Sandro Jäckel
9fc898d625
nss: remove usage of stdenv.lib
2021-01-31 16:07:26 +01:00
rnhmjoj
b9bb98cf49
nss: add option to use p11-kit
...
This commit adds an option to replace libnssckbi with the
p11-kit-trust[1] module. It makes all NSS application (like Firefox,
Chromium, etc.) use the system trust store (/etc/ssl/certs/ in NixOS)
and other PKCS#11 modules without ad-hoc configuration.
This approach was first implemented in Fedora[2] and other distributions
like Arch Linux, later.
[1]: https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-nss.html
[2]: https://fedoraproject.org/wiki/Features/SharedSystemCertificates
2021-01-24 10:50:52 +01:00
Ben Siraphob
66e44425c6
pkgs/development/libraries: stdenv.lib -> lib
2021-01-21 19:11:02 -08:00
ajs124
22cd16f5b0
nss: 3.59 -> 3.60
2020-12-17 07:31:34 +01:00
ajs124
fce1a3ee1a
nss: 3.58 -> 3.59
...
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.59_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
6c33216fcb
nss: 3.57 -> 3.58
...
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
cbd0f8931c
nss_3_53: init
2020-11-18 20:13:23 +01:00
Andreas Rammhold
94448baf6d
cacert: decouple from NSS to reduce rebuild amount
...
In [#100765 ] @vcunat pointed out that we could decouple cacert from the
NSS package to make it more rebuild friendly. Just rebuilding packages
that depend on NSS seems to be about ~100. Rebuilding all the packages
that depend on cacert is >9k as of this writing. This makes it much more
feasible to upgrade high-profile packages that are (rightfully) pedantic
on their NSS version like firefox and thunderbird.
[#100765 ]: https://github.com/NixOS/nixpkgs/pull/100765
2020-11-18 20:13:22 +01:00
Michael Raskin
15430f8465
Merge pull request #102428 from r-burns/nss
...
nss: fix build on ppc64[le]
2020-11-15 09:42:19 +00:00
zimbatm
5ff35fab0f
fixup! nss: make reproducible ( #102156 )
...
Fixes a precedence issue from fe9f55907e
`lib.optionalString <cond> 'text' + 'text2'` will always have 'text2' as
part of the result.
2020-11-02 11:55:11 +01:00
Ryan Burns
eed2008a2d
nss: fix build on ppc64[le]
...
NSS configure scripts use the abbreviated form ppc64/ppc64le:
https://github.com/nss-dev/nss/blob/NSS_3_57_RTM/coreconf/config.gypi#L209
Whereas nixpkgs uses the longer form:
`nix eval nixpkgs.pkgsCross.powernv.hostPlatform.parsed.cpu.name`
`powerpc64le`
2020-11-01 20:37:48 -08:00
zimbatm
8f2be9ac36
nss: make reproducible ( #102156 )
...
According to
c1fad130dc/build.sh (l129)
the FIPS mode is not enabled by default. Yet we generate the .chk files
that are only meant to be used for that mode. I have a sense that those
have been cargo-culted around.
Adding FIPS is still possible but you have to explictily build the lib
with `pkgs.nss.override { enableFIPS = true; }`
More info on what FIPS is:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
Other distros wrangling with the same issue:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081723
2020-10-31 21:17:26 +01:00
Vladimír Čunát
336bc8283b
Re-Revert "Merge #101508 : libraw: 0.20.0 -> 0.20.2"
...
This reverts commit c778945806
.
I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
2020-10-26 08:19:17 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508 : libraw: 0.20.0 -> 0.20.2"
...
I'm sorry; I didn't notice it contained staging commits.
This reverts commit 17f5305b6c
, reversing
changes made to a8a018ddc0
.
2020-10-25 09:41:51 +01:00
Andrew Childs
722d02a720
treewide: move fixDarwinDylibNames to nativeBuildInputs
...
This hook runs at build time and depends on executing
install_name_tool from binutils.
2020-10-21 13:26:53 +09:00
Vladimír Čunát
80d90e69fe
nss: 3.56 -> 3.57
...
Release notes seem "boring":
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
My understanding is that this version will be needed in Firefox 82 released
in one month from now: https://wiki.mozilla.org/NSS:Release_Versions
2020-09-19 08:23:45 +02:00
ajs124
49aa282108
nss: 3.55 -> 3.56
2020-08-26 08:34:52 +02:00
Vladimír Čunát
ce174c7bc9
Merge #94587 : nss: fix on darwin
2020-08-06 09:08:29 +02:00
Matthew Bauer
d0468f86e8
nss: set install name correctly
2020-08-02 22:35:30 -05:00
Frederik Rietdijk
cee7df4846
Merge staging-next into staging
2020-07-30 18:28:15 +02:00
ajs124
93a3c37128
nss: enable libpkix build
...
this was enabled by default with the old build system, but requires this flag with the new one
fixes ##93955
2020-07-29 20:31:14 +02:00
ajs124
67f0fcc014
nss: 3.54 -> 3.55
2020-07-26 14:06:31 +02:00
ajs124
8f925208cd
nss: try to fix darwin build
2020-07-20 17:20:35 +02:00
ajs124
6760ec6c40
nss: gyp supports python3 now
2020-07-20 14:58:46 +02:00
Vladimír Čunát
0513a9128f
nss_3_44: bring back this older branch for firefox-esr
...
/cc nss PR #91746
2020-07-19 12:30:25 +02:00
ajs124
487373fb2c
nss: 3.52.1 -> 3.54
2020-07-15 19:08:51 +02:00
Frederik Rietdijk
febc27b59a
Merge master into staging-next
2020-06-12 08:57:26 +02:00
Mario Rodas
8b2d735d1a
nss: fix build on darwin
2020-06-10 04:20:00 -05:00
ajs124
be7c11c439
nss: 3.52 -> 3.52.1
...
Needed to compile firefox 77. Taken from PR #89438 .
2020-06-05 06:24:06 +02:00
Gaelan Steele
b14d997778
nss: fix building for aarch32 on aarch64
...
There are two ways to build a package for aarch32 on an aarch64 machine:
either by cross compiling as normal, or by adding armv6l/armv7l to
extraPlatforms and doing a non-cross compile.
Previously, NSS failed to build with both methods: when using
extraPlatforms, things failed because NSS includes an armv8-specific
file (presumably based on the result of uname); when cross compiling,
NSS's build system expects to receive an architecture name of arm (not
armv6l or whatever), so was failing to include some arch-specific code
and failed with a linker error.
This commit fixes those things by a) always passing the arch, even when
not cross-compiling, and b) special-casing aarch32 to always pass in an
arch of arm.
2020-05-14 09:26:09 -07:00
Andreas Rammhold
bce5268a21
niss: 3.51 -> 3.52
2020-05-04 01:39:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Konrad Borowski
60c646c031
nss: 3.49.2 -> 3.51
2020-03-10 14:36:52 +01:00
Andreas Rammhold
92f660e254
nss: 3.48 -> 3.49.2
2020-02-11 07:51:22 +01:00
Andreas Rammhold
6da3b5e8b7
nss: 3.47.1 -> 3.48.1
2020-01-08 14:48:30 +01:00
Robin Gloster
a085e9c061
nss: *Flags are lists
2019-12-30 11:13:40 +01:00
Andreas Rammhold
1c0b2785b4
nss: 3.46.1 -> 3.47.1
2019-11-27 21:08:19 +01:00
Andreas Rammhold
b4f278a07c
nss: 3.46 -> 3.46.1
2019-10-21 21:58:37 +02:00
Andreas Rammhold
7b504b49b0
nss: 3.44.1 -> 3.46
2019-09-02 16:13:19 +02:00
volth
46420bbaa3
treewide: name -> pname (easy cases) ( #66585 )
...
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
2019-08-15 13:41:18 +01:00
taku0
442fd85db6
nss: 3.44 -> 3.44.1
2019-07-15 09:38:15 +02:00
Matthew Bauer
fc04ec9274
Merge pull request #58063 from illegalprime/nss-cross
...
nss: cross compile support
2019-06-10 21:33:19 -04:00
Will Dietz
979970a4cd
nss: 3.43 -> 3.44
2019-05-15 17:03:35 -05:00
Will Dietz
354ccb2052
nss: 3.42.1 -> 3.43
...
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.43_release_notes
2019-05-15 17:03:15 -05:00
Michael Eden
6261601b00
nss: move CPU_ARCH and OS_TEST to cross comp
2019-03-26 22:07:10 -04:00
Michael Eden
8f4dcedbb0
nss: cross compile support
2019-03-25 13:30:53 -04:00
Tim Steinbach
e27fa435f7
nss: 3.42 -> 3.42.1
2019-02-13 08:10:13 -05:00
Andreas Rammhold
604bd482d1
nss: 3.41 -> 3.42
2019-01-29 20:30:42 +01:00
Alyssa Ross
fdc6caf144
nss: 3.40.1 -> 3.41
2018-12-16 14:22:54 +00:00
Will Dietz
e1adb093b7
nss: 3.40 -> 3.40.1
2018-12-02 00:00:10 -06:00