From e9b99efe4b5cf7e810156f7bb55736e01be36a45 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Mon, 27 Aug 2018 23:31:26 +0800 Subject: nss :improve reproducibility - Explicitly requests the newer database `sql:' rather than retrieved from NSS_DEFAULT_DB_TYPE - Removes build path prefix from pkcs11.txt Refers certutil manual: [certutil manual] -d [prefix]directory Specify the database directory containing the certificate and key database files. certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). NSS recognizes the following prefixes: sql: requests the newer database dbm: requests the legacy database If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. [certutil manual] Signed-off-by: Hongxu Jia Signed-off-by: Richard Purdie --- meta/recipes-support/nss/nss_3.38.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-support/nss/nss_3.38.bb b/meta/recipes-support/nss/nss_3.38.bb index f3e5170a89..904b621a07 100644 --- a/meta/recipes-support/nss/nss_3.38.bb +++ b/meta/recipes-support/nss/nss_3.38.bb @@ -215,9 +215,11 @@ do_install_append_class-target() { # Create a blank certificate mkdir -p ${D}${sysconfdir}/pki/nssdb/ touch ./empty_password - certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password + certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db rm ./empty_password + # Remove build path prefix + sed -i "s:${D}::g" ${D}${sysconfdir}/pki/nssdb/pkcs11.txt } PACKAGE_WRITE_DEPS += "nss-native" -- cgit 1.2.3-korg