diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-04-09 18:28:16 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-04-12 18:46:15 +0000 |
commit | fd2e737e0678ee7d8081baef05b305146a2c0034 (patch) | |
tree | ac3e9b27576a0382335532d126f9a66d486bc638 /nixpkgs/pkgs/development/libraries/nss | |
parent | cc207d720b6aa836e256c1ee9842bc739e630a8a (diff) | |
parent | 9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2 (diff) | |
download | nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.gz nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.bz2 nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.lz nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.xz nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.zst nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.zip |
Merge remote-tracking branch 'nixpkgs/nixos-unstable'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/nss')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/nss/default.nix | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/nixpkgs/pkgs/development/libraries/nss/default.nix b/nixpkgs/pkgs/development/libraries/nss/default.nix index 8c98d7ae9bbd..81a51c7beaea 100644 --- a/nixpkgs/pkgs/development/libraries/nss/default.nix +++ b/nixpkgs/pkgs/development/libraries/nss/default.nix @@ -1,4 +1,7 @@ -{ lib, stdenv, fetchurl, nspr, perl, zlib, sqlite, darwin, fixDarwinDylibNames, buildPackages, ninja +{ lib, stdenv, fetchurl, nspr, perl, zlib +, sqlite, ninja +, darwin, fixDarwinDylibNames, buildPackages +, useP11kit ? true, p11-kit , # allow FIPS mode. Note that this makes the output non-reproducible. # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6 enableFIPS ? false @@ -15,7 +18,7 @@ let # It will rebuild itself using the version of this package (NSS) and if # an update is required do the required changes to the expression. # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert - version = "3.60"; + version = "3.62"; underscoreVersion = builtins.replaceStrings ["."] ["_"] version; in stdenv.mkDerivation rec { @@ -24,7 +27,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; - sha256 = "0ggyj3ax3kal65sl1vl4nfhx2s08blg4dg8iwlxcax5qb9bxbaw4"; + sha256 = "0y2ld90bncjjggrn64c7g7mq9i03z6dc3r2kz978snz2xiydzml6"; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -139,6 +142,11 @@ in stdenv.mkDerivation rec { chmod 0755 $out/bin/nss-config ''; + postInstall = lib.optionalString useP11kit '' + # Replace built-in trust with p11-kit connection + ln -sf ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi.so + ''; + postFixup = let isCross = stdenv.hostPlatform != stdenv.buildPlatform; nss = if isCross then buildPackages.nss.tools else "$out"; |