;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de>
;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages nss)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix hg-download)
  #:use-module (guix build-system gnu)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (gnu packages)
  #:use-module (gnu packages check)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages sqlite)
  #:use-module (ice-9 match))

(define-public nspr
  (package
    (name "nspr")
    (version "4.29")
    (source (origin
             (method url-fetch)
             (uri (string-append
                   "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v"
                   version "/src/nspr-" version ".tar.gz"))
             (sha256
              (base32
               "10i5x637x0jqmdi47grkzgn56fg6770naa3wrhr4dmsrh3dnna12"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("perl" ,perl)))
    (arguments
     `(#:tests? #f ; no check target
       #:configure-flags (list "--disable-static"
                               "--enable-64bit"
                               (string-append "LDFLAGS=-Wl,-rpath="
                                              (assoc-ref %outputs "out")
                                              "/lib"))
       ;; Use fixed timestamps for reproducibility.
       #:make-flags '("SH_DATE='1970-01-01 00:00:01'"
                      ;; This is epoch 1 in microseconds.
                      "SH_NOW=100000")
       #:phases (modify-phases %standard-phases
                  (add-before 'configure 'chdir
                    (lambda _ (chdir "nspr") #t)))))
    (home-page
     "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR")
    (synopsis "Netscape API for system level and libc-like functions")
    (description "Netscape Portable Runtime (@dfn{NSPR}) provides a
platform-neutral API for system level and libc-like functions.  It is used
in the Mozilla clients.")
    (license license:mpl2.0)))

;;; Note: When updating, also test the build of the nss-certs package, which
;;; uses the same source as nss.
(define-public nss
  ;; Use the latest commit to get this fix:
  ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1686134, which caused test
  ;; failures.  A simple patch cannot be used, as git binary diffs is not
  ;; supported.
  (let ((revision "1")
        (changeset "92dcda94c1d4688edad2c094d505cd253757c0d4"))
    (package
      (name "nss")
      (version (git-version "3.61" revision changeset))
      (source (origin
                (method hg-fetch)
                (uri (hg-reference
                     (url "https://hg.mozilla.org/projects/nss")
                     (changeset changeset)))
                (sha256
                 (base32
                  "0j3hnsfw1855x150zgdyf3d6wapiph80rmbvc34ykpp3j347q5hb"))
                (file-name (git-file-name name version))
                ;; Create nss.pc and nss-config.
                (patches (search-patches "nss-3.56-pkgconfig.patch"
                                         "nss-increase-test-timeout.patch"))
                (modules '((guix build utils)))
                (snippet
                 '(begin
                    ;; Delete the bundled copy of these libraries.
                    (delete-file-recursively "lib/zlib")
                    (delete-file-recursively "lib/sqlite")))))
      (build-system gnu-build-system)
      (outputs '("out" "bin"))
      (arguments
       ;; Parallel builds are not supported (see:
       ;; https://bugzilla.mozilla.org/show_bug.cgi?id=1640328).
       `(#:parallel-build? #f
         #:tests? #t                   ;requires at least one hour to run
         #:make-flags
         (let* ((out (assoc-ref %outputs "out"))
                (nspr (string-append (assoc-ref %build-inputs "nspr")))
                (rpath (string-append "-Wl,-rpath=" out "/lib/nss")))
           (list (string-append "PREFIX=" out)
                 "NSDISTMODE=copy"
                 "NSS_USE_SYSTEM_SQLITE=1"
                 (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
                 ;; Add $out/lib/nss to RPATH.
                 (string-append "RPATH=" rpath)
                 (string-append "LDFLAGS=" rpath)))
         #:modules ((guix build gnu-build-system)
                    (guix build utils)
                    (ice-9 ftw)
                    (ice-9 match)
                    (srfi srfi-26))
         #:phases
         (modify-phases %standard-phases
           (replace 'configure
             (lambda _
               (setenv "CC" "gcc")
               ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
               ,@(match (%current-system)
                   ((or "x86_64-linux" "aarch64-linux")
                    `((setenv "USE_64" "1")))
                   (_
                    '()))))
           (replace 'check
             (lambda* (#:key tests? #:allow-other-keys)
               (when tests?
                 ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing.
                 ;; The later requires a working DNS or /etc/hosts.
                 (setenv "DOMSUF" "localdomain")
                 (setenv "USE_IP" "TRUE")
                 (setenv "IP_ADDRESS" "127.0.0.1")

                 ;; The "PayPalEE.cert" certificate expires every six months,
                 ;; leading to test failures:
                 ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>.  To
                 ;; work around that, set the time to roughly the release date.
                 (invoke "faketime" "2021-01-22" "./tests/all.sh"))))
           (replace 'install
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (bin (string-append (assoc-ref outputs "bin") "/bin"))
                      (inc (string-append out "/include/nss"))
                      (lib (string-append out "/lib/nss"))
                      (obj (match (scandir "../dist" (cut string-suffix? "OBJ" <>))
                             ((obj) (string-append "../dist/" obj)))))
                 ;; Install nss-config to $out/bin.
                 (install-file (string-append obj "/bin/nss-config")
                               (string-append out "/bin"))
                 (delete-file (string-append obj "/bin/nss-config"))
                 ;; Install nss.pc to $out/lib/pkgconfig.
                 (install-file (string-append obj "/lib/pkgconfig/nss.pc")
                               (string-append out "/lib/pkgconfig"))
                 (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
                 (rmdir (string-append obj "/lib/pkgconfig"))
                 ;; Install other files.
                 (mkdir-p inc)
                 (copy-recursively "../dist/public/nss" inc)
                 (copy-recursively (string-append obj "/bin") bin)
                 (copy-recursively (string-append obj "/lib") lib)))))))
      (inputs
       `(("sqlite" ,sqlite)
         ("zlib" ,zlib)))
      (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc.
      (native-inputs `(("perl" ,perl)
                       ("libfaketime" ,libfaketime))) ;for tests

      ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when
      ;; another build is happening concurrently on the same machine.
      (properties '((timeout . 216000)))  ; 60 hours

      (home-page
       "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
      (synopsis "Network Security Services")
      (description
       "Network Security Services (@dfn{NSS}) is a set of libraries designed to
support cross-platform development of security-enabled client and server
applications.  Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.")
      (license license:mpl2.0))))