-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nss: enable libpkix build #94188
nss: enable libpkix build #94188
Conversation
this was enabled by default with the old build system, but requires this flag with the new one fixes #NixOS#93955
So this and temporarily resurrect the current |
Oh scratch my last comment! I forgot that |
Today I learned. That's cool, then we can probably just go with this. Could use some more testers from #93955, maybe. |
I tried |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm writing this from qutebrowser built from this PR, works great!
It's quite unfortunate that the missing component of NSS wasn't detected during build time (by the packages needing that). Let's have a look at diff in files for NSS after this commit (3.54) and before the build-system change (3.52.1): @@ -5,16 +5,12 @@
result/lib:
libfreebl3.chk
libfreebl3.so
-libfreeblpriv3.chk
libfreeblpriv3.so
-libgtest1.so
-libgtestutil.so
libnss3.so
libnssckbi.so
libnssckbi-testlib.so
libnssdbm3.chk
libnssdbm3.so
-libnsspem.so
libnsssysinit.so
libnssutil3.so
libpkcs11testmodule.so
@@ -69,6 +65,7 @@
keythi.h
lowkeyi.h
lowkeyti.h
+mozpkix
nssb64.h
nssb64t.h
nssbase.h
@@ -88,7 +85,6 @@
nssilock.h
nsslocks.h
nsslowhash.h
-nsspem.h
nssrwlk.h
nssrwlkt.h
nssutil.h
@@ -145,8 +141,24 @@
utilparst.h
utilrename.h
+result-dev/include/nss/mozpkix:
+Input.h
+nss_scoped_ptrs.h
+pkixcheck.h
+pkixder.h
+pkix.h
+pkixnss.h
+pkixtypes.h
+pkixutil.h
+Result.h
+test
+Time.h
+
+result-dev/include/nss/mozpkix/test:
+pkixtestnss.h
+pkixtestutil.h
+
result-dev/lib:
-libcrmf.a
pkgconfig
result-dev/lib/pkgconfig:
@@ -162,6 +174,7 @@
addbuiltin
atob
baddbdir
+blake2b_gtest
bltest
btoa
certdb_gtest
@@ -181,15 +194,19 @@
ecperf
encodeinttest
fbectest
-fipstest
+freebl_gtest
httpserv
+hw-support
listsuites
lowhashtest
makepqg
mangle
modutil
+mozpkix_gtest
+mpi_tests
multinit
nonspr10
+nss
nss_bogo_shim
nss-policy-check
ocspclnt
@@ -208,6 +225,7 @@
pk1sign
pkix-errcodes
pp
+prng_gtest
pwdecrypt
remtest
rsaperf
@@ -218,7 +236,6 @@
shlibsign
signtool
signver
-smime
smime_gtest
softoken_gtest
ssl_gtest Suspects: libnsspem and smime. EDIT: I retried the diff on the same version (3.52.1) only changing the build system, but that seemed uninteresting – only brought one additional difference (missing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I hope it will be fine. And this PR certainly seems to be a significant improvement anyway.
- libnsspem seems typically packaged separately
- the smime tool doesn't seem even packaged for Debian/Ubuntu
Sorry for overlooking this when doing the makefile -> gyp switch. The PEM story is this whole weird thing where we ship this ancient patch introduced in #112 |
This reverts commit 34432ad. It's apparently not needed after merge a45f68c (PR NixOS#94188)
This was enabled by default with the old build system, but requires this flag with the new one
Fixes #93955
cc @vcunat
Compared to #94184:
Pro: long term fix
Con: causes more rebuilds
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)