nss: Create a nss database for agl-driver user

The change creates an empty db and allows other recipes
to add their own certificates when needed.

It will be needed by kuksa-val recipe for adding its root
CA certificate that will fix CA validation issues that are
happening on chromium.

v2 (jsmoeller): convert to own recipe to avoid modifying nss itself

Bug-AGL: SPEC-4599
Signed-off-by: Roger Zanoni <rzanoni@igalia.com>
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: I5a5e4ff24cb640580cff4c609ee6293acae64487

diff --git a/recipes-core/nss/nss-agl-driver-db_git.bb b/recipes-core/nss/nss-agl-driver-db_git.bb
new file mode 100644 (file)
index 0000000..ba203d4
--- /dev/null
+++ b/recipes-core/nss/nss-agl-driver-db_git.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Custom nss db hosting the kuksa certificates"
+DESCRIPTION = "Custom nss db hosting the kuksa certificates for chromium"
+AUTHOR = "Jan-Simon Moeller <jsmoeller@linuxfoundation.org>"
+HOMEPAGE = "https://git.automotivelinux.org"
+LICENSE = "MIT"
+DEPENDS = " agl-session nss-native"
+PV = "0.1"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+    mkdir -p ${D}/home/agl-driver/.pki/nssdb
+    certutil -N -d ${D}/home/agl-driver/.pki/nssdb --empty-password
+}
+
+pkg_postinst_ontarget:${PN} () {
+    chown agl-driver:agl-driver -R /home/agl-driver/.pki/
+}
+
+FILES:${PN} += "/home/agl-driver/.pki/*"