nss: fix non-determinism when create a blank certificate

It uses certutil from nss to create a blank certificate. But the
checksum of database file key4.db changes every time:

$ certutil -N -d sql:. --empty-password
$ md5sum *
f9dac2cfcb07cc8ca6db442a9a570906  cert9.db
b892c5ff7c1977d4728240b0cf628377  key4.db
7b9136cb03f07ae62eb213a5239fda71  pkcs11.txt
$ rm *

$ certutil -N -d sql:. --empty-password
$ md5sum *
f9dac2cfcb07cc8ca6db442a9a570906  cert9.db
405d55178e866a115c1aa975fccfa764  key4.db
7b9136cb03f07ae62eb213a5239fda71  pkcs11.txt

Provide pre-created databases with a blank certificate to fix
non-determinism issue. And these database files are from nss qemux86-64
build.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/meta/recipes-support/nss/nss/system-pkcs11.txt b/meta/recipes-support/nss/nss/system-pkcs11.txt
new file mode 100644
index 0000000000..1a264e9cc4
--- /dev/null
+++ b/meta/recipes-support/nss/nss/system-pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/etc/pki/nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+