blob: b6bbd800fc862dfcc303d05d03df6a287ee57852 [file] [log] [blame]
Brad Bishop19323692019-04-05 15:28:33 -04001SUMMARY = "Mozilla's SSL and TLS implementation"
2DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
3designed to support cross-platform development of \
4security-enabled client and server applications. \
5Applications built with NSS can support SSL v2 and v3, \
6TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
7v3 certificates, and other security standards."
8HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
9SECTION = "libs"
10
11LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)"
12
13LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
14 file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
15 file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
16
17VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
18
19SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
20 file://nss.pc.in \
21 file://signlibs.sh \
22 file://0001-nss-fix-support-cross-compiling.patch \
23 file://nss-no-rpath-for-cross-compiling.patch \
24 file://nss-fix-incorrect-shebang-of-perl.patch \
25 file://nss-fix-nsinstall-build.patch \
26 file://disable-Wvarargs-with-clang.patch \
27 file://pqg.c-ULL_addend.patch \
28 file://blank-cert9.db \
29 file://blank-key4.db \
30 file://system-pkcs11.txt \
31 "
32
33SRC_URI[md5sum] = "1f6cc6c702379478a3a72298caaef0a7"
34SRC_URI[sha256sum] = "087db37d38fd49dfd584dd2a8b5baa7fc88de7c9bd97c0c2d5be4abcafc61fc6"
35
36UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
37UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
38
39inherit siteinfo
40
41DEPENDS = "sqlite3 nspr zlib nss-native"
42DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
43RDEPENDS_${PN}-smime = "perl"
44
45TD = "${S}/tentative-dist"
46TDS = "${S}/tentative-dist-staging"
47
48TARGET_CC_ARCH += "${LDFLAGS}"
49
50do_configure_prepend_libc-musl () {
51 sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
52}
53
54do_compile_prepend_class-native() {
55 export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}
56 export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
57 export NSS_ENABLE_WERROR=0
58}
59
60do_compile_prepend_class-nativesdk() {
61 export LDFLAGS=""
62}
63
64do_compile_prepend_class-native() {
65 # Need to set RPATH so that chrpath will do its job correctly
66 RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
67}
68
69do_compile() {
70 export CROSS_COMPILE=1
71 export NATIVE_CC="${BUILD_CC}"
72 export NATIVE_FLAGS="${BUILD_CFLAGS}"
73 export BUILD_OPT=1
74
75 export FREEBL_NO_DEPEND=1
76 export FREEBL_LOWHASH=1
77
78 export LIBDIR=${libdir}
79 export MOZILLA_CLIENT=1
80 export NS_USE_GCC=1
81 export NSS_USE_SYSTEM_SQLITE=1
82 export NSS_ENABLE_ECC=1
83
84 export OS_RELEASE=3.4
85 export OS_TARGET=Linux
86 export OS_ARCH=Linux
87
88 if [ "${TARGET_ARCH}" = "powerpc" ]; then
89 OS_TEST=ppc
90 elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
91 OS_TEST=ppc64
92 elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
93 OS_TEST=mips
94 elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
95 OS_TEST="aarch64"
96 else
97 OS_TEST="${TARGET_ARCH}"
98 fi
99
100 if [ "${SITEINFO_BITS}" = "64" ]; then
101 export USE_64=1
102 elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
103 export USE_X32=1
104 fi
105
106 export NSS_DISABLE_GTESTS=1
107
108 # We can modify CC in the environment, but if we set it via an
109 # argument to make, nsinstall, a host program, will also build with it!
110 #
111 # nss pretty much does its own thing with CFLAGS, so we put them into CC.
112 # Optimization will get clobbered, but most of the stuff will survive.
113 # The motivation for this is to point to the correct place for debug
114 # source files and CFLAGS does that. Nothing uses CCC.
115 #
116 export CC="${CC} ${CFLAGS}"
117 make -C ./nss CCC="${CXX} -g" \
118 OS_TEST=${OS_TEST} \
119 RPATH="${RPATH}"
120}
121do_compile[vardepsexclude] += "SITEINFO_BITS"
122
123
124do_install_prepend_class-nativesdk() {
125 export LDFLAGS=""
126}
127
128do_install() {
129 export CROSS_COMPILE=1
130 export NATIVE_CC="${BUILD_CC}"
131 export BUILD_OPT=1
132
133 export FREEBL_NO_DEPEND=1
134
135 export LIBDIR=${libdir}
136 export MOZILLA_CLIENT=1
137 export NS_USE_GCC=1
138 export NSS_USE_SYSTEM_SQLITE=1
139 export NSS_ENABLE_ECC=1
140
141 export OS_RELEASE=3.4
142 export OS_TARGET=Linux
143 export OS_ARCH=Linux
144
145 if [ "${TARGET_ARCH}" = "powerpc" ]; then
146 OS_TEST=ppc
147 elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
148 OS_TEST=ppc64
149 elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
150 OS_TEST=mips
151 elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
152 CPU_ARCH=aarch64
153 OS_TEST="aarch64"
154 else
155 OS_TEST="${TARGET_ARCH}"
156 fi
157 if [ "${SITEINFO_BITS}" = "64" ]; then
158 export USE_64=1
159 elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
160 export USE_X32=1
161 fi
162
163 export NSS_DISABLE_GTESTS=1
164
165 make -C ./nss \
166 CCC="${CXX}" \
167 OS_TEST=${OS_TEST} \
168 SOURCE_LIB_DIR="${TD}/${libdir}" \
169 SOURCE_BIN_DIR="${TD}/${bindir}" \
170 install
171
172 install -d ${D}/${libdir}/
173 for file in ${S}/dist/*.OBJ/lib/*.so; do
174 echo "Installing `basename $file`..."
175 cp $file ${D}/${libdir}/
176 done
177
178 for shared_lib in ${TD}/${libdir}/*.so.*; do
179 if [ -f $shared_lib ]; then
180 cp $shared_lib ${D}/${libdir}
181 ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
182 fi
183 done
184 for shared_lib in ${TD}/${libdir}/*.so; do
185 if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
186 cp $shared_lib ${D}/${libdir}
187 fi
188 done
189
190 install -d ${D}/${includedir}/nss3
191 install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
192
193 install -d ${D}/${bindir}
194 for binary in ${TD}/${bindir}/*; do
195 install -m 755 -t ${D}/${bindir} $binary
196 done
197}
198do_install[vardepsexclude] += "SITEINFO_BITS"
199
200do_install_append() {
201 # Create empty .chk files for the NSS libraries at build time. They could
202 # be regenerated at target's boot time.
203 for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
204 touch ${D}/${libdir}/$file
205 chmod 755 ${D}/${libdir}/$file
206 done
207 install -D -m 755 ${WORKDIR}/signlibs.sh ${D}/${bindir}/signlibs.sh
208
209 install -d ${D}${libdir}/pkgconfig/
210 sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
211 sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
212 sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
213 sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
214 sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
215}
216
217do_install_append_class-target() {
218 # It used to call certutil to create a blank certificate with empty password at
219 # build time, but the checksum of key4.db changes every time when certutil is called.
220 # It causes non-determinism issue, so provide databases with a blank certificate
221 # which are originally from output of nss in qemux86-64 build. You can get these
222 # databases by:
223 # certutil -N -d sql:/database/path/ --empty-password
224 install -d ${D}${sysconfdir}/pki/nssdb/
225 install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
226 install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
227 install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
228}
229
230PACKAGE_WRITE_DEPS += "nss-native"
231pkg_postinst_${PN} () {
232 if [ -n "$D" ]; then
233 for I in $D${libdir}/lib*.chk; do
234 DN=`dirname $I`
235 BN=`basename $I .chk`
236 FN=$DN/$BN.so
237 shlibsign -i $FN
238 if [ $? -ne 0 ]; then
239 exit 1
240 fi
241 done
242 else
243 signlibs.sh
244 fi
245}
246
247PACKAGES =+ "${PN}-smime"
248FILES_${PN}-smime = "\
249 ${bindir}/smime \
250"
251FILES_${PN} = "\
252 ${sysconfdir} \
253 ${bindir} \
254 ${libdir}/lib*.chk \
255 ${libdir}/lib*.so \
256 "
257FILES_${PN}-dev = "\
258 ${libdir}/nss \
259 ${libdir}/pkgconfig/* \
260 ${includedir}/* \
261 "
262
263BBCLASSEXTEND = "native nativesdk"
264