nss :improve reproducibility

- Explicitly requests the newer database `sql:' rather than
  retrieved from NSS_DEFAULT_DB_TYPE

- Removes build path prefix from pkcs11.txt

Refers certutil manual:
[certutil manual]
-d [prefix]directory
 Specify the database directory containing the certificate and key database files.
 certutil supports two types of databases: the legacy security databases (cert8.db,
  key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

 NSS recognizes the following prefixes:
  sql: requests the newer database
  dbm: requests the legacy database
 If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE.
 If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.
[certutil manual]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-support/nss/nss_3.38.bb b/meta/recipes-support/nss/nss_3.38.bb
index f3e5170a8940b22831b69a45cee43b40cb24bf53..904b621a073d6dde9b7006c5baba24c991cd1a91 100644 (file)
--- a/meta/recipes-support/nss/nss_3.38.bb
+++ b/meta/recipes-support/nss/nss_3.38.bb
@@ -215,9 +215,11 @@ do_install_append_class-target() {
     # Create a blank certificate
     mkdir -p ${D}${sysconfdir}/pki/nssdb/
     touch ./empty_password
-    certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
+    certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
     chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
     rm ./empty_password
+    # Remove build path prefix
+    sed -i "s:${D}::g"  ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
 }
 
 PACKAGE_WRITE_DEPS += "nss-native"