xref: /OK3568_Linux_fs/yocto/meta-openembedded/meta-oe/recipes-support/nss/nss_3.74.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593SmuzhiyunSUMMARY = "Mozilla's SSL and TLS implementation"
2*4882a593SmuzhiyunDESCRIPTION = "Network Security Services (NSS) is a set of libraries \
3*4882a593Smuzhiyundesigned to support cross-platform development of \
4*4882a593Smuzhiyunsecurity-enabled client and server applications. \
5*4882a593SmuzhiyunApplications built with NSS can support SSL v2 and v3, \
6*4882a593SmuzhiyunTLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
7*4882a593Smuzhiyunv3 certificates, and other security standards."
8*4882a593SmuzhiyunHOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
9*4882a593SmuzhiyunSECTION = "libs"
10*4882a593Smuzhiyun
11*4882a593SmuzhiyunDEPENDS = "sqlite3 nspr zlib nss-native"
12*4882a593SmuzhiyunDEPENDS:class-native = "sqlite3-native nspr-native zlib-native"
13*4882a593Smuzhiyun
14*4882a593SmuzhiyunLICENSE = "(MPL-2.0 & MIT) | (MPL-2.0 & GPL-2.0-or-later & MIT) | (MPL-2.0 & LGPL-2.1-or-later & MIT)"
15*4882a593Smuzhiyun
16*4882a593SmuzhiyunLIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
17*4882a593Smuzhiyun                    file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
18*4882a593Smuzhiyun                    file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132 \
19*4882a593Smuzhiyun                    file://nss/lib/freebl/verified/Hacl_Poly1305_256.c;beginline=1;endline=22;md5=d4096c1e4421ee56e9e0f441a8161f78"
20*4882a593Smuzhiyun
21*4882a593SmuzhiyunVERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
22*4882a593Smuzhiyun
23*4882a593SmuzhiyunSRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
24*4882a593Smuzhiyun           file://nss.pc.in \
25*4882a593Smuzhiyun           file://0001-nss-fix-support-cross-compiling.patch \
26*4882a593Smuzhiyun           file://nss-no-rpath-for-cross-compiling.patch \
27*4882a593Smuzhiyun           file://nss-fix-incorrect-shebang-of-perl.patch \
28*4882a593Smuzhiyun           file://disable-Wvarargs-with-clang.patch \
29*4882a593Smuzhiyun           file://pqg.c-ULL_addend.patch \
30*4882a593Smuzhiyun           file://blank-cert9.db \
31*4882a593Smuzhiyun           file://blank-key4.db \
32*4882a593Smuzhiyun           file://system-pkcs11.txt \
33*4882a593Smuzhiyun           file://nss-fix-nsinstall-build.patch \
34*4882a593Smuzhiyun           file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
35*4882a593Smuzhiyun           "
36*4882a593SmuzhiyunSRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"
37*4882a593Smuzhiyun
38*4882a593SmuzhiyunUPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
39*4882a593SmuzhiyunUPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
40*4882a593Smuzhiyun
41*4882a593Smuzhiyuninherit siteinfo
42*4882a593Smuzhiyun
43*4882a593SmuzhiyunTD = "${S}/tentative-dist"
44*4882a593SmuzhiyunTDS = "${S}/tentative-dist-staging"
45*4882a593Smuzhiyun
46*4882a593SmuzhiyunTARGET_CC_ARCH += "${LDFLAGS}"
47*4882a593Smuzhiyun
48*4882a593SmuzhiyunCFLAGS:append:class-native = " -D_XOPEN_SOURCE "
49*4882a593Smuzhiyun
50*4882a593Smuzhiyundo_configure:prepend:libc-musl () {
51*4882a593Smuzhiyun    sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
52*4882a593Smuzhiyun}
53*4882a593Smuzhiyun
54*4882a593Smuzhiyundo_configure:prepend:powerpc64le:toolchain-clang () {
55*4882a593Smuzhiyun    sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
56*4882a593Smuzhiyun}
57*4882a593Smuzhiyun
58*4882a593Smuzhiyundo_configure:prepend:powerpc64:toolchain-clang () {
59*4882a593Smuzhiyun    sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
60*4882a593Smuzhiyun}
61*4882a593Smuzhiyun
62*4882a593Smuzhiyundo_compile:prepend:class-native() {
63*4882a593Smuzhiyun    export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr
64*4882a593Smuzhiyun    export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
65*4882a593Smuzhiyun}
66*4882a593Smuzhiyun
67*4882a593Smuzhiyundo_compile:prepend:class-nativesdk() {
68*4882a593Smuzhiyun    export LDFLAGS=""
69*4882a593Smuzhiyun}
70*4882a593Smuzhiyun
71*4882a593Smuzhiyundo_compile:prepend:class-native() {
72*4882a593Smuzhiyun    # Need to set RPATH so that chrpath will do its job correctly
73*4882a593Smuzhiyun    RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
74*4882a593Smuzhiyun}
75*4882a593Smuzhiyun
76*4882a593Smuzhiyundo_compile() {
77*4882a593Smuzhiyun    export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr
78*4882a593Smuzhiyun
79*4882a593Smuzhiyun    export CROSS_COMPILE=1
80*4882a593Smuzhiyun    export NATIVE_CC="${BUILD_CC}"
81*4882a593Smuzhiyun    # Additional defines needed on Centos 7
82*4882a593Smuzhiyun    export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux"
83*4882a593Smuzhiyun    export BUILD_OPT=1
84*4882a593Smuzhiyun
85*4882a593Smuzhiyun    # POSIX.1-2001 states that the behaviour of getcwd() when passing a null
86*4882a593Smuzhiyun    # pointer as the buf argument, is unspecified.
87*4882a593Smuzhiyun    export NATIVE_FLAGS="${NATIVE_FLAGS} -DGETCWD_CANT_MALLOC"
88*4882a593Smuzhiyun
89*4882a593Smuzhiyun    export FREEBL_NO_DEPEND=1
90*4882a593Smuzhiyun    export FREEBL_LOWHASH=1
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun    export LIBDIR=${libdir}
93*4882a593Smuzhiyun    export MOZILLA_CLIENT=1
94*4882a593Smuzhiyun    export NS_USE_GCC=1
95*4882a593Smuzhiyun    export NSS_USE_SYSTEM_SQLITE=1
96*4882a593Smuzhiyun    export NSS_ENABLE_ECC=1
97*4882a593Smuzhiyun    export NSS_ENABLE_WERROR=0
98*4882a593Smuzhiyun
99*4882a593Smuzhiyun    ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)}
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun    export OS_RELEASE=3.4
102*4882a593Smuzhiyun    export OS_TARGET=Linux
103*4882a593Smuzhiyun    export OS_ARCH=Linux
104*4882a593Smuzhiyun
105*4882a593Smuzhiyun    if [ "${TARGET_ARCH}" = "powerpc" ]; then
106*4882a593Smuzhiyun        OS_TEST=ppc
107*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
108*4882a593Smuzhiyun        OS_TEST=ppc64
109*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
110*4882a593Smuzhiyun        OS_TEST=mips
111*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
112*4882a593Smuzhiyun        OS_TEST="aarch64"
113*4882a593Smuzhiyun    else
114*4882a593Smuzhiyun        OS_TEST="${TARGET_ARCH}"
115*4882a593Smuzhiyun    fi
116*4882a593Smuzhiyun
117*4882a593Smuzhiyun    if [ "${SITEINFO_BITS}" = "64" ]; then
118*4882a593Smuzhiyun        export USE_64=1
119*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
120*4882a593Smuzhiyun        export USE_X32=1
121*4882a593Smuzhiyun    fi
122*4882a593Smuzhiyun
123*4882a593Smuzhiyun    export NSS_DISABLE_GTESTS=1
124*4882a593Smuzhiyun    # We can modify CC in the environment, but if we set it via an
125*4882a593Smuzhiyun    # argument to make, nsinstall, a host program, will also build with it!
126*4882a593Smuzhiyun    #
127*4882a593Smuzhiyun    # nss pretty much does its own thing with CFLAGS, so we put them into CC.
128*4882a593Smuzhiyun    # Optimization will get clobbered, but most of the stuff will survive.
129*4882a593Smuzhiyun    # The motivation for this is to point to the correct place for debug
130*4882a593Smuzhiyun    # source files and CFLAGS does that.  Nothing uses CCC.
131*4882a593Smuzhiyun    #
132*4882a593Smuzhiyun    export CC="${CC} ${CFLAGS}"
133*4882a593Smuzhiyun    make -C ./nss CCC="${CXX} -g" \
134*4882a593Smuzhiyun        OS_TEST=${OS_TEST} \
135*4882a593Smuzhiyun        RPATH="${RPATH}" \
136*4882a593Smuzhiyun        autobuild
137*4882a593Smuzhiyun}
138*4882a593Smuzhiyun
139*4882a593Smuzhiyundo_compile[vardepsexclude] += "SITEINFO_BITS"
140*4882a593Smuzhiyun
141*4882a593Smuzhiyundo_install:prepend:class-nativesdk() {
142*4882a593Smuzhiyun    export LDFLAGS=""
143*4882a593Smuzhiyun}
144*4882a593Smuzhiyun
145*4882a593Smuzhiyundo_install() {
146*4882a593Smuzhiyun    export CROSS_COMPILE=1
147*4882a593Smuzhiyun    export NATIVE_CC="${BUILD_CC}"
148*4882a593Smuzhiyun    export BUILD_OPT=1
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun    export FREEBL_NO_DEPEND=1
151*4882a593Smuzhiyun
152*4882a593Smuzhiyun    export LIBDIR=${libdir}
153*4882a593Smuzhiyun    export MOZILLA_CLIENT=1
154*4882a593Smuzhiyun    export NS_USE_GCC=1
155*4882a593Smuzhiyun    export NSS_USE_SYSTEM_SQLITE=1
156*4882a593Smuzhiyun    export NSS_ENABLE_ECC=1
157*4882a593Smuzhiyun
158*4882a593Smuzhiyun    export OS_RELEASE=3.4
159*4882a593Smuzhiyun    export OS_TARGET=Linux
160*4882a593Smuzhiyun    export OS_ARCH=Linux
161*4882a593Smuzhiyun
162*4882a593Smuzhiyun    if [ "${TARGET_ARCH}" = "powerpc" ]; then
163*4882a593Smuzhiyun        OS_TEST=ppc
164*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
165*4882a593Smuzhiyun        OS_TEST=ppc64
166*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
167*4882a593Smuzhiyun        OS_TEST=mips
168*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
169*4882a593Smuzhiyun        CPU_ARCH=aarch64
170*4882a593Smuzhiyun        OS_TEST="aarch64"
171*4882a593Smuzhiyun    else
172*4882a593Smuzhiyun        OS_TEST="${TARGET_ARCH}"
173*4882a593Smuzhiyun    fi
174*4882a593Smuzhiyun    if [ "${SITEINFO_BITS}" = "64" ]; then
175*4882a593Smuzhiyun        export USE_64=1
176*4882a593Smuzhiyun    elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
177*4882a593Smuzhiyun        export USE_X32=1
178*4882a593Smuzhiyun    fi
179*4882a593Smuzhiyun
180*4882a593Smuzhiyun    export NSS_DISABLE_GTESTS=1
181*4882a593Smuzhiyun
182*4882a593Smuzhiyun    make -C ./nss \
183*4882a593Smuzhiyun        CCC="${CXX}" \
184*4882a593Smuzhiyun        OS_TEST=${OS_TEST} \
185*4882a593Smuzhiyun        SOURCE_LIB_DIR="${TD}/${libdir}" \
186*4882a593Smuzhiyun        SOURCE_BIN_DIR="${TD}/${bindir}" \
187*4882a593Smuzhiyun        install
188*4882a593Smuzhiyun
189*4882a593Smuzhiyun    install -d ${D}/${libdir}/
190*4882a593Smuzhiyun    for file in ${S}/dist/*.OBJ/lib/*.so; do
191*4882a593Smuzhiyun        echo "Installing `basename $file`..."
192*4882a593Smuzhiyun        cp $file  ${D}/${libdir}/
193*4882a593Smuzhiyun    done
194*4882a593Smuzhiyun
195*4882a593Smuzhiyun    for shared_lib in ${TD}/${libdir}/*.so.*; do
196*4882a593Smuzhiyun        if [ -f $shared_lib ]; then
197*4882a593Smuzhiyun            cp $shared_lib ${D}/${libdir}
198*4882a593Smuzhiyun            ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
199*4882a593Smuzhiyun        fi
200*4882a593Smuzhiyun    done
201*4882a593Smuzhiyun    for shared_lib in ${TD}/${libdir}/*.so; do
202*4882a593Smuzhiyun        if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
203*4882a593Smuzhiyun            cp $shared_lib ${D}/${libdir}
204*4882a593Smuzhiyun        fi
205*4882a593Smuzhiyun    done
206*4882a593Smuzhiyun
207*4882a593Smuzhiyun    install -d ${D}/${includedir}/nss3
208*4882a593Smuzhiyun    install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
209*4882a593Smuzhiyun
210*4882a593Smuzhiyun    install -d ${D}/${bindir}
211*4882a593Smuzhiyun    for binary in ${TD}/${bindir}/*; do
212*4882a593Smuzhiyun        install -m 755 -t ${D}/${bindir} $binary
213*4882a593Smuzhiyun    done
214*4882a593Smuzhiyun}
215*4882a593Smuzhiyun
216*4882a593Smuzhiyundo_install[vardepsexclude] += "SITEINFO_BITS"
217*4882a593Smuzhiyun
218*4882a593Smuzhiyundo_install:append() {
219*4882a593Smuzhiyun    # Create empty .chk files for the NSS libraries at build time. They could
220*4882a593Smuzhiyun    # be regenerated at target's boot time.
221*4882a593Smuzhiyun    for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
222*4882a593Smuzhiyun        touch ${D}/${libdir}/$file
223*4882a593Smuzhiyun        chmod 755 ${D}/${libdir}/$file
224*4882a593Smuzhiyun    done
225*4882a593Smuzhiyun
226*4882a593Smuzhiyun    install -d ${D}${libdir}/pkgconfig/
227*4882a593Smuzhiyun    sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
228*4882a593Smuzhiyun    sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
229*4882a593Smuzhiyun    sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
230*4882a593Smuzhiyun    sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
231*4882a593Smuzhiyun    sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
232*4882a593Smuzhiyun}
233*4882a593Smuzhiyun
234*4882a593Smuzhiyundo_install:append:class-target() {
235*4882a593Smuzhiyun    # It used to call certutil to create a blank certificate with empty password at
236*4882a593Smuzhiyun    # build time, but the checksum of key4.db changes every time when certutil is called.
237*4882a593Smuzhiyun    # It causes non-determinism issue, so provide databases with a blank certificate
238*4882a593Smuzhiyun    # which are originally from output of nss in qemux86-64 build. You can get these
239*4882a593Smuzhiyun    # databases by:
240*4882a593Smuzhiyun    # certutil -N -d sql:/database/path/ --empty-password
241*4882a593Smuzhiyun    install -d ${D}${sysconfdir}/pki/nssdb/
242*4882a593Smuzhiyun    install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
243*4882a593Smuzhiyun    install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
244*4882a593Smuzhiyun    install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
245*4882a593Smuzhiyun}
246*4882a593Smuzhiyun
247*4882a593SmuzhiyunPACKAGE_WRITE_DEPS += "nss-native"
248*4882a593Smuzhiyun
249*4882a593Smuzhiyunpkg_postinst:${PN} () {
250*4882a593Smuzhiyun    for I in $D${libdir}/lib*.chk; do
251*4882a593Smuzhiyun        DN=`dirname $I`
252*4882a593Smuzhiyun        BN=`basename $I .chk`
253*4882a593Smuzhiyun        FN=$DN/$BN.so
254*4882a593Smuzhiyun        shlibsign -i $FN
255*4882a593Smuzhiyun        if [ $? -ne 0 ]; then
256*4882a593Smuzhiyun            echo "shlibsign -i $FN failed"
257*4882a593Smuzhiyun        fi
258*4882a593Smuzhiyun    done
259*4882a593Smuzhiyun}
260*4882a593Smuzhiyun
261*4882a593SmuzhiyunPACKAGES =+ "${PN}-smime"
262*4882a593SmuzhiyunFILES:${PN}-smime = "\
263*4882a593Smuzhiyun    ${bindir}/smime \
264*4882a593Smuzhiyun"
265*4882a593Smuzhiyun
266*4882a593SmuzhiyunFILES:${PN} = "\
267*4882a593Smuzhiyun    ${sysconfdir} \
268*4882a593Smuzhiyun    ${bindir} \
269*4882a593Smuzhiyun    ${libdir}/lib*.chk \
270*4882a593Smuzhiyun    ${libdir}/lib*.so \
271*4882a593Smuzhiyun    "
272*4882a593Smuzhiyun
273*4882a593SmuzhiyunFILES:${PN}-dev = "\
274*4882a593Smuzhiyun    ${libdir}/nss \
275*4882a593Smuzhiyun    ${libdir}/pkgconfig/* \
276*4882a593Smuzhiyun    ${includedir}/* \
277*4882a593Smuzhiyun    "
278*4882a593Smuzhiyun
279*4882a593SmuzhiyunRDEPENDS:${PN}-smime = "perl"
280*4882a593Smuzhiyun
281*4882a593SmuzhiyunBBCLASSEXTEND = "native nativesdk"
282*4882a593Smuzhiyun
283*4882a593Smuzhiyun# CVE-2006-5201 affects only Sun Solaris
284*4882a593SmuzhiyunCVE_CHECK_IGNORE += "CVE-2006-5201"
285