From: Kang Kai <Kai.Kang@windriver.com>
To: <richard.purdie@linuxfoundation.org>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 05/10] nss: move create blank certificates to pkg_postinst
Date: Wed, 3 Oct 2018 00:33:08 +0800 [thread overview]
Message-ID: <6264de7e-af2d-6933-698b-53a0ecdef665@windriver.com> (raw)
In-Reply-To: <fbc98892f7466c1855f79d66b78144d5e8105707.camel@linuxfoundation.org>
On 2018年10月02日 23:53, richard.purdie@linuxfoundation.org wrote:
> On Tue, 2018-10-02 at 23:29 +0800, Kang Kai wrote:
>> On 2018年09月29日 20:44, Richard Purdie wrote:
>>> On Sat, 2018-09-29 at 13:43 +0800, kai.kang@windriver.com wrote:
>>>> From: Kai Kang <kai.kang@windriver.com>
>>>>
>>>> There is a multilib install file conflict of nss:
>>>>> file /etc/pki/nssdb/key4.db conflicts between attempted
>>>>> installs of
>>>>> lib32-nss-3.38-r0.corei7_32 and nss-3.38-r0.corei7_64
>>>> Move the creation of blank certificates to pkg_postinst. And
>>>> check if
>>>> certificates exist already, don't re-create them.
>>>>
>>>> Signed-off-by: Kai Kang <kai.kang@windriver.com>
>>>> ---
>>>> meta/recipes-support/nss/nss_3.38.bb | 32 +++++++++++++++++-----
>>>> ----
>>>> --
>>>> 1 file changed, 20 insertions(+), 12 deletions(-)
>>> This does raise a question - why aren't the generated files the
>>> same?
>>> Is there a determinism problem here? This sounds like the image
>>> would
>>> change with each build and couldn't be reproduced so we have a
>>> bigger
>>> problem?
>>
>> It calls certutil to create blank certificates:
>>
>> certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password
>>
>> It should be current time related that create blank certificates in
>> current directory, the key4.db files are different:
>>
>> kkang@msp-lpggp1:~/buildarea/bar-build
>> $ touch empty
>> kkang@msp-lpggp1:~/buildarea/bar-build
>> $ ./tmp/sysroots-components/x86_64/nss-native/usr/bin/certutil -N -d
>> sql:./ -f ./empty
>> password file contains no data
>> kkang@msp-lpggp1:~/buildarea/bar-build
>> $ md5sum *.db
>> 1de1260b3f38349a8633d33acd4e4de7 cert9.db
>> *7fea1d4dbc99db3ba1b72e30428eb5dc key4.db*
>> kkang@msp-lpggp1:~/buildarea/bar-build
>> $ rm *.db
>> kkang@msp-lpggp1:~/buildarea/bar-build
>> $ ./tmp/sysroots-components/x86_64/nss-native/usr/bin/certutil -N -d
>> sql:./ -f ./empty
>> password file contains no data
>> kkang@msp-lpggp1:~/buildarea/bar-build
>> $ md5sum *.db
>> 1de1260b3f38349a8633d33acd4e4de7 cert9.db
>> *9fbbae3e2d65d29f51e357a2dc4650a2 key4.db*
> Can we generate them with a known standard time then? Is there some way
> to specify that or can we add one?
The md5sum of cert9.db are same but key4.db are different, so I have
been checking the source code of nss but no conclusion yet.
Regards,
Kai
>
> Cheers,
>
> Richard
>
--
Regards,
Neil | Kai Kang
next prev parent reply other threads:[~2018-10-02 16:36 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-29 5:43 [PATCH v2 00/10] Fix multilib install conflicts kai.kang
2018-09-29 5:43 ` [PATCH 01/10] cups: fix multilib install file conflicts kai.kang
2018-09-29 5:43 ` [PATCH 02/10] bind: " kai.kang
2018-09-29 5:43 ` [PATCH 03/10] man-db: fix multilib install file conflict kai.kang
2018-09-29 12:44 ` Richard Purdie
2018-09-30 1:02 ` Kang Kai
2018-09-29 5:43 ` [PATCH 04/10] groff: fix multilib install file conflicts kai.kang
2018-09-29 5:43 ` [PATCH 05/10] nss: move create blank certificates to pkg_postinst kai.kang
2018-09-29 12:44 ` Richard Purdie
2018-10-02 15:29 ` Kang Kai
2018-10-02 15:53 ` richard.purdie
2018-10-02 16:33 ` Kang Kai [this message]
2018-10-11 7:55 ` Kang Kai
2018-09-29 5:43 ` [PATCH 06/10] libcheck: avoid multilib install file conflict kai.kang
2018-09-29 12:42 ` Richard Purdie
2018-09-30 1:03 ` Kang Kai
2018-09-29 5:43 ` [PATCH 07/10] opkg-utils/update-alternatives: not warn same priorities for multilib kai.kang
2018-09-29 12:40 ` Richard Purdie
2018-09-29 5:43 ` [PATCH 08/10] os-release: fix install file conflict " kai.kang
2018-09-29 12:37 ` Richard Purdie
2018-09-30 1:07 ` Kang Kai
2018-09-29 5:43 ` [PATCH 09/10] gobject-introspection: fix multilib install file conflicts kai.kang
2018-09-29 5:43 ` [PATCH 10/10] vala: update vapigen-wrapper kai.kang
2018-09-29 12:33 ` Richard Purdie
2018-09-30 1:26 ` Kang Kai
-- strict thread matches above, loose matches on Subject: below --
2018-09-29 5:01 [PATCH 00/10] Fix multilib install conflicts kai.kang
2018-09-29 5:01 ` [PATCH 05/10] nss: move create blank certificates to pkg_postinst kai.kang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6264de7e-af2d-6933-698b-53a0ecdef665@windriver.com \
--to=kai.kang@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox