diff options
authorHongxu Jia <>2018-08-27 23:31:26 +0800
committerRichard Purdie <>2018-08-29 10:40:08 +0100
commite9b99efe4b5cf7e810156f7bb55736e01be36a45 (patch)
parent9bc3a8ec4a007fe75dc8f44faf6357517b1fb020 (diff)
nss :improve reproducibility
- Explicitly requests the newer database `sql:' rather than retrieved from NSS_DEFAULT_DB_TYPE - Removes build path prefix from pkcs11.txt Refers certutil manual: [certutil manual] -d [prefix]directory Specify the database directory containing the certificate and key database files. certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). NSS recognizes the following prefixes: sql: requests the newer database dbm: requests the legacy database If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. [certutil manual] Signed-off-by: Hongxu Jia <> Signed-off-by: Richard Purdie <>
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-support/nss/ b/meta/recipes-support/nss/
index f3e5170a89..904b621a07 100644
--- a/meta/recipes-support/nss/
+++ b/meta/recipes-support/nss/
@@ -215,9 +215,11 @@ do_install_append_class-target() {
# Create a blank certificate
mkdir -p ${D}${sysconfdir}/pki/nssdb/
touch ./empty_password
- certutil -N -d ${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
+ certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
chmod 644 ${D}${sysconfdir}/pki/nssdb/*.db
rm ./empty_password
+ # Remove build path prefix
+ sed -i "s:${D}::g" ${D}${sysconfdir}/pki/nssdb/pkcs11.txt
PACKAGE_WRITE_DEPS += "nss-native"