil manual] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/nss/nss_3.38.bb4
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-support/nss/nss_3.38.bb b/meta/recipes-support/nss/nss_3.38.bb
index f3e5170a89..904b621a07 100644
--- a/meta/recipes-support/nss/nss_3.38.bb
+++ b/meta/recipes-support/nss/nss_3.38.bb
@@ -215,9 +215,11 @@ do_install_append_class-target() {
# Create a blank certificate
mkdir -p ${D}${sysconfdir}/pki/nssdb/
touch ./empty_password
- certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
+ certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
rm ./empty_password
+ # Remove build path prefix
+ sed -i "s:${D}::g" ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
}
PACKAGE_WRITE_DEPS += "nss-native"