guix/gnu/packages/nss.scm
Marius Bakke f8a8984c4b
gnu: nss: Remove replacement package.
The merge preceding this commit ignored the 'replacement' added to nss in
commit 04b33ce205, because the security fix is
already present in NSS 3.48.  This commit removes the remaining bits.

* gnu/packages/patches/nss-CVE-2019-11745.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/nss.scm (nss/fixed): Remove variable.
2019-12-11 23:21:55 +01:00

185 lines
8.3 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages nss)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages sqlite)
#:use-module (ice-9 match))
(define-public nspr
(package
(name "nspr")
(version "4.24")
(source (origin
(method url-fetch)
(uri (string-append
"https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v"
version "/src/nspr-" version ".tar.gz"))
(sha256
(base32
"1l0ksiny032jijgk0g76wf0kiq673i01izj7jrs2h5d1yq6rm9ch"))))
(build-system gnu-build-system)
(native-inputs
`(("perl" ,perl)))
(arguments
`(#:tests? #f ; no check target
#:configure-flags (list "--enable-64bit"
(string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out")
"/lib"))
;; Use fixed timestamps for reproducibility.
#:make-flags '("SH_DATE='1970-01-01 00:00:01'"
;; This is epoch 1 in microseconds.
"SH_NOW=100000")
#:phases (modify-phases %standard-phases
(add-before 'configure 'chdir
(lambda _ (chdir "nspr") #t)))))
(home-page
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR")
(synopsis "Netscape API for system level and libc-like functions")
(description "Netscape Portable Runtime (@dfn{NSPR}) provides a
platform-neutral API for system level and libc-like functions. It is used
in the Mozilla clients.")
(license license:mpl2.0)))
(define-public nss
(package
(name "nss")
(version "3.48")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
(string-join (string-split version #\.) "_")))
(string-append
"https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
"releases/NSS_" version-with-underscores "_RTM/src/"
"nss-" version ".tar.gz")))
(sha256
(base32
"1b7qs1q7jqhw9dvkdznanzhc5dyq4bwx0biywszy3qx4hqm8571z"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
"nss-freebl-stubs.patch"
"nss-increase-test-timeout.patch"))))
(build-system gnu-build-system)
(outputs '("out" "bin"))
(arguments
`(#:parallel-build? #f ; not supported
#:make-flags
(let* ((out (assoc-ref %outputs "out"))
(nspr (string-append (assoc-ref %build-inputs "nspr")))
(rpath (string-append "-Wl,-rpath=" out "/lib/nss")))
(list "-C" "nss" (string-append "PREFIX=" out)
"NSDISTMODE=copy"
"NSS_USE_SYSTEM_SQLITE=1"
(string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
;; Add $out/lib/nss to RPATH.
(string-append "RPATH=" rpath)
(string-append "LDFLAGS=" rpath)))
#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 ftw)
(ice-9 match)
(srfi srfi-26))
#:phases
(modify-phases %standard-phases
(replace 'configure
(lambda _
(setenv "CC" "gcc")
;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
,@(match (%current-system)
((or "x86_64-linux" "aarch64-linux")
`((setenv "USE_64" "1")))
(_
'()))
#t))
(replace 'check
(lambda _
;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing.
;; The later requires a working DNS or /etc/hosts.
(setenv "DOMSUF" "localdomain")
(setenv "USE_IP" "TRUE")
(setenv "IP_ADDRESS" "127.0.0.1")
;; The "PayPalEE.cert" certificate expires every six months,
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
(invoke "faketime" "2019-12-01" "./nss/tests/all.sh")))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append (assoc-ref outputs "bin") "/bin"))
(inc (string-append out "/include/nss"))
(lib (string-append out "/lib/nss"))
(obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
((obj) (string-append "dist/" obj)))))
;; Install nss-config to $out/bin.
(install-file (string-append obj "/bin/nss-config")
(string-append out "/bin"))
(delete-file (string-append obj "/bin/nss-config"))
;; Install nss.pc to $out/lib/pkgconfig.
(install-file (string-append obj "/lib/pkgconfig/nss.pc")
(string-append out "/lib/pkgconfig"))
(delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
(rmdir (string-append obj "/lib/pkgconfig"))
;; Install other files.
(copy-recursively "dist/public/nss" inc)
(copy-recursively (string-append obj "/bin") bin)
(copy-recursively (string-append obj "/lib") lib)
;; FIXME: libgtest1.so is installed in the above step, and it's
;; (unnecessarily) linked with several NSS libraries, but
;; without the needed rpaths, causing the 'validate-runpath'
;; phase to fail. Here we simply delete libgtest1.so, since it
;; seems to be used only during the tests.
(delete-file (string-append lib "/libgtest1.so"))
(delete-file (string-append lib "/libgtestutil.so"))
#t))))))
(inputs
`(("sqlite" ,sqlite)
("zlib" ,zlib)))
(propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc.
(native-inputs `(("perl" ,perl)
("libfaketime" ,libfaketime))) ;for tests
;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when
;; another build is happening concurrently on the same machine.
(properties '((timeout . 216000))) ; 60 hours
(home-page
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(synopsis "Network Security Services")
(description
"Network Security Services (@dfn{NSS}) is a set of libraries designed to
support cross-platform development of security-enabled client and server
applications. Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.")
(license license:mpl2.0)))