On Tue, 2018-10-02 at 23:29 +0800, Kang Kai wrote: > On 2018年09月29日 20:44, Richard Purdie wrote: > > On Sat, 2018-09-29 at 13:43 +0800, [email protected] wrote: > > > From: Kai Kang <[email protected]> > > > > > > There is a multilib install file conflict of nss: > > > > file /etc/pki/nssdb/key4.db conflicts between attempted > > > > installs of > > > > lib32-nss-3.38-r0.corei7_32 and nss-3.38-r0.corei7_64 > > > > > > Move the creation of blank certificates to pkg_postinst. And > > > check if > > > certificates exist already, don't re-create them. > > > > > > Signed-off-by: Kai Kang <[email protected]> > > > --- > > > meta/recipes-support/nss/nss_3.38.bb | 32 +++++++++++++++++----- > > > ---- > > > -- > > > 1 file changed, 20 insertions(+), 12 deletions(-) > > > > This does raise a question - why aren't the generated files the > > same? > > Is there a determinism problem here? This sounds like the image > > would > > change with each build and couldn't be reproduced so we have a > > bigger > > problem? > > It calls certutil to create blank certificates: > > certutil -N -d sql:${D}${sysconfdir}/pki/nssdb/ -f ./empty_password > > It should be current time related that create blank certificates in > current directory, the key4.db files are different: > > kkang@msp-lpggp1:~/buildarea/bar-build > $ touch empty > kkang@msp-lpggp1:~/buildarea/bar-build > $ ./tmp/sysroots-components/x86_64/nss-native/usr/bin/certutil -N -d > sql:./ -f ./empty > password file contains no data > kkang@msp-lpggp1:~/buildarea/bar-build > $ md5sum *.db > 1de1260b3f38349a8633d33acd4e4de7 cert9.db > *7fea1d4dbc99db3ba1b72e30428eb5dc key4.db* > kkang@msp-lpggp1:~/buildarea/bar-build > $ rm *.db > kkang@msp-lpggp1:~/buildarea/bar-build > $ ./tmp/sysroots-components/x86_64/nss-native/usr/bin/certutil -N -d > sql:./ -f ./empty > password file contains no data > kkang@msp-lpggp1:~/buildarea/bar-build > $ md5sum *.db > 1de1260b3f38349a8633d33acd4e4de7 cert9.db > *9fbbae3e2d65d29f51e357a2dc4650a2 key4.db*
Can we generate them with a known standard time then? Is there some way to specify that or can we add one? Cheers, Richard -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
