diff mbox series

[bug#73152,4/6] gnu: nss: Update to 3.102.1.

Message ID 20240909175540.8156-5-ian@retrospec.tv
State New
Headers show
Series [bug#73152,1/6] gnu: Remove nss/fixed. | expand

Commit Message

Ian Eure Sept. 9, 2024, 5:55 p.m. UTC 
gnu/packages/nss.scm (nss): Update to 3.102.1.

Change-Id: Ic24624279b1d2efbe6f4dd82cb73cc63f50f2e14
---
 gnu/packages/nss.scm | 172 +++----------------------------------------
 1 file changed, 10 insertions(+), 162 deletions(-)
diff mbox series

Patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index b51bebda3d..b4fdd13abc 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -261,169 +261,17 @@  (define* (make-nss #:key version release-date hash)
 security standards.")
     (license license:mpl2.0)))
 
-;; nss should track ESRs, but currently doesn't.  3.102.1 is the current ESR.
-
 (define-public nss
-  (package
-    (name "nss")
-    ;; IMPORTANT: Also update and test the nss-certs package, which duplicates
-    ;; version and source to avoid a top-level variable reference & module
-    ;; cycle.
-    (version "3.99")
-    (source (origin
-              (method url-fetch)
-              (uri (let ((version-with-underscores
-                          (string-join (string-split version #\.) "_")))
-                     (string-append
-                      "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
-                      "releases/NSS_" version-with-underscores "_RTM/src/"
-                      "nss-" version ".tar.gz")))
-              (sha256
-               (base32
-                "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
-              ;; Create nss.pc and nss-config.
-              (patches (search-patches "nss-3.56-pkgconfig.patch"
-                                       "nss-getcwd-nonnull.patch"
-                                       "nss-increase-test-timeout.patch"))
-              (modules '((guix build utils)))
-              (snippet
-               '(begin
-                  ;; Delete the bundled copy of these libraries.
-                  (delete-file-recursively "nss/lib/zlib")
-                  (delete-file-recursively "nss/lib/sqlite")))))
-    (build-system gnu-build-system)
-    (outputs '("out" "bin"))
-    (arguments
-     (list
-      #:make-flags
-      #~(let ((rpath (string-append "-Wl,-rpath=" #$output "/lib/nss")))
-          (list "-C" "nss"
-                (string-append "PREFIX=" #$output)
-                "NSDISTMODE=copy"
-                "NSS_USE_SYSTEM_SQLITE=1"
-                ;; The gtests fail to compile on riscv64.
-                ;; Skipping them doesn't affect the test suite.
-                #$@(if (target-riscv64?)
-                       #~("NSS_DISABLE_GTESTS=1")
-                       #~())
-                ;; Ensure we are building for the (%current-target-system).
-                #$@(if (%current-target-system)
-                       #~((string-append
-                            "OS_TEST="
-                            (string-take #$(%current-target-system)
-                                         (string-index #$(%current-target-system) #\-)))
-                          (string-append
-                            "KERNEL=" (cond (#$(target-hurd?) "gnu")
-                                            (#$(target-linux?) "linux")
-                                            (else ""))))
-                       #~())
-                #$@(if (%current-target-system)
-                       #~("CROSS_COMPILE=1")
-                       #~())
-                (string-append "NSPR_INCLUDE_DIR="
-                               (search-input-directory %build-inputs
-                                                       "include/nspr"))
-                ;; Add $out/lib/nss to RPATH.
-                (string-append "RPATH=" rpath)
-                (string-append "LDFLAGS=" rpath)))
-      #:modules '((guix build gnu-build-system)
-                  (guix build utils)
-                  (ice-9 ftw)
-                  (ice-9 match)
-                  (srfi srfi-26))
-      #:tests? (not (or (%current-target-system)
-                        ;; Tests take more than 30 hours on some architectures.
-                        (target-riscv64?)
-                        (target-ppc32?)))
-      #:phases
-      #~(modify-phases %standard-phases
-          (replace 'configure
-            (lambda _
-              (setenv "CC" #$(cc-for-target))
-              (setenv "CCC" #$(cxx-for-target))
-              (setenv "NATIVE_CC" "gcc")
-              ;; No VSX on powerpc-linux.
-              #$@(if (target-ppc32?)
-                     #~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))
-                     #~())
-              ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
-              #$@(if (target-64bit?)
-                     #~((setenv "USE_64" "1"))
-                     #~())))
-          (replace 'check
-            (lambda* (#:key tests? #:allow-other-keys)
-              (if tests?
-                  (begin
-                    ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for
-                    ;; testing.  The latter requires a working DNS or /etc/hosts.
-                    (setenv "DOMSUF" "localdomain")
-                    (setenv "USE_IP" "TRUE")
-                    (setenv "IP_ADDRESS" "127.0.0.1")
-
-                    ;; This specific test is looking at performance "now
-                    ;; verify that we can quickly dump a database", and
-                    ;; we're not testing performance here (especially
-                    ;; since we're using faketime), so raise the
-                    ;; threshold
-                    (substitute* "nss/tests/dbtests/dbtests.sh"
-                      ((" -lt 5") " -lt 50"))
-
-                    #$@(if (target-64bit?)
-                           '()
-                           ;; The script fails to determine the source
-                           ;; directory when running under 'datefudge' (see
-                           ;; <https://issues.guix.gnu.org/72239>).  Help it.
-                           #~((substitute* "nss/tests/gtests/gtests.sh"
-                                (("SOURCE_DIR=.*")
-                                 (string-append "SOURCE_DIR=" (getcwd) "/nss\n")))))
-
-                    ;; The "PayPalEE.cert" certificate expires every six months,
-                    ;; leading to test failures:
-                    ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>.  To
-                    ;; work around that, set the time to roughly the release date.
-                    (invoke #$(if (target-64bit?) "faketime" "datefudge")
-                            "2024-01-23" "./nss/tests/all.sh"))
-                  (format #t "test suite not run~%"))))
-          (replace 'install
-            (lambda* (#:key outputs #:allow-other-keys)
-              (let* ((out (assoc-ref outputs "out"))
-                     (bin (string-append (assoc-ref outputs "bin") "/bin"))
-                     (inc (string-append out "/include/nss"))
-                     (lib (string-append out "/lib/nss"))
-                     (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
-                            ((obj) (string-append "dist/" obj)))))
-                ;; Install nss-config to $out/bin.
-                (install-file (string-append obj "/bin/nss-config")
-                              (string-append out "/bin"))
-                (delete-file (string-append obj "/bin/nss-config"))
-                ;; Install nss.pc to $out/lib/pkgconfig.
-                (install-file (string-append obj "/lib/pkgconfig/nss.pc")
-                              (string-append out "/lib/pkgconfig"))
-                (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
-                (rmdir (string-append obj "/lib/pkgconfig"))
-                ;; Install other files.
-                (copy-recursively "dist/public/nss" inc)
-                (copy-recursively (string-append obj "/bin") bin)
-                (copy-recursively (string-append obj "/lib") lib)))))))
-    (inputs (list sqlite zlib))
-    (propagated-inputs (list nspr))               ;required by nss.pc.
-    (native-inputs (list perl                     ;for tests
-                         (if (target-64bit?) libfaketime datefudge)
-                         which))
-
-    ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when
-    ;; another build is happening concurrently on the same machine.
-    (properties '((timeout . 216000)))  ;60 hours
-
-    (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
-    (synopsis "Network Security Services")
-    (description
-     "Network Security Services (@dfn{NSS}) is a set of libraries designed to
-support cross-platform development of security-enabled client and server
-applications.  Applications built with NSS can support SSL v2 and v3, TLS,
-PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
-security standards.")
-    (license license:mpl2.0)))
+  (let ((base (make-nss
+               #:version "3.102.1"
+               #:release-date "2024-07-24"
+               #:hash "1k1pjxz0ab4lg8xqggbb8pw77c1q8h4bldi09z4pj5g4hwsjv62l")))
+    (package
+      (inherit base)
+      (synopsis (string-append (package-synopsis base) " (ESR)"))
+      (description
+       (string-append (package-description base) "
+This package tracks the Extended Support Release channel.")))))
 
 ;; nss-rapid tracks the rapid release channel.  Unless your package requires a
 ;; newer version, you should prefer the `nss' package, which tracks the ESR