From 0e768ba98d96148b0f1630e8712234be8b9300fc Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 20 Aug 2012 05:41:58 +0200 Subject: [PATCH 01/10] nss: Update NSS to version 3.13.6. So to begin with fixing NSS let's get to the latest upstream release and start fixing, so we won't carry around historic crap we then will throw away anyway. --- pkgs/development/libraries/nss/default.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 3b4d10eaa089..2a4ebbfc4318 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -9,12 +9,16 @@ let in -stdenv.mkDerivation { - name = "nss-3.13.3"; +stdenv.mkDerivation rec { + name = "nss-${version}"; + version = "3.13.6"; - src = fetchurl { - url = http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_13_3_RTM/src/nss-3.13.3.tar.gz; - sha256 = "efa10f2c70da4bddabf1a6081964969bb23359b93d6eadbf4739274a77bc3587"; + src = let + uscoreVersion = stdenv.lib.replaceChars ["."] ["_"] version; + releasePath = "releases/NSS_${uscoreVersion}_RTM/src/nss-${version}.tar.gz"; + in fetchurl { + url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/${releasePath}"; + sha256 = "f7e90727e0ecc1c29de10da39a79bc9c53b814ccfbf40720e053b29c683d43a0"; }; buildInputs = [nspr perl zlib]; From 485dcc915283661a5d859313484aa8ecaf1a520d Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 20 Aug 2012 09:39:55 +0200 Subject: [PATCH 02/10] nss: Build using system libsqlite. Let's use system SQLite library, which makes sense anyway. More importantly because it conflicts with the sqlite package, as NSS is building this as a shared library aswell. --- pkgs/development/libraries/nss/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 2a4ebbfc4318..7bdbf9e199f4 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchurl, nspr, perl, zlib, includeTools ? false}: +{ stdenv, fetchurl, nspr, perl, zlib, sqlite +, includeTools ? false +}: let @@ -21,7 +23,7 @@ stdenv.mkDerivation rec { sha256 = "f7e90727e0ecc1c29de10da39a79bc9c53b814ccfbf40720e053b29c683d43a0"; }; - buildInputs = [nspr perl zlib]; + buildInputs = [ nspr perl zlib sqlite ]; patches = [ ./nss-3.12.5-gentoo-fixups.diff ]; @@ -38,7 +40,7 @@ stdenv.mkDerivation rec { makeFlags = [ "NSPR_CONFIG_STATUS=" "NSDISTMODE=copy" "BUILD_OPT=1" "SOURCE_PREFIX=\$(out)" - "NSS_ENABLE_ECC=1" + "NSS_ENABLE_ECC=1" "NSS_USE_SYSTEM_SQLITE=1" ] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"; From 5f4ca8ec18cf3a4253845f6f50813833c883d7cc Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 21 Aug 2012 06:10:33 +0200 Subject: [PATCH 03/10] nss: Add nss-pem module from fedora. This is a compatibility module which adds suport for PEM certificates used by OpenSSL and compatible libraries. The module gets built but isn't used at the moment, so we're going to work on integration of it later. --- pkgs/development/libraries/nss/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 7bdbf9e199f4..a957996d1f12 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, nspr, perl, zlib, sqlite +{ stdenv, fetchurl, fetchgit, nspr, perl, zlib, sqlite , includeTools ? false }: @@ -9,6 +9,12 @@ let sha256 = "1ck9q68fxkjq16nflixbqi4xc6bmylmj994h3f1j42g8mp0xf0vd"; }; + nssPEM = fetchgit { + url = "git://git.fedorahosted.org/git/nss-pem.git"; + rev = "07a683505d4a0a1113c4085c1ce117425d0afd80"; + sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8"; + }; + in stdenv.mkDerivation rec { @@ -25,12 +31,19 @@ stdenv.mkDerivation rec { buildInputs = [ nspr perl zlib sqlite ]; + postUnpack = '' + cp -rdv "${nssPEM}/mozilla/security/nss/lib/ckfw/pem" \ + "$sourceRoot/mozilla/security/nss/lib/ckfw/" + chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem" + ''; + patches = [ ./nss-3.12.5-gentoo-fixups.diff ]; # Based on the build instructions at # http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html postPatch = '' + sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn sed -i -e "/^PREFIX =/s:= /usr:= $out:" mozilla/security/nss/config/Makefile ''; From 29fce94665b6434ca22e78d873a01396bcd2a85a Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 21 Aug 2012 10:47:29 +0200 Subject: [PATCH 04/10] nss: Clean up build/make flags. First of all, let's remove that redundant BUILD_OPT variable. This variable already is in makeFlags, so we really don't want it to be lurking around in the attribute set of the derivation, and it annoys me for being there for days. We now state build targets explicitly rather than relying on "nss_build_all". This makes NSPR_CONFIG_STATUS and the touch of build_nspr stamp obsolete, as only nss_build_all includes build_nspr. In addition, we don't need the -lz hack anymore, as this has been fixed in recent NSS versions, so we can completly remove the postBuild hook. And while we're at it, we're removing those outdated build instructions as well, especially because we don't and can't follow official building guidelines anymore, as those are difficult to apply to Nix. --- pkgs/development/libraries/nss/default.nix | 32 +++++++--------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index a957996d1f12..222fd6e94f6f 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -39,9 +39,6 @@ stdenv.mkDerivation rec { patches = [ ./nss-3.12.5-gentoo-fixups.diff ]; - # Based on the build instructions at - # http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html - postPatch = '' sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn sed -i -e "/^PREFIX =/s:= /usr:= $out:" mozilla/security/nss/config/Makefile @@ -49,26 +46,17 @@ stdenv.mkDerivation rec { preConfigure = "cd mozilla/security/nss"; - BUILD_OPT = "1"; + makeFlags = [ + "NSPR_INCLUDE_DIR=${nspr}/include/nspr" + "NSPR_LIB_DIR=${nspr}/lib" + "NSDISTMODE=copy" + "BUILD_OPT=1" + "SOURCE_PREFIX=\$(out)" + "NSS_ENABLE_ECC=1" + "NSS_USE_SYSTEM_SQLITE=1" + ] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"; - makeFlags = - [ "NSPR_CONFIG_STATUS=" "NSDISTMODE=copy" "BUILD_OPT=1" "SOURCE_PREFIX=\$(out)" - "NSS_ENABLE_ECC=1" "NSS_USE_SYSTEM_SQLITE=1" - ] - ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"; - - buildFlags = "nss_build_all"; - - NIX_CFLAGS_COMPILE = "-I${nspr}/include/nspr"; - - preBuild = - '' - # Fool it into thinking NSPR has already been built. - touch build_nspr - - # Hack to make -lz dependencies work. - touch cmd/signtool/-lz cmd/modutil/-lz - ''; + buildFlags = [ "build_coreconf" "build_dbm" "all" ]; postInstall = '' From 9e0aaf30aab7c61e5cacd4cdc44243a7557e2d2b Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 21 Aug 2012 21:35:46 +0200 Subject: [PATCH 05/10] nss: Sign libraries after striping. Running NSS in FIPS mode is only possible if the libraries are signed correctly, so we're doing this in the postFixup hook, to insure nothing gets altered after that phase. For more information about FIPS mode, please see: https://developer.mozilla.org/en-US/docs/NSS/FIPS_Mode_-_an_explanation --- pkgs/development/libraries/nss/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 222fd6e94f6f..3b6cc15754e2 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -86,4 +86,12 @@ stdenv.mkDerivation rec { --subst-var-by includedir $out/include/nss \ --subst-var-by libdir $out/lib ''; # */ + + postFixup = '' + for libname in freebl3 nssdbm3 softokn3 + do + libfile="$out/lib/lib$libname.so" + LD_LIBRARY_PATH=$out/lib $out/bin/shlibsign -v -i "$libfile" + done + ''; } From 38a4d77665075713673ab802860276da86cf99a9 Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 22 Aug 2012 02:46:48 +0200 Subject: [PATCH 06/10] nss: Fix referencePath to security modules. This adds a patch from Debian, as they're already have security modules from NSS in it's own library directory rather than /usr/lib{,64}/ and patch in loading of libsoftokn as well. The patch and our own fix of the patch (well, they hardcode Debian specific stuff in there) ensures that SECMOD_AddNewModule() will find the right module from the derivation's output path, so the built-in CA root certificates are recognized and verified correctly. --- pkgs/development/libraries/nss/default.nix | 13 +++-- .../libraries/nss/nix_secload_fixup.patch | 50 +++++++++++++++++++ 2 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 pkgs/development/libraries/nss/nix_secload_fixup.patch diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 3b6cc15754e2..e71e2ef3f9d1 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -15,9 +15,12 @@ let sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8"; }; -in + secLoadPatch = fetchurl { + url = "http://patch-tracker.debian.org/patch/series/dl/nss/2:3.13.5-1/85_security_load.patch"; + sha256 = "8a8d0ae4ebbd7c389973fa5d26d8bc5f473046c6cb1d8283cb9a3c1f4c565c47"; + }; -stdenv.mkDerivation rec { +in stdenv.mkDerivation rec { name = "nss-${version}"; version = "3.13.6"; @@ -37,7 +40,11 @@ stdenv.mkDerivation rec { chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem" ''; - patches = [ ./nss-3.12.5-gentoo-fixups.diff ]; + patches = [ + ./nss-3.12.5-gentoo-fixups.diff + secLoadPatch + ./nix_secload_fixup.patch + ]; postPatch = '' sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn diff --git a/pkgs/development/libraries/nss/nix_secload_fixup.patch b/pkgs/development/libraries/nss/nix_secload_fixup.patch new file mode 100644 index 000000000000..960fe0ef7a75 --- /dev/null +++ b/pkgs/development/libraries/nss/nix_secload_fixup.patch @@ -0,0 +1,50 @@ +diff --git a/mozilla/security/coreconf/config.mk b/mozilla/security/coreconf/config.mk +index 72557c6..bdcbf88 100644 +--- a/mozilla/security/coreconf/config.mk ++++ b/mozilla/security/coreconf/config.mk +@@ -207,3 +207,5 @@ endif + DEFINES += -DUSE_UTIL_DIRECTLY + USE_UTIL_DIRECTLY = 1 + ++# nix specific stuff: ++DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\" +diff --git a/mozilla/security/nss/cmd/shlibsign/shlibsign.c b/mozilla/security/nss/cmd/shlibsign/shlibsign.c +index 5ce626e..e1e8039 100644 +--- a/mozilla/security/nss/cmd/shlibsign/shlibsign.c ++++ b/mozilla/security/nss/cmd/shlibsign/shlibsign.c +@@ -770,7 +770,7 @@ int main(int argc, char **argv) + assert(libname != NULL); + lib = PR_LoadLibrary(libname); + if (!lib) +- lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so"); ++ lib = PR_LoadLibrary(NIX_NSS_LIBDIR"libsoftokn3.so"); + assert(lib != NULL); + PR_FreeLibraryName(libname); + +diff --git a/mozilla/security/nss/lib/util/secload.c b/mozilla/security/nss/lib/util/secload.c +index 7d6fc22..0b7759b 100644 +--- a/mozilla/security/nss/lib/util/secload.c ++++ b/mozilla/security/nss/lib/util/secload.c +@@ -105,9 +105,9 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name) + /* Remove the trailing filename from referencePath and add the new one */ + c = strrchr(referencePath, PR_GetDirectorySeparator()); + if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] +- * and program was called from $PATH. Hack to get libs from /usr/lib */ +- referencePath = "/usr/lib/"; +- c = &referencePath[8]; /* last / */ ++ * and program was called from $PATH. Hack to get libs from NIX_NSS_LIBDIR */ ++ referencePath = NIX_NSS_LIBDIR; ++ c = &referencePath[sizeof(NIX_NSS_LIBDIR) - 1]; /* last / */ + } + if (c) { + size_t referencePathSize = 1 + c - referencePath; +@@ -125,8 +125,7 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name) + (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { + memcpy(fullName + referencePathSize -4, "lib", 3); + } +- strcpy(fullName + referencePathSize, "nss/"); +- strcpy(fullName + referencePathSize + 4, name); ++ strcpy(fullName + referencePathSize, name); + dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL + #ifdef PR_LD_ALT_SEARCH_PATH + /* allow library's dependencies to be found in the same directory From c672997dc6671e74b3256bd4d0b905afb4d9b8b9 Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 22 Aug 2012 04:22:43 +0200 Subject: [PATCH 07/10] nss: Remove redundant nss-config.in. This file is already contained in nss-3.12.5-gentoo-fixups.diff, so we don't need to do all that cruft twice. --- pkgs/development/libraries/nss/default.nix | 40 +++++----------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index e71e2ef3f9d1..414e66864c17 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -4,11 +4,6 @@ let - nssConfig = fetchurl { - url = "http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/dev-libs/nss/files/3.12-nss-config.in?rev=1.2"; - sha256 = "1ck9q68fxkjq16nflixbqi4xc6bmylmj994h3f1j42g8mp0xf0vd"; - }; - nssPEM = fetchgit { url = "git://git.fedorahosted.org/git/nss-pem.git"; rev = "07a683505d4a0a1113c4085c1ce117425d0afd80"; @@ -65,34 +60,15 @@ in stdenv.mkDerivation rec { buildFlags = [ "build_coreconf" "build_dbm" "all" ]; - postInstall = - '' - #find $out -name "*.a" | xargs rm - rm -rf $out/private - mv $out/public $out/include - mv $out/*.OBJ/* $out/ - rmdir $out/*.OBJ - ${if includeTools then "" else "rm -rf $out/bin"} + postInstall = '' + rm -rf $out/private + mv $out/public $out/include + mv $out/*.OBJ/* $out/ + rmdir $out/*.OBJ + ${if includeTools then "" else "rm -rf $out/bin; mkdir $out/bin"} - # Borrowed from Gentoo. Firefox expects an nss-config script, - # but NSS doesn't provide it. - - NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` - NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` - NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` - - ${if includeTools then "" else "mkdir $out/bin"} - cp ${nssConfig} $out/bin/nss-config - chmod u+x $out/bin/nss-config - substituteInPlace $out/bin/nss-config \ - --subst-var-by MOD_MAJOR_VERSION $NSS_VMAJOR \ - --subst-var-by MOD_MINOR_VERSION $NSS_VMINOR \ - --subst-var-by MOD_PATCH_VERSION $NSS_VPATCH \ - --subst-var-by prefix $out \ - --subst-var-by exec_prefix $out \ - --subst-var-by includedir $out/include/nss \ - --subst-var-by libdir $out/lib - ''; # */ + cp -av config/nss-config $out/bin/nss-config + ''; postFixup = '' for libname in freebl3 nssdbm3 softokn3 From 808108105dd62421effebe3dbadf2183e7668be2 Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 22 Aug 2012 04:24:44 +0200 Subject: [PATCH 08/10] nss: Just delete files if includeTools is false. Before, the entire directory was deleted and recreated, which fails if we want to sign libraries (shlibsign is obviously deleted in that step as well), so we delete everything but "nss-config" on postFixup. --- pkgs/development/libraries/nss/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix index 414e66864c17..38e9d80d5b71 100644 --- a/pkgs/development/libraries/nss/default.nix +++ b/pkgs/development/libraries/nss/default.nix @@ -65,7 +65,6 @@ in stdenv.mkDerivation rec { mv $out/public $out/include mv $out/*.OBJ/* $out/ rmdir $out/*.OBJ - ${if includeTools then "" else "rm -rf $out/bin; mkdir $out/bin"} cp -av config/nss-config $out/bin/nss-config ''; @@ -76,5 +75,7 @@ in stdenv.mkDerivation rec { libfile="$out/lib/lib$libname.so" LD_LIBRARY_PATH=$out/lib $out/bin/shlibsign -v -i "$libfile" done + '' + stdenv.lib.optionalString (!includeTools) '' + find $out/bin -type f \( -name nss-config -o -delete \) ''; } From 8b4fae76b37d682ef3c5941429a5bdbe3540ae1f Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 22 Aug 2012 04:28:14 +0200 Subject: [PATCH 09/10] chromium: Build with NSS by default. Hurray! This is the first time chromium is working with NSS _and_ is able to verify certificates using the root certificates built in into NSS. Optimally it would use certs from OPENSSL_X509_CERT_FILE, but at least it's working, so let's add that at some later point. --- pkgs/applications/networking/browsers/chromium/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index fb3d1109e148..84cdf556d02d 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -32,7 +32,7 @@ let channel = "stable"; selinux = false; nacl = false; - openssl = true; + openssl = false; gnome = false; gnomeKeyring = false; proprietaryCodecs = true; @@ -59,7 +59,7 @@ let use_system_libpng = true; use_system_libxml = true; use_system_speex = true; - use_system_ssl = true; + use_system_ssl = config.openssl; use_system_stlport = true; use_system_xdg_utils = true; use_system_yasm = true; From 5df4e12c92bd76c2b48e36f529e869c544939481 Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 22 Aug 2012 05:00:12 +0200 Subject: [PATCH 10/10] firefox: Build against system NSS. So, now even Firefox can be built with our shiny new fixed up NSS derivation, and as this is desired (especially if we want to support certificates from the CA bundle), let's make it the default. --- pkgs/applications/networking/browsers/firefox/12.0.nix | 6 +++--- pkgs/applications/networking/browsers/firefox/13.0.nix | 6 +++--- pkgs/applications/networking/browsers/firefox/3.6.nix | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/networking/browsers/firefox/12.0.nix b/pkgs/applications/networking/browsers/firefox/12.0.nix index 6a22b1d8e5f4..97e23d1b8b26 100644 --- a/pkgs/applications/networking/browsers/firefox/12.0.nix +++ b/pkgs/applications/networking/browsers/firefox/12.0.nix @@ -33,7 +33,7 @@ rec { "--with-system-zlib" "--with-system-bz2" "--with-system-nspr" - # "--with-system-nss" + "--with-system-nss" # "--with-system-png" # <-- "--with-system-png won't work because the system's libpng doesn't have APNG support" # "--enable-system-cairo" # disabled for the moment because our Cairo is too old "--enable-system-sqlite" @@ -54,7 +54,7 @@ rec { [ pkgconfig gtk perl zip libIDL libjpeg libpng zlib cairo bzip2 python dbus dbus_glib pango freetype fontconfig xlibs.libXi xlibs.libX11 xlibs.libXrender xlibs.libXft xlibs.libXt file - alsaLib nspr /* nss */ libnotify xlibs.pixman yasm mesa + alsaLib nspr nss libnotify xlibs.pixman yasm mesa xlibs.libXScrnSaver xlibs.scrnsaverproto xlibs.libXext xlibs.xextproto sqlite unzip ]; @@ -129,7 +129,7 @@ rec { buildInputs = [ pkgconfig gtk perl zip libIDL libjpeg zlib cairo bzip2 python - dbus dbus_glib pango freetype fontconfig alsaLib nspr libnotify + dbus dbus_glib pango freetype fontconfig alsaLib nspr nss libnotify xlibs.pixman yasm mesa sqlite file unzip ]; diff --git a/pkgs/applications/networking/browsers/firefox/13.0.nix b/pkgs/applications/networking/browsers/firefox/13.0.nix index 1b0219557427..fbbf3275ad1a 100644 --- a/pkgs/applications/networking/browsers/firefox/13.0.nix +++ b/pkgs/applications/networking/browsers/firefox/13.0.nix @@ -33,7 +33,7 @@ rec { "--with-system-zlib" "--with-system-bz2" "--with-system-nspr" - # "--with-system-nss" + "--with-system-nss" # "--with-system-png" # <-- "--with-system-png won't work because the system's libpng doesn't have APNG support" # "--enable-system-cairo" # disabled for the moment because our Cairo is too old "--enable-system-sqlite" @@ -54,7 +54,7 @@ rec { [ pkgconfig gtk perl zip libIDL libjpeg libpng zlib cairo bzip2 python dbus dbus_glib pango freetype fontconfig xlibs.libXi xlibs.libX11 xlibs.libXrender xlibs.libXft xlibs.libXt file - alsaLib nspr /* nss */ libnotify xlibs.pixman yasm mesa + alsaLib nspr nss libnotify xlibs.pixman yasm mesa xlibs.libXScrnSaver xlibs.scrnsaverproto xlibs.libXext xlibs.xextproto sqlite unzip makeWrapper ]; @@ -136,7 +136,7 @@ rec { buildInputs = [ pkgconfig gtk perl zip libIDL libjpeg zlib cairo bzip2 python - dbus dbus_glib pango freetype fontconfig alsaLib nspr libnotify + dbus dbus_glib pango freetype fontconfig alsaLib nspr nss libnotify xlibs.pixman yasm mesa sqlite file unzip ]; diff --git a/pkgs/applications/networking/browsers/firefox/3.6.nix b/pkgs/applications/networking/browsers/firefox/3.6.nix index 40b7959139d2..c430bb7089a8 100644 --- a/pkgs/applications/networking/browsers/firefox/3.6.nix +++ b/pkgs/applications/networking/browsers/firefox/3.6.nix @@ -31,7 +31,7 @@ rec { "--with-system-zlib" "--with-system-bz2" "--with-system-nspr" - #"--with-system-nss" + "--with-system-nss" # "--with-system-png" # <-- "--with-system-png won't work because the system's libpng doesn't have APNG support" "--enable-system-cairo" #"--enable-system-sqlite" # <-- this seems to be discouraged @@ -59,7 +59,7 @@ rec { [ pkgconfig gtk perl zip libIDL libjpeg libpng zlib cairo bzip2 python dbus dbus_glib pango freetype fontconfig xlibs.libXi xlibs.libX11 xlibs.libXrender xlibs.libXft xlibs.libXt file - alsaLib nspr /* nss */ libnotify xlibs.pixman + alsaLib nspr nss libnotify xlibs.pixman ]; preConfigure = if stdenv.isMips then '' @@ -118,7 +118,7 @@ rec { buildInputs = [ pkgconfig gtk perl zip libIDL libjpeg zlib cairo bzip2 python - dbus dbus_glib pango freetype fontconfig alsaLib nspr libnotify + dbus dbus_glib pango freetype fontconfig alsaLib nspr nss libnotify xlibs.pixman ];