commit 487373fb2cc021a9b53f889976080bc54d09f178 · pyrox.dev/nixpkgs

+19 -24

pkgs/development/libraries/nss/85_security_load.patch

··· 1 - diff -ru -x '*~' -x '*.orig' -x '*.rej' nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c 2 - --- nss/cmd/shlibsign/shlibsign.c 2017-01-04 15:24:24.000000000 +0100 3 - +++ nss/cmd/shlibsign/shlibsign.c 2017-01-24 14:43:31.030420852 +0100 4 - @@ -875,6 +875,8 @@ 1 + diff --git nss/cmd/shlibsign/shlibsign.c nss/cmd/shlibsign/shlibsign.c 2 + index ad8f3b84e..74676d039 100644 3 + --- nss/cmd/shlibsign/shlibsign.c 4 + +++ nss/cmd/shlibsign/shlibsign.c 5 + @@ -875,6 +875,8 @@ main(int argc, char **argv) 5 6 goto cleanup; 6 7 } 7 8 lib = PR_LoadLibrary(libname); ··· 10 11 assert(lib != NULL); 11 12 if (!lib) { 12 13 PR_fprintf(PR_STDERR, "loading softokn3 failed"); 13 - diff -ru -x '*~' -x '*.orig' -x '*.rej' nss/coreconf/config.mk nss/coreconf/config.mk 14 - --- nss/coreconf/config.mk 2017-01-04 15:24:24.000000000 +0100 15 - +++ nss/coreconf/config.mk 2017-01-24 14:43:47.989432372 +0100 16 - @@ -202,3 +202,6 @@ 17 - 18 - # Hide old, deprecated, TLS cipher suite names when building NSS 19 - DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES 20 - + 21 - +# Nix specific stuff. 22 - +DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" 23 - diff -ru -x '*~' -x '*.orig' -x '*.rej' nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c 24 - --- nss/lib/pk11wrap/pk11load.c 2017-01-04 15:24:24.000000000 +0100 25 - +++ nss/lib/pk11wrap/pk11load.c 2017-01-24 14:45:06.883485652 +0100 26 - @@ -440,6 +440,13 @@ 14 + diff --git nss/lib/pk11wrap/pk11load.c nss/lib/pk11wrap/pk11load.c 15 + index 9e7a0a546..a0a23a1a4 100644 16 + --- nss/lib/pk11wrap/pk11load.c 17 + +++ nss/lib/pk11wrap/pk11load.c 18 + @@ -466,6 +466,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) 27 19 * unload the library if anything goes wrong from here on out... 28 20 */ 29 21 library = PR_LoadLibrary(mod->dllName); 22 + +#ifndef NSS_STATIC_SOFTOKEN 30 23 + if ((library == NULL) && 31 24 + !rindex(mod->dllName, PR_GetDirectorySeparator())) { 32 25 + library = PORT_LoadLibraryFromOrigin(my_shlib_name, 33 26 + (PRFuncPtr) &softoken_LoadDSO, 34 27 + mod->dllName); 35 28 + } 29 + +#endif 36 30 + 37 31 mod->library = (void *)library; 38 32 39 33 if (library == NULL) { 40 - diff -ru -x '*~' -x '*.orig' -x '*.rej' nss/lib/util/secload.c nss/lib/util/secload.c 41 - --- nss/lib/util/secload.c 2017-01-04 15:24:24.000000000 +0100 42 - +++ nss/lib/util/secload.c 2017-01-24 14:43:31.030420852 +0100 43 - @@ -70,9 +70,14 @@ 34 + diff --git nss/lib/util/secload.c nss/lib/util/secload.c 35 + index 12efd2f75..8b74478f6 100644 36 + --- nss/lib/util/secload.c 37 + +++ nss/lib/util/secload.c 38 + @@ -70,9 +70,14 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) 44 39 45 40 /* Remove the trailing filename from referencePath and add the new one */ 46 41 c = strrchr(referencePath, PR_GetDirectorySeparator()); ··· 56 51 if (fullName) { 57 52 memcpy(fullName, referencePath, referencePathSize); 58 53 strcpy(fullName + referencePathSize, name); 59 - @@ -82,6 +87,11 @@ 54 + @@ -82,6 +87,11 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) 60 55 #endif 61 56 libSpec.type = PR_LibSpec_Pathname; 62 57 libSpec.value.pathname = fullName; ··· 68 63 dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL 69 64 #ifdef PR_LD_ALT_SEARCH_PATH 70 65 /* allow library's dependencies to be found in the same directory 71 - @@ -89,6 +99,10 @@ 66 + @@ -89,6 +99,10 @@ loader_LoadLibInReferenceDir(const char* referencePath, const char* name) 72 67 | PR_LD_ALT_SEARCH_PATH 73 68 #endif 74 69 );

+45 -37

pkgs/development/libraries/nss/default.nix

··· 1 - { stdenv, fetchurl, nspr, perl, zlib, sqlite, fixDarwinDylibNames, buildPackages }: 1 + { stdenv, fetchurl, nspr, perl, zlib, sqlite, fixDarwinDylibNames, buildPackages, ninja }: 2 2 3 3 let 4 4 nssPEM = fetchurl { 5 5 url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; 6 6 sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; 7 7 }; 8 - version = "3.52.1"; 8 + version = "3.54"; 9 9 underscoreVersion = builtins.replaceStrings ["."] ["_"] version; 10 10 11 11 in stdenv.mkDerivation rec { ··· 14 14 15 15 src = fetchurl { 16 16 url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; 17 - sha256 = "0y4jb9095f7bbgw7d7kvzm4c3g4p5i6y68fwhb8wlkpb7b1imj5w"; 17 + sha256 = "0hvfip056pl07h6w91i6fyji5nczrrsxyr56rls7jd2yryzqpcfs"; 18 18 }; 19 19 20 20 depsBuildBuild = [ buildPackages.stdenv.cc ]; 21 21 22 - nativeBuildInputs = [ perl ]; 22 + nativeBuildInputs = [ perl ninja (buildPackages.python2.withPackages (ps: with ps; [ gyp ])) ]; 23 23 24 24 buildInputs = [ zlib sqlite ] 25 25 ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; ··· 29 29 prePatch = '' 30 30 # strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_ 31 31 xz -d < ${nssPEM} | sed \ 32 - -e '/^-DIRS = builtins $/ s/ $//' \ 32 + -e 's/-DIRS = builtins $/-DIRS = . builtins/g' \ 33 33 -e 's/CKO_NETSCAPE_/CKO_NSS_/g' \ 34 34 -e 's/CKT_NETSCAPE_/CKT_NSS_/g' \ 35 35 | patch -p1 36 + 37 + patchShebangs nss 38 + 39 + for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do 40 + substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" 41 + done 42 + 43 + substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" 36 44 ''; 37 45 38 46 patches = ··· 40 48 # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch 41 49 ./85_security_load.patch 42 50 ./ckpem.patch 51 + ./fix-cross-compilation.patch 43 52 ]; 44 53 45 54 patchFlags = [ "-p0" ]; ··· 52 61 53 62 preConfigure = "cd nss"; 54 63 55 - makeFlags = let 56 - # NSS's build systems expects aarch32 to be called arm; if we pass in armv6l/armv7l, it 57 - # fails with a linker error 58 - cpu = if stdenv.hostPlatform.isAarch32 then "arm" else stdenv.hostPlatform.parsed.cpu.name; 59 - in [ 60 - "NSPR_INCLUDE_DIR=${nspr.dev}/include" 61 - "NSPR_LIB_DIR=${nspr.out}/lib" 62 - "NSDISTMODE=copy" 63 - "BUILD_OPT=1" 64 - "SOURCE_PREFIX=\$(out)" 65 - "NSS_ENABLE_ECC=1" 66 - "USE_SYSTEM_ZLIB=1" 67 - "NSS_USE_SYSTEM_SQLITE=1" 68 - "NATIVE_CC=${buildPackages.stdenv.cc}/bin/cc" 69 - ] ++ stdenv.lib.optionals (!stdenv.isDarwin) [ 70 - # Pass in CPU even if we're not cross compiling, because otherwise it tries to guess with 71 - # uname, which can be wrong if e.g. we're compiling for aarch32 on aarch64 72 - "OS_TEST=${cpu}" 73 - "CPU_ARCH=${cpu}" 74 - ] ++ stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ 75 - "CROSS_COMPILE=1" 76 - "NSS_DISABLE_GTESTS=1" # don't want to build tests when cross-compiling 77 - ] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1" 78 - ++ stdenv.lib.optional stdenv.isDarwin "CCC=clang++"; 64 + buildPhase = let 65 + getArch = platform: if platform.isx86_64 then "x64" 66 + else if platform.isx86_32 then "ia32" 67 + else if platform.isAarch32 then "arm" 68 + else if platform.isAarch64 then "arm64" 69 + else platform.parsed.cpu.name; 70 + # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on 71 + target = getArch stdenv.hostPlatform; 72 + host = getArch stdenv.buildPlatform; 73 + in '' 74 + runHook preBuild 75 + 76 + sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh 77 + ./build.sh -v --opt \ 78 + --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ 79 + --system-sqlite \ 80 + --enable-legacy-db \ 81 + --target ${target} \ 82 + -Dhost_arch=${host} \ 83 + -Duse_system_zlib=1 \ 84 + ${stdenv.lib.optionalString stdenv.isDarwin "--clang"} \ 85 + ${stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} 79 86 80 - NIX_CFLAGS_COMPILE = "-Wno-error"; 87 + runHook postBuild 88 + ''; 81 89 82 - # TODO(@oxij): investigate this: `make -n check` works but `make 83 - # check` fails with "no rule", same for "installcheck". 84 - doCheck = false; 85 - doInstallCheck = false; 90 + NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\""; 91 + 92 + installPhase = '' 93 + runHook preInstall 86 94 87 - postInstall = '' 88 95 rm -rf $out/private 96 + find $out -name "*.TOC" -delete 89 97 mv $out/public $out/include 90 - mv $out/*.OBJ/* $out/ 91 - rmdir $out/*.OBJ 92 98 93 99 ln -s lib $out/lib64 94 100 ··· 138 144 moveToOutput bin/nss-config "$dev" 139 145 moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example 140 146 rm -f "$out"/lib/*.a 147 + 148 + runHook postInstall 141 149 ''; 142 150 143 151 meta = with stdenv.lib; {

+11

pkgs/development/libraries/nss/fix-cross-compilation.patch

··· 1 + --- nss/nss.gyp 2 + +++ nss/nss.gyp 3 + @@ -280,7 +280,7 @@ 4 + 'outputs/': [['exclude', 'nssdbm3']] 5 + }], 6 + ], 7 + - 'action': ['<(python)', '<(DEPTH)/coreconf/shlibsign.py', '<@(_inputs)'] 8 + + 'action': ['true'] 9 + } 10 + ], 11 + },