Merge pull request #144219 from mweinelt/firefox
This commit is contained in:
commit
b47fcee2a5
15 changed files with 31 additions and 461 deletions
|
@ -128,7 +128,6 @@ in
|
|||
ferm = handleTest ./ferm.nix {};
|
||||
firefox = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox; };
|
||||
firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job
|
||||
firefox-esr-78 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-78; };
|
||||
firefox-esr-91 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-91; };
|
||||
firejail = handleTest ./firejail.nix {};
|
||||
firewall = handleTest ./firewall.nix {};
|
||||
|
|
|
@ -5,15 +5,15 @@
|
|||
|
||||
{ lib, stdenv, pkg-config, pango, perl, python3, zip
|
||||
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
|
||||
, freetype, fontconfig, file, nspr, nss, nss_3_53
|
||||
, freetype, fontconfig, file, nspr, nss
|
||||
, yasm, libGLU, libGL, sqlite, unzip, makeWrapper
|
||||
, hunspell, libevent, libstartup_notification
|
||||
, libvpx_1_8
|
||||
, icu69, libpng, glib, pciutils
|
||||
, autoconf213, which, gnused, rustPackages, rustPackages_1_45
|
||||
, autoconf213, which, gnused, rustPackages
|
||||
, rust-cbindgen, nodejs, nasm, fetchpatch
|
||||
, gnum4
|
||||
, gtk2, gtk3, wrapGAppsHook
|
||||
, gtk3, wrapGAppsHook
|
||||
, debugBuild ? false
|
||||
|
||||
### optionals
|
||||
|
@ -91,20 +91,16 @@ let
|
|||
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
|
||||
else "/bin";
|
||||
|
||||
# 78 ESR won't build with rustc 1.47
|
||||
inherit (if lib.versionAtLeast version "82" then rustPackages else rustPackages_1_45)
|
||||
rustc cargo;
|
||||
inherit (rustPackages) rustc cargo;
|
||||
|
||||
# Darwin's stdenv provides the default llvmPackages version, match that since
|
||||
# clang LTO on Darwin is broken so the stdenv is not being changed.
|
||||
# Target the LLVM version that rustc -Vv reports it is built with for LTO.
|
||||
# rustPackages_1_45 -> LLVM 10, rustPackages -> LLVM 11
|
||||
llvmPackages0 =
|
||||
/**/ if stdenv.isDarwin
|
||||
if stdenv.isDarwin
|
||||
then buildPackages.llvmPackages
|
||||
else if lib.versionAtLeast rustc.llvm.version "11"
|
||||
then buildPackages.llvmPackages_11
|
||||
else buildPackages.llvmPackages_10;
|
||||
else rustc.llvmPackages;
|
||||
|
||||
# Force the use of lld and other llvm tools for LTO
|
||||
llvmPackages = llvmPackages0.override {
|
||||
bootBintoolsNoLibc = null;
|
||||
|
@ -117,8 +113,6 @@ let
|
|||
then overrideCC stdenv llvmPackages.clangUseLLVM
|
||||
else stdenv;
|
||||
|
||||
nss_pkg = if lib.versionOlder version "83" then nss_3_53 else nss;
|
||||
|
||||
# --enable-release adds -ffunction-sections & LTO that require a big amount of
|
||||
# RAM and the 32-bit memory space cannot handle that linking
|
||||
# We also disable adding "-g" for easier linking
|
||||
|
@ -135,27 +129,9 @@ buildStdenv.mkDerivation ({
|
|||
|
||||
patches = [
|
||||
] ++
|
||||
lib.optional (lib.versionOlder version "86") ./env_var_for_system_dir-ff85.patch ++
|
||||
lib.optional (lib.versionAtLeast version "86") ./env_var_for_system_dir-ff86.patch ++
|
||||
lib.optional (lib.versionOlder version "83") ./no-buildconfig-ffx76.patch ++
|
||||
lib.optional (lib.versionAtLeast version "90") ./no-buildconfig-ffx90.patch ++
|
||||
lib.optional (ltoSupport && lib.versionOlder version "84") ./lto-dependentlibs-generation-ffx83.patch ++
|
||||
lib.optional (ltoSupport && lib.versionAtLeast version "84" && lib.versionOlder version "86")
|
||||
(fetchpatch {
|
||||
url = "https://hg.mozilla.org/mozilla-central/raw-rev/fdff20c37be3";
|
||||
sha256 = "135n9brliqy42lj3nqgb9d9if7x6x9nvvn0z4anbyf89bikixw48";
|
||||
})
|
||||
|
||||
# This patch adds pipewire support for the ESR release
|
||||
++ lib.optional (pipewireSupport && lib.versionOlder version "83")
|
||||
(fetchpatch {
|
||||
# https://src.fedoraproject.org/rpms/firefox/blob/master/f/firefox-pipewire-0-3.patch
|
||||
url = "https://src.fedoraproject.org/rpms/firefox/raw/e99b683a352cf5b2c9ff198756859bae408b5d9d/f/firefox-pipewire-0-3.patch";
|
||||
sha256 = "0qc62di5823r7ly2lxkclzj9rhg2z7ms81igz44nv0fzv3dszdab";
|
||||
})
|
||||
|
||||
++ patches;
|
||||
|
||||
patches;
|
||||
|
||||
# Ignore trivial whitespace changes in patches, this fixes compatibility of
|
||||
# ./env_var_for_system_dir.patch with Firefox >=65 without having to track
|
||||
|
@ -163,7 +139,7 @@ buildStdenv.mkDerivation ({
|
|||
patchFlags = [ "-p1" "-l" ];
|
||||
|
||||
buildInputs = [
|
||||
gtk3 perl zip libjpeg zlib bzip2
|
||||
gnum4 gtk3 perl zip libjpeg zlib bzip2
|
||||
dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor
|
||||
xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
|
||||
xorg.pixman yasm libGLU libGL
|
||||
|
@ -177,7 +153,7 @@ buildStdenv.mkDerivation ({
|
|||
# yasm can potentially be removed in future versions
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
|
||||
# https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
|
||||
nspr nss_pkg
|
||||
nspr nss
|
||||
]
|
||||
++ lib.optional alsaSupport alsa-lib
|
||||
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
|
||||
|
@ -185,11 +161,9 @@ buildStdenv.mkDerivation ({
|
|||
++ lib.optionals waylandSupport [ libxkbcommon libdrm ]
|
||||
++ lib.optional pipewireSupport pipewire
|
||||
++ lib.optional jemallocSupport jemalloc
|
||||
++ lib.optional (lib.versionAtLeast version "82") gnum4
|
||||
++ lib.optionals buildStdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos
|
||||
AVFoundation MediaToolbox CoreLocation
|
||||
Foundation libobjc AddressBook cups ]
|
||||
++ lib.optional (lib.versionOlder version "90") gtk2;
|
||||
Foundation libobjc AddressBook cups ];
|
||||
|
||||
NIX_LDFLAGS = lib.optionalString ltoSupport ''
|
||||
-rpath ${llvmPackages.libunwind.out}/lib
|
||||
|
@ -201,22 +175,7 @@ buildStdenv.mkDerivation ({
|
|||
rm -rf obj-x86_64-pc-linux-gnu
|
||||
substituteInPlace toolkit/xre/glxtest.cpp \
|
||||
--replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so'
|
||||
'' + lib.optionalString (pipewireSupport && lib.versionOlder version "83") ''
|
||||
# substitute the /usr/include/ lines for the libraries that pipewire provides.
|
||||
# The patch we pick from fedora only contains the generated moz.build files
|
||||
# which hardcode the dependency paths instead of running pkg_config.
|
||||
substituteInPlace \
|
||||
media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build \
|
||||
--replace /usr/include ${pipewire.dev}/include
|
||||
'' + lib.optionalString (lib.versionAtLeast version "80" && lib.versionOlder version "81") ''
|
||||
substituteInPlace dom/system/IOUtils.h \
|
||||
--replace '#include "nspr/prio.h"' '#include "prio.h"'
|
||||
|
||||
substituteInPlace dom/system/IOUtils.cpp \
|
||||
--replace '#include "nspr/prio.h"' '#include "prio.h"' \
|
||||
--replace '#include "nspr/private/pprio.h"' '#include "private/pprio.h"' \
|
||||
--replace '#include "nspr/prtypes.h"' '#include "prtypes.h"'
|
||||
'';
|
||||
'';
|
||||
|
||||
nativeBuildInputs =
|
||||
[
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
--- a/toolkit/xre/nsXREDirProvider.cpp 2019-02-28 21:00:14.157543388 +0100
|
||||
+++ b/toolkit/xre/nsXREDirProvider.cpp 2019-02-28 21:01:28.731128320 +0100
|
||||
@@ -302 +302,2 @@
|
||||
- rv = NS_NewNativeLocalFile(dirname, false, getter_AddRefs(localDir));
|
||||
+ const char* pathVar = PR_GetEnv("MOZ_SYSTEM_DIR");
|
||||
+ rv = NS_NewNativeLocalFile((pathVar && *pathVar) ? nsDependentCString(pathVar) : reinterpret_cast<const nsCString&>(dirname), false, getter_AddRefs(localDir));
|
|
@ -1,45 +0,0 @@
|
|||
--- a/toolkit/library/build/dependentlibs.py
|
||||
+++ b/toolkit/library/build/dependentlibs.py
|
||||
@@ -36,26 +36,17 @@ def dependentlibs_win32_objdump(lib):
|
||||
proc.wait()
|
||||
return deps
|
||||
|
||||
-def dependentlibs_readelf(lib):
|
||||
+def dependentlibs_elf_objdump(lib):
|
||||
'''Returns the list of dependencies declared in the given ELF .so'''
|
||||
- proc = subprocess.Popen([substs.get('TOOLCHAIN_PREFIX', '') + 'readelf', '-d', lib], stdout = subprocess.PIPE,
|
||||
+ proc = subprocess.Popen([substs['LLVM_OBJDUMP'], '--private-headers', lib], stdout = subprocess.PIPE,
|
||||
universal_newlines=True)
|
||||
deps = []
|
||||
for line in proc.stdout:
|
||||
- # Each line has the following format:
|
||||
- # tag (TYPE) value
|
||||
- # or with BSD readelf:
|
||||
- # tag TYPE value
|
||||
- # Looking for NEEDED type entries
|
||||
- tmp = line.split(' ', 3)
|
||||
- if len(tmp) > 3 and 'NEEDED' in tmp[2]:
|
||||
- # NEEDED lines look like:
|
||||
- # 0x00000001 (NEEDED) Shared library: [libname]
|
||||
- # or with BSD readelf:
|
||||
- # 0x00000001 NEEDED Shared library: [libname]
|
||||
- match = re.search('\[(.*)\]', tmp[3])
|
||||
- if match:
|
||||
- deps.append(match.group(1))
|
||||
+ # We are looking for lines with the format:
|
||||
+ # NEEDED libname
|
||||
+ tmp = line.split()
|
||||
+ if len(tmp) == 2 and tmp[0] == 'NEEDED':
|
||||
+ deps.append(tmp[1])
|
||||
proc.wait()
|
||||
return deps
|
||||
|
||||
@@ -110,7 +101,7 @@ def gen_list(output, lib):
|
||||
libpaths = [os.path.join(substs['DIST'], 'bin')]
|
||||
binary_type = get_type(lib)
|
||||
if binary_type == ELF:
|
||||
- func = dependentlibs_readelf
|
||||
+ func = dependentlibs_elf_objdump
|
||||
elif binary_type == MACHO:
|
||||
func = dependentlibs_mac_objdump
|
||||
else:
|
|
@ -1,24 +0,0 @@
|
|||
Remove about:buildconfig. If used as-is, it would add unnecessary runtime dependencies.
|
||||
diff -ur firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp firefox-65.0/docshell/base/nsAboutRedirector.cpp
|
||||
--- firefox-76.0.orig/docshell/base/nsAboutRedirector.cpp 2020-05-03 19:01:29.926544735 +0200
|
||||
+++ firefox-76.0/docshell/base/nsAboutRedirector.cpp 2020-05-03 19:12:00.845035570 +0200
|
||||
@@ -62,8 +62,6 @@
|
||||
{"about", "chrome://global/content/aboutAbout.html", 0},
|
||||
{"addons", "chrome://mozapps/content/extensions/extensions.xhtml",
|
||||
nsIAboutModule::ALLOW_SCRIPT},
|
||||
- {"buildconfig", "chrome://global/content/buildconfig.html",
|
||||
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
|
||||
{"checkerboard", "chrome://global/content/aboutCheckerboard.html",
|
||||
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
|
||||
nsIAboutModule::ALLOW_SCRIPT},
|
||||
diff -ur firefox-65.0-orig/toolkit/content/jar.mn firefox-65.0/toolkit/content/jar.mn
|
||||
--- firefox-65.0-orig/toolkit/content/jar.mn 2019-01-23 00:48:35.033372506 +0100
|
||||
+++ firefox-65.0/toolkit/content/jar.mn 2019-01-23 00:50:45.126565924 +0100
|
||||
@@ -36,7 +36,6 @@
|
||||
content/global/plugins.css
|
||||
content/global/browser-child.js
|
||||
content/global/browser-content.js
|
||||
-* content/global/buildconfig.html
|
||||
content/global/buildconfig.css
|
||||
content/global/contentAreaUtils.js
|
||||
content/global/datepicker.xhtml
|
|
@ -7,10 +7,10 @@ in
|
|||
rec {
|
||||
firefox = common rec {
|
||||
pname = "firefox";
|
||||
version = "93.0";
|
||||
version = "94.0";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
|
||||
sha512 = "b29890e331819d47201b599b9feaaa7eaa0b02088fcbf980efc4f289d43da4f73970bf35ba2f763a2a892fd5318deb68cb9a66e71e9bc0c603642434c7e32e91";
|
||||
sha512 = "5eb65450a0f1842d28d73235f3ef95fa1dbf8cf1467c354f13df51313bd227aaf5a48b741ee49b13378aaaf054bff52004c1dd5a274eddef4a3cf1b913ef7071";
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
@ -32,10 +32,10 @@ rec {
|
|||
|
||||
firefox-esr-91 = common rec {
|
||||
pname = "firefox-esr";
|
||||
version = "91.2.0esr";
|
||||
version = "91.3.0esr";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
|
||||
sha512 = "f4cff7e43ff9927cbab3f02d37d360ee8bb0dbe988e280cb0638ee67bfe3c76e3a0469336de1b212fba66c958d58594b1739aafee1ebb84695d098c1e5c77b9d";
|
||||
sha512 = "7cf6efd165acc134bf576715580c103a2fc10ab928ede4c18f69908c62a04eb0f60affa8ceafd5883b393c31b85cae6821d0ae063c9e78117456d475947deaa9";
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
@ -54,29 +54,4 @@ rec {
|
|||
versionSuffix = "esr";
|
||||
};
|
||||
};
|
||||
|
||||
firefox-esr-78 = common rec {
|
||||
pname = "firefox-esr";
|
||||
version = "78.15.0esr";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
|
||||
sha512 = "ac3de735b246ce4f0e1619cd2664321ffa374240ce6843e785d79a350dc30c967996bbcc5e3b301cb3d822ca981cbea116758fc4122f1738d75ddfd1165b6378";
|
||||
};
|
||||
|
||||
meta = {
|
||||
description = "A web browser built from Firefox Extended Support Release source tree";
|
||||
homepage = "http://www.mozilla.com/en-US/firefox/";
|
||||
maintainers = with lib.maintainers; [ eelco hexa ];
|
||||
platforms = lib.platforms.unix;
|
||||
badPlatforms = lib.platforms.darwin;
|
||||
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
|
||||
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
|
||||
license = lib.licenses.mpl20;
|
||||
};
|
||||
tests = [ nixosTests.firefox-esr-78 ];
|
||||
updateScript = callPackage ./update.nix {
|
||||
attrPath = "firefox-esr-78-unwrapped";
|
||||
versionSuffix = "esr";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
Remove about:buildconfig. If used as-is, it would add unnecessary runtime dependencies.
|
||||
--- a/comm/mail/base/jar.mn
|
||||
+++ b/comm/mail/base/jar.mn
|
||||
@@ -119,9 +119,7 @@
|
||||
% override chrome://mozapps/content/profile/profileDowngrade.js chrome://messenger/content/profileDowngrade.js
|
||||
% override chrome://mozapps/content/profile/profileDowngrade.xhtml chrome://messenger/content/profileDowngrade.xhtml
|
||||
|
||||
-* content/messenger/buildconfig.html (content/buildconfig.html)
|
||||
content/messenger/buildconfig.css (content/buildconfig.css)
|
||||
-% override chrome://global/content/buildconfig.html chrome://messenger/content/buildconfig.html
|
||||
% override chrome://global/content/buildconfig.css chrome://messenger/content/buildconfig.css
|
||||
|
||||
# L10n resources and overrides.
|
|
@ -34,32 +34,4 @@ rec {
|
|||
attrPath = "thunderbird-unwrapped";
|
||||
};
|
||||
};
|
||||
|
||||
thunderbird-78 = common rec {
|
||||
pname = "thunderbird";
|
||||
version = "78.14.0";
|
||||
application = "comm/mail";
|
||||
binaryName = pname;
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz";
|
||||
sha512 = "0zan30jvv45pd6i59l2kfyfjwivqk5qq6vyf77xhss2dk8qhk3mfrfxpfbkrab676l14b9hs09nr6ni1h1iwn82zx5k7fx5x8sh5dx6";
|
||||
};
|
||||
patches = [
|
||||
./no-buildconfig-78.patch
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "A full-featured e-mail client";
|
||||
homepage = "https://thunderbird.net/";
|
||||
maintainers = with maintainers; [ eelco lovesegfault pierron vcunat ];
|
||||
platforms = platforms.unix;
|
||||
badPlatforms = platforms.darwin;
|
||||
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
|
||||
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
|
||||
license = licenses.mpl20;
|
||||
};
|
||||
updateScript = callPackage ./update.nix {
|
||||
attrPath = "thunderbird-78-unwrapped";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,54 +0,0 @@
|
|||
# New rust versions should first go to staging.
|
||||
# Things to check after updating:
|
||||
# 1. Rustc should produce rust binaries on x86_64-linux, aarch64-linux and x86_64-darwin:
|
||||
# i.e. nix-shell -p fd or @GrahamcOfBorg build fd on github
|
||||
# This testing can be also done by other volunteers as part of the pull
|
||||
# request review, in case platforms cannot be covered.
|
||||
# 2. The LLVM version used for building should match with rust upstream.
|
||||
# 3. Firefox and Thunderbird should still build on x86_64-linux.
|
||||
|
||||
{ stdenv, lib
|
||||
, buildPackages
|
||||
, newScope, callPackage
|
||||
, CoreFoundation, Security, SystemConfiguration
|
||||
, pkgsBuildTarget, pkgsBuildBuild, pkgsBuildHost
|
||||
, makeRustPlatform
|
||||
, llvmPackages_5, llvm_10
|
||||
} @ args:
|
||||
|
||||
import ./default.nix {
|
||||
rustcVersion = "1.45.2";
|
||||
rustcSha256 = "0273a1g3f59plyi1n0azf21qjzwml1yqdnj5z472crz37qggr8xp";
|
||||
|
||||
llvmSharedForBuild = pkgsBuildBuild.llvmPackages_10.libllvm.override { enableSharedLibraries = true; };
|
||||
llvmSharedForHost = pkgsBuildHost.llvmPackages_10.libllvm.override { enableSharedLibraries = true; };
|
||||
llvmSharedForTarget = pkgsBuildTarget.llvmPackages_10.libllvm.override { enableSharedLibraries = true; };
|
||||
|
||||
llvmBootstrapForDarwin = llvmPackages_5;
|
||||
|
||||
# For use at runtime
|
||||
llvmShared = llvm_10.override { enableSharedLibraries = true; };
|
||||
|
||||
# Note: the version MUST be one version prior to the version we're
|
||||
# building
|
||||
bootstrapVersion = "1.44.1";
|
||||
|
||||
# fetch hashes by running `print-hashes.sh ${bootstrapVersion}`
|
||||
bootstrapHashes = {
|
||||
i686-unknown-linux-gnu = "e69689b0a1b66599cf83e7dd54f839419007e44376195e93e301a3175da3d854";
|
||||
x86_64-unknown-linux-gnu = "a41df89a461a580536aeb42755e43037556fba2e527dd13a1e1bb0749de28202";
|
||||
x86_64-unknown-linux-musl = "7eeef2b7488ee96015db10bc52c43f6e023debc9a955ccb8efb382522bf35be9";
|
||||
arm-unknown-linux-gnueabihf = "ea18ccdfb62a153c2d43d013fdec56993cc9267f1cdc6f3834df8a2b9b468f08";
|
||||
armv7-unknown-linux-gnueabihf = "d44294732cf268ea84908f1135f574ab9489132a332eaa9d5bda547374b15d54";
|
||||
aarch64-unknown-linux-gnu = "a2d74ebeec0b6778026b6c37814cdc91d14db3b0d8b6d69d036216f4d9cf7e49";
|
||||
x86_64-apple-darwin = "a5464e7bcbce9647607904a4afa8362382f1fc55d39e7bbaf4483ac00eb5d56a";
|
||||
powerpc64le-unknown-linux-gnu = "22deeca259459db31065af7c862fcab7fbfb623200520c65002ed2ba93d87ad2";
|
||||
};
|
||||
|
||||
selectRustPackage = pkgs: pkgs.rust_1_45;
|
||||
|
||||
rustcPatches = [
|
||||
];
|
||||
}
|
||||
|
||||
(builtins.removeAttrs args [ "fetchpatch" "pkgsBuildHost" "llvmPackages_5" "llvm_10" ])
|
|
@ -32,6 +32,9 @@ import ./default.nix {
|
|||
# For use at runtime
|
||||
llvmShared = llvm_12.override { enableSharedLibraries = true; };
|
||||
|
||||
# Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
|
||||
llvmPackagesForBuild = pkgsBuildBuild.llvmPackages_12;
|
||||
|
||||
# Note: the version MUST be one version prior to the version we're
|
||||
# building
|
||||
bootstrapVersion = "1.54.0";
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
, llvmSharedForBuild
|
||||
, llvmSharedForHost
|
||||
, llvmSharedForTarget
|
||||
, llvmPackagesForBuild # Exposed through rustc for LTO in Firefox
|
||||
}:
|
||||
{ stdenv, lib
|
||||
, buildPackages
|
||||
|
@ -85,7 +86,7 @@
|
|||
version = rustcVersion;
|
||||
sha256 = rustcSha256;
|
||||
inherit enableRustcDev;
|
||||
inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget;
|
||||
inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackagesForBuild;
|
||||
|
||||
patches = rustcPatches;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ lib, stdenv, removeReferencesTo, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget
|
||||
, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget
|
||||
, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackagesForBuild
|
||||
, fetchurl, file, python3
|
||||
, darwin, cmake, rust, rustPlatform
|
||||
, pkg-config, openssl
|
||||
|
@ -174,7 +174,10 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
requiredSystemFeatures = [ "big-parallel" ];
|
||||
|
||||
passthru.llvm = llvmShared;
|
||||
passthru = {
|
||||
llvm = llvmShared;
|
||||
llvmPackages = llvmPackagesForBuild;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://www.rust-lang.org/";
|
||||
|
|
|
@ -1,180 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, nspr
|
||||
, perl
|
||||
, zlib
|
||||
, sqlite
|
||||
, darwin
|
||||
, fixDarwinDylibNames
|
||||
, buildPackages
|
||||
, ninja
|
||||
, # allow FIPS mode. Note that this makes the output non-reproducible.
|
||||
# https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
|
||||
enableFIPS ? false
|
||||
}:
|
||||
|
||||
let
|
||||
nssPEM = fetchurl {
|
||||
url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";
|
||||
sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "nss";
|
||||
version = "3.53.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/${pname}-${version}.tar.gz";
|
||||
sha256 = "05jk65x3zy6q8lx2djj8ik7kg741n88iy4n3bblw89cv0xkxxk1d";
|
||||
};
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
|
||||
nativeBuildInputs = [ perl ninja (buildPackages.python3.withPackages (ps: with ps; [ gyp ])) ]
|
||||
++ lib.optionals stdenv.hostPlatform.isDarwin [ darwin.cctools fixDarwinDylibNames ];
|
||||
|
||||
buildInputs = [ zlib sqlite ];
|
||||
|
||||
propagatedBuildInputs = [ nspr ];
|
||||
|
||||
prePatch = ''
|
||||
# strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_
|
||||
xz -d < ${nssPEM} | sed \
|
||||
-e 's/-DIRS = builtins $/-DIRS = . builtins/g' \
|
||||
-e 's/CKO_NETSCAPE_/CKO_NSS_/g' \
|
||||
-e 's/CKT_NETSCAPE_/CKT_NSS_/g' \
|
||||
| patch -p1
|
||||
|
||||
patchShebangs nss
|
||||
|
||||
for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do
|
||||
substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env"
|
||||
done
|
||||
|
||||
substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep"
|
||||
'';
|
||||
|
||||
patches = [
|
||||
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
|
||||
./85_security_load.patch
|
||||
./ckpem.patch
|
||||
./fix-cross-compilation.patch
|
||||
];
|
||||
|
||||
patchFlags = [ "-p0" ];
|
||||
|
||||
postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
|
||||
substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
|
||||
substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
|
||||
'';
|
||||
|
||||
outputs = [ "out" "dev" "tools" ];
|
||||
|
||||
preConfigure = "cd nss";
|
||||
|
||||
buildPhase =
|
||||
let
|
||||
getArch = platform:
|
||||
if platform.isx86_64 then "x64"
|
||||
else if platform.isx86_32 then "ia32"
|
||||
else if platform.isAarch32 then "arm"
|
||||
else if platform.isAarch64 then "arm64"
|
||||
else if platform.isPower && platform.is64bit then
|
||||
(
|
||||
if platform.isLittleEndian then "ppc64le" else "ppc64"
|
||||
)
|
||||
else platform.parsed.cpu.name;
|
||||
# yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
|
||||
target = getArch stdenv.hostPlatform;
|
||||
host = getArch stdenv.buildPlatform;
|
||||
in
|
||||
''
|
||||
runHook preBuild
|
||||
|
||||
sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
|
||||
./build.sh -v --opt \
|
||||
--with-nspr=${nspr.dev}/include:${nspr.out}/lib \
|
||||
--system-sqlite \
|
||||
--enable-legacy-db \
|
||||
--target ${target} \
|
||||
-Dhost_arch=${host} \
|
||||
-Duse_system_zlib=1 \
|
||||
--enable-libpkix \
|
||||
${lib.optionalString enableFIPS "--enable-fips"} \
|
||||
${lib.optionalString stdenv.isDarwin "--clang"} \
|
||||
${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\"";
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
rm -rf $out/private
|
||||
find $out -name "*.TOC" -delete
|
||||
mv $out/public $out/include
|
||||
|
||||
ln -s lib $out/lib64
|
||||
|
||||
# Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672
|
||||
# https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch?id=af1acce6c6d2c3adb17689261dfe2c2b6771ab8a
|
||||
NSS_MAJOR_VERSION=`grep "NSS_VMAJOR" lib/nss/nss.h | awk '{print $3}'`
|
||||
NSS_MINOR_VERSION=`grep "NSS_VMINOR" lib/nss/nss.h | awk '{print $3}'`
|
||||
NSS_PATCH_VERSION=`grep "NSS_VPATCH" lib/nss/nss.h | awk '{print $3}'`
|
||||
PREFIX="$out"
|
||||
|
||||
mkdir -p $out/lib/pkgconfig
|
||||
sed -e "s,%prefix%,$PREFIX," \
|
||||
-e "s,%exec_prefix%,$PREFIX," \
|
||||
-e "s,%libdir%,$PREFIX/lib64," \
|
||||
-e "s,%includedir%,$dev/include/nss," \
|
||||
-e "s,%NSS_VERSION%,$NSS_MAJOR_VERSION.$NSS_MINOR_VERSION.$NSS_PATCH_VERSION,g" \
|
||||
-e "s,%NSPR_VERSION%,4.16,g" \
|
||||
pkg/pkg-config/nss.pc.in > $out/lib/pkgconfig/nss.pc
|
||||
chmod 0644 $out/lib/pkgconfig/nss.pc
|
||||
|
||||
sed -e "s,@prefix@,$PREFIX," \
|
||||
-e "s,@MOD_MAJOR_VERSION@,$NSS_MAJOR_VERSION," \
|
||||
-e "s,@MOD_MINOR_VERSION@,$NSS_MINOR_VERSION," \
|
||||
-e "s,@MOD_PATCH_VERSION@,$NSS_PATCH_VERSION," \
|
||||
pkg/pkg-config/nss-config.in > $out/bin/nss-config
|
||||
chmod 0755 $out/bin/nss-config
|
||||
'';
|
||||
|
||||
postFixup =
|
||||
let
|
||||
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
|
||||
nss = if isCross then buildPackages.nss.tools else "$out";
|
||||
in
|
||||
(lib.optionalString enableFIPS (''
|
||||
for libname in freebl3 nssdbm3 softokn3
|
||||
do libfile="$out/lib/lib$libname${stdenv.hostPlatform.extensions.sharedLibrary}"'' +
|
||||
(if stdenv.isDarwin
|
||||
then ''
|
||||
DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
|
||||
'' else ''
|
||||
LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
|
||||
'') + ''
|
||||
${nss}/bin/shlibsign -v -i "$libfile"
|
||||
done
|
||||
'')) +
|
||||
''
|
||||
moveToOutput bin "$tools"
|
||||
moveToOutput bin/nss-config "$dev"
|
||||
moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
|
||||
rm -f "$out"/lib/*.a
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS";
|
||||
description = "A set of libraries for development of security-enabled client and server applications";
|
||||
maintainers = with maintainers; [ ];
|
||||
license = licenses.mpl20;
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
|
@ -1,7 +1,5 @@
|
|||
{ stdenv, fetchurl, libxml2, gnutls, libxslt, pkg-config, libgcrypt, libtool
|
||||
# nss_3_53 is used instead of the latest due to a number of issues:
|
||||
# https://github.com/lsh123/xmlsec/issues?q=is%3Aissue+is%3Aopen+nss
|
||||
, openssl, nss_3_53, lib, runCommandCC, writeText }:
|
||||
, openssl, nss, lib, runCommandCC, writeText }:
|
||||
|
||||
lib.fix (self:
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -24,11 +22,11 @@ stdenv.mkDerivation rec {
|
|||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
|
||||
buildInputs = [ libxml2 gnutls libxslt libgcrypt libtool openssl nss_3_53 ];
|
||||
buildInputs = [ libxml2 gnutls libxslt libgcrypt libtool openssl nss ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
doCheck = true;
|
||||
checkInputs = [ nss_3_53.tools ];
|
||||
checkInputs = [ nss.tools ];
|
||||
preCheck = ''
|
||||
substituteInPlace tests/testrun.sh \
|
||||
--replace 'timestamp=`date +%Y%m%d_%H%M%S`' 'timestamp=19700101_000000' \
|
||||
|
|
|
@ -12682,16 +12682,6 @@ with pkgs;
|
|||
inherit (darwin) apple_sdk;
|
||||
};
|
||||
|
||||
# Because rustc-1.46.0 enables static PIE by default for
|
||||
# `x86_64-unknown-linux-musl` this release will suffer from:
|
||||
#
|
||||
# https://github.com/NixOS/nixpkgs/issues/94228
|
||||
#
|
||||
# So this commit doesn't remove the 1.45.2 release.
|
||||
rust_1_45 = callPackage ../development/compilers/rust/1_45.nix {
|
||||
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
|
||||
llvm_10 = llvmPackages_10.libllvm;
|
||||
};
|
||||
rust_1_55 = callPackage ../development/compilers/rust/1_55.nix {
|
||||
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
|
||||
llvm_12 = llvmPackages_12.libllvm;
|
||||
|
@ -12702,7 +12692,6 @@ with pkgs;
|
|||
mrustc-minicargo = callPackage ../development/compilers/mrustc/minicargo.nix { };
|
||||
mrustc-bootstrap = callPackage ../development/compilers/mrustc/bootstrap.nix { };
|
||||
|
||||
rustPackages_1_45 = rust_1_45.packages.stable;
|
||||
rustPackages_1_55 = rust_1_55.packages.stable;
|
||||
rustPackages = rustPackages_1_55;
|
||||
|
||||
|
@ -18670,9 +18659,6 @@ with pkgs;
|
|||
nss = lowPrio (callPackage ../development/libraries/nss { });
|
||||
nssTools = nss.tools;
|
||||
|
||||
# required for stable thunderbird and firefox-esr-78
|
||||
nss_3_53 = lowPrio (callPackage ../development/libraries/nss/3.53.nix { });
|
||||
|
||||
nss_wrapper = callPackage ../development/libraries/nss_wrapper { };
|
||||
|
||||
nsss = skawarePackages.nsss;
|
||||
|
@ -25015,15 +25001,13 @@ with pkgs;
|
|||
});
|
||||
|
||||
firefox-unwrapped = firefoxPackages.firefox;
|
||||
firefox-esr-78-unwrapped = firefoxPackages.firefox-esr-78;
|
||||
firefox-esr-91-unwrapped = firefoxPackages.firefox-esr-91;
|
||||
firefox = wrapFirefox firefox-unwrapped { };
|
||||
firefox-wayland = wrapFirefox firefox-unwrapped { forceWayland = true; };
|
||||
firefox-esr-78 = wrapFirefox firefox-esr-78-unwrapped { };
|
||||
firefox-esr-91 = wrapFirefox firefox-esr-91-unwrapped { };
|
||||
|
||||
firefox-esr = firefox-esr-78;
|
||||
firefox-esr-unwrapped = firefoxPackages.firefox-esr-78;
|
||||
firefox-esr = firefox-esr-91;
|
||||
firefox-esr-unwrapped = firefoxPackages.firefox-esr-91;
|
||||
firefox-esr-wayland = wrapFirefox firefox-esr-91-unwrapped { forceWayland = true; };
|
||||
|
||||
firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin {
|
||||
|
@ -28300,9 +28284,7 @@ with pkgs;
|
|||
});
|
||||
|
||||
thunderbird-unwrapped = thunderbirdPackages.thunderbird;
|
||||
thunderbird-78-unwrapped = thunderbirdPackages.thunderbird-78;
|
||||
thunderbird = wrapThunderbird thunderbird-unwrapped { };
|
||||
thunderbird-78 = wrapThunderbird thunderbird-78-unwrapped { };
|
||||
thunderbird-wayland = wrapThunderbird thunderbird-unwrapped { forceWayland = true; };
|
||||
|
||||
thunderbolt = callPackage ../os-specific/linux/thunderbolt {};
|
||||
|
|
Loading…
Reference in a new issue