diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-09-08 17:57:14 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-09-13 11:31:47 +0000 |
commit | ee7984efa14902a2ddd820c937457667a4f40c6a (patch) | |
tree | c9c1d046733cefe5e21fdd8a52104175d47b2443 /nixpkgs/pkgs/development/libraries/nss | |
parent | ffc9d4ba381da62fd08b361bacd1e71e2a3d934d (diff) | |
parent | b3c692172e5b5241b028a98e1977f9fb12eeaf42 (diff) | |
download | nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.tar nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.tar.gz nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.tar.bz2 nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.tar.lz nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.tar.xz nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.tar.zst nixlib-ee7984efa14902a2ddd820c937457667a4f40c6a.zip |
Merge commit 'b3c692172e5b5241b028a98e1977f9fb12eeaf42'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/nss')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/3.53.nix | 148 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/default.nix | 160 |
2 files changed, 169 insertions, 139 deletions
diff --git a/nixpkgs/pkgs/development/libraries/nss/3.53.nix b/nixpkgs/pkgs/development/libraries/nss/3.53.nix index 5d44a4d2469d..4d22e9a1a7cf 100644 --- a/nixpkgs/pkgs/development/libraries/nss/3.53.nix +++ b/nixpkgs/pkgs/development/libraries/nss/3.53.nix @@ -1,4 +1,14 @@ -{ lib, stdenv, fetchurl, nspr, perl, zlib, sqlite, darwin, fixDarwinDylibNames, buildPackages, ninja +{ lib +, stdenv +, fetchurl +, nspr +, perl +, zlib +, sqlite +, darwin +, fixDarwinDylibNames +, buildPackages +, ninja , # allow FIPS mode. Note that this makes the output non-reproducible. # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6 enableFIPS ? false @@ -9,7 +19,8 @@ let url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "nss"; version = "3.53.1"; @@ -44,55 +55,58 @@ in stdenv.mkDerivation rec { substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" ''; - patches = - [ - # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - ./85_security_load.patch - ./ckpem.patch - ./fix-cross-compilation.patch - ]; + patches = [ + # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch + ./85_security_load.patch + ./ckpem.patch + ./fix-cross-compilation.patch + ]; patchFlags = [ "-p0" ]; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' - substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" - substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" - ''; + substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" + substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" + ''; outputs = [ "out" "dev" "tools" ]; preConfigure = "cd nss"; - buildPhase = let - getArch = platform: if platform.isx86_64 then "x64" - else if platform.isx86_32 then "ia32" - else if platform.isAarch32 then "arm" - else if platform.isAarch64 then "arm64" - else if platform.isPower && platform.is64bit then ( + buildPhase = + let + getArch = platform: + if platform.isx86_64 then "x64" + else if platform.isx86_32 then "ia32" + else if platform.isAarch32 then "arm" + else if platform.isAarch64 then "arm64" + else if platform.isPower && platform.is64bit then + ( if platform.isLittleEndian then "ppc64le" else "ppc64" ) - else platform.parsed.cpu.name; - # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on - target = getArch stdenv.hostPlatform; - host = getArch stdenv.buildPlatform; - in '' - runHook preBuild - - sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh - ./build.sh -v --opt \ - --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ - --system-sqlite \ - --enable-legacy-db \ - --target ${target} \ - -Dhost_arch=${host} \ - -Duse_system_zlib=1 \ - --enable-libpkix \ - ${lib.optionalString enableFIPS "--enable-fips"} \ - ${lib.optionalString stdenv.isDarwin "--clang"} \ - ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} - - runHook postBuild - ''; + else platform.parsed.cpu.name; + # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on + target = getArch stdenv.hostPlatform; + host = getArch stdenv.buildPlatform; + in + '' + runHook preBuild + + sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh + ./build.sh -v --opt \ + --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ + --system-sqlite \ + --enable-legacy-db \ + --target ${target} \ + -Dhost_arch=${host} \ + -Duse_system_zlib=1 \ + --enable-libpkix \ + ${lib.optionalString enableFIPS "--enable-fips"} \ + ${lib.optionalString stdenv.isDarwin "--clang"} \ + ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} + + runHook postBuild + ''; NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\""; @@ -130,36 +144,38 @@ in stdenv.mkDerivation rec { chmod 0755 $out/bin/nss-config ''; - postFixup = let - isCross = stdenv.hostPlatform != stdenv.buildPlatform; - nss = if isCross then buildPackages.nss.tools else "$out"; - in - (lib.optionalString enableFIPS ('' - for libname in freebl3 nssdbm3 softokn3 - do '' + + postFixup = + let + isCross = stdenv.hostPlatform != stdenv.buildPlatform; + nss = if isCross then buildPackages.nss.tools else "$out"; + in + (lib.optionalString enableFIPS ('' + for libname in freebl3 nssdbm3 softokn3 + do '' + (if stdenv.isDarwin - then '' - libfile="$out/lib/lib$libname.dylib" - DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '' else '' - libfile="$out/lib/lib$libname.so" - LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '') + '' - ${nss}/bin/shlibsign -v -i "$libfile" - done - '')) + - '' - moveToOutput bin "$tools" - moveToOutput bin/nss-config "$dev" - moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example - rm -f "$out"/lib/*.a - - runHook postInstall - ''; + then '' + libfile="$out/lib/lib$libname.dylib" + DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '' else '' + libfile="$out/lib/lib$libname.so" + LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '') + '' + ${nss}/bin/shlibsign -v -i "$libfile" + done + '')) + + '' + moveToOutput bin "$tools" + moveToOutput bin/nss-config "$dev" + moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example + rm -f "$out"/lib/*.a + + runHook postInstall + ''; meta = with lib; { - homepage = "https://developer.mozilla.org/en-US/docs/NSS"; + homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"; description = "A set of libraries for development of security-enabled client and server applications"; + maintainers = with maintainers; [ ]; license = licenses.mpl20; platforms = platforms.all; }; diff --git a/nixpkgs/pkgs/development/libraries/nss/default.nix b/nixpkgs/pkgs/development/libraries/nss/default.nix index ced72d33e17d..2df6214ab091 100644 --- a/nixpkgs/pkgs/development/libraries/nss/default.nix +++ b/nixpkgs/pkgs/development/libraries/nss/default.nix @@ -1,7 +1,16 @@ -{ lib, stdenv, fetchurl, nspr, perl, zlib -, sqlite, ninja -, darwin, fixDarwinDylibNames, buildPackages -, useP11kit ? true, p11-kit +{ lib +, stdenv +, fetchurl +, nspr +, perl +, zlib +, sqlite +, ninja +, darwin +, fixDarwinDylibNames +, buildPackages +, useP11kit ? true +, p11-kit , # allow FIPS mode. Note that this makes the output non-reproducible. # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6 enableFIPS ? false @@ -18,16 +27,16 @@ let # It will rebuild itself using the version of this package (NSS) and if # an update is required do the required changes to the expression. # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert - version = "3.67"; - underscoreVersion = builtins.replaceStrings ["."] ["_"] version; + version = "3.68"; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "nss"; inherit version; src = fetchurl { - url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "0zyfi27lbdz1bmk9dmsivcya4phx25rzlxqcnjab69yd928rlm7n"; + url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings [ "." ] [ "_" ] version}_RTM/src/${pname}-${version}.tar.gz"; + sha256 = "0nvj7h2brcw21p1z99nrsxka056d0r1yy9nqqg0lw0w3mhnb60n4"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -56,55 +65,58 @@ in stdenv.mkDerivation rec { substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" ''; - patches = - [ - # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - ./85_security_load.patch - ./ckpem.patch - ./fix-cross-compilation.patch - ]; + patches = [ + # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch + ./85_security_load.patch + ./ckpem.patch + ./fix-cross-compilation.patch + ]; patchFlags = [ "-p0" ]; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' - substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" - substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" - ''; + substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" + substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" + ''; outputs = [ "out" "dev" "tools" ]; preConfigure = "cd nss"; - buildPhase = let - getArch = platform: if platform.isx86_64 then "x64" - else if platform.isx86_32 then "ia32" - else if platform.isAarch32 then "arm" - else if platform.isAarch64 then "arm64" - else if platform.isPower && platform.is64bit then ( + buildPhase = + let + getArch = platform: + if platform.isx86_64 then "x64" + else if platform.isx86_32 then "ia32" + else if platform.isAarch32 then "arm" + else if platform.isAarch64 then "arm64" + else if platform.isPower && platform.is64bit then + ( if platform.isLittleEndian then "ppc64le" else "ppc64" ) - else platform.parsed.cpu.name; - # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on - target = getArch stdenv.hostPlatform; - host = getArch stdenv.buildPlatform; - in '' - runHook preBuild - - sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh - ./build.sh -v --opt \ - --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ - --system-sqlite \ - --enable-legacy-db \ - --target ${target} \ - -Dhost_arch=${host} \ - -Duse_system_zlib=1 \ - --enable-libpkix \ - ${lib.optionalString enableFIPS "--enable-fips"} \ - ${lib.optionalString stdenv.isDarwin "--clang"} \ - ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} - - runHook postBuild - ''; + else platform.parsed.cpu.name; + # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on + target = getArch stdenv.hostPlatform; + host = getArch stdenv.buildPlatform; + in + '' + runHook preBuild + + sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh + ./build.sh -v --opt \ + --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ + --system-sqlite \ + --enable-legacy-db \ + --target ${target} \ + -Dhost_arch=${host} \ + -Duse_system_zlib=1 \ + --enable-libpkix \ + ${lib.optionalString enableFIPS "--enable-fips"} \ + ${lib.optionalString stdenv.isDarwin "--clang"} \ + ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} + + runHook postBuild + ''; NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\" " + lib.optionalString stdenv.hostPlatform.is64bit "-DNSS_USE_64=1"; @@ -147,36 +159,38 @@ in stdenv.mkDerivation rec { ln -sf ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi.so ''; - postFixup = let - isCross = stdenv.hostPlatform != stdenv.buildPlatform; - nss = if isCross then buildPackages.nss.tools else "$out"; - in - (lib.optionalString enableFIPS ('' - for libname in freebl3 nssdbm3 softokn3 - do '' + + postFixup = + let + isCross = stdenv.hostPlatform != stdenv.buildPlatform; + nss = if isCross then buildPackages.nss.tools else "$out"; + in + (lib.optionalString enableFIPS ('' + for libname in freebl3 nssdbm3 softokn3 + do '' + (if stdenv.isDarwin - then '' - libfile="$out/lib/lib$libname.dylib" - DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '' else '' - libfile="$out/lib/lib$libname.so" - LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '') + '' - ${nss}/bin/shlibsign -v -i "$libfile" - done - '')) + - '' - moveToOutput bin "$tools" - moveToOutput bin/nss-config "$dev" - moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example - rm -f "$out"/lib/*.a - - runHook postInstall - ''; + then '' + libfile="$out/lib/lib$libname.dylib" + DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '' else '' + libfile="$out/lib/lib$libname.so" + LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '') + '' + ${nss}/bin/shlibsign -v -i "$libfile" + done + '')) + + '' + moveToOutput bin "$tools" + moveToOutput bin/nss-config "$dev" + moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example + rm -f "$out"/lib/*.a + + runHook postInstall + ''; meta = with lib; { - homepage = "https://developer.mozilla.org/en-US/docs/NSS"; + homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"; description = "A set of libraries for development of security-enabled client and server applications"; + maintainers = with maintainers; [ ]; license = licenses.mpl20; platforms = platforms.all; }; |