mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-01 03:12:51 +00:00
nss: Sign libraries after striping.
Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation
This commit is contained in:
parent
29fce94665
commit
9e0aaf30aa
@ -86,4 +86,12 @@ stdenv.mkDerivation rec {
|
||||
--subst-var-by includedir $out/include/nss \
|
||||
--subst-var-by libdir $out/lib
|
||||
''; # */
|
||||
|
||||
postFixup = ''
|
||||
for libname in freebl3 nssdbm3 softokn3
|
||||
do
|
||||
libfile="$out/lib/lib$libname.so"
|
||||
LD_LIBRARY_PATH=$out/lib $out/bin/shlibsign -v -i "$libfile"
|
||||
done
|
||||
'';
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user