diff options
author | aszlig <aszlig@redmoonstudios.org> | 2012-08-21 21:35:46 +0200 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2012-08-22 08:29:09 +0200 |
commit | 9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b (patch) | |
tree | 02590e31c067df01e61a67ec89c0fb1277a9f17f /pkgs/development/libraries/nss | |
parent | 29fce94665b6434ca22e78d873a01396bcd2a85a (diff) | |
download | nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.tar nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.tar.gz nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.tar.bz2 nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.tar.lz nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.tar.xz nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.tar.zst nixlib-9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b.zip |
nss: Sign libraries after striping.
Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation
Diffstat (limited to 'pkgs/development/libraries/nss')
-rw-r--r-- | pkgs/development/libraries/nss/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 222fd6e94f6f..3b6cc15754e2 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -86,4 +86,12 @@ stdenv.mkDerivation rec { --subst-var-by includedir $out/include/nss \ --subst-var-by libdir $out/lib ''; # */ + + postFixup = '' + for libname in freebl3 nssdbm3 softokn3 + do + libfile="$out/lib/lib$libname.so" + LD_LIBRARY_PATH=$out/lib $out/bin/shlibsign -v -i "$libfile" + done + ''; } |