forked from mirrors/nixpkgs
nss: Fix referencePath to security modules.
This adds a patch from Debian, as they're already have security modules from NSS in it's own library directory rather than /usr/lib{,64}/ and patch in loading of libsoftokn as well. The patch and our own fix of the patch (well, they hardcode Debian specific stuff in there) ensures that SECMOD_AddNewModule() will find the right module from the derivation's output path, so the built-in CA root certificates are recognized and verified correctly.
This commit is contained in:
parent
9e0aaf30aa
commit
38a4d77665
|
@ -15,9 +15,12 @@ let
|
|||
sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8";
|
||||
};
|
||||
|
||||
in
|
||||
secLoadPatch = fetchurl {
|
||||
url = "http://patch-tracker.debian.org/patch/series/dl/nss/2:3.13.5-1/85_security_load.patch";
|
||||
sha256 = "8a8d0ae4ebbd7c389973fa5d26d8bc5f473046c6cb1d8283cb9a3c1f4c565c47";
|
||||
};
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "nss-${version}";
|
||||
version = "3.13.6";
|
||||
|
||||
|
@ -37,7 +40,11 @@ stdenv.mkDerivation rec {
|
|||
chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem"
|
||||
'';
|
||||
|
||||
patches = [ ./nss-3.12.5-gentoo-fixups.diff ];
|
||||
patches = [
|
||||
./nss-3.12.5-gentoo-fixups.diff
|
||||
secLoadPatch
|
||||
./nix_secload_fixup.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn
|
||||
|
|
50
pkgs/development/libraries/nss/nix_secload_fixup.patch
Normal file
50
pkgs/development/libraries/nss/nix_secload_fixup.patch
Normal file
|
@ -0,0 +1,50 @@
|
|||
diff --git a/mozilla/security/coreconf/config.mk b/mozilla/security/coreconf/config.mk
|
||||
index 72557c6..bdcbf88 100644
|
||||
--- a/mozilla/security/coreconf/config.mk
|
||||
+++ b/mozilla/security/coreconf/config.mk
|
||||
@@ -207,3 +207,5 @@ endif
|
||||
DEFINES += -DUSE_UTIL_DIRECTLY
|
||||
USE_UTIL_DIRECTLY = 1
|
||||
|
||||
+# nix specific stuff:
|
||||
+DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\"
|
||||
diff --git a/mozilla/security/nss/cmd/shlibsign/shlibsign.c b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
|
||||
index 5ce626e..e1e8039 100644
|
||||
--- a/mozilla/security/nss/cmd/shlibsign/shlibsign.c
|
||||
+++ b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
|
||||
@@ -770,7 +770,7 @@ int main(int argc, char **argv)
|
||||
assert(libname != NULL);
|
||||
lib = PR_LoadLibrary(libname);
|
||||
if (!lib)
|
||||
- lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so");
|
||||
+ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so");
|
||||
assert(lib != NULL);
|
||||
PR_FreeLibraryName(libname);
|
||||
|
||||
diff --git a/mozilla/security/nss/lib/util/secload.c b/mozilla/security/nss/lib/util/secload.c
|
||||
index 7d6fc22..0b7759b 100644
|
||||
--- a/mozilla/security/nss/lib/util/secload.c
|
||||
+++ b/mozilla/security/nss/lib/util/secload.c
|
||||
@@ -105,9 +105,9 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
|
||||
/* Remove the trailing filename from referencePath and add the new one */
|
||||
c = strrchr(referencePath, PR_GetDirectorySeparator());
|
||||
if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
|
||||
- * and program was called from $PATH. Hack to get libs from /usr/lib */
|
||||
- referencePath = "/usr/lib/";
|
||||
- c = &referencePath[8]; /* last / */
|
||||
+ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */
|
||||
+ referencePath = NIX_NSS_LIBDIR;
|
||||
+ c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */
|
||||
}
|
||||
if (c) {
|
||||
size_t referencePathSize = 1 + c - referencePath;
|
||||
@@ -125,8 +125,7 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
|
||||
(strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
|
||||
memcpy(fullName + referencePathSize -4, "lib", 3);
|
||||
}
|
||||
- strcpy(fullName + referencePathSize, "nss/");
|
||||
- strcpy(fullName + referencePathSize + 4, name);
|
||||
+ strcpy(fullName + referencePathSize, name);
|
||||
dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
|
||||
#ifdef PR_LD_ALT_SEARCH_PATH
|
||||
/* allow library's dependencies to be found in the same directory
|
Loading…
Reference in a new issue