From patchwork Mon Sep 9 17:55:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Eure X-Patchwork-Id: 67826 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2C35527BBEA; Mon, 9 Sep 2024 18:57:27 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5777127BBE2 for ; Mon, 9 Sep 2024 18:57:26 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1snide-0006vU-SW; Mon, 09 Sep 2024 13:57:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1snidL-0005LB-AI for guix-patches@gnu.org; Mon, 09 Sep 2024 13:57:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1snidH-0000bd-Kz for guix-patches@gnu.org; Mon, 09 Sep 2024 13:57:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=MUPRRdf+cAmkLD8XJqhNFF14tKcxCGs5rMFAndHva3s=; b=RrDC9e2bqAiX/efVudJwf4JaYjWzCUKqBsafQKwVPWvZypMDVubiiswVAf/X1wKTelTjPqIJcUvkm9ZVBRyha+GPY0Cjg5WJydUpglmUdsjhEfROAeGbkakcFUGeDbiKGzymLRWv1u/elBkORFd8XRYfh/fjmAZgDMQ/xIJAVVL8gNgL8DfcJ0EPBabMcjEMn642dihXCEevCFdVx/GhvSS+ZwSgCz+Uw58VMAYik8a4g7w+Z8hnbi5YZCnVKE4RgAkAMumvAbWtQDtwX/FpfEwObC1Qii8iPQdwiQrjiD/Il2MpA2VrqT6a8yYG+mlyEbBZERba2yefzu/2qMGHeQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1snidL-0003Va-Ep for guix-patches@gnu.org; Mon, 09 Sep 2024 13:57:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#73152] [PATCH 4/6] gnu: nss: Update to 3.102.1. Resent-From: Ian Eure Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 09 Sep 2024 17:57:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 73152 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73152@debbugs.gnu.org Cc: Ian Eure Received: via spool by 73152-submit@debbugs.gnu.org id=B73152.172590456913378 (code B ref 73152); Mon, 09 Sep 2024 17:57:03 +0000 Received: (at 73152) by debbugs.gnu.org; 9 Sep 2024 17:56:09 +0000 Received: from localhost ([127.0.0.1]:34078 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1snicS-0003Tc-VE for submit@debbugs.gnu.org; Mon, 09 Sep 2024 13:56:09 -0400 Received: from fout2-smtp.messagingengine.com ([103.168.172.145]:34259) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1snicL-0003Rb-Uq for 73152@debbugs.gnu.org; Mon, 09 Sep 2024 13:56:03 -0400 Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfout.phl.internal (Postfix) with ESMTP id ECC411380192; Mon, 9 Sep 2024 13:55:52 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-12.internal (MEProxy); Mon, 09 Sep 2024 13:55:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1725904552; x= 1725990952; bh=MUPRRdf+cAmkLD8XJqhNFF14tKcxCGs5rMFAndHva3s=; b=I 2uoBtXclXT6CXarN7ggi6ig1xOrdsfLBovE5A/CXxiN4iL38Xd53ZGx7+aAvuKj4 qqtGieFb/55f0pADkrrRp5hucNQdfUTVOekcK8hujtMSazUpX/msWoXSDgo9TvhY Oy6FeJRof5zzX/y8Rs/mHTuxTcDPavLJadz+rwESD42Aw6AMqo50Jf3IU0eLroOY QXlR0C5NpWy0BJ65nC20Ys6vq5+QRV2QMqAlUfJXhZtMP6MPMexU1H9Q+eaP+gey oN8fA9zseKu2O+dHdYQp54zUky58+pcmaRxqlIVhBuSJ9UfwfrEthypOIkXpwUfE AE+wADXOnu4Ln715cBhiw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1725904552; x= 1725990952; bh=MUPRRdf+cAmkLD8XJqhNFF14tKcxCGs5rMFAndHva3s=; b=i P43vOwpmJBQJ82fCMR5BUrpYTeCsycL19sVJHcpGsENyo4goqUgH3obFQvD6Yegd 13SNyYym4sVsOOjVCVNBgquGeSQJd1ClAIV2U4hvv6Bh3NiYEyshA9dOzl2ulNrV 2RZhW5A6kDqi4WR2qJN15m1ro4RQmWD6zjl4H99WnrOh+aSFQLZweebNIo5Fn2AE /+LaXwBfEdEzfT61/TbGJz0ygMYwKNGpTCSkzEXJ66XJI/4BTjVDlH10wzEMLUwd B6pWW8P/tgfEmW9zlLGLFTMcvTdjYdxOuz6TxV/DzxzRpbmRUbZCS+peXEZCJ8zW QlICrgDgTyp0twFg07SYQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudeijedguddtvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvve fufffkofgjfhgggfestdekredtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgr nhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpeekgfelvdehueefte ekfedvheetueeuledugfetgfelvedvjefffeegfefgvdduueenucffohhmrghinhepmhho iihilhhlrgdrohhrghdpghhnuhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvhdpnhgspghr tghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepjeefudehvdesug gvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopehirghnsehrvghtrhhoshhpvggt rdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 9 Sep 2024 13:55:52 -0400 (EDT) From: Ian Eure Date: Mon, 9 Sep 2024 10:55:37 -0700 Message-ID: <20240909175540.8156-5-ian@retrospec.tv> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240909175540.8156-1-ian@retrospec.tv> References: <20240909175540.8156-1-ian@retrospec.tv> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches gnu/packages/nss.scm (nss): Update to 3.102.1. Change-Id: Ic24624279b1d2efbe6f4dd82cb73cc63f50f2e14 --- gnu/packages/nss.scm | 172 +++---------------------------------------- 1 file changed, 10 insertions(+), 162 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index b51bebda3d..b4fdd13abc 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -261,169 +261,17 @@ (define* (make-nss #:key version release-date hash) security standards.") (license license:mpl2.0))) -;; nss should track ESRs, but currently doesn't. 3.102.1 is the current ESR. - (define-public nss - (package - (name "nss") - ;; IMPORTANT: Also update and test the nss-certs package, which duplicates - ;; version and source to avoid a top-level variable reference & module - ;; cycle. - (version "3.99") - (source (origin - (method url-fetch) - (uri (let ((version-with-underscores - (string-join (string-split version #\.) "_"))) - (string-append - "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" - "releases/NSS_" version-with-underscores "_RTM/src/" - "nss-" version ".tar.gz"))) - (sha256 - (base32 - "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw")) - ;; Create nss.pc and nss-config. - (patches (search-patches "nss-3.56-pkgconfig.patch" - "nss-getcwd-nonnull.patch" - "nss-increase-test-timeout.patch")) - (modules '((guix build utils))) - (snippet - '(begin - ;; Delete the bundled copy of these libraries. - (delete-file-recursively "nss/lib/zlib") - (delete-file-recursively "nss/lib/sqlite"))))) - (build-system gnu-build-system) - (outputs '("out" "bin")) - (arguments - (list - #:make-flags - #~(let ((rpath (string-append "-Wl,-rpath=" #$output "/lib/nss"))) - (list "-C" "nss" - (string-append "PREFIX=" #$output) - "NSDISTMODE=copy" - "NSS_USE_SYSTEM_SQLITE=1" - ;; The gtests fail to compile on riscv64. - ;; Skipping them doesn't affect the test suite. - #$@(if (target-riscv64?) - #~("NSS_DISABLE_GTESTS=1") - #~()) - ;; Ensure we are building for the (%current-target-system). - #$@(if (%current-target-system) - #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) - (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) - #~()) - #$@(if (%current-target-system) - #~("CROSS_COMPILE=1") - #~()) - (string-append "NSPR_INCLUDE_DIR=" - (search-input-directory %build-inputs - "include/nspr")) - ;; Add $out/lib/nss to RPATH. - (string-append "RPATH=" rpath) - (string-append "LDFLAGS=" rpath))) - #:modules '((guix build gnu-build-system) - (guix build utils) - (ice-9 ftw) - (ice-9 match) - (srfi srfi-26)) - #:tests? (not (or (%current-target-system) - ;; Tests take more than 30 hours on some architectures. - (target-riscv64?) - (target-ppc32?))) - #:phases - #~(modify-phases %standard-phases - (replace 'configure - (lambda _ - (setenv "CC" #$(cc-for-target)) - (setenv "CCC" #$(cxx-for-target)) - (setenv "NATIVE_CC" "gcc") - ;; No VSX on powerpc-linux. - #$@(if (target-ppc32?) - #~((setenv "NSS_DISABLE_CRYPTO_VSX" "1")) - #~()) - ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system. - #$@(if (target-64bit?) - #~((setenv "USE_64" "1")) - #~()))) - (replace 'check - (lambda* (#:key tests? #:allow-other-keys) - (if tests? - (begin - ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for - ;; testing. The latter requires a working DNS or /etc/hosts. - (setenv "DOMSUF" "localdomain") - (setenv "USE_IP" "TRUE") - (setenv "IP_ADDRESS" "127.0.0.1") - - ;; This specific test is looking at performance "now - ;; verify that we can quickly dump a database", and - ;; we're not testing performance here (especially - ;; since we're using faketime), so raise the - ;; threshold - (substitute* "nss/tests/dbtests/dbtests.sh" - ((" -lt 5") " -lt 50")) - - #$@(if (target-64bit?) - '() - ;; The script fails to determine the source - ;; directory when running under 'datefudge' (see - ;; ). Help it. - #~((substitute* "nss/tests/gtests/gtests.sh" - (("SOURCE_DIR=.*") - (string-append "SOURCE_DIR=" (getcwd) "/nss\n"))))) - - ;; The "PayPalEE.cert" certificate expires every six months, - ;; leading to test failures: - ;; . To - ;; work around that, set the time to roughly the release date. - (invoke #$(if (target-64bit?) "faketime" "datefudge") - "2024-01-23" "./nss/tests/all.sh")) - (format #t "test suite not run~%")))) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append (assoc-ref outputs "bin") "/bin")) - (inc (string-append out "/include/nss")) - (lib (string-append out "/lib/nss")) - (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>)) - ((obj) (string-append "dist/" obj))))) - ;; Install nss-config to $out/bin. - (install-file (string-append obj "/bin/nss-config") - (string-append out "/bin")) - (delete-file (string-append obj "/bin/nss-config")) - ;; Install nss.pc to $out/lib/pkgconfig. - (install-file (string-append obj "/lib/pkgconfig/nss.pc") - (string-append out "/lib/pkgconfig")) - (delete-file (string-append obj "/lib/pkgconfig/nss.pc")) - (rmdir (string-append obj "/lib/pkgconfig")) - ;; Install other files. - (copy-recursively "dist/public/nss" inc) - (copy-recursively (string-append obj "/bin") bin) - (copy-recursively (string-append obj "/lib") lib))))))) - (inputs (list sqlite zlib)) - (propagated-inputs (list nspr)) ;required by nss.pc. - (native-inputs (list perl ;for tests - (if (target-64bit?) libfaketime datefudge) - which)) - - ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when - ;; another build is happening concurrently on the same machine. - (properties '((timeout . 216000))) ;60 hours - - (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") - (synopsis "Network Security Services") - (description - "Network Security Services (@dfn{NSS}) is a set of libraries designed to -support cross-platform development of security-enabled client and server -applications. Applications built with NSS can support SSL v2 and v3, TLS, -PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other -security standards.") - (license license:mpl2.0))) + (let ((base (make-nss + #:version "3.102.1" + #:release-date "2024-07-24" + #:hash "1k1pjxz0ab4lg8xqggbb8pw77c1q8h4bldi09z4pj5g4hwsjv62l"))) + (package + (inherit base) + (synopsis (string-append (package-synopsis base) " (ESR)")) + (description + (string-append (package-description base) " +This package tracks the Extended Support Release channel."))))) ;; nss-rapid tracks the rapid release channel. Unless your package requires a ;; newer version, you should prefer the `nss' package, which tracks the ESR