;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de> ;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu packages nss) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix hg-download) #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:) #:use-module (gnu packages) #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages perl) #:use-module (gnu packages sqlite) #:use-module (ice-9 match)) (define-public nspr (package (name "nspr") (version "4.29") (source (origin (method url-fetch) (uri (string-append "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v" version "/src/nspr-" version ".tar.gz")) (sha256 (base32 "10i5x637x0jqmdi47grkzgn56fg6770naa3wrhr4dmsrh3dnna12")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments `(#:tests? #f ; no check target #:configure-flags (list "--disable-static" "--enable-64bit" (string-append "LDFLAGS=-Wl,-rpath=" (assoc-ref %outputs "out") "/lib")) ;; Use fixed timestamps for reproducibility. #:make-flags '("SH_DATE='1970-01-01 00:00:01'" ;; This is epoch 1 in microseconds. "SH_NOW=100000") #:phases (modify-phases %standard-phases (add-before 'configure 'chdir (lambda _ (chdir "nspr") #t))))) (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR") (synopsis "Netscape API for system level and libc-like functions") (description "Netscape Portable Runtime (@dfn{NSPR}) provides a platform-neutral API for system level and libc-like functions. It is used in the Mozilla clients.") (license license:mpl2.0))) ;;; Note: When updating, also test the build of the nss-certs package, which ;;; uses the same source as nss. (define-public nss ;; Use the latest commit to get this fix: ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1686134, which caused test ;; failures. A simple patch cannot be used, as git binary diffs is not ;; supported. (let ((revision "1") (changeset "92dcda94c1d4688edad2c094d505cd253757c0d4")) (package (name "nss") (version (git-version "3.61" revision changeset)) (source (origin (method hg-fetch) (uri (hg-reference (url "https://hg.mozilla.org/projects/nss") (changeset changeset))) (sha256 (base32 "0j3hnsfw1855x150zgdyf3d6wapiph80rmbvc34ykpp3j347q5hb")) (file-name (git-file-name name version)) ;; Create nss.pc and nss-config. (patches (search-patches "nss-3.56-pkgconfig.patch" "nss-increase-test-timeout.patch")) (modules '((guix build utils))) (snippet '(begin ;; Delete the bundled copy of these libraries. (delete-file-recursively "lib/zlib") (delete-file-recursively "lib/sqlite"))))) (build-system gnu-build-system) (outputs '("out" "bin")) (arguments ;; Parallel builds are not supported (see: ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1640328). `(#:parallel-build? #f #:tests? #t ;requires at least one hour to run #:make-flags (let* ((out (assoc-ref %outputs "out")) (nspr (string-append (assoc-ref %build-inputs "nspr"))) (rpath (string-append "-Wl,-rpath=" out "/lib/nss"))) (list (string-append "PREFIX=" out) "NSDISTMODE=copy" "NSS_USE_SYSTEM_SQLITE=1" (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr") ;; Add $out/lib/nss to RPATH. (string-append "RPATH=" rpath) (string-append "LDFLAGS=" rpath))) #:modules ((guix build gnu-build-system) (guix build utils) (ice-9 ftw) (ice-9 match) (srfi srfi-26)) #:phases (modify-phases %standard-phases (replace 'configure (lambda _ (setenv "CC" "gcc") ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system. ,@(match (%current-system) ((or "x86_64-linux" "aarch64-linux") `((setenv "USE_64" "1"))) (_ '())))) (replace 'check (lambda* (#:key tests? #:allow-other-keys) (when tests? ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing. ;; The later requires a working DNS or /etc/hosts. (setenv "DOMSUF" "localdomain") (setenv "USE_IP" "TRUE") (setenv "IP_ADDRESS" "127.0.0.1") ;; The "PayPalEE.cert" certificate expires every six months, ;; leading to test failures: ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To ;; work around that, set the time to roughly the release date. (invoke "faketime" "2021-01-22" "./tests/all.sh")))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (bin (string-append (assoc-ref outputs "bin") "/bin")) (inc (string-append out "/include/nss")) (lib (string-append out "/lib/nss")) (obj (match (scandir "../dist" (cut string-suffix? "OBJ" <>)) ((obj) (string-append "../dist/" obj))))) ;; Install nss-config to $out/bin. (install-file (string-append obj "/bin/nss-config") (string-append out "/bin")) (delete-file (string-append obj "/bin/nss-config")) ;; Install nss.pc to $out/lib/pkgconfig. (install-file (string-append obj "/lib/pkgconfig/nss.pc") (string-append out "/lib/pkgconfig")) (delete-file (string-append obj "/lib/pkgconfig/nss.pc")) (rmdir (string-append obj "/lib/pkgconfig")) ;; Install other files. (mkdir-p inc) (copy-recursively "../dist/public/nss" inc) (copy-recursively (string-append obj "/bin") bin) (copy-recursively (string-append obj "/lib") lib))))))) (inputs `(("sqlite" ,sqlite) ("zlib" ,zlib))) (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc. (native-inputs `(("perl" ,perl) ("libfaketime" ,libfaketime))) ;for tests ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when ;; another build is happening concurrently on the same machine. (properties '((timeout . 216000))) ; 60 hours (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") (synopsis "Network Security Services") (description "Network Security Services (@dfn{NSS}) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.") (license license:mpl2.0))))