Toggle diff (186 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index b51bebda3d..b4fdd13abc 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -261,169 +261,17 @@ (define* (make-nss #:key version release-date hash)
security standards.")
(license license:mpl2.0)))
-;; nss should track ESRs, but currently doesn't. 3.102.1 is the current ESR.
-
(define-public nss
- (package
- (name "nss")
- ;; IMPORTANT: Also update and test the nss-certs package, which duplicates
- ;; version and source to avoid a top-level variable reference & module
- ;; cycle.
- (version "3.99")
- (source (origin
- (method url-fetch)
- (uri (let ((version-with-underscores
- (string-join (string-split version #\.) "_")))
- (string-append
- "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
- "releases/NSS_" version-with-underscores "_RTM/src/"
- "nss-" version ".tar.gz")))
- (sha256
- (base32
- "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
- ;; Create nss.pc and nss-config.
- (patches (search-patches "nss-3.56-pkgconfig.patch"
- "nss-getcwd-nonnull.patch"
- "nss-increase-test-timeout.patch"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Delete the bundled copy of these libraries.
- (delete-file-recursively "nss/lib/zlib")
- (delete-file-recursively "nss/lib/sqlite")))))
- (build-system gnu-build-system)
- (outputs '("out" "bin"))
- (arguments
- (list
- #:make-flags
- #~(let ((rpath (string-append "-Wl,-rpath=" #$output "/lib/nss")))
- (list "-C" "nss"
- (string-append "PREFIX=" #$output)
- "NSDISTMODE=copy"
- "NSS_USE_SYSTEM_SQLITE=1"
- ;; The gtests fail to compile on riscv64.
- ;; Skipping them doesn't affect the test suite.
- #$@(if (target-riscv64?)
- #~("NSS_DISABLE_GTESTS=1")
- #~())
- ;; Ensure we are building for the (%current-target-system).
- #$@(if (%current-target-system)
- #~((string-append
- "OS_TEST="
- (string-take #$(%current-target-system)
- (string-index #$(%current-target-system) #\-)))
- (string-append
- "KERNEL=" (cond (#$(target-hurd?) "gnu")
- (#$(target-linux?) "linux")
- (else ""))))
- #~())
- #$@(if (%current-target-system)
- #~("CROSS_COMPILE=1")
- #~())
- (string-append "NSPR_INCLUDE_DIR="
- (search-input-directory %build-inputs
- "include/nspr"))
- ;; Add $out/lib/nss to RPATH.
- (string-append "RPATH=" rpath)
- (string-append "LDFLAGS=" rpath)))
- #:modules '((guix build gnu-build-system)
- (guix build utils)
- (ice-9 ftw)
- (ice-9 match)
- (srfi srfi-26))
- #:tests? (not (or (%current-target-system)
- ;; Tests take more than 30 hours on some architectures.
- (target-riscv64?)
- (target-ppc32?)))
- #:phases
- #~(modify-phases %standard-phases
- (replace 'configure
- (lambda _
- (setenv "CC" #$(cc-for-target))
- (setenv "CCC" #$(cxx-for-target))
- (setenv "NATIVE_CC" "gcc")
- ;; No VSX on powerpc-linux.
- #$@(if (target-ppc32?)
- #~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))
- #~())
- ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
- #$@(if (target-64bit?)
- #~((setenv "USE_64" "1"))
- #~())))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (if tests?
- (begin
- ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for
- ;; testing. The latter requires a working DNS or /etc/hosts.
- (setenv "DOMSUF" "localdomain")
- (setenv "USE_IP" "TRUE")
- (setenv "IP_ADDRESS" "127.0.0.1")
-
- ;; This specific test is looking at performance "now
- ;; verify that we can quickly dump a database", and
- ;; we're not testing performance here (especially
- ;; since we're using faketime), so raise the
- ;; threshold
- (substitute* "nss/tests/dbtests/dbtests.sh"
- ((" -lt 5") " -lt 50"))
-
- #$@(if (target-64bit?)
- '()
- ;; The script fails to determine the source
- ;; directory when running under 'datefudge' (see
- ;; <https://issues.guix.gnu.org/72239>). Help it.
- #~((substitute* "nss/tests/gtests/gtests.sh"
- (("SOURCE_DIR=.*")
- (string-append "SOURCE_DIR=" (getcwd) "/nss\n")))))
-
- ;; The "PayPalEE.cert" certificate expires every six months,
- ;; leading to test failures:
- ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
- ;; work around that, set the time to roughly the release date.
- (invoke #$(if (target-64bit?) "faketime" "datefudge")
- "2024-01-23" "./nss/tests/all.sh"))
- (format #t "test suite not run~%"))))
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bin (string-append (assoc-ref outputs "bin") "/bin"))
- (inc (string-append out "/include/nss"))
- (lib (string-append out "/lib/nss"))
- (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
- ((obj) (string-append "dist/" obj)))))
- ;; Install nss-config to $out/bin.
- (install-file (string-append obj "/bin/nss-config")
- (string-append out "/bin"))
- (delete-file (string-append obj "/bin/nss-config"))
- ;; Install nss.pc to $out/lib/pkgconfig.
- (install-file (string-append obj "/lib/pkgconfig/nss.pc")
- (string-append out "/lib/pkgconfig"))
- (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
- (rmdir (string-append obj "/lib/pkgconfig"))
- ;; Install other files.
- (copy-recursively "dist/public/nss" inc)
- (copy-recursively (string-append obj "/bin") bin)
- (copy-recursively (string-append obj "/lib") lib)))))))
- (inputs (list sqlite zlib))
- (propagated-inputs (list nspr)) ;required by nss.pc.
- (native-inputs (list perl ;for tests
- (if (target-64bit?) libfaketime datefudge)
- which))
-
- ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when
- ;; another build is happening concurrently on the same machine.
- (properties '((timeout . 216000))) ;60 hours
-
- (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
- (synopsis "Network Security Services")
- (description
- "Network Security Services (@dfn{NSS}) is a set of libraries designed to
-support cross-platform development of security-enabled client and server
-applications. Applications built with NSS can support SSL v2 and v3, TLS,
-PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
-security standards.")
- (license license:mpl2.0)))
+ (let ((base (make-nss
+ #:version "3.102.1"
+ #:release-date "2024-07-24"
+ #:hash "1k1pjxz0ab4lg8xqggbb8pw77c1q8h4bldi09z4pj5g4hwsjv62l")))
+ (package
+ (inherit base)
+ (synopsis (string-append (package-synopsis base) " (ESR)"))
+ (description
+ (string-append (package-description base) "
+This package tracks the Extended Support Release channel.")))))
;; nss-rapid tracks the rapid release channel. Unless your package requires a
;; newer version, you should prefer the `nss' package, which tracks the ESR
--
2.46.0