Commit Graph

149 Commits

Author SHA1 Message Date
Sandro Jäckel
9fc898d625
nss: remove usage of stdenv.lib 2021-01-31 16:07:26 +01:00
rnhmjoj
b9bb98cf49
nss: add option to use p11-kit
This commit adds an option to replace libnssckbi with the
p11-kit-trust[1] module. It makes all NSS application (like Firefox,
Chromium, etc.) use the system trust store (/etc/ssl/certs/ in NixOS)
and other PKCS#11 modules without ad-hoc configuration.

This approach was first implemented in Fedora[2] and other distributions
like Arch Linux, later.
[1]: https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-nss.html

[2]: https://fedoraproject.org/wiki/Features/SharedSystemCertificates
2021-01-24 10:50:52 +01:00
Ben Siraphob
66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
ajs124
22cd16f5b0 nss: 3.59 -> 3.60 2020-12-17 07:31:34 +01:00
ajs124
fce1a3ee1a
nss: 3.58 -> 3.59
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.59_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
6c33216fcb
nss: 3.57 -> 3.58
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
2020-11-18 20:13:23 +01:00
Andreas Rammhold
cbd0f8931c
nss_3_53: init 2020-11-18 20:13:23 +01:00
Andreas Rammhold
94448baf6d
cacert: decouple from NSS to reduce rebuild amount
In [#100765] @vcunat pointed out that we could decouple cacert from the
NSS package to make it more rebuild friendly. Just rebuilding packages
that depend on NSS seems to be about ~100. Rebuilding all the packages
that depend on cacert is >9k as of this writing. This makes it much more
feasible to upgrade high-profile packages that are (rightfully) pedantic
on their NSS version like firefox and thunderbird.

[#100765]: https://github.com/NixOS/nixpkgs/pull/100765
2020-11-18 20:13:22 +01:00
Michael Raskin
15430f8465
Merge pull request #102428 from r-burns/nss
nss: fix build on ppc64[le]
2020-11-15 09:42:19 +00:00
zimbatm
5ff35fab0f
fixup! nss: make reproducible (#102156)
Fixes a precedence issue from fe9f55907e

`lib.optionalString <cond> 'text' + 'text2'` will always have 'text2' as
part of the result.
2020-11-02 11:55:11 +01:00
Ryan Burns
eed2008a2d nss: fix build on ppc64[le]
NSS configure scripts use the abbreviated form ppc64/ppc64le:
https://github.com/nss-dev/nss/blob/NSS_3_57_RTM/coreconf/config.gypi#L209

Whereas nixpkgs uses the longer form:
`nix eval nixpkgs.pkgsCross.powernv.hostPlatform.parsed.cpu.name`
`powerpc64le`
2020-11-01 20:37:48 -08:00
zimbatm
8f2be9ac36
nss: make reproducible (#102156)
According to
c1fad130dc/build.sh (l129)
the FIPS mode is not enabled by default. Yet we generate the .chk files
that are only meant to be used for that mode. I have a sense that those
have been cargo-culted around.

Adding FIPS is still possible but you have to explictily build the lib
with `pkgs.nss.override { enableFIPS = true; }`

More info on what FIPS is:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6

Other distros wrangling with the same issue:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081723
2020-10-31 21:17:26 +01:00
Vladimír Čunát
336bc8283b
Re-Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
This reverts commit c778945806.

I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
2020-10-26 08:19:17 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Andrew Childs
722d02a720 treewide: move fixDarwinDylibNames to nativeBuildInputs
This hook runs at build time and depends on executing
install_name_tool from binutils.
2020-10-21 13:26:53 +09:00
Vladimír Čunát
80d90e69fe
nss: 3.56 -> 3.57
Release notes seem "boring":
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

My understanding is that this version will be needed in Firefox 82 released
in one month from now: https://wiki.mozilla.org/NSS:Release_Versions
2020-09-19 08:23:45 +02:00
ajs124
49aa282108 nss: 3.55 -> 3.56 2020-08-26 08:34:52 +02:00
Vladimír Čunát
ce174c7bc9
Merge #94587: nss: fix on darwin 2020-08-06 09:08:29 +02:00
Matthew Bauer
d0468f86e8 nss: set install name correctly 2020-08-02 22:35:30 -05:00
Frederik Rietdijk
cee7df4846 Merge staging-next into staging 2020-07-30 18:28:15 +02:00
ajs124
93a3c37128 nss: enable libpkix build
this was enabled by default with the old build system, but requires this flag with the new one

fixes ##93955
2020-07-29 20:31:14 +02:00
ajs124
67f0fcc014 nss: 3.54 -> 3.55 2020-07-26 14:06:31 +02:00
ajs124
8f925208cd nss: try to fix darwin build 2020-07-20 17:20:35 +02:00
ajs124
6760ec6c40 nss: gyp supports python3 now 2020-07-20 14:58:46 +02:00
Vladimír Čunát
0513a9128f
nss_3_44: bring back this older branch for firefox-esr
/cc nss PR #91746
2020-07-19 12:30:25 +02:00
ajs124
487373fb2c nss: 3.52.1 -> 3.54 2020-07-15 19:08:51 +02:00
Frederik Rietdijk
febc27b59a Merge master into staging-next 2020-06-12 08:57:26 +02:00
Mario Rodas
8b2d735d1a
nss: fix build on darwin 2020-06-10 04:20:00 -05:00
ajs124
be7c11c439
nss: 3.52 -> 3.52.1
Needed to compile firefox 77.  Taken from PR #89438.
2020-06-05 06:24:06 +02:00
Gaelan Steele
b14d997778 nss: fix building for aarch32 on aarch64
There are two ways to build a package for aarch32 on an aarch64 machine:
either by cross compiling as normal, or by adding armv6l/armv7l to
extraPlatforms and doing a non-cross compile.

Previously, NSS failed to build with both methods: when using
extraPlatforms, things failed because NSS includes an armv8-specific
file (presumably based on the result of uname); when cross compiling,
NSS's build system expects to receive an architecture name of arm (not
armv6l or whatever), so was failing to include some arch-specific code
and failed with a linker error.

This commit fixes those things by a) always passing the arch, even when
not cross-compiling, and b) special-casing aarch32 to always pass in an
arch of arm.
2020-05-14 09:26:09 -07:00
Andreas Rammhold
bce5268a21
niss: 3.51 -> 3.52 2020-05-04 01:39:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Konrad Borowski
60c646c031 nss: 3.49.2 -> 3.51 2020-03-10 14:36:52 +01:00
Andreas Rammhold
92f660e254 nss: 3.48 -> 3.49.2 2020-02-11 07:51:22 +01:00
Andreas Rammhold
6da3b5e8b7 nss: 3.47.1 -> 3.48.1 2020-01-08 14:48:30 +01:00
Robin Gloster
a085e9c061
nss: *Flags are lists 2019-12-30 11:13:40 +01:00
Andreas Rammhold
1c0b2785b4
nss: 3.46.1 -> 3.47.1 2019-11-27 21:08:19 +01:00
Andreas Rammhold
b4f278a07c nss: 3.46 -> 3.46.1 2019-10-21 21:58:37 +02:00
Andreas Rammhold
7b504b49b0 nss: 3.44.1 -> 3.46 2019-09-02 16:13:19 +02:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
taku0
442fd85db6
nss: 3.44 -> 3.44.1 2019-07-15 09:38:15 +02:00
Matthew Bauer
fc04ec9274
Merge pull request #58063 from illegalprime/nss-cross
nss: cross compile support
2019-06-10 21:33:19 -04:00
Will Dietz
979970a4cd
nss: 3.43 -> 3.44 2019-05-15 17:03:35 -05:00
Will Dietz
354ccb2052
nss: 3.42.1 -> 3.43
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.43_release_notes
2019-05-15 17:03:15 -05:00
Michael Eden
6261601b00 nss: move CPU_ARCH and OS_TEST to cross comp 2019-03-26 22:07:10 -04:00
Michael Eden
8f4dcedbb0 nss: cross compile support 2019-03-25 13:30:53 -04:00
Tim Steinbach
e27fa435f7
nss: 3.42 -> 3.42.1 2019-02-13 08:10:13 -05:00
Andreas Rammhold
604bd482d1 nss: 3.41 -> 3.42 2019-01-29 20:30:42 +01:00
Alyssa Ross
fdc6caf144
nss: 3.40.1 -> 3.41 2018-12-16 14:22:54 +00:00
Will Dietz
e1adb093b7 nss: 3.40 -> 3.40.1 2018-12-02 00:00:10 -06:00