From patchwork Sat Aug 17 19:32:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Eure X-Patchwork-Id: 67082 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 940BD27BBE9; Sat, 17 Aug 2024 20:33:37 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5CDCB27BBE2 for ; Sat, 17 Aug 2024 20:33:33 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sfPAz-000825-Oy; Sat, 17 Aug 2024 15:33:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sfPAx-00081h-N0 for guix-patches@gnu.org; Sat, 17 Aug 2024 15:33:23 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sfPAx-0000LP-DV for guix-patches@gnu.org; Sat, 17 Aug 2024 15:33:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=4KBGFw1Omm7sjz9NttDCfjCKj50udd1X81qVEhRN6MM=; b=D/0Fx6m6Kbx+dNFj8/rcWp9p08J9V6WbyUXeQrfa5e3tXYzCGxIDRptirv3LI48aQuCtHk9v6PZLYo3lIQkl0OQ8Pui4FlUB1LfgSy2anWyYSbT+X1ihycYZC1tML/yRef5OWMfqHuJOPruR3Sw6nMMxwKXo+kBr8xqpjmJ57y8szUisyLyoKMHkphKYTr+PQF+y/V3EvhNKzx0VExcqbZNStUn022C/XGjwbvFtSBehXvVR9M5sP6Hb7e3asoBMiPssRQpEm2SoW8PBQo8jmjNOHL7neO4Rgo+If1JnyGjWFUF47e8su/LcchOFl+ENtYQdxsP5aShVpC1Kvk9iEw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sfPBa-0002QZ-LX for guix-patches@gnu.org; Sat, 17 Aug 2024 15:34:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71832] [PATCH v6 2/3] gnu: Add nss-rapid. Resent-From: Ian Eure Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 17 Aug 2024 19:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71832 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71832@debbugs.gnu.org Cc: Ian Eure , guix-security@gnu.org Received: via spool by 71832-submit@debbugs.gnu.org id=B71832.17239232379298 (code B ref 71832); Sat, 17 Aug 2024 19:34:02 +0000 Received: (at 71832) by debbugs.gnu.org; 17 Aug 2024 19:33:57 +0000 Received: from localhost ([127.0.0.1]:55001 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBU-0002Po-Bb for submit@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:56 -0400 Received: from fhigh7-smtp.messagingengine.com ([103.168.172.158]:50577) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfPBS-0002PK-Hh for 71832@debbugs.gnu.org; Sat, 17 Aug 2024 15:33:54 -0400 Received: from phl-compute-01.internal (phl-compute-01.nyi.internal [10.202.2.41]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 144411147077; Sat, 17 Aug 2024 15:33:10 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Sat, 17 Aug 2024 15:33:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1723923190; x= 1724009590; bh=4KBGFw1Omm7sjz9NttDCfjCKj50udd1X81qVEhRN6MM=; b=j s5B5UrBSw/BjKXPtaRN/57J+tXEnCfJbTxrZhNIFwVpYnlP6cy0tM3eOHtJWy71o Du0M0QCUYfZmQxCHM+FL8fHNszQ0s/0v4w45ig9clKHjZui2lq16Ty2bbyYmyNTV QYVLc68qgAIq8AaY8o3aJdYUTnzFId5P3/KQpyJxajgQmeKOj4A8xl+IDXNZMbVn akcOBXZqATPDXpL8mcYXwiUuEinAv79Q4nm/reg2FBb3TIJJ6Yvh/1htuHlSuuKe 6i5vE+mHNhY2EZptkKssf+GLEgqoce9rcKW2APul4ouErp2JsfUnRKxccWxPgkKw ANHiHc0wtNI9KgMisuAVQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1723923190; x= 1724009590; bh=4KBGFw1Omm7sjz9NttDCfjCKj50udd1X81qVEhRN6MM=; b=F ATh6aZWCxn4ihaN+iC3seyg7ToFeGIxuup/Kf4JhZR49VSpbR1j8gz9iTydGQZUi 9g0EpdmxDu9c304zyt6mSIJb8Or6wwn1mk/pkgpGkNlxA+fo0n9g9SAAy9SzmPCT w/yJXXt73gMdmNBDyMSGQgX2FsDPIcCd8wulGTHib7T9R61OrhSFWnb/cQ4KRscF vT8oAzChy5uCPfw6i45P6urM12Z1+fEhsrECwWZiweHOZoh4au0O3e5NyWBcwrdv yJM6N42s0iL9IGkmzal8H9hppn4RpFk1nC1huUPnfcOOpzjF3TsuXqQP6V5gqqCx +yCJO7vtS9ERz38X8A1gg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddutddgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgjfhgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgr nhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpefgteeiffdvleejle eiieevgeegleegieevjeekfeevledugfehteetgfeuffevhfenucffohhmrghinhepmhho iihilhhlrgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvhdpnhgspghrtghpthhtohepfedp mhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepjedukeefvdesuggvsggsuhhgshdrgh hnuhdrohhrghdprhgtphhtthhopehguhhigidqshgvtghurhhithihsehgnhhurdhorhhg pdhrtghpthhtohepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Aug 2024 15:33:09 -0400 (EDT) From: Ian Eure Date: Sat, 17 Aug 2024 12:32:39 -0700 Message-ID: <20240817193240.27089-3-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240817193240.27089-1-ian@retrospec.tv> References: <20240817193240.27089-1-ian@retrospec.tv> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/nss.scm (nss-rapid): New variable. Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 --- gnu/packages/nss.scm | 67 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 9224a8ed5a..1a684e6146 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,8 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. 3.102.1 is the current ESR. + (define-public nss (package (name "nss") @@ -303,6 +305,71 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-rapid tracks the rapid release channel. Unless your package requires a +;; newer version, you should prefer the `nss' package, which tracks the ESR +;; channel. +;; +;; See https://wiki.mozilla.org/NSS:Release_Versions +;; and https://wiki.mozilla.org/Rapid_Release_Model + +(define-public nss-rapid + (package + (inherit nss) + (name "nss-rapid") + (version "3.103") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "0qp9rs226rr6gh51b42cdbydr4mj80cli3bfqhh7bp3jyxbvcjkv")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-08-17" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))) + (synopsis "Network Security Services (Rapid Release)") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards. + +This package tracks the Rapid Release channel, which updates frequently."))) (define-public nsncd (package (name "nsncd")