git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Kai Kang <kai.kang@windriver.com>
	Fri, 12 Oct 2018 02:08:44 +0000 (10:08 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 12 Oct 2018 15:57:21 +0000 (16:57 +0100)
commit	9e958c9023ab54b0b402f3316ad38d7492eff527
tree	4934d3bdbab0d1a66ea2e9ab6d1c830ad0856eb0	tree \| snapshot
parent	48df61b17167e266c0c7d6d37c6ecfb1caeb1516	commit \| diff

nss: fix non-determinism when create a blank certificate

It uses certutil from nss to create a blank certificate. But the
checksum of database file key4.db changes every time:

$ certutil -N -d sql:. --empty-password
$ md5sum *
f9dac2cfcb07cc8ca6db442a9a570906  cert9.db
b892c5ff7c1977d4728240b0cf628377  key4.db
7b9136cb03f07ae62eb213a5239fda71  pkcs11.txt
$ rm *

$ certutil -N -d sql:. --empty-password
$ md5sum *
f9dac2cfcb07cc8ca6db442a9a570906  cert9.db
405d55178e866a115c1aa975fccfa764  key4.db
7b9136cb03f07ae62eb213a5239fda71  pkcs11.txt

Provide pre-created databases with a blank certificate to fix
non-determinism issue. And these database files are from nss qemux86-64
build.

(From OE-Core rev: e64a30f7af87fa960b012ace92c51b88e8abae68)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-support/nss/nss/blank-cert9.db	[new file with mode: 0644]	blob
meta/recipes-support/nss/nss/blank-key4.db	[new file with mode: 0644]	blob
meta/recipes-support/nss/nss/system-pkcs11.txt	[new file with mode: 0644]	blob
meta/recipes-support/nss/nss_3.38.bb		diff \| blob \| blame \| history