From 81777e9a43c36e392e4bf735058865325f91f6fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 10 Aug 2021 13:01:28 +0200 Subject: [PATCH 1/4] nspr: format, cleanup --- pkgs/development/libraries/nspr/default.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/nspr/default.nix b/pkgs/development/libraries/nspr/default.nix index c68354a18b69..8048ef2a5e70 100644 --- a/pkgs/development/libraries/nspr/default.nix +++ b/pkgs/development/libraries/nspr/default.nix @@ -1,6 +1,9 @@ -{ lib, stdenv, fetchurl -, CoreServices ? null -, buildPackages }: +{ lib +, stdenv +, fetchurl +, CoreServices +, buildPackages +}: stdenv.mkDerivation rec { pname = "nspr"; @@ -37,13 +40,14 @@ stdenv.mkDerivation rec { moveToOutput share "$dev" # just aclocal ''; - buildInputs = [] ++ lib.optionals stdenv.isDarwin [ CoreServices ]; + buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ]; enableParallelBuilding = true; meta = with lib; { - homepage = "http://www.mozilla.org/projects/nspr/"; + homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSPR_functions"; description = "Netscape Portable Runtime, a platform-neutral API for system-level and libc-like functions"; + maintainers = with maintainers; [ ]; platforms = platforms.all; license = licenses.mpl20; }; From 4b84c7a0c814f5a470f469e48c5237ddc9f8611e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 10 Aug 2021 13:01:37 +0200 Subject: [PATCH 2/4] nss: format, cleanup --- pkgs/development/libraries/nss/3.53.nix | 142 +++++++++++++----------- 1 file changed, 79 insertions(+), 63 deletions(-) diff --git a/pkgs/development/libraries/nss/3.53.nix b/pkgs/development/libraries/nss/3.53.nix index 5d44a4d2469d..4d22e9a1a7cf 100644 --- a/pkgs/development/libraries/nss/3.53.nix +++ b/pkgs/development/libraries/nss/3.53.nix @@ -1,4 +1,14 @@ -{ lib, stdenv, fetchurl, nspr, perl, zlib, sqlite, darwin, fixDarwinDylibNames, buildPackages, ninja +{ lib +, stdenv +, fetchurl +, nspr +, perl +, zlib +, sqlite +, darwin +, fixDarwinDylibNames +, buildPackages +, ninja , # allow FIPS mode. Note that this makes the output non-reproducible. # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6 enableFIPS ? false @@ -9,7 +19,8 @@ let url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; }; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "nss"; version = "3.53.1"; @@ -44,55 +55,58 @@ in stdenv.mkDerivation rec { substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" ''; - patches = - [ - # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - ./85_security_load.patch - ./ckpem.patch - ./fix-cross-compilation.patch - ]; + patches = [ + # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch + ./85_security_load.patch + ./ckpem.patch + ./fix-cross-compilation.patch + ]; patchFlags = [ "-p0" ]; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' - substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" - substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" - ''; + substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" + substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" + ''; outputs = [ "out" "dev" "tools" ]; preConfigure = "cd nss"; - buildPhase = let - getArch = platform: if platform.isx86_64 then "x64" - else if platform.isx86_32 then "ia32" - else if platform.isAarch32 then "arm" - else if platform.isAarch64 then "arm64" - else if platform.isPower && platform.is64bit then ( + buildPhase = + let + getArch = platform: + if platform.isx86_64 then "x64" + else if platform.isx86_32 then "ia32" + else if platform.isAarch32 then "arm" + else if platform.isAarch64 then "arm64" + else if platform.isPower && platform.is64bit then + ( if platform.isLittleEndian then "ppc64le" else "ppc64" ) - else platform.parsed.cpu.name; - # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on - target = getArch stdenv.hostPlatform; - host = getArch stdenv.buildPlatform; - in '' - runHook preBuild + else platform.parsed.cpu.name; + # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on + target = getArch stdenv.hostPlatform; + host = getArch stdenv.buildPlatform; + in + '' + runHook preBuild - sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh - ./build.sh -v --opt \ - --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ - --system-sqlite \ - --enable-legacy-db \ - --target ${target} \ - -Dhost_arch=${host} \ - -Duse_system_zlib=1 \ - --enable-libpkix \ - ${lib.optionalString enableFIPS "--enable-fips"} \ - ${lib.optionalString stdenv.isDarwin "--clang"} \ - ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} + sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh + ./build.sh -v --opt \ + --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ + --system-sqlite \ + --enable-legacy-db \ + --target ${target} \ + -Dhost_arch=${host} \ + -Duse_system_zlib=1 \ + --enable-libpkix \ + ${lib.optionalString enableFIPS "--enable-fips"} \ + ${lib.optionalString stdenv.isDarwin "--clang"} \ + ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} - runHook postBuild - ''; + runHook postBuild + ''; NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\""; @@ -130,36 +144,38 @@ in stdenv.mkDerivation rec { chmod 0755 $out/bin/nss-config ''; - postFixup = let - isCross = stdenv.hostPlatform != stdenv.buildPlatform; - nss = if isCross then buildPackages.nss.tools else "$out"; - in - (lib.optionalString enableFIPS ('' - for libname in freebl3 nssdbm3 softokn3 - do '' + + postFixup = + let + isCross = stdenv.hostPlatform != stdenv.buildPlatform; + nss = if isCross then buildPackages.nss.tools else "$out"; + in + (lib.optionalString enableFIPS ('' + for libname in freebl3 nssdbm3 softokn3 + do '' + (if stdenv.isDarwin - then '' - libfile="$out/lib/lib$libname.dylib" - DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '' else '' - libfile="$out/lib/lib$libname.so" - LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '') + '' - ${nss}/bin/shlibsign -v -i "$libfile" - done - '')) + - '' - moveToOutput bin "$tools" - moveToOutput bin/nss-config "$dev" - moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example - rm -f "$out"/lib/*.a + then '' + libfile="$out/lib/lib$libname.dylib" + DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '' else '' + libfile="$out/lib/lib$libname.so" + LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '') + '' + ${nss}/bin/shlibsign -v -i "$libfile" + done + '')) + + '' + moveToOutput bin "$tools" + moveToOutput bin/nss-config "$dev" + moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example + rm -f "$out"/lib/*.a - runHook postInstall - ''; + runHook postInstall + ''; meta = with lib; { - homepage = "https://developer.mozilla.org/en-US/docs/NSS"; + homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"; description = "A set of libraries for development of security-enabled client and server applications"; + maintainers = with maintainers; [ ]; license = licenses.mpl20; platforms = platforms.all; }; From d7a6dc0bb96b6f879b2ad8e90772a66d3d3ba327 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 10 Aug 2021 13:01:51 +0200 Subject: [PATCH 3/4] nss: format, cleanup --- pkgs/development/libraries/nss/default.nix | 150 +++++++++++---------- 1 file changed, 82 insertions(+), 68 deletions(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 1d38ed4531f7..2df6214ab091 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -1,7 +1,16 @@ -{ lib, stdenv, fetchurl, nspr, perl, zlib -, sqlite, ninja -, darwin, fixDarwinDylibNames, buildPackages -, useP11kit ? true, p11-kit +{ lib +, stdenv +, fetchurl +, nspr +, perl +, zlib +, sqlite +, ninja +, darwin +, fixDarwinDylibNames +, buildPackages +, useP11kit ? true +, p11-kit , # allow FIPS mode. Note that this makes the output non-reproducible. # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6 enableFIPS ? false @@ -19,14 +28,14 @@ let # an update is required do the required changes to the expression. # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert version = "3.68"; - underscoreVersion = builtins.replaceStrings ["."] ["_"] version; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "nss"; inherit version; src = fetchurl { - url = "mirror://mozilla/security/nss/releases/NSS_${underscoreVersion}_RTM/src/${pname}-${version}.tar.gz"; + url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings [ "." ] [ "_" ] version}_RTM/src/${pname}-${version}.tar.gz"; sha256 = "0nvj7h2brcw21p1z99nrsxka056d0r1yy9nqqg0lw0w3mhnb60n4"; }; @@ -56,55 +65,58 @@ in stdenv.mkDerivation rec { substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" ''; - patches = - [ - # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch - ./85_security_load.patch - ./ckpem.patch - ./fix-cross-compilation.patch - ]; + patches = [ + # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch + ./85_security_load.patch + ./ckpem.patch + ./fix-cross-compilation.patch + ]; patchFlags = [ "-p0" ]; postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' - substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" - substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" - ''; + substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" + substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" + ''; outputs = [ "out" "dev" "tools" ]; preConfigure = "cd nss"; - buildPhase = let - getArch = platform: if platform.isx86_64 then "x64" - else if platform.isx86_32 then "ia32" - else if platform.isAarch32 then "arm" - else if platform.isAarch64 then "arm64" - else if platform.isPower && platform.is64bit then ( + buildPhase = + let + getArch = platform: + if platform.isx86_64 then "x64" + else if platform.isx86_32 then "ia32" + else if platform.isAarch32 then "arm" + else if platform.isAarch64 then "arm64" + else if platform.isPower && platform.is64bit then + ( if platform.isLittleEndian then "ppc64le" else "ppc64" ) - else platform.parsed.cpu.name; - # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on - target = getArch stdenv.hostPlatform; - host = getArch stdenv.buildPlatform; - in '' - runHook preBuild + else platform.parsed.cpu.name; + # yes, this is correct. nixpkgs uses "host" for the platform the binary will run on whereas nss uses "host" for the platform that the build is running on + target = getArch stdenv.hostPlatform; + host = getArch stdenv.buildPlatform; + in + '' + runHook preBuild - sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh - ./build.sh -v --opt \ - --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ - --system-sqlite \ - --enable-legacy-db \ - --target ${target} \ - -Dhost_arch=${host} \ - -Duse_system_zlib=1 \ - --enable-libpkix \ - ${lib.optionalString enableFIPS "--enable-fips"} \ - ${lib.optionalString stdenv.isDarwin "--clang"} \ - ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} + sed -i 's|nss_dist_dir="$dist_dir"|nss_dist_dir="'$out'"|;s|nss_dist_obj_dir="$obj_dir"|nss_dist_obj_dir="'$out'"|' build.sh + ./build.sh -v --opt \ + --with-nspr=${nspr.dev}/include:${nspr.out}/lib \ + --system-sqlite \ + --enable-legacy-db \ + --target ${target} \ + -Dhost_arch=${host} \ + -Duse_system_zlib=1 \ + --enable-libpkix \ + ${lib.optionalString enableFIPS "--enable-fips"} \ + ${lib.optionalString stdenv.isDarwin "--clang"} \ + ${lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) "--disable-tests"} - runHook postBuild - ''; + runHook postBuild + ''; NIX_CFLAGS_COMPILE = "-Wno-error -DNIX_NSS_LIBDIR=\"${placeholder "out"}/lib/\" " + lib.optionalString stdenv.hostPlatform.is64bit "-DNSS_USE_64=1"; @@ -147,36 +159,38 @@ in stdenv.mkDerivation rec { ln -sf ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi.so ''; - postFixup = let - isCross = stdenv.hostPlatform != stdenv.buildPlatform; - nss = if isCross then buildPackages.nss.tools else "$out"; - in - (lib.optionalString enableFIPS ('' - for libname in freebl3 nssdbm3 softokn3 - do '' + + postFixup = + let + isCross = stdenv.hostPlatform != stdenv.buildPlatform; + nss = if isCross then buildPackages.nss.tools else "$out"; + in + (lib.optionalString enableFIPS ('' + for libname in freebl3 nssdbm3 softokn3 + do '' + (if stdenv.isDarwin - then '' - libfile="$out/lib/lib$libname.dylib" - DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '' else '' - libfile="$out/lib/lib$libname.so" - LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ - '') + '' - ${nss}/bin/shlibsign -v -i "$libfile" - done - '')) + - '' - moveToOutput bin "$tools" - moveToOutput bin/nss-config "$dev" - moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example - rm -f "$out"/lib/*.a + then '' + libfile="$out/lib/lib$libname.dylib" + DYLD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '' else '' + libfile="$out/lib/lib$libname.so" + LD_LIBRARY_PATH=$out/lib:${nspr.out}/lib \ + '') + '' + ${nss}/bin/shlibsign -v -i "$libfile" + done + '')) + + '' + moveToOutput bin "$tools" + moveToOutput bin/nss-config "$dev" + moveToOutput lib/libcrmf.a "$dev" # needed by firefox, for example + rm -f "$out"/lib/*.a - runHook postInstall - ''; + runHook postInstall + ''; meta = with lib; { - homepage = "https://developer.mozilla.org/en-US/docs/NSS"; + homepage = "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"; description = "A set of libraries for development of security-enabled client and server applications"; + maintainers = with maintainers; [ ]; license = licenses.mpl20; platforms = platforms.all; }; From cf42c5992106c90b112abc93b0bed1c13905d0a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 10 Aug 2021 13:01:56 +0200 Subject: [PATCH 4/4] nss_wrapper: switch to pname + version --- pkgs/development/libraries/nss_wrapper/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nss_wrapper/default.nix b/pkgs/development/libraries/nss_wrapper/default.nix index 0e08083c4d82..a4538aa370cc 100644 --- a/pkgs/development/libraries/nss_wrapper/default.nix +++ b/pkgs/development/libraries/nss_wrapper/default.nix @@ -1,10 +1,11 @@ { lib, stdenv, fetchurl, cmake, pkg-config }: stdenv.mkDerivation rec { - name = "nss_wrapper-1.1.11"; + pname = "nss_wrapper"; + version = "1.1.11"; src = fetchurl { - url = "mirror://samba/cwrap/${name}.tar.gz"; + url = "mirror://samba/cwrap/nss_wrapper-${version}.tar.gz"; sha256 = "1q5l6w69yc71ly8gcbnkrcbnq6b64cbiiv99m0z5vn5lgwp36igv"; };