Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / 32b11995a9447d927862951d29db38455f9e0205 / . / meta-openembedded / meta-oe / recipes-support / nss / nss_3.63.bb
blob: ab2c43d01942d68be6c5661c941d44f2b631a468 [file] [log] [blame]
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]1SUMMARY = "Mozilla's SSL and TLS implementation"
2DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
3designed to support cross-platform development of \
4security-enabled client and server applications. \
5Applications built with NSS can support SSL v2 and v3, \
6TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
7v3 certificates, and other security standards."
8HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/"
9SECTION = "libs"
10
11DEPENDS = "sqlite3 nspr zlib nss-native"
12DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
13
14LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)"
15
16LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
17 file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
18 file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
19
20VERSION_DIR = "${@d.getVar('BP').upper().replace('-', '_').replace('.', '_') + '_RTM'}"
21
22SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSION_DIR}/src/${BP}.tar.gz \
23 file://nss.pc.in \
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]24 file://0001-nss-fix-support-cross-compiling.patch \
25 file://nss-no-rpath-for-cross-compiling.patch \
26 file://nss-fix-incorrect-shebang-of-perl.patch \
27 file://disable-Wvarargs-with-clang.patch \
28 file://pqg.c-ULL_addend.patch \
29 file://blank-cert9.db \
30 file://blank-key4.db \
31 file://system-pkcs11.txt \
32 file://nss-fix-nsinstall-build.patch \
33 file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]34 "
Andrew Geissler32b11992021-03-31 13:37:05 -0500[diff] [blame^]35SRC_URI[sha256sum] = "182d2fef629102ae9423aabf2c192242b565cf5098e82c5a26cf70c5e4ea2221"
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]36
37UPSTREAM_CHECK_URI = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases"
38UPSTREAM_CHECK_REGEX = "NSS_(?P<pver>.+)_release_notes"
39
40inherit siteinfo
41
42TD = "${S}/tentative-dist"
43TDS = "${S}/tentative-dist-staging"
44
Andrew Geissler7f40b712020-05-15 14:09:53 -0500[diff] [blame]45# cortex-a55 is ARMv8.2-a based but libatomic explicitly asks for -march=armv8.1-a
46# which caused -march conflicts in gcc
47TUNE_CCARGS_remove = "-mcpu=cortex-a55+crc -mcpu=cortex-a55 -mcpu=cortex-a55+crc+crypto"
48
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]49TARGET_CC_ARCH += "${LDFLAGS}"
50
51do_configure_prepend_libc-musl () {
52 sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
53}
54
Andrew Geissler97771a32021-03-05 15:23:11 -0600[diff] [blame]55do_configure_prepend_powerpc64le_toolchain-clang () {
56 sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
57}
58
59do_configure_prepend_powerpc64_toolchain-clang () {
60 sed -i -e 's/\-std=c99/\-std=gnu99/g' ${S}/nss/coreconf/command.mk
61}
62
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]63do_compile_prepend_class-native() {
64 export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}/nspr
65 export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]66}
67
68do_compile_prepend_class-nativesdk() {
69 export LDFLAGS=""
70}
71
72do_compile_prepend_class-native() {
73 # Need to set RPATH so that chrpath will do its job correctly
74 RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE} -Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
75}
76
77do_compile() {
78 export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr
79
80 export CROSS_COMPILE=1
81 export NATIVE_CC="${BUILD_CC}"
82 # Additional defines needed on Centos 7
83 export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux"
84 export BUILD_OPT=1
85
Andrew Geissler97771a32021-03-05 15:23:11 -0600[diff] [blame]86 # POSIX.1-2001 states that the behaviour of getcwd() when passing a null
87 # pointer as the buf argument, is unspecified.
88 export NATIVE_FLAGS="${NATIVE_FLAGS} -DGETCWD_CANT_MALLOC"
89
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]90 export FREEBL_NO_DEPEND=1
91 export FREEBL_LOWHASH=1
92
93 export LIBDIR=${libdir}
94 export MOZILLA_CLIENT=1
95 export NS_USE_GCC=1
96 export NSS_USE_SYSTEM_SQLITE=1
97 export NSS_ENABLE_ECC=1
98
99 ${@bb.utils.contains("TUNE_FEATURES", "crypto", "export NSS_USE_ARM_HW_CRYPTO=1", "", d)}
100
101 export OS_RELEASE=3.4
102 export OS_TARGET=Linux
103 export OS_ARCH=Linux
104
105 if [ "${TARGET_ARCH}" = "powerpc" ]; then
106 OS_TEST=ppc
Andrew Geissler97771a32021-03-05 15:23:11 -0600[diff] [blame]107 elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]108 OS_TEST=ppc64
109 elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
110 OS_TEST=mips
111 elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
112 OS_TEST="aarch64"
113 else
114 OS_TEST="${TARGET_ARCH}"
115 fi
116
117 if [ "${SITEINFO_BITS}" = "64" ]; then
118 export USE_64=1
119 elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
120 export USE_X32=1
121 fi
122
123 export NSS_DISABLE_GTESTS=1
Andrew Geissler32b11992021-03-31 13:37:05 -0500[diff] [blame^]124 # see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99420
125 export NSS_ENABLE_WERROR=0
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]126 # We can modify CC in the environment, but if we set it via an
127 # argument to make, nsinstall, a host program, will also build with it!
128 #
129 # nss pretty much does its own thing with CFLAGS, so we put them into CC.
130 # Optimization will get clobbered, but most of the stuff will survive.
131 # The motivation for this is to point to the correct place for debug
132 # source files and CFLAGS does that. Nothing uses CCC.
133 #
134 export CC="${CC} ${CFLAGS}"
135 make -C ./nss CCC="${CXX} -g" \
136 OS_TEST=${OS_TEST} \
Andrew Geissler748a4832020-07-24 16:24:21 -0500[diff] [blame]137 RPATH="${RPATH}" \
138 autobuild
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]139}
140
141do_compile[vardepsexclude] += "SITEINFO_BITS"
142
143do_install_prepend_class-nativesdk() {
144 export LDFLAGS=""
145}
146
147do_install() {
148 export CROSS_COMPILE=1
149 export NATIVE_CC="${BUILD_CC}"
150 export BUILD_OPT=1
151
152 export FREEBL_NO_DEPEND=1
153
154 export LIBDIR=${libdir}
155 export MOZILLA_CLIENT=1
156 export NS_USE_GCC=1
157 export NSS_USE_SYSTEM_SQLITE=1
158 export NSS_ENABLE_ECC=1
159
160 export OS_RELEASE=3.4
161 export OS_TARGET=Linux
162 export OS_ARCH=Linux
163
164 if [ "${TARGET_ARCH}" = "powerpc" ]; then
165 OS_TEST=ppc
Andrew Geissler97771a32021-03-05 15:23:11 -0600[diff] [blame]166 elif [ "${TARGET_ARCH}" = "powerpc64" -o "${TARGET_ARCH}" = "powerpc64le" ]; then
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]167 OS_TEST=ppc64
168 elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o "${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
169 OS_TEST=mips
170 elif [ "${TARGET_ARCH}" = "aarch64_be" ]; then
171 CPU_ARCH=aarch64
172 OS_TEST="aarch64"
173 else
174 OS_TEST="${TARGET_ARCH}"
175 fi
176 if [ "${SITEINFO_BITS}" = "64" ]; then
177 export USE_64=1
178 elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
179 export USE_X32=1
180 fi
181
182 export NSS_DISABLE_GTESTS=1
183
184 make -C ./nss \
185 CCC="${CXX}" \
186 OS_TEST=${OS_TEST} \
187 SOURCE_LIB_DIR="${TD}/${libdir}" \
188 SOURCE_BIN_DIR="${TD}/${bindir}" \
189 install
190
191 install -d ${D}/${libdir}/
192 for file in ${S}/dist/*.OBJ/lib/*.so; do
193 echo "Installing `basename $file`..."
194 cp $file ${D}/${libdir}/
195 done
196
197 for shared_lib in ${TD}/${libdir}/*.so.*; do
198 if [ -f $shared_lib ]; then
199 cp $shared_lib ${D}/${libdir}
200 ln -sf $(basename $shared_lib) ${D}/${libdir}/$(basename $shared_lib .1oe)
201 fi
202 done
203 for shared_lib in ${TD}/${libdir}/*.so; do
204 if [ -f $shared_lib -a ! -e ${D}/${libdir}/$shared_lib ]; then
205 cp $shared_lib ${D}/${libdir}
206 fi
207 done
208
209 install -d ${D}/${includedir}/nss3
210 install -m 644 -t ${D}/${includedir}/nss3 dist/public/nss/*
211
212 install -d ${D}/${bindir}
213 for binary in ${TD}/${bindir}/*; do
214 install -m 755 -t ${D}/${bindir} $binary
215 done
216}
217
218do_install[vardepsexclude] += "SITEINFO_BITS"
219
220do_install_append() {
221 # Create empty .chk files for the NSS libraries at build time. They could
222 # be regenerated at target's boot time.
223 for file in libsoftokn3.chk libfreebl3.chk libnssdbm3.chk; do
224 touch ${D}/${libdir}/$file
225 chmod 755 ${D}/${libdir}/$file
226 done
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]227
228 install -d ${D}${libdir}/pkgconfig/
229 sed 's/%NSS_VERSION%/${PV}/' ${WORKDIR}/nss.pc.in | sed 's/%NSPR_VERSION%/4.9.2/' > ${D}${libdir}/pkgconfig/nss.pc
230 sed -i s:OEPREFIX:${prefix}:g ${D}${libdir}/pkgconfig/nss.pc
231 sed -i s:OEEXECPREFIX:${exec_prefix}:g ${D}${libdir}/pkgconfig/nss.pc
232 sed -i s:OELIBDIR:${libdir}:g ${D}${libdir}/pkgconfig/nss.pc
233 sed -i s:OEINCDIR:${includedir}/nss3:g ${D}${libdir}/pkgconfig/nss.pc
234}
235
236do_install_append_class-target() {
237 # It used to call certutil to create a blank certificate with empty password at
238 # build time, but the checksum of key4.db changes every time when certutil is called.
239 # It causes non-determinism issue, so provide databases with a blank certificate
240 # which are originally from output of nss in qemux86-64 build. You can get these
241 # databases by:
242 # certutil -N -d sql:/database/path/ --empty-password
243 install -d ${D}${sysconfdir}/pki/nssdb/
244 install -m 0644 ${WORKDIR}/blank-cert9.db ${D}${sysconfdir}/pki/nssdb/cert9.db
245 install -m 0644 ${WORKDIR}/blank-key4.db ${D}${sysconfdir}/pki/nssdb/key4.db
246 install -m 0644 ${WORKDIR}/system-pkcs11.txt ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
247}
248
249PACKAGE_WRITE_DEPS += "nss-native"
Andrew Geisslerd688a012020-09-18 13:36:00 -0500[diff] [blame]250
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]251pkg_postinst_${PN} () {
Andrew Geisslerd688a012020-09-18 13:36:00 -0500[diff] [blame]252 for I in $D${libdir}/lib*.chk; do
253 DN=`dirname $I`
254 BN=`basename $I .chk`
255 FN=$DN/$BN.so
256 shlibsign -i $FN
257 if [ $? -ne 0 ]; then
258 echo "shlibsign -i $FN failed"
259 fi
260 done
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]261}
262
263PACKAGES =+ "${PN}-smime"
264FILES_${PN}-smime = "\
265 ${bindir}/smime \
266"
267
268FILES_${PN} = "\
269 ${sysconfdir} \
270 ${bindir} \
271 ${libdir}/lib*.chk \
272 ${libdir}/lib*.so \
273 "
274
275FILES_${PN}-dev = "\
276 ${libdir}/nss \
277 ${libdir}/pkgconfig/* \
278 ${includedir}/* \
279 "
280
281RDEPENDS_${PN}-smime = "perl"
282
283BBCLASSEXTEND = "native nativesdk"