Merge pull request #144219 from mweinelt/firefox

This commit is contained in:
Martin Weinelt 2021-11-02 23:31:13 +01:00 committed by GitHub
commit b47fcee2a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 31 additions and 461 deletions

View file

@ -128,7 +128,6 @@ in
ferm = handleTest ./ferm.nix {};
firefox = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox; };
firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job
firefox-esr-78 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-78; };
firefox-esr-91 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-91; };
firejail = handleTest ./firejail.nix {};
firewall = handleTest ./firewall.nix {};

View file

@ -5,15 +5,15 @@
{ lib, stdenv, pkg-config, pango, perl, python3, zip
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
, freetype, fontconfig, file, nspr, nss, nss_3_53
, freetype, fontconfig, file, nspr, nss
, yasm, libGLU, libGL, sqlite, unzip, makeWrapper
, hunspell, libevent, libstartup_notification
, libvpx_1_8
, icu69, libpng, glib, pciutils
, autoconf213, which, gnused, rustPackages, rustPackages_1_45
, autoconf213, which, gnused, rustPackages
, rust-cbindgen, nodejs, nasm, fetchpatch
, gnum4
, gtk2, gtk3, wrapGAppsHook
, gtk3, wrapGAppsHook
, debugBuild ? false
### optionals
@ -91,20 +91,16 @@ let
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
else "/bin";
# 78 ESR won't build with rustc 1.47
inherit (if lib.versionAtLeast version "82" then rustPackages else rustPackages_1_45)
rustc cargo;
inherit (rustPackages) rustc cargo;
# Darwin's stdenv provides the default llvmPackages version, match that since
# clang LTO on Darwin is broken so the stdenv is not being changed.
# Target the LLVM version that rustc -Vv reports it is built with for LTO.
# rustPackages_1_45 -> LLVM 10, rustPackages -> LLVM 11
llvmPackages0 =
/**/ if stdenv.isDarwin
if stdenv.isDarwin
then buildPackages.llvmPackages
else if lib.versionAtLeast rustc.llvm.version "11"
then buildPackages.llvmPackages_11
else buildPackages.llvmPackages_10;
else rustc.llvmPackages;
# Force the use of lld and other llvm tools for LTO
llvmPackages = llvmPackages0.override {
bootBintoolsNoLibc = null;
@ -117,8 +113,6 @@ let
then overrideCC stdenv llvmPackages.clangUseLLVM
else stdenv;
nss_pkg = if lib.versionOlder version "83" then nss_3_53 else nss;
# --enable-release adds -ffunction-sections & LTO that require a big amount of
# RAM and the 32-bit memory space cannot handle that linking
# We also disable adding "-g" for easier linking
@ -135,27 +129,9 @@ buildStdenv.mkDerivation ({
patches = [
] ++
lib.optional (lib.versionOlder version "86") ./env_var_for_system_dir-ff85.patch ++
lib.optional (lib.versionAtLeast version "86") ./env_var_for_system_dir-ff86.patch ++
lib.optional (lib.versionOlder version "83") ./no-buildconfig-ffx76.patch ++
lib.optional (lib.versionAtLeast version "90") ./no-buildconfig-ffx90.patch ++
lib.optional (ltoSupport && lib.versionOlder version "84") ./lto-dependentlibs-generation-ffx83.patch ++
lib.optional (ltoSupport && lib.versionAtLeast version "84" && lib.versionOlder version "86")
(fetchpatch {
url = "https://hg.mozilla.org/mozilla-central/raw-rev/fdff20c37be3";
sha256 = "135n9brliqy42lj3nqgb9d9if7x6x9nvvn0z4anbyf89bikixw48";
})
# This patch adds pipewire support for the ESR release
++ lib.optional (pipewireSupport && lib.versionOlder version "83")
(fetchpatch {
# https://src.fedoraproject.org/rpms/firefox/blob/master/f/firefox-pipewire-0-3.patch
url = "https://src.fedoraproject.org/rpms/firefox/raw/e99b683a352cf5b2c9ff198756859bae408b5d9d/f/firefox-pipewire-0-3.patch";
sha256 = "0qc62di5823r7ly2lxkclzj9rhg2z7ms81igz44nv0fzv3dszdab";
})
++ patches;
patches;
# Ignore trivial whitespace changes in patches, this fixes compatibility of
# ./env_var_for_system_dir.patch with Firefox >=65 without having to track
@ -163,7 +139,7 @@ buildStdenv.mkDerivation ({
patchFlags = [ "-p1" "-l" ];
buildInputs = [
gtk3 perl zip libjpeg zlib bzip2
gnum4 gtk3 perl zip libjpeg zlib bzip2
dbus dbus-glib pango freetype fontconfig xorg.libXi xorg.libXcursor
xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
xorg.pixman yasm libGLU libGL
@ -177,7 +153,7 @@ buildStdenv.mkDerivation ({
# yasm can potentially be removed in future versions
# https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
# https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
nspr nss_pkg
nspr nss
]
++ lib.optional alsaSupport alsa-lib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
@ -185,11 +161,9 @@ buildStdenv.mkDerivation ({
++ lib.optionals waylandSupport [ libxkbcommon libdrm ]
++ lib.optional pipewireSupport pipewire
++ lib.optional jemallocSupport jemalloc
++ lib.optional (lib.versionAtLeast version "82") gnum4
++ lib.optionals buildStdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos
AVFoundation MediaToolbox CoreLocation
Foundation libobjc AddressBook cups ]
++ lib.optional (lib.versionOlder version "90") gtk2;
Foundation libobjc AddressBook cups ];
NIX_LDFLAGS = lib.optionalString ltoSupport ''
-rpath ${llvmPackages.libunwind.out}/lib
@ -201,22 +175,7 @@ buildStdenv.mkDerivation ({
rm -rf obj-x86_64-pc-linux-gnu
substituteInPlace toolkit/xre/glxtest.cpp \
--replace 'dlopen("libpci.so' 'dlopen("${pciutils}/lib/libpci.so'
'' + lib.optionalString (pipewireSupport && lib.versionOlder version "83") ''
# substitute the /usr/include/ lines for the libraries that pipewire provides.
# The patch we pick from fedora only contains the generated moz.build files
# which hardcode the dependency paths instead of running pkg_config.
substituteInPlace \
media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build \
--replace /usr/include ${pipewire.dev}/include
'' + lib.optionalString (lib.versionAtLeast version "80" && lib.versionOlder version "81") ''
substituteInPlace dom/system/IOUtils.h \
--replace '#include "nspr/prio.h"' '#include "prio.h"'
substituteInPlace dom/system/IOUtils.cpp \
--replace '#include "nspr/prio.h"' '#include "prio.h"' \
--replace '#include "nspr/private/pprio.h"' '#include "private/pprio.h"' \
--replace '#include "nspr/prtypes.h"' '#include "prtypes.h"'
'';
'';
nativeBuildInputs =
[

View file

@ -1,6 +0,0 @@
--- a/toolkit/xre/nsXREDirProvider.cpp 2019-02-28 21:00:14.157543388 +0100
+++ b/toolkit/xre/nsXREDirProvider.cpp 2019-02-28 21:01:28.731128320 +0100
@@ -302 +302,2 @@
- rv = NS_NewNativeLocalFile(dirname, false, getter_AddRefs(localDir));
+ const char* pathVar = PR_GetEnv("MOZ_SYSTEM_DIR");
+ rv = NS_NewNativeLocalFile((pathVar && *pathVar) ? nsDependentCString(pathVar) : reinterpret_cast<const nsCString&>(dirname), false, getter_AddRefs(localDir));

View file

@ -1,45 +0,0 @@
--- a/toolkit/library/build/dependentlibs.py
+++ b/toolkit/library/build/dependentlibs.py
@@ -36,26 +36,17 @@ def dependentlibs_win32_objdump(lib):
proc.wait()
return deps
-def dependentlibs_readelf(lib):
+def dependentlibs_elf_objdump(lib):
'''Returns the list of dependencies declared in the given ELF .so'''
- proc = subprocess.Popen([substs.get('TOOLCHAIN_PREFIX', '') + 'readelf', '-d', lib], stdout = subprocess.PIPE,
+ proc = subprocess.Popen([substs['LLVM_OBJDUMP'], '--private-headers', lib], stdout = subprocess.PIPE,
universal_newlines=True)
deps = []
for line in proc.stdout:
- # Each line has the following format:
- # tag (TYPE) value
- # or with BSD readelf:
- # tag TYPE value
- # Looking for NEEDED type entries
- tmp = line.split(' ', 3)
- if len(tmp) > 3 and 'NEEDED' in tmp[2]:
- # NEEDED lines look like:
- # 0x00000001 (NEEDED) Shared library: [libname]
- # or with BSD readelf:
- # 0x00000001 NEEDED Shared library: [libname]
- match = re.search('\[(.*)\]', tmp[3])
- if match:
- deps.append(match.group(1))
+ # We are looking for lines with the format:
+ # NEEDED libname
+ tmp = line.split()
+ if len(tmp) == 2 and tmp[0] == 'NEEDED':
+ deps.append(tmp[1])
proc.wait()
return deps
@@ -110,7 +101,7 @@ def gen_list(output, lib):
libpaths = [os.path.join(substs['DIST'], 'bin')]
binary_type = get_type(lib)
if binary_type == ELF:
- func = dependentlibs_readelf
+ func = dependentlibs_elf_objdump
elif binary_type == MACHO:
func = dependentlibs_mac_objdump
else:

View file

@ -1,24 +0,0 @@
Remove about:buildconfig. If used as-is, it would add unnecessary runtime dependencies.
diff -ur firefox-65.0-orig/docshell/base/nsAboutRedirector.cpp firefox-65.0/docshell/base/nsAboutRedirector.cpp
--- firefox-76.0.orig/docshell/base/nsAboutRedirector.cpp 2020-05-03 19:01:29.926544735 +0200
+++ firefox-76.0/docshell/base/nsAboutRedirector.cpp 2020-05-03 19:12:00.845035570 +0200
@@ -62,8 +62,6 @@
{"about", "chrome://global/content/aboutAbout.html", 0},
{"addons", "chrome://mozapps/content/extensions/extensions.xhtml",
nsIAboutModule::ALLOW_SCRIPT},
- {"buildconfig", "chrome://global/content/buildconfig.html",
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
{"checkerboard", "chrome://global/content/aboutCheckerboard.html",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::ALLOW_SCRIPT},
diff -ur firefox-65.0-orig/toolkit/content/jar.mn firefox-65.0/toolkit/content/jar.mn
--- firefox-65.0-orig/toolkit/content/jar.mn 2019-01-23 00:48:35.033372506 +0100
+++ firefox-65.0/toolkit/content/jar.mn 2019-01-23 00:50:45.126565924 +0100
@@ -36,7 +36,6 @@
content/global/plugins.css
content/global/browser-child.js
content/global/browser-content.js
-* content/global/buildconfig.html
content/global/buildconfig.css
content/global/contentAreaUtils.js
content/global/datepicker.xhtml

View file

@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
version = "93.0";
version = "94.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "b29890e331819d47201b599b9feaaa7eaa0b02088fcbf980efc4f289d43da4f73970bf35ba2f763a2a892fd5318deb68cb9a66e71e9bc0c603642434c7e32e91";
sha512 = "5eb65450a0f1842d28d73235f3ef95fa1dbf8cf1467c354f13df51313bd227aaf5a48b741ee49b13378aaaf054bff52004c1dd5a274eddef4a3cf1b913ef7071";
};
meta = {
@ -32,10 +32,10 @@ rec {
firefox-esr-91 = common rec {
pname = "firefox-esr";
version = "91.2.0esr";
version = "91.3.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "f4cff7e43ff9927cbab3f02d37d360ee8bb0dbe988e280cb0638ee67bfe3c76e3a0469336de1b212fba66c958d58594b1739aafee1ebb84695d098c1e5c77b9d";
sha512 = "7cf6efd165acc134bf576715580c103a2fc10ab928ede4c18f69908c62a04eb0f60affa8ceafd5883b393c31b85cae6821d0ae063c9e78117456d475947deaa9";
};
meta = {
@ -54,29 +54,4 @@ rec {
versionSuffix = "esr";
};
};
firefox-esr-78 = common rec {
pname = "firefox-esr";
version = "78.15.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "ac3de735b246ce4f0e1619cd2664321ffa374240ce6843e785d79a350dc30c967996bbcc5e3b301cb3d822ca981cbea116758fc4122f1738d75ddfd1165b6378";
};
meta = {
description = "A web browser built from Firefox Extended Support Release source tree";
homepage = "http://www.mozilla.com/en-US/firefox/";
maintainers = with lib.maintainers; [ eelco hexa ];
platforms = lib.platforms.unix;
badPlatforms = lib.platforms.darwin;
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
license = lib.licenses.mpl20;
};
tests = [ nixosTests.firefox-esr-78 ];
updateScript = callPackage ./update.nix {
attrPath = "firefox-esr-78-unwrapped";
versionSuffix = "esr";
};
};
}

View file

@ -1,13 +0,0 @@
Remove about:buildconfig. If used as-is, it would add unnecessary runtime dependencies.
--- a/comm/mail/base/jar.mn
+++ b/comm/mail/base/jar.mn
@@ -119,9 +119,7 @@
% override chrome://mozapps/content/profile/profileDowngrade.js chrome://messenger/content/profileDowngrade.js
% override chrome://mozapps/content/profile/profileDowngrade.xhtml chrome://messenger/content/profileDowngrade.xhtml
-* content/messenger/buildconfig.html (content/buildconfig.html)
content/messenger/buildconfig.css (content/buildconfig.css)
-% override chrome://global/content/buildconfig.html chrome://messenger/content/buildconfig.html
% override chrome://global/content/buildconfig.css chrome://messenger/content/buildconfig.css
# L10n resources and overrides.

View file

@ -34,32 +34,4 @@ rec {
attrPath = "thunderbird-unwrapped";
};
};
thunderbird-78 = common rec {
pname = "thunderbird";
version = "78.14.0";
application = "comm/mail";
binaryName = pname;
src = fetchurl {
url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz";
sha512 = "0zan30jvv45pd6i59l2kfyfjwivqk5qq6vyf77xhss2dk8qhk3mfrfxpfbkrab676l14b9hs09nr6ni1h1iwn82zx5k7fx5x8sh5dx6";
};
patches = [
./no-buildconfig-78.patch
];
meta = with lib; {
description = "A full-featured e-mail client";
homepage = "https://thunderbird.net/";
maintainers = with maintainers; [ eelco lovesegfault pierron vcunat ];
platforms = platforms.unix;
badPlatforms = platforms.darwin;
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
license = licenses.mpl20;
};
updateScript = callPackage ./update.nix {
attrPath = "thunderbird-78-unwrapped";
};
};
}

View file

@ -1,54 +0,0 @@
# New rust versions should first go to staging.
# Things to check after updating:
# 1. Rustc should produce rust binaries on x86_64-linux, aarch64-linux and x86_64-darwin:
# i.e. nix-shell -p fd or @GrahamcOfBorg build fd on github
# This testing can be also done by other volunteers as part of the pull
# request review, in case platforms cannot be covered.
# 2. The LLVM version used for building should match with rust upstream.
# 3. Firefox and Thunderbird should still build on x86_64-linux.
{ stdenv, lib
, buildPackages
, newScope, callPackage
, CoreFoundation, Security, SystemConfiguration
, pkgsBuildTarget, pkgsBuildBuild, pkgsBuildHost
, makeRustPlatform
, llvmPackages_5, llvm_10
} @ args:
import ./default.nix {
rustcVersion = "1.45.2";
rustcSha256 = "0273a1g3f59plyi1n0azf21qjzwml1yqdnj5z472crz37qggr8xp";
llvmSharedForBuild = pkgsBuildBuild.llvmPackages_10.libllvm.override { enableSharedLibraries = true; };
llvmSharedForHost = pkgsBuildHost.llvmPackages_10.libllvm.override { enableSharedLibraries = true; };
llvmSharedForTarget = pkgsBuildTarget.llvmPackages_10.libllvm.override { enableSharedLibraries = true; };
llvmBootstrapForDarwin = llvmPackages_5;
# For use at runtime
llvmShared = llvm_10.override { enableSharedLibraries = true; };
# Note: the version MUST be one version prior to the version we're
# building
bootstrapVersion = "1.44.1";
# fetch hashes by running `print-hashes.sh ${bootstrapVersion}`
bootstrapHashes = {
i686-unknown-linux-gnu = "e69689b0a1b66599cf83e7dd54f839419007e44376195e93e301a3175da3d854";
x86_64-unknown-linux-gnu = "a41df89a461a580536aeb42755e43037556fba2e527dd13a1e1bb0749de28202";
x86_64-unknown-linux-musl = "7eeef2b7488ee96015db10bc52c43f6e023debc9a955ccb8efb382522bf35be9";
arm-unknown-linux-gnueabihf = "ea18ccdfb62a153c2d43d013fdec56993cc9267f1cdc6f3834df8a2b9b468f08";
armv7-unknown-linux-gnueabihf = "d44294732cf268ea84908f1135f574ab9489132a332eaa9d5bda547374b15d54";
aarch64-unknown-linux-gnu = "a2d74ebeec0b6778026b6c37814cdc91d14db3b0d8b6d69d036216f4d9cf7e49";
x86_64-apple-darwin = "a5464e7bcbce9647607904a4afa8362382f1fc55d39e7bbaf4483ac00eb5d56a";
powerpc64le-unknown-linux-gnu = "22deeca259459db31065af7c862fcab7fbfb623200520c65002ed2ba93d87ad2";
};
selectRustPackage = pkgs: pkgs.rust_1_45;
rustcPatches = [
];
}
(builtins.removeAttrs args [ "fetchpatch" "pkgsBuildHost" "llvmPackages_5" "llvm_10" ])

View file

@ -32,6 +32,9 @@ import ./default.nix {
# For use at runtime
llvmShared = llvm_12.override { enableSharedLibraries = true; };
# Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
llvmPackagesForBuild = pkgsBuildBuild.llvmPackages_12;
# Note: the version MUST be one version prior to the version we're
# building
bootstrapVersion = "1.54.0";

View file

@ -10,6 +10,7 @@
, llvmSharedForBuild
, llvmSharedForHost
, llvmSharedForTarget
, llvmPackagesForBuild # Exposed through rustc for LTO in Firefox
}:
{ stdenv, lib
, buildPackages
@ -85,7 +86,7 @@
version = rustcVersion;
sha256 = rustcSha256;
inherit enableRustcDev;
inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget;
inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackagesForBuild;
patches = rustcPatches;

View file

@ -1,5 +1,5 @@
{ lib, stdenv, removeReferencesTo, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget
, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget
, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackagesForBuild
, fetchurl, file, python3
, darwin, cmake, rust, rustPlatform
, pkg-config, openssl
@ -174,7 +174,10 @@ in stdenv.mkDerivation rec {
requiredSystemFeatures = [ "big-parallel" ];
passthru.llvm = llvmShared;
passthru = {
llvm = llvmShared;
llvmPackages = llvmPackagesForBuild;
};
meta = with lib; {
homepage = "https://www.rust-lang.org/";

View file

@ -1,180 +0,0 @@
{ lib
, stdenv
, fetchurl
, nspr
, perl
, zlib
, sqlite
, darwin
, fixDarwinDylibNames
, buildPackages
, ninja
, # allow FIPS mode. Note that this makes the output non-reproducible.
# https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6
enableFIPS ? false
}:
let
nssPEM = fetchurl {
url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz";
sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
};
in
stdenv.mkDerivation rec {
pname = "nss";
version = "3.53.1";
src = fetchurl {
url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/${pname}-${version}.tar.gz";
sha256 = "05jk65x3zy6q8lx2djj8ik7kg741n88iy4n3bblw89cv0xkxxk1d";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ perl ninja (buildPackages.python3.withPackages (ps: with ps; [ gyp ])) ]
++ lib.optionals stdenv.hostPlatform.isDarwin [ darwin.cctools fixDarwinDylibNames ];
buildInputs = [ zlib sqlite ];
propagatedBuildInputs = [ nspr ];
prePatch = ''
# strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_
xz -d < ${nssPEM} | sed \
-e 's/-DIRS = builtins $/-DIRS = . builtins/g' \
-e 's/CKO_NETSCAPE_/CKO_NSS_/g' \
-e 's/CKT_NETSCAPE_/CKT_NSS_/g' \
| patch -p1
patchShebangs nss
for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do
substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env"
done
substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep"
'';
patches = [
# Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch
./85_security_load.patch
./ckpem.patch
./fix-cross-compilation.patch
];
patchFlags = [ "-p0" ];
postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)"
substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'"
'';
outputs = [ "out" "dev" "tools" ];
preConfigure = "cd nss";
buildPhase =
let
getArch = platform:
if platform.isx86_64 then "x64"
else if platform.isx86_32 then "ia32"
else if platform.isAarch32 then "arm"
else if platform.isAarch64 then "arm64"
else if platform.isPower && platform.is64bit then
(
if platform.isLittleEndian then "ppc64le" else "ppc64"
)
else platform.parsed.cpu.name;
# yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on
target = getArch stdenv.hostPlatform;
host = getArch stdenv.buildPlatform;
in
''
runHook preBuild
sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh
./build.sh -v --opt \
--with-nspr=${nspr.dev}/include:${nspr.out}/lib \
--system-sqlite \
--enable-legacy-db \
--target ${target} \
-Dhost_arch=${host} \
-Duse_system_zlib=1 \
--enable-libpkix \
${lib.optionalString enableFIPS "--enable-fips"} \
${lib.optionalString stdenv.isDarwin "--clang"} \
${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"}
runHook postBuild
'';
NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\"";
installPhase = ''
runHook preInstall
rm -rf $out/private
find $out -name "*.TOC" -delete
mv $out/public $out/include
ln -s lib $out/lib64
# Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672
# https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.32-gentoo-fixups.patch?id=af1acce6c6d2c3adb17689261dfe2c2b6771ab8a
NSS_MAJOR_VERSION=`grep "NSS_VMAJOR" lib/nss/nss.h | awk '{print $3}'`
NSS_MINOR_VERSION=`grep "NSS_VMINOR" lib/nss/nss.h | awk '{print $3}'`
NSS_PATCH_VERSION=`grep "NSS_VPATCH" lib/nss/nss.h | awk '{print $3}'`
PREFIX="$out"
mkdir -p $out/lib/pkgconfig
sed -e "s,%prefix%,$PREFIX," \
-e "s,%exec_prefix%,$PREFIX," \
-e "s,%libdir%,$PREFIX/lib64," \
-e "s,%includedir%,$dev/include/nss," \
-e "s,%NSS_VERSION%,$NSS_MAJOR_VERSION.$NSS_MINOR_VERSION.$NSS_PATCH_VERSION,g" \
-e "s,%NSPR_VERSION%,4.16,g" \
pkg/pkg-config/nss.pc.in > $out/lib/pkgconfig/nss.pc
chmod 0644 $out/lib/pkgconfig/nss.pc
sed -e "s,@prefix@,$PREFIX," \
-e "s,@MOD_MAJOR_VERSION@,$NSS_MAJOR_VERSION," \
-e "s,@MOD_MINOR_VERSION@,$NSS_MINOR_VERSION," \
-e "s,@MOD_PATCH_VERSION@,$NSS_PATCH_VERSION," \
pkg/pkg-config/nss-config.in > $out/bin/nss-config
chmod 0755 $out/bin/nss-config
'';
postFixup =
let
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
nss = if isCross then buildPackages.nss.tools else "$out";
in
(lib.optionalString enableFIPS (''
for libname in freebl3 nssdbm3 softokn3
do libfile="$out/lib/lib$libname${stdenv.hostPlatform.extensions.sharedLibrary}"'' +
(if stdenv.isDarwin
then ''
DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
'' else ''
LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \
'') + ''
${nss}/bin/shlibsign -v -i "$libfile"
done
'')) +
''
moveToOutput bin "$tools"
moveToOutput bin/nss-config "$dev"
moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example
rm -f "$out"/lib/*.a
runHook postInstall
'';
meta = with lib; {
homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS";
description = "A set of libraries for development of security-enabled client and server applications";
maintainers = with maintainers; [ ];
license = licenses.mpl20;
platforms = platforms.all;
};
}

View file

@ -1,7 +1,5 @@
{ stdenv, fetchurl, libxml2, gnutls, libxslt, pkg-config, libgcrypt, libtool
# nss_3_53 is used instead of the latest due to a number of issues:
# https://github.com/lsh123/xmlsec/issues?q=is%3Aissue+is%3Aopen+nss
, openssl, nss_3_53, lib, runCommandCC, writeText }:
, openssl, nss, lib, runCommandCC, writeText }:
lib.fix (self:
stdenv.mkDerivation rec {
@ -24,11 +22,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libxml2 gnutls libxslt libgcrypt libtool openssl nss_3_53 ];
buildInputs = [ libxml2 gnutls libxslt libgcrypt libtool openssl nss ];
enableParallelBuilding = true;
doCheck = true;
checkInputs = [ nss_3_53.tools ];
checkInputs = [ nss.tools ];
preCheck = ''
substituteInPlace tests/testrun.sh \
--replace 'timestamp=`date +%Y%m%d_%H%M%S`' 'timestamp=19700101_000000' \

View file

@ -12682,16 +12682,6 @@ with pkgs;
inherit (darwin) apple_sdk;
};
# Because rustc-1.46.0 enables static PIE by default for
# `x86_64-unknown-linux-musl` this release will suffer from:
#
# https://github.com/NixOS/nixpkgs/issues/94228
#
# So this commit doesn't remove the 1.45.2 release.
rust_1_45 = callPackage ../development/compilers/rust/1_45.nix {
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
llvm_10 = llvmPackages_10.libllvm;
};
rust_1_55 = callPackage ../development/compilers/rust/1_55.nix {
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
llvm_12 = llvmPackages_12.libllvm;
@ -12702,7 +12692,6 @@ with pkgs;
mrustc-minicargo = callPackage ../development/compilers/mrustc/minicargo.nix { };
mrustc-bootstrap = callPackage ../development/compilers/mrustc/bootstrap.nix { };
rustPackages_1_45 = rust_1_45.packages.stable;
rustPackages_1_55 = rust_1_55.packages.stable;
rustPackages = rustPackages_1_55;
@ -18670,9 +18659,6 @@ with pkgs;
nss = lowPrio (callPackage ../development/libraries/nss { });
nssTools = nss.tools;
# required for stable thunderbird and firefox-esr-78
nss_3_53 = lowPrio (callPackage ../development/libraries/nss/3.53.nix { });
nss_wrapper = callPackage ../development/libraries/nss_wrapper { };
nsss = skawarePackages.nsss;
@ -25015,15 +25001,13 @@ with pkgs;
});
firefox-unwrapped = firefoxPackages.firefox;
firefox-esr-78-unwrapped = firefoxPackages.firefox-esr-78;
firefox-esr-91-unwrapped = firefoxPackages.firefox-esr-91;
firefox = wrapFirefox firefox-unwrapped { };
firefox-wayland = wrapFirefox firefox-unwrapped { forceWayland = true; };
firefox-esr-78 = wrapFirefox firefox-esr-78-unwrapped { };
firefox-esr-91 = wrapFirefox firefox-esr-91-unwrapped { };
firefox-esr = firefox-esr-78;
firefox-esr-unwrapped = firefoxPackages.firefox-esr-78;
firefox-esr = firefox-esr-91;
firefox-esr-unwrapped = firefoxPackages.firefox-esr-91;
firefox-esr-wayland = wrapFirefox firefox-esr-91-unwrapped { forceWayland = true; };
firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin {
@ -28300,9 +28284,7 @@ with pkgs;
});
thunderbird-unwrapped = thunderbirdPackages.thunderbird;
thunderbird-78-unwrapped = thunderbirdPackages.thunderbird-78;
thunderbird = wrapThunderbird thunderbird-unwrapped { };
thunderbird-78 = wrapThunderbird thunderbird-78-unwrapped { };
thunderbird-wayland = wrapThunderbird thunderbird-unwrapped { forceWayland = true; };
thunderbolt = callPackage ../os-specific/linux/thunderbolt {};