nixpkgs/pkgs/development/libraries/nss/default.nix

{ stdenv, fetchurl, nspr, perl, zlib, sqlite, fixDarwinDylibNames, buildPackages }:

let
  nssPEM = fetchurl {
    url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";
    sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
  };
  version = "3.52.1";
  underscoreVersion = builtins.replaceStrings ["."] ["_"] version;

in stdenv.mkDerivation rec {
  pname = "nss";
  inherit version;

  src = fetchurl {
    url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz";
    sha256 = "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w";
  };

  depsBuildBuild = [ buildPackages.stdenv.cc ];

  nativeBuildInputs = [ perl ];

  buildInputs = [ zlib sqlite ]
    ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;

  propagatedBuildInputs = [ nspr ];

  prePatch = ''
    # strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_
    xz -d < ${nssPEM} | sed \
       -e '/^-DIRS = builtins $/ s/ $//' \
       -e 's/CKO_NETSCAPE_/CKO_NSS_/g' \
       -e 's/CKT_NETSCAPE_/CKT_NSS_/g' \
       | patch -p1
  '';

  patches =
    [
      # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
      ./85_security_load.patch
      ./ckpem.patch
    ];

  patchFlags = [ "-p0" ];

  postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
    substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
  '';

  outputs = [ "out" "dev" "tools" ];

  preConfigure = "cd nss";

  makeFlags = let
    # NSS's build systems expects aarch32 to be called arm; if we pass in armv6l/armv7l, it
    # fails with a linker error
    cpu = if stdenv.hostPlatform.isAarch32 then "arm" else stdenv.hostPlatform.parsed.cpu.name;
  in [
    "NSPR_INCLUDE_DIR=${nspr.dev}/include"
    "NSPR_LIB_DIR=${nspr.out}/lib"
    "NSDISTMODE=copy"
    "BUILD_OPT=1"
    "SOURCE_PREFIX=\$(out)"
    "NSS_ENABLE_ECC=1"
    "USE_SYSTEM_ZLIB=1"
    "NSS_USE_SYSTEM_SQLITE=1"
    "NATIVE_CC=${buildPackages.stdenv.cc}/bin/cc"
  ] ++ stdenv.lib.optionals (!stdenv.isDarwin) [
    # Pass in CPU even if we're not cross compiling, because otherwise it tries to guess with
    # uname, which can be wrong if e.g. we're compiling for aarch32 on aarch64
    "OS_TEST=${cpu}"
    "CPU_ARCH=${cpu}"
  ] ++ stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [
    "CROSS_COMPILE=1"
    "NSS_DISABLE_GTESTS=1" # don't want to build tests when cross-compiling
  ] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"
    ++ stdenv.lib.optional stdenv.isDarwin "CCC=clang++";

  NIX_CFLAGS_COMPILE = "-Wno-error";

  # TODO(@oxij): investigate this: `make -n check` works but `make
  # check` fails with "no rule", same for "installcheck".
  doCheck = false;
  doInstallCheck = false;

  postInstall = ''
    rm -rf $out/private
    mv $out/public $out/include
    mv $out/*.OBJ/* $out/
    rmdir $out/*.OBJ

    ln -s lib $out/lib64

    # Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672
    # https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch?id=af1acce6c6d2c3adb17689261dfe2c2b6771ab8a
    NSS_MAJOR_VERSION=`grep "NSS_VMAJOR" lib/nss/nss.h | awk '{print $3}'`
    NSS_MINOR_VERSION=`grep "NSS_VMINOR" lib/nss/nss.h | awk '{print $3}'`
    NSS_PATCH_VERSION=`grep "NSS_VPATCH" lib/nss/nss.h | awk '{print $3}'`
    PREFIX="$out"

    mkdir -p $out/lib/pkgconfig
    sed -e "s,%prefix%,$PREFIX," \
        -e "s,%exec_prefix%,$PREFIX," \
        -e "s,%libdir%,$PREFIX/lib64," \
        -e "s,%includedir%,$dev/include/nss," \
        -e "s,%NSS_VERSION%,$NSS_MAJOR_VERSION.$NSS_MINOR_VERSION.$NSS_PATCH_VERSION,g" \
        -e "s,%NSPR_VERSION%,4.16,g" \
        pkg/pkg-config/nss.pc.in > $out/lib/pkgconfig/nss.pc
    chmod 0644 $out/lib/pkgconfig/nss.pc

    sed -e "s,@prefix@,$PREFIX," \
        -e "s,@MOD_MAJOR_VERSION@,$NSS_MAJOR_VERSION," \
        -e "s,@MOD_MINOR_VERSION@,$NSS_MINOR_VERSION," \
        -e "s,@MOD_PATCH_VERSION@,$NSS_PATCH_VERSION," \
        pkg/pkg-config/nss-config.in > $out/bin/nss-config
    chmod 0755 $out/bin/nss-config
  '';

  postFixup = let
    isCross = stdenv.hostPlatform != stdenv.buildPlatform;
    nss = if isCross then buildPackages.nss.tools else "$out";
  in ''
    for libname in freebl3 nssdbm3 softokn3
    do '' +
    (if stdenv.isDarwin
     then ''
       libfile="$out/lib/lib$libname.dylib"
       DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
     '' else ''
       libfile="$out/lib/lib$libname.so"
       LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
     '') + ''
        ${nss}/bin/shlibsign -v -i "$libfile"
    done

    moveToOutput bin "$tools"
    moveToOutput bin/nss-config "$dev"
    moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
    rm -f "$out"/lib/*.a
  '';

  meta = with stdenv.lib; {
    homepage = "https://developer.mozilla.org/en-US/docs/NSS";
    description = "A set of libraries for development of security-enabled client and server applications";
    license = licenses.mpl20;
    platforms = platforms.all;
  };
}
nss: cross compile support 2019-03-20 20:05:45 +00:00			`{ stdenv, fetchurl, nspr, perl, zlib, sqlite, fixDarwinDylibNames, buildPackages }:`
Added Mozilla NSS, NSPR and Gaim to Nix. Gaim in Nix supports SSL svn path=/nixpkgs/trunk/; revision=3676 2005-08-24 10:54:42 +01:00
* Xulrunner/Firefox 3.5: build with --with-system-nss. svn path=/nixpkgs/trunk/; revision=16186 2009-07-06 12:42:21 +01:00			`let`
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`nssPEM = fetchurl {`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 02:11:51 +01:00			`url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";`
nss: update to 3.15.4 2014-02-06 20:15:43 +00:00			`sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";`
nss: Add nss-pem module from fedora. This is a compatibility module which adds suport for PEM certificates used by OpenSSL and compatible libraries. The module gets built but isn't used at the moment, so we're going to work on integration of it later. 2012-08-21 05:10:33 +01:00			`};`
nss: 3.52 -> 3.52.1 Needed to compile firefox 77. Taken from PR #89438. 2020-06-03 18:21:30 +01:00			`version = "3.52.1";`
nss: generate url from version (doesn't change derivation hash) Makes future upgrades easier... 2018-12-02 04:25:55 +00:00			`underscoreVersion = builtins.replaceStrings ["."] ["_"] version;`
nss: Add nss-pem module from fedora. This is a compatibility module which adds suport for PEM certificates used by OpenSSL and compatible libraries. The module gets built but isn't used at the moment, so we're going to work on integration of it later. 2012-08-21 05:10:33 +01:00
nss: Fix referencePath to security modules. This adds a patch from Debian, as they're already have security modules from NSS in it's own library directory rather than /usr/lib{,64}/ and patch in loading of libsoftokn as well. The patch and our own fix of the patch (well, they hardcode Debian specific stuff in there) ensures that SECMOD_AddNewModule() will find the right module from the derivation's output path, so the built-in CA root certificates are recognized and verified correctly. 2012-08-22 01:46:48 +01:00			`in stdenv.mkDerivation rec {`
treewide: name -> pname (easy cases) (#66585) treewide replacement of stdenv.mkDerivation rec { name = "-${version}"; version = ""; to pname 2019-08-15 13:41:18 +01:00			`pname = "nss";`
nss: generate url from version (doesn't change derivation hash) Makes future upgrades easier... 2018-12-02 04:25:55 +00:00			`inherit version;`
nss: Update to 3.14 2012-10-31 13:04:58 +00:00
			`src = fetchurl {`
treewide: name -> pname (easy cases) (#66585) treewide replacement of stdenv.mkDerivation rec { name = "-${version}"; version = ""; to pname 2019-08-15 13:41:18 +01:00			`url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz";`
nss: 3.52 -> 3.52.1 Needed to compile firefox 77. Taken from PR #89438. 2020-06-03 18:21:30 +01:00			`sha256 = "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w";`
Added Mozilla NSS, NSPR and Gaim to Nix. Gaim in Nix supports SSL svn path=/nixpkgs/trunk/; revision=3676 2005-08-24 10:54:42 +01:00			`};`

nss: cross compile support 2019-03-20 20:05:45 +00:00			`depsBuildBuild = [ buildPackages.stdenv.cc ];`

			`nativeBuildInputs = [ perl ];`

			`buildInputs = [ zlib sqlite ]`
nss: link libraries with absolute paths on Darwin 2018-02-20 10:12:24 +00:00			`++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;`
nss: propagate nspr 2017-03-22 18:47:51 +00:00
			`propagatedBuildInputs = [ nspr ];`
* Updated NSS. svn path=/nixpkgs/trunk/; revision=16183 2009-07-06 10:12:44 +01:00
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`prePatch = ''`
niss: 3.51 -> 3.52 2020-05-04 00:39:35 +01:00			`# strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_`
			`xz -d < ${nssPEM} \| sed \`
			`-e '/^-DIRS = builtins $/ s/ $//' \`
			`-e 's/CKO_NETSCAPE_/CKO_NSS_/g' \`
			`-e 's/CKT_NETSCAPE_/CKT_NSS_/g' \`
			`\| patch -p1`
nss: Add nss-pem module from fedora. This is a compatibility module which adds suport for PEM certificates used by OpenSSL and compatible libraries. The module gets built but isn't used at the moment, so we're going to work on integration of it later. 2012-08-21 05:10:33 +01:00			`'';`

nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`patches =`
nss: 3.31 -> 3.32.1 2017-09-29 00:52:45 +01:00			`[`
nss: Update to 3.16 2014-04-22 13:54:36 +01:00			`# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch`
nss: patch http location moved, let's keep it in filesystem 2014-01-22 09:46:29 +00:00			`./85_security_load.patch`
nss: Omit an extraneous definition; fix other problems on Darwin 2018-01-03 21:39:37 +00:00			`./ckpem.patch`
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`];`
NSS: version bump and patch to provide pkgconfig info. svn path=/nixpkgs/trunk/; revision=25366 2011-01-03 17:02:58 +00:00
nss: *Flags are lists 2019-10-26 16:39:27 +01:00			`patchFlags = [ "-p0" ];`
nss: 3.27.2 -> 3.28.1 2017-01-24 13:49:14 +00:00
nss: link libraries with absolute paths on Darwin 2018-02-20 10:12:24 +00:00			`postPatch = stdenv.lib.optionalString stdenv.isDarwin ''`
			`substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"`
			`'';`

treewide: Shuffle outputs Make either 'bin' or 'out' the first output. 2016-08-29 01:30:01 +01:00			`outputs = [ "out" "dev" "tools" ];`
nspr,nss: split into multiple outputs Hopefully most references are OK. 2015-10-05 16:45:54 +01:00
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`preConfigure = "cd nss";`
* Updated NSS. svn path=/nixpkgs/trunk/; revision=16183 2009-07-06 10:12:44 +01:00
nss: cross compile support 2019-03-20 20:05:45 +00:00			`makeFlags = let`
nss: fix building for aarch32 on aarch64 There are two ways to build a package for aarch32 on an aarch64 machine: either by cross compiling as normal, or by adding armv6l/armv7l to extraPlatforms and doing a non-cross compile. Previously, NSS failed to build with both methods: when using extraPlatforms, things failed because NSS includes an armv8-specific file (presumably based on the result of uname); when cross compiling, NSS's build system expects to receive an architecture name of arm (not armv6l or whatever), so was failing to include some arch-specific code and failed with a linker error. This commit fixes those things by a) always passing the arch, even when not cross-compiling, and b) special-casing aarch32 to always pass in an arch of arm. 2020-05-13 17:22:11 +01:00			`# NSS's build systems expects aarch32 to be called arm; if we pass in armv6l/armv7l, it`
			`# fails with a linker error`
			`cpu = if stdenv.hostPlatform.isAarch32 then "arm" else stdenv.hostPlatform.parsed.cpu.name;`
nss: cross compile support 2019-03-20 20:05:45 +00:00			`in [`
nss: 3.38 -> 3.39 2018-10-23 08:05:50 +01:00			`"NSPR_INCLUDE_DIR=${nspr.dev}/include"`
nspr,nss: split into multiple outputs Hopefully most references are OK. 2015-10-05 16:45:54 +01:00			`"NSPR_LIB_DIR=${nspr.out}/lib"`
nss: Clean up build/make flags. First of all, let's remove that redundant BUILD_OPT variable. This variable already is in makeFlags, so we really don't want it to be lurking around in the attribute set of the derivation, and it annoys me for being there for days. We now state build targets explicitly rather than relying on "nss_build_all". This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as only nss_build_all includes build_nspr. In addition, we don't need the -lz hack anymore, as this has been fixed in recent NSS versions, so we can completly remove the postBuild hook. And while we're at it, we're removing those outdated build instructions as well, especially because we don't and can't follow official building guidelines anymore, as those are difficult to apply to Nix. 2012-08-21 09:47:29 +01:00			`"NSDISTMODE=copy"`
			`"BUILD_OPT=1"`
			`"SOURCE_PREFIX=\$(out)"`
			`"NSS_ENABLE_ECC=1"`
nspr,nss: split into multiple outputs Hopefully most references are OK. 2015-10-05 16:45:54 +01:00			`"USE_SYSTEM_ZLIB=1"`
nss: Clean up build/make flags. First of all, let's remove that redundant BUILD_OPT variable. This variable already is in makeFlags, so we really don't want it to be lurking around in the attribute set of the derivation, and it annoys me for being there for days. We now state build targets explicitly rather than relying on "nss_build_all". This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as only nss_build_all includes build_nspr. In addition, we don't need the -lz hack anymore, as this has been fixed in recent NSS versions, so we can completly remove the postBuild hook. And while we're at it, we're removing those outdated build instructions as well, especially because we don't and can't follow official building guidelines anymore, as those are difficult to apply to Nix. 2012-08-21 09:47:29 +01:00			`"NSS_USE_SYSTEM_SQLITE=1"`
nss: cross compile support 2019-03-20 20:05:45 +00:00			`"NATIVE_CC=${buildPackages.stdenv.cc}/bin/cc"`
nss: fix build on darwin 2020-06-10 10:20:00 +01:00			`] ++ stdenv.lib.optionals (!stdenv.isDarwin) [`
nss: fix building for aarch32 on aarch64 There are two ways to build a package for aarch32 on an aarch64 machine: either by cross compiling as normal, or by adding armv6l/armv7l to extraPlatforms and doing a non-cross compile. Previously, NSS failed to build with both methods: when using extraPlatforms, things failed because NSS includes an armv8-specific file (presumably based on the result of uname); when cross compiling, NSS's build system expects to receive an architecture name of arm (not armv6l or whatever), so was failing to include some arch-specific code and failed with a linker error. This commit fixes those things by a) always passing the arch, even when not cross-compiling, and b) special-casing aarch32 to always pass in an arch of arm. 2020-05-13 17:22:11 +01:00			`# Pass in CPU even if we're not cross compiling, because otherwise it tries to guess with`
			`# uname, which can be wrong if e.g. we're compiling for aarch32 on aarch64`
nss: cross compile support 2019-03-20 20:05:45 +00:00			`"OS_TEST=${cpu}"`
			`"CPU_ARCH=${cpu}"`
nss: fix building for aarch32 on aarch64 There are two ways to build a package for aarch32 on an aarch64 machine: either by cross compiling as normal, or by adding armv6l/armv7l to extraPlatforms and doing a non-cross compile. Previously, NSS failed to build with both methods: when using extraPlatforms, things failed because NSS includes an armv8-specific file (presumably based on the result of uname); when cross compiling, NSS's build system expects to receive an architecture name of arm (not armv6l or whatever), so was failing to include some arch-specific code and failed with a linker error. This commit fixes those things by a) always passing the arch, even when not cross-compiling, and b) special-casing aarch32 to always pass in an arch of arm. 2020-05-13 17:22:11 +01:00			`] ++ stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [`
nss: cross compile support 2019-03-20 20:05:45 +00:00			`"CROSS_COMPILE=1"`
			`"NSS_DISABLE_GTESTS=1" # don't want to build tests when cross-compiling`
nss: Omit an extraneous definition; fix other problems on Darwin 2018-01-03 21:39:37 +00:00			`] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"`
			`++ stdenv.lib.optional stdenv.isDarwin "CCC=clang++";`
nss: Clean up build/make flags. First of all, let's remove that redundant BUILD_OPT variable. This variable already is in makeFlags, so we really don't want it to be lurking around in the attribute set of the derivation, and it annoys me for being there for days. We now state build targets explicitly rather than relying on "nss_build_all". This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as only nss_build_all includes build_nspr. In addition, we don't need the -lz hack anymore, as this has been fixed in recent NSS versions, so we can completly remove the postBuild hook. And while we're at it, we're removing those outdated build instructions as well, especially because we don't and can't follow official building guidelines anymore, as those are difficult to apply to Nix. 2012-08-21 09:47:29 +01:00
nss: 3.20.1 -> 3.21 2015-12-16 15:18:42 +00:00			`NIX_CFLAGS_COMPILE = "-Wno-error";`

nss: disable tests 2018-08-08 19:58:11 +01:00			# TODO(@oxij): investigate this: `make -n check` works but `make
			# check` fails with "no rule", same for "installcheck".
			`doCheck = false;`
			`doInstallCheck = false;`

nss: Remove redundant nss-config.in. This file is already contained in nss-3.12.5-gentoo-fixups.diff, so we don't need to do all that cruft twice. 2012-08-22 03:22:43 +01:00			`postInstall = ''`
			`rm -rf $out/private`
			`mv $out/public $out/include`
			`mv $out/.OBJ/ $out/`
			`rmdir $out/*.OBJ`
nss: updated to version 3.13.3 to fix build errors on Linux 3.2 svn path=/nixpkgs/trunk/; revision=32834 2012-03-06 20:57:39 +00:00
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`ln -s lib $out/lib64`
nss: 3.31 -> 3.32.1 2017-09-29 00:52:45 +01:00
			`# Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672`
			`# https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch?id=af1acce6c6d2c3adb17689261dfe2c2b6771ab8a`
			NSS_MAJOR_VERSION=`grep "NSS_VMAJOR" lib/nss/nss.h \| awk '{print $3}'`
			NSS_MINOR_VERSION=`grep "NSS_VMINOR" lib/nss/nss.h \| awk '{print $3}'`
			NSS_PATCH_VERSION=`grep "NSS_VPATCH" lib/nss/nss.h \| awk '{print $3}'`
			`PREFIX="$out"`

			`mkdir -p $out/lib/pkgconfig`
			`sed -e "s,%prefix%,$PREFIX," \`
			`-e "s,%exec_prefix%,$PREFIX," \`
			`-e "s,%libdir%,$PREFIX/lib64," \`
nss: fix includedir for pkgconfig 2017-10-09 19:49:11 +01:00			`-e "s,%includedir%,$dev/include/nss," \`
nss: 3.31 -> 3.32.1 2017-09-29 00:52:45 +01:00			`-e "s,%NSS_VERSION%,$NSS_MAJOR_VERSION.$NSS_MINOR_VERSION.$NSS_PATCH_VERSION,g" \`
			`-e "s,%NSPR_VERSION%,4.16,g" \`
			`pkg/pkg-config/nss.pc.in > $out/lib/pkgconfig/nss.pc`
			`chmod 0644 $out/lib/pkgconfig/nss.pc`

			`sed -e "s,@prefix@,$PREFIX," \`
			`-e "s,@MOD_MAJOR_VERSION@,$NSS_MAJOR_VERSION," \`
			`-e "s,@MOD_MINOR_VERSION@,$NSS_MINOR_VERSION," \`
			`-e "s,@MOD_PATCH_VERSION@,$NSS_PATCH_VERSION," \`
			`pkg/pkg-config/nss-config.in > $out/bin/nss-config`
			`chmod 0755 $out/bin/nss-config`
nss: Remove redundant nss-config.in. This file is already contained in nss-3.12.5-gentoo-fixups.diff, so we don't need to do all that cruft twice. 2012-08-22 03:22:43 +01:00			`'';`
nss: Sign libraries after striping. Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation 2012-08-21 20:35:46 +01:00
nss: cross compile support 2019-03-20 20:05:45 +00:00			`postFixup = let`
			`isCross = stdenv.hostPlatform != stdenv.buildPlatform;`
			`nss = if isCross then buildPackages.nss.tools else "$out";`
			`in ''`
nss: Sign libraries after striping. Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation 2012-08-21 20:35:46 +01:00			`for libname in freebl3 nssdbm3 softokn3`
nss: Omit an extraneous definition; fix other problems on Darwin 2018-01-03 21:39:37 +00:00			`do '' +`
			`(if stdenv.isDarwin`
			`then ''`
			`libfile="$out/lib/lib$libname.dylib"`
			`DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \`
			`'' else ''`
			`libfile="$out/lib/lib$libname.so"`
			`LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \`
			`'') + ''`
nss: cross compile support 2019-03-20 20:05:45 +00:00			`${nss}/bin/shlibsign -v -i "$libfile"`
nss: Sign libraries after striping. Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation 2012-08-21 20:35:46 +01:00			`done`
nspr,nss: split into multiple outputs Hopefully most references are OK. 2015-10-05 16:45:54 +01:00
rename moveToOutput and propagatedBuildInputs 2015-12-02 09:03:23 +00:00			`moveToOutput bin "$tools"`
			`moveToOutput bin/nss-config "$dev"`
			`moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example`
nss: Omit an extraneous definition; fix other problems on Darwin 2018-01-03 21:39:37 +00:00			`rm -f "$out"/lib/*.a`
nss: Sign libraries after striping. Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation 2012-08-21 20:35:46 +01:00			`'';`
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00
nss: add license 2018-08-17 22:55:36 +01:00			`meta = with stdenv.lib; {`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 02:11:51 +01:00			`homepage = "https://developer.mozilla.org/en-US/docs/NSS";`
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`description = "A set of libraries for development of security-enabled client and server applications";`
nss: add license 2018-08-17 22:55:36 +01:00			`license = licenses.mpl20;`
			`platforms = platforms.all;`
nss: Update to 3.15.1 2013-08-07 15:17:58 +01:00			`};`
Added Mozilla NSS, NSPR and Gaim to Nix. Gaim in Nix supports SSL svn path=/nixpkgs/trunk/; revision=3676 2005-08-24 10:54:42 +01:00			`}`