Merge commit 'b3c692172e5b5241b028a98e1977f9fb12eeaf42'

2 files changed, 169 insertions, 139 deletions

diff --git a/nixpkgs/pkgs/development/libraries/nss/3.53.nix b/nixpkgs/pkgs/development/libraries/nss/3.53.nix
index 5d44a4d2469d..4d22e9a1a7cf 100644
--- a/nixpkgs/pkgs/development/libraries/nss/3.53.nix
+++ b/nixpkgs/pkgs/development/libraries/nss/3.53.nix
@@ -1,4 +1,14 @@
-{ lib, stdenv, fetchurl, nspr, perl, zlib, sqlite, darwin, fixDarwinDylibNames, buildPackages, ninja
+{ lib
+, stdenv
+, fetchurl
+, nspr
+, perl
+, zlib
+, sqlite
+, darwin
+, fixDarwinDylibNames
+, buildPackages
+, ninja
 , # allow FIPS mode. Note that this makes the output non-reproducible.
   # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
   enableFIPS ? false
@@ -9,7 +19,8 @@ let
     url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";
     sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
   };
-in stdenv.mkDerivation rec {
+in
+stdenv.mkDerivation rec {
   pname = "nss";
   version = "3.53.1";
 
@@ -44,55 +55,58 @@ in stdenv.mkDerivation rec {
     substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep"
   '';
 
-  patches =
-    [
-      # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
-      ./85_security_load.patch
-      ./ckpem.patch
-      ./fix-cross-compilation.patch
-    ];
+  patches = [
+    # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
+    ./85_security_load.patch
+    ./ckpem.patch
+    ./fix-cross-compilation.patch
+  ];
 
   patchFlags = [ "-p0" ];
 
   postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
-     substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
-     substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
-   '';
+    substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
+    substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
+  '';
 
   outputs = [ "out" "dev" "tools" ];
 
   preConfigure = "cd nss";
 
-  buildPhase = let
-    getArch = platform: if platform.isx86_64 then "x64"
-          else if platform.isx86_32 then "ia32"
-          else if platform.isAarch32 then "arm"
-          else if platform.isAarch64 then "arm64"
-          else if platform.isPower && platform.is64bit then (
+  buildPhase =
+    let
+      getArch = platform:
+        if platform.isx86_64 then "x64"
+        else if platform.isx86_32 then "ia32"
+        else if platform.isAarch32 then "arm"
+        else if platform.isAarch64 then "arm64"
+        else if platform.isPower && platform.is64bit then
+          (
             if platform.isLittleEndian then "ppc64le" else "ppc64"
           )
-          else platform.parsed.cpu.name;
-    # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
-    target = getArch stdenv.hostPlatform;
-    host = getArch stdenv.buildPlatform;
-  in ''
-    runHook preBuild
-
-    sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
-    ./build.sh -v --opt \
-      --with-nspr=${nspr.dev}/include:${nspr.out}/lib \
-      --system-sqlite \
-      --enable-legacy-db \
-      --target ${target} \
-      -Dhost_arch=${host} \
-      -Duse_system_zlib=1 \
-      --enable-libpkix \
-      ${lib.optionalString enableFIPS "--enable-fips"} \
-      ${lib.optionalString stdenv.isDarwin "--clang"} \
-      ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
-
-    runHook postBuild
-  '';
+        else platform.parsed.cpu.name;
+      # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
+      target = getArch stdenv.hostPlatform;
+      host = getArch stdenv.buildPlatform;
+    in
+    ''
+      runHook preBuild
+
+      sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
+      ./build.sh -v --opt \
+        --with-nspr=${nspr.dev}/include:${nspr.out}/lib \
+        --system-sqlite \
+        --enable-legacy-db \
+        --target ${target} \
+        -Dhost_arch=${host} \
+        -Duse_system_zlib=1 \
+        --enable-libpkix \
+        ${lib.optionalString enableFIPS "--enable-fips"} \
+        ${lib.optionalString stdenv.isDarwin "--clang"} \
+        ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
+
+      runHook postBuild
+    '';
 
   NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\"";
 
@@ -130,36 +144,38 @@ in stdenv.mkDerivation rec {
     chmod 0755 $out/bin/nss-config
   '';
 
-  postFixup = let
-    isCross = stdenv.hostPlatform != stdenv.buildPlatform;
-    nss = if isCross then buildPackages.nss.tools else "$out";
-  in
-  (lib.optionalString enableFIPS (''
-    for libname in freebl3 nssdbm3 softokn3
-    do '' +
+  postFixup =
+    let
+      isCross = stdenv.hostPlatform != stdenv.buildPlatform;
+      nss = if isCross then buildPackages.nss.tools else "$out";
+    in
+    (lib.optionalString enableFIPS (''
+      for libname in freebl3 nssdbm3 softokn3
+      do '' +
     (if stdenv.isDarwin
-     then ''
-       libfile="$out/lib/lib$libname.dylib"
-       DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
-     '' else ''
-       libfile="$out/lib/lib$libname.so"
-       LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
-     '') + ''
-        ${nss}/bin/shlibsign -v -i "$libfile"
-    done
-  '')) +
-  ''
-    moveToOutput bin "$tools"
-    moveToOutput bin/nss-config "$dev"
-    moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
-    rm -f "$out"/lib/*.a
-
-    runHook postInstall
-  '';
+    then ''
+      libfile="$out/lib/lib$libname.dylib"
+      DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
+    '' else ''
+      libfile="$out/lib/lib$libname.so"
+      LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
+    '') + ''
+          ${nss}/bin/shlibsign -v -i "$libfile"
+      done
+    '')) +
+    ''
+      moveToOutput bin "$tools"
+      moveToOutput bin/nss-config "$dev"
+      moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
+      rm -f "$out"/lib/*.a
+
+      runHook postInstall
+    '';
 
   meta = with lib; {
-    homepage = "https://developer.mozilla.org/en-US/docs/NSS";
+    homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS";
     description = "A set of libraries for development of security-enabled client and server applications";
+    maintainers = with maintainers; [ ];
     license = licenses.mpl20;
     platforms = platforms.all;
   };
diff --git a/nixpkgs/pkgs/development/libraries/nss/default.nix b/nixpkgs/pkgs/development/libraries/nss/default.nix
index ced72d33e17d..2df6214ab091 100644
--- a/nixpkgs/pkgs/development/libraries/nss/default.nix
+++ b/nixpkgs/pkgs/development/libraries/nss/default.nix
@@ -1,7 +1,16 @@
-{ lib, stdenv, fetchurl, nspr, perl, zlib
-, sqlite, ninja
-, darwin, fixDarwinDylibNames, buildPackages
-, useP11kit ? true, p11-kit
+{ lib
+, stdenv
+, fetchurl
+, nspr
+, perl
+, zlib
+, sqlite
+, ninja
+, darwin
+, fixDarwinDylibNames
+, buildPackages
+, useP11kit ? true
+, p11-kit
 , # allow FIPS mode. Note that this makes the output non-reproducible.
   # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
   enableFIPS ? false
@@ -18,16 +27,16 @@ let
   #       It will rebuild itself using the version of this package (NSS) and if
   #       an update is required do the required changes to the expression.
   #       Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert
-  version = "3.67";
-  underscoreVersion = builtins.replaceStrings ["."] ["_"] version;
+  version = "3.68";
 
-in stdenv.mkDerivation rec {
+in
+stdenv.mkDerivation rec {
   pname = "nss";
   inherit version;
 
   src = fetchurl {
-    url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz";
-    sha256 = "0zyfi27lbdz1bmk9dmsivcya4phx25rzlxqcnjab69yd928rlm7n";
+    url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings [ "." ] [ "_" ] version}_RTM/src/${pname}-${version}.tar.gz";
+    sha256 = "0nvj7h2brcw21p1z99nrsxka056d0r1yy9nqqg0lw0w3mhnb60n4";
   };
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
@@ -56,55 +65,58 @@ in stdenv.mkDerivation rec {
     substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep"
   '';
 
-  patches =
-    [
-      # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
-      ./85_security_load.patch
-      ./ckpem.patch
-      ./fix-cross-compilation.patch
-    ];
+  patches = [
+    # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
+    ./85_security_load.patch
+    ./ckpem.patch
+    ./fix-cross-compilation.patch
+  ];
 
   patchFlags = [ "-p0" ];
 
   postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
-     substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
-     substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
-   '';
+    substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
+    substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
+  '';
 
   outputs = [ "out" "dev" "tools" ];
 
   preConfigure = "cd nss";
 
-  buildPhase = let
-    getArch = platform: if platform.isx86_64 then "x64"
-          else if platform.isx86_32 then "ia32"
-          else if platform.isAarch32 then "arm"
-          else if platform.isAarch64 then "arm64"
-          else if platform.isPower && platform.is64bit then (
+  buildPhase =
+    let
+      getArch = platform:
+        if platform.isx86_64 then "x64"
+        else if platform.isx86_32 then "ia32"
+        else if platform.isAarch32 then "arm"
+        else if platform.isAarch64 then "arm64"
+        else if platform.isPower && platform.is64bit then
+          (
             if platform.isLittleEndian then "ppc64le" else "ppc64"
           )
-          else platform.parsed.cpu.name;
-    # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
-    target = getArch stdenv.hostPlatform;
-    host = getArch stdenv.buildPlatform;
-  in ''
-    runHook preBuild
-
-    sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
-    ./build.sh -v --opt \
-      --with-nspr=${nspr.dev}/include:${nspr.out}/lib \
-      --system-sqlite \
-      --enable-legacy-db \
-      --target ${target} \
-      -Dhost_arch=${host} \
-      -Duse_system_zlib=1 \
-      --enable-libpkix \
-      ${lib.optionalString enableFIPS "--enable-fips"} \
-      ${lib.optionalString stdenv.isDarwin "--clang"} \
-      ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
-
-    runHook postBuild
-  '';
+        else platform.parsed.cpu.name;
+      # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
+      target = getArch stdenv.hostPlatform;
+      host = getArch stdenv.buildPlatform;
+    in
+    ''
+      runHook preBuild
+
+      sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
+      ./build.sh -v --opt \
+        --with-nspr=${nspr.dev}/include:${nspr.out}/lib \
+        --system-sqlite \
+        --enable-legacy-db \
+        --target ${target} \
+        -Dhost_arch=${host} \
+        -Duse_system_zlib=1 \
+        --enable-libpkix \
+        ${lib.optionalString enableFIPS "--enable-fips"} \
+        ${lib.optionalString stdenv.isDarwin "--clang"} \
+        ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
+
+      runHook postBuild
+    '';
 
   NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\" " + lib.optionalString stdenv.hostPlatform.is64bit "-DNSS_USE_64=1";
 
@@ -147,36 +159,38 @@ in stdenv.mkDerivation rec {
     ln -sf ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi.so
   '';
 
-  postFixup = let
-    isCross = stdenv.hostPlatform != stdenv.buildPlatform;
-    nss = if isCross then buildPackages.nss.tools else "$out";
-  in
-  (lib.optionalString enableFIPS (''
-    for libname in freebl3 nssdbm3 softokn3
-    do '' +
+  postFixup =
+    let
+      isCross = stdenv.hostPlatform != stdenv.buildPlatform;
+      nss = if isCross then buildPackages.nss.tools else "$out";
+    in
+    (lib.optionalString enableFIPS (''
+      for libname in freebl3 nssdbm3 softokn3
+      do '' +
     (if stdenv.isDarwin
-     then ''
-       libfile="$out/lib/lib$libname.dylib"
-       DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
-     '' else ''
-       libfile="$out/lib/lib$libname.so"
-       LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
-     '') + ''
-        ${nss}/bin/shlibsign -v -i "$libfile"
-    done
-  '')) +
-  ''
-    moveToOutput bin "$tools"
-    moveToOutput bin/nss-config "$dev"
-    moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
-    rm -f "$out"/lib/*.a
-
-    runHook postInstall
-  '';
+    then ''
+      libfile="$out/lib/lib$libname.dylib"
+      DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
+    '' else ''
+      libfile="$out/lib/lib$libname.so"
+      LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
+    '') + ''
+          ${nss}/bin/shlibsign -v -i "$libfile"
+      done
+    '')) +
+    ''
+      moveToOutput bin "$tools"
+      moveToOutput bin/nss-config "$dev"
+      moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
+      rm -f "$out"/lib/*.a
+
+      runHook postInstall
+    '';
 
   meta = with lib; {
-    homepage = "https://developer.mozilla.org/en-US/docs/NSS";
+    homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS";
     description = "A set of libraries for development of security-enabled client and server applications";
+    maintainers = with maintainers; [ ];
     license = licenses.mpl20;
     platforms = platforms.all;
   };