citadel/meta-citadel/recipes-support/nss/nss_3.56.bb
Bruce Leidl 4c3baa433b Big Upgrade: GNOME 3.38, Yocto 3.1.3, meta-rust, meta-intel
Updated Recipes

   * dash-to-panel 40
   * dconf 0.38.0
   * gdm 3.38.0
   * glib 2.66.1
   * gjs 1.66.0
   * gnome-autoar 0.2.4
   * gnome-backgrounds 3.38.0
   * gnome-bluetooth 3.34.3
   * gnome-control-center 3.38.1
   * gnome-screenshot 3.38.0
   * gnome-shell 3.38.1
   * gnome-session 3.38.0
   * gnome-settings-daemon 3.38.0
   * gnome-terminal 3.38.0
   * gnome-usage 3.38.0
   * graphene 1.10.2
   * gsettings-desktop-schema 3.38.0
   * gvfs 1.46.1
   * iwd 1.9
   * libgee 0.20.3
   * libgtop 2.40.0
   * libgweather 3.36.1
   * mkpasswd 5.5.7
   * mozjs 78.0.1
   * mutter 3.38.1
   * nautilus 3.38.1
   * networkmanager 1.26.4
   * polkit 0.118
   * tracker 3.0.1
   * vte 0.62.0

Removed because recipes exist in poky with adequate version

   * atk, at-spi
   * clutter
   * clutter-gtk
   * cogl
   * ell
   * gcr
   * itstool
   * libinput
   * pango

Other removed recipes

   * systemd-initrd          No longer using a separate systemd recipe
                             for initramfs
   * caribou                 What even is this
   * gnome-tweaks            Not used
   * mozjs                   Polkit no longer requires an ancient mozjs
   * mozjs68                 Upgraded to mozjs78
2020-11-01 09:31:47 -05:00

273 lines
8.9 KiB
BlitzBasic

SUMMARY = "Mozilla's SSL and TLS implementation"
DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
designed to support cross-platform development of \
security-enabled client and server applications. \
Applications built with NSS can support SSL v2 and v3, \
TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
v3 certificates, and other security standards."
HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
SECTION = "libs"
DEPENDS = "sqlite3 nspr zlib nss-native"
DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)"
LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
file://nss.pc.in \
file://0001-nss-fix-support-cross-compiling.patch \
file://nss-no-rpath-for-cross-compiling.patch \
file://nss-fix-incorrect-shebang-of-perl.patch \
file://disable-Wvarargs-with-clang.patch \
file://pqg.c-ULL_addend.patch \
file://blank-cert9.db \
file://blank-key4.db \
file://system-pkcs11.txt \
file://nss-fix-nsinstall-build.patch \
file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
file://0001-pkix-Do-not-use-NULL-where-0-is-needed.patch \
"
SRC_URI[sha256sum] = "f875e0e8ed3b5ce92d675be4a55aa25a8c1199789a4a01f69b5f2327e2048e9c"
UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
inherit siteinfo
TD = "${S}/tentative-dist"
TDS = "${S}/tentative-dist-staging"
# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a
# which caused -march conflicts in gcc
TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto"
TARGET_CC_ARCH += "${LDFLAGS}"
do_configure_prepend_libc-musl () {
sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
}
do_compile_prepend_class-native() {
export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr
export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
}
do_compile_prepend_class-nativesdk() {
export LDFLAGS=""
}
do_compile_prepend_class-native() {
# Need to set RPATH so that chrpath will do its job correctly
RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
}
do_compile() {
export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr
export NSS_ENABLE_WERROR=0
export CROSS_COMPILE=1
export NATIVE_CC="${BUILD_CC}"
# Additional defines needed on Centos 7
export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux"
export BUILD_OPT=1
export FREEBL_NO_DEPEND=1
export FREEBL_LOWHASH=1
export LIBDIR=${libdir}
export MOZILLA_CLIENT=1
export NS_USE_GCC=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)}
export OS_RELEASE=3.4
export OS_TARGET=Linux
export OS_ARCH=Linux
if [ "${TARGET_ARCH}" = "powerpc" ]; then
OS_TEST=ppc
elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
OS_TEST=ppc64
elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
OS_TEST=mips
elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
OS_TEST="aarch64"
else
OS_TEST="${TARGET_ARCH}"
fi
if [ "${SITEINFO_BITS}" = "64" ]; then
export USE_64=1
elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
export USE_X32=1
fi
export NSS_DISABLE_GTESTS=1
# We can modify CC in the environment, but if we set it via an
# argument to make, nsinstall, a host program, will also build with it!
#
# nss pretty much does its own thing with CFLAGS, so we put them into CC.
# Optimization will get clobbered, but most of the stuff will survive.
# The motivation for this is to point to the correct place for debug
# source files and CFLAGS does that. Nothing uses CCC.
#
export CC="${CC} ${CFLAGS}"
make -C ./nss CCC="${CXX} -g" \
OS_TEST=${OS_TEST} \
RPATH="${RPATH}" \
autobuild
}
do_compile[vardepsexclude] += "SITEINFO_BITS"
do_install_prepend_class-nativesdk() {
export LDFLAGS=""
}
do_install() {
export CROSS_COMPILE=1
export NATIVE_CC="${BUILD_CC}"
export BUILD_OPT=1
export FREEBL_NO_DEPEND=1
export LIBDIR=${libdir}
export MOZILLA_CLIENT=1
export NS_USE_GCC=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
export OS_RELEASE=3.4
export OS_TARGET=Linux
export OS_ARCH=Linux
if [ "${TARGET_ARCH}" = "powerpc" ]; then
OS_TEST=ppc
elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
OS_TEST=ppc64
elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
OS_TEST=mips
elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
CPU_ARCH=aarch64
OS_TEST="aarch64"
else
OS_TEST="${TARGET_ARCH}"
fi
if [ "${SITEINFO_BITS}" = "64" ]; then
export USE_64=1
elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
export USE_X32=1
fi
export NSS_DISABLE_GTESTS=1
make -C ./nss \
CCC="${CXX}" \
OS_TEST=${OS_TEST} \
SOURCE_LIB_DIR="${TD}/${libdir}" \
SOURCE_BIN_DIR="${TD}/${bindir}" \
install
install -d ${D}/${libdir}/
for file in ${S}/dist/*.OBJ/lib/*.so; do
echo "Installing `basename $file`..."
cp $file ${D}/${libdir}/
done
for shared_lib in ${TD}/${libdir}/*.so.*; do
if [ -f $shared_lib ]; then
cp $shared_lib ${D}/${libdir}
ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
fi
done
for shared_lib in ${TD}/${libdir}/*.so; do
if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
cp $shared_lib ${D}/${libdir}
fi
done
install -d ${D}/${includedir}/nss3
install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
install -d ${D}/${bindir}
for binary in ${TD}/${bindir}/*; do
install -m 755 -t ${D}/${bindir} $binary
done
}
do_install[vardepsexclude] += "SITEINFO_BITS"
do_install_append() {
# Create empty .chk files for the NSS libraries at build time. They could
# be regenerated at target's boot time.
for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
touch ${D}/${libdir}/$file
chmod 755 ${D}/${libdir}/$file
done
install -d ${D}${libdir}/pkgconfig/
sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
}
do_install_append_class-target() {
# It used to call certutil to create a blank certificate with empty password at
# build time, but the checksum of key4.db changes every time when certutil is called.
# It causes non-determinism issue, so provide databases with a blank certificate
# which are originally from output of nss in qemux86-64 build. You can get these
# databases by:
# certutil -N -d sql:/database/path/ --empty-password
install -d ${D}${sysconfdir}/pki/nssdb/
install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
}
PACKAGE_WRITE_DEPS += "nss-native"
pkg_postinst_${PN} () {
for I in $D${libdir}/lib*.chk; do
DN=`dirname $I`
BN=`basename $I .chk`
FN=$DN/$BN.so
shlibsign -i $FN
if [ $? -ne 0 ]; then
echo "shlibsign -i $FN failed"
fi
done
}
PACKAGES =+ "${PN}-smime"
FILES_${PN}-smime = "\
${bindir}/smime \
"
FILES_${PN} = "\
${sysconfdir} \
${bindir} \
${libdir}/lib*.chk \
${libdir}/lib*.so \
"
FILES_${PN}-dev = "\
${libdir}/nss \
${libdir}/pkgconfig/* \
${includedir}/* \
"
RDEPENDS_${PN}-smime = "perl"
BBCLASSEXTEND = "native nativesdk"