3
0
Fork 0
forked from mirrors/nixpkgs

nss: Fix referencePath to security modules.

This adds a patch from Debian, as they're already have security modules from NSS
in it's own library directory rather than /usr/lib{,64}/ and patch in loading of
libsoftokn as well.

The patch and our own fix of the patch (well, they hardcode Debian specific
stuff in there) ensures that SECMOD_AddNewModule() will find the right module
from the derivation's output path, so the built-in CA root certificates are
recognized and verified correctly.
This commit is contained in:
aszlig 2012-08-22 02:46:48 +02:00
parent 9e0aaf30aa
commit 38a4d77665
2 changed files with 60 additions and 3 deletions

View file

@ -15,9 +15,12 @@ let
sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8";
};
in
secLoadPatch = fetchurl {
url = "http://patch-tracker.debian.org/patch/series/dl/nss/2:3.13.5-1/85_security_load.patch";
sha256 = "8a8d0ae4ebbd7c389973fa5d26d8bc5f473046c6cb1d8283cb9a3c1f4c565c47";
};
stdenv.mkDerivation rec {
in stdenv.mkDerivation rec {
name = "nss-${version}";
version = "3.13.6";
@ -37,7 +40,11 @@ stdenv.mkDerivation rec {
chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem"
'';
patches = [ ./nss-3.12.5-gentoo-fixups.diff ];
patches = [
./nss-3.12.5-gentoo-fixups.diff
secLoadPatch
./nix_secload_fixup.patch
];
postPatch = ''
sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn

View file

@ -0,0 +1,50 @@
diff --git a/mozilla/security/coreconf/config.mk b/mozilla/security/coreconf/config.mk
index 72557c6..bdcbf88 100644
--- a/mozilla/security/coreconf/config.mk
+++ b/mozilla/security/coreconf/config.mk
@@ -207,3 +207,5 @@ endif
DEFINES += -DUSE_UTIL_DIRECTLY
USE_UTIL_DIRECTLY = 1
+# nix specific stuff:
+DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\"
diff --git a/mozilla/security/nss/cmd/shlibsign/shlibsign.c b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
index 5ce626e..e1e8039 100644
--- a/mozilla/security/nss/cmd/shlibsign/shlibsign.c
+++ b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
@@ -770,7 +770,7 @@ int main(int argc, char **argv)
assert(libname != NULL);
lib = PR_LoadLibrary(libname);
if (!lib)
- lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so");
+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so");
assert(lib != NULL);
PR_FreeLibraryName(libname);
diff --git a/mozilla/security/nss/lib/util/secload.c b/mozilla/security/nss/lib/util/secload.c
index 7d6fc22..0b7759b 100644
--- a/mozilla/security/nss/lib/util/secload.c
+++ b/mozilla/security/nss/lib/util/secload.c
@@ -105,9 +105,9 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
/* Remove the trailing filename from referencePath and add the new one */
c = strrchr(referencePath, PR_GetDirectorySeparator());
if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
- * and program was called from $PATH. Hack to get libs from /usr/lib */
- referencePath = "/usr/lib/";
- c = &referencePath[8]; /* last / */
+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */
+ referencePath = NIX_NSS_LIBDIR;
+ c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */
}
if (c) {
size_t referencePathSize = 1 + c - referencePath;
@@ -125,8 +125,7 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
(strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
memcpy(fullName + referencePathSize -4, "lib", 3);
}
- strcpy(fullName + referencePathSize, "nss/");
- strcpy(fullName + referencePathSize + 4, name);
+ strcpy(fullName + referencePathSize, name);
dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
#ifdef PR_LD_ALT_SEARCH_PATH
/* allow library's dependencies to be found in the same directory