2019-03-20 20:05:45 +00:00
|
|
|
{ stdenv, fetchurl, nspr, perl, zlib, sqlite, fixDarwinDylibNames, buildPackages }:
|
2005-08-24 10:54:42 +01:00
|
|
|
|
2009-07-06 12:42:21 +01:00
|
|
|
let
|
2013-08-07 15:17:58 +01:00
|
|
|
nssPEM = fetchurl {
|
2020-04-01 02:11:51 +01:00
|
|
|
url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";
|
2014-02-06 20:15:43 +00:00
|
|
|
sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
|
2012-08-21 05:10:33 +01:00
|
|
|
};
|
2020-03-10 13:35:47 +00:00
|
|
|
version = "3.51";
|
2018-12-02 04:25:55 +00:00
|
|
|
underscoreVersion = builtins.replaceStrings ["."] ["_"] version;
|
2012-08-21 05:10:33 +01:00
|
|
|
|
2012-08-22 01:46:48 +01:00
|
|
|
in stdenv.mkDerivation rec {
|
2019-08-15 13:41:18 +01:00
|
|
|
pname = "nss";
|
2018-12-02 04:25:55 +00:00
|
|
|
inherit version;
|
2012-10-31 13:04:58 +00:00
|
|
|
|
|
|
|
src = fetchurl {
|
2019-08-15 13:41:18 +01:00
|
|
|
url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz";
|
2020-03-10 13:35:47 +00:00
|
|
|
sha256 = "1725d0idf5zzqafdqfdn9vprc7ys2ywhv23sqn328di968xqnd3m";
|
2005-08-24 10:54:42 +01:00
|
|
|
};
|
|
|
|
|
2019-03-20 20:05:45 +00:00
|
|
|
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
|
|
|
|
|
|
|
nativeBuildInputs = [ perl ];
|
|
|
|
|
|
|
|
buildInputs = [ zlib sqlite ]
|
2018-02-20 10:12:24 +00:00
|
|
|
++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;
|
2017-03-22 18:47:51 +00:00
|
|
|
|
|
|
|
propagatedBuildInputs = [ nspr ];
|
2009-07-06 10:12:44 +01:00
|
|
|
|
2013-08-07 15:17:58 +01:00
|
|
|
prePatch = ''
|
2019-11-27 19:58:22 +00:00
|
|
|
# strip the trailing whitespace from the patch line…
|
|
|
|
xz -d < ${nssPEM} | sed -e '/^-DIRS = builtins $/ s/ $//' | patch -p1
|
2012-08-21 05:10:33 +01:00
|
|
|
'';
|
|
|
|
|
2013-08-07 15:17:58 +01:00
|
|
|
patches =
|
2017-09-29 00:52:45 +01:00
|
|
|
[
|
2014-04-22 13:54:36 +01:00
|
|
|
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
|
2014-01-22 09:46:29 +00:00
|
|
|
./85_security_load.patch
|
2018-01-03 21:39:37 +00:00
|
|
|
./ckpem.patch
|
2013-08-07 15:17:58 +01:00
|
|
|
];
|
2011-01-03 17:02:58 +00:00
|
|
|
|
2019-10-26 16:39:27 +01:00
|
|
|
patchFlags = [ "-p0" ];
|
2017-01-24 13:49:14 +00:00
|
|
|
|
2018-02-20 10:12:24 +00:00
|
|
|
postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
|
|
|
|
substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
|
|
|
|
'';
|
|
|
|
|
2016-08-29 01:30:01 +01:00
|
|
|
outputs = [ "out" "dev" "tools" ];
|
2015-10-05 16:45:54 +01:00
|
|
|
|
2013-08-07 15:17:58 +01:00
|
|
|
preConfigure = "cd nss";
|
2009-07-06 10:12:44 +01:00
|
|
|
|
2019-03-20 20:05:45 +00:00
|
|
|
makeFlags = let
|
|
|
|
cpu = stdenv.hostPlatform.parsed.cpu.name;
|
|
|
|
in [
|
2018-10-23 08:05:50 +01:00
|
|
|
"NSPR_INCLUDE_DIR=${nspr.dev}/include"
|
2015-10-05 16:45:54 +01:00
|
|
|
"NSPR_LIB_DIR=${nspr.out}/lib"
|
nss: Clean up build/make flags.
First of all, let's remove that redundant BUILD_OPT variable.
This variable already is in makeFlags, so we really don't want it to be lurking
around in the attribute set of the derivation, and it annoys me for being there
for days.
We now state build targets explicitly rather than relying on "nss_build_all".
This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as
only nss_build_all includes build_nspr.
In addition, we don't need the -lz hack anymore, as this has been fixed in
recent NSS versions, so we can completly remove the postBuild hook.
And while we're at it, we're removing those outdated build instructions as well,
especially because we don't and can't follow official building guidelines
anymore, as those are difficult to apply to Nix.
2012-08-21 09:47:29 +01:00
|
|
|
"NSDISTMODE=copy"
|
|
|
|
"BUILD_OPT=1"
|
|
|
|
"SOURCE_PREFIX=\$(out)"
|
|
|
|
"NSS_ENABLE_ECC=1"
|
2015-10-05 16:45:54 +01:00
|
|
|
"USE_SYSTEM_ZLIB=1"
|
nss: Clean up build/make flags.
First of all, let's remove that redundant BUILD_OPT variable.
This variable already is in makeFlags, so we really don't want it to be lurking
around in the attribute set of the derivation, and it annoys me for being there
for days.
We now state build targets explicitly rather than relying on "nss_build_all".
This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as
only nss_build_all includes build_nspr.
In addition, we don't need the -lz hack anymore, as this has been fixed in
recent NSS versions, so we can completly remove the postBuild hook.
And while we're at it, we're removing those outdated build instructions as well,
especially because we don't and can't follow official building guidelines
anymore, as those are difficult to apply to Nix.
2012-08-21 09:47:29 +01:00
|
|
|
"NSS_USE_SYSTEM_SQLITE=1"
|
2019-03-20 20:05:45 +00:00
|
|
|
"NATIVE_CC=${buildPackages.stdenv.cc}/bin/cc"
|
2019-03-27 02:07:10 +00:00
|
|
|
] ++ stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [
|
2019-03-20 20:05:45 +00:00
|
|
|
"OS_TEST=${cpu}"
|
|
|
|
"CPU_ARCH=${cpu}"
|
|
|
|
"CROSS_COMPILE=1"
|
|
|
|
"NSS_DISABLE_GTESTS=1" # don't want to build tests when cross-compiling
|
2018-01-03 21:39:37 +00:00
|
|
|
] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"
|
|
|
|
++ stdenv.lib.optional stdenv.isDarwin "CCC=clang++";
|
nss: Clean up build/make flags.
First of all, let's remove that redundant BUILD_OPT variable.
This variable already is in makeFlags, so we really don't want it to be lurking
around in the attribute set of the derivation, and it annoys me for being there
for days.
We now state build targets explicitly rather than relying on "nss_build_all".
This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as
only nss_build_all includes build_nspr.
In addition, we don't need the -lz hack anymore, as this has been fixed in
recent NSS versions, so we can completly remove the postBuild hook.
And while we're at it, we're removing those outdated build instructions as well,
especially because we don't and can't follow official building guidelines
anymore, as those are difficult to apply to Nix.
2012-08-21 09:47:29 +01:00
|
|
|
|
2015-12-16 15:18:42 +00:00
|
|
|
NIX_CFLAGS_COMPILE = "-Wno-error";
|
|
|
|
|
2018-08-08 19:58:11 +01:00
|
|
|
# TODO(@oxij): investigate this: `make -n check` works but `make
|
|
|
|
# check` fails with "no rule", same for "installcheck".
|
|
|
|
doCheck = false;
|
|
|
|
doInstallCheck = false;
|
|
|
|
|
2012-08-22 03:22:43 +01:00
|
|
|
postInstall = ''
|
|
|
|
rm -rf $out/private
|
|
|
|
mv $out/public $out/include
|
|
|
|
mv $out/*.OBJ/* $out/
|
|
|
|
rmdir $out/*.OBJ
|
2012-03-06 20:57:39 +00:00
|
|
|
|
2013-08-07 15:17:58 +01:00
|
|
|
ln -s lib $out/lib64
|
2017-09-29 00:52:45 +01:00
|
|
|
|
|
|
|
# Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672
|
|
|
|
# https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch?id=af1acce6c6d2c3adb17689261dfe2c2b6771ab8a
|
|
|
|
NSS_MAJOR_VERSION=`grep "NSS_VMAJOR" lib/nss/nss.h | awk '{print $3}'`
|
|
|
|
NSS_MINOR_VERSION=`grep "NSS_VMINOR" lib/nss/nss.h | awk '{print $3}'`
|
|
|
|
NSS_PATCH_VERSION=`grep "NSS_VPATCH" lib/nss/nss.h | awk '{print $3}'`
|
|
|
|
PREFIX="$out"
|
|
|
|
|
|
|
|
mkdir -p $out/lib/pkgconfig
|
|
|
|
sed -e "s,%prefix%,$PREFIX," \
|
|
|
|
-e "s,%exec_prefix%,$PREFIX," \
|
|
|
|
-e "s,%libdir%,$PREFIX/lib64," \
|
2017-10-09 19:49:11 +01:00
|
|
|
-e "s,%includedir%,$dev/include/nss," \
|
2017-09-29 00:52:45 +01:00
|
|
|
-e "s,%NSS_VERSION%,$NSS_MAJOR_VERSION.$NSS_MINOR_VERSION.$NSS_PATCH_VERSION,g" \
|
|
|
|
-e "s,%NSPR_VERSION%,4.16,g" \
|
|
|
|
pkg/pkg-config/nss.pc.in > $out/lib/pkgconfig/nss.pc
|
|
|
|
chmod 0644 $out/lib/pkgconfig/nss.pc
|
|
|
|
|
|
|
|
sed -e "s,@prefix@,$PREFIX," \
|
|
|
|
-e "s,@MOD_MAJOR_VERSION@,$NSS_MAJOR_VERSION," \
|
|
|
|
-e "s,@MOD_MINOR_VERSION@,$NSS_MINOR_VERSION," \
|
|
|
|
-e "s,@MOD_PATCH_VERSION@,$NSS_PATCH_VERSION," \
|
|
|
|
pkg/pkg-config/nss-config.in > $out/bin/nss-config
|
|
|
|
chmod 0755 $out/bin/nss-config
|
2012-08-22 03:22:43 +01:00
|
|
|
'';
|
2012-08-21 20:35:46 +01:00
|
|
|
|
2019-03-20 20:05:45 +00:00
|
|
|
postFixup = let
|
|
|
|
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
|
|
|
|
nss = if isCross then buildPackages.nss.tools else "$out";
|
|
|
|
in ''
|
2012-08-21 20:35:46 +01:00
|
|
|
for libname in freebl3 nssdbm3 softokn3
|
2018-01-03 21:39:37 +00:00
|
|
|
do '' +
|
|
|
|
(if stdenv.isDarwin
|
|
|
|
then ''
|
|
|
|
libfile="$out/lib/lib$libname.dylib"
|
|
|
|
DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
|
|
|
|
'' else ''
|
|
|
|
libfile="$out/lib/lib$libname.so"
|
|
|
|
LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
|
|
|
|
'') + ''
|
2019-03-20 20:05:45 +00:00
|
|
|
${nss}/bin/shlibsign -v -i "$libfile"
|
2012-08-21 20:35:46 +01:00
|
|
|
done
|
2015-10-05 16:45:54 +01:00
|
|
|
|
2015-12-02 09:03:23 +00:00
|
|
|
moveToOutput bin "$tools"
|
|
|
|
moveToOutput bin/nss-config "$dev"
|
|
|
|
moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
|
2018-01-03 21:39:37 +00:00
|
|
|
rm -f "$out"/lib/*.a
|
2012-08-21 20:35:46 +01:00
|
|
|
'';
|
2013-08-07 15:17:58 +01:00
|
|
|
|
2018-08-17 22:55:36 +01:00
|
|
|
meta = with stdenv.lib; {
|
2020-04-01 02:11:51 +01:00
|
|
|
homepage = "https://developer.mozilla.org/en-US/docs/NSS";
|
2013-08-07 15:17:58 +01:00
|
|
|
description = "A set of libraries for development of security-enabled client and server applications";
|
2018-08-17 22:55:36 +01:00
|
|
|
license = licenses.mpl20;
|
|
|
|
platforms = platforms.all;
|
2013-08-07 15:17:58 +01:00
|
|
|
};
|
2005-08-24 10:54:42 +01:00
|
|
|
}
|