From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id kNHiAfG1qWZLlgAAe85BDQ:P1 (envelope-from ) for ; Wed, 31 Jul 2024 03:56:33 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id kNHiAfG1qWZLlgAAe85BDQ (envelope-from ) for ; Wed, 31 Jul 2024 05:56:33 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=APe3yY1N; dkim=fail ("headers rsa verify failed") header.d=retrospec.tv header.s=fm2 header.b="G /THzIk"; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b="I MV0gVU"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1722398192; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=1rhjv2L81+g8qZi64AubNkHzZl2s4wtlCwF6ZAxRUI0=; b=DgEllNqu/lQSvkWktZb+YWHh/rHLXsEldcmgr5scqg1jo3Jefm4nkwCDvJQPSSophuEX+g HAlunh8kGjUpXhdqcas2F+Em4tL++0Mu8xVJtLzG4SHCJ/QwaYocZl441OH6+qf1Mjm45p i7RiKmMNa4LE2KWhwhbAPzVUuRSIXNZ+3GpuLJZE54mUWvdN+9+sRCjDHpX8J1o/H6rVdy KqAvuMololw484kxdls45w9DF1ChpUdUMPFNUAlxwPql1BTKHhrrnMItEbF/8zVB/Xfs1Z IAE2l9mvCZNKVIvd9J8J2Xq1sV61hCwIlzZxjWL/C31/cOOlvimidCxAs9ekpQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=APe3yY1N; dkim=fail ("headers rsa verify failed") header.d=retrospec.tv header.s=fm2 header.b="G /THzIk"; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b="I MV0gVU"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1722398192; a=rsa-sha256; cv=none; b=KShkQPJ7UTuxccU0OjUC8gUVrxv+uPWhBCCl+wguKbqKKHQ/nE2JMnrk9vrFhkZQWd1YDa nEZn4nGzfIPS/F/abbwzjW+oPb7FMZVIMtXAs88TFESPjijCVq06n2dvUNCe8PWE51jQpg HCCokT3rIl8flPAj1RTnEt3UxO10b5/WI3tQD1uun0RTxx3u15Za7sw61POM5SdggIu09B BfqFwS7gEXoFlc7SmDIpXkX1NfZ6STSzm1qhAJCVd5/ibHT1KX+xLov5V1c4iu+F89gLyU xQ/pOozvBzyo1B+2D5ikDfvvL+WiaAJR4ovi/LjmEreAzydVSewaZvI4f0UZyA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CEAD97267B for ; Wed, 31 Jul 2024 05:56:31 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZ0RK-0005dP-5b; Tue, 30 Jul 2024 23:55:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZ0RH-0005cg-FP for guix-patches@gnu.org; Tue, 30 Jul 2024 23:55:47 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZ0RH-0004u6-66 for guix-patches@gnu.org; Tue, 30 Jul 2024 23:55:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=1rhjv2L81+g8qZi64AubNkHzZl2s4wtlCwF6ZAxRUI0=; b=APe3yY1NrxJqeeXh5Q3pUik8/WyI37mJelP6asUKArw12J2Em02cbsZfBC0KlYFE0FkpkHUq3ZaD0qV9NLuetaxvJ0LrVAd4z9VGQUBuwZkrY6udfs3tbhQHytqU7T4NrbrLHgG91sD0lW1SX89MQcgY/EEMFHMt8kxbtf1KKHIIr8v9j2PpJoCMLxi91mqLADay7B9+1gApfrlr0mVaGHtepJt99KagzkEyI1wV9opx4u8obHj8FVznThsrQLFi8Z8yf4aXoAQ5xOY4ltUeDettZpHDf0hkEdb8qo8mB5MIXDLrIF/DpLYHmWpYgcIaYLCrl2rn3Txz2Xhxm5bL8g==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sZ0RV-0001zG-Nw for guix-patches@gnu.org; Tue, 30 Jul 2024 23:56:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71832] [PATCH v5 1/3] gnu: Add nss-rapid. Resent-From: Ian Eure Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 31 Jul 2024 03:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71832 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 71832@debbugs.gnu.org Cc: Ian Eure Received: via spool by 71832-submit@debbugs.gnu.org id=B71832.17223981317569 (code B ref 71832); Wed, 31 Jul 2024 03:56:01 +0000 Received: (at 71832) by debbugs.gnu.org; 31 Jul 2024 03:55:31 +0000 Received: from localhost ([127.0.0.1]:48821 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0R1-0001y0-6f for submit@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:31 -0400 Received: from fout8-smtp.messagingengine.com ([103.168.172.151]:51533) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sZ0Qx-0001xS-Hb for 71832@debbugs.gnu.org; Tue, 30 Jul 2024 23:55:29 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfout.nyi.internal (Postfix) with ESMTP id 2FB6D1382188; Tue, 30 Jul 2024 23:55:07 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 30 Jul 2024 23:55:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1722398107; x= 1722484507; bh=1rhjv2L81+g8qZi64AubNkHzZl2s4wtlCwF6ZAxRUI0=; b=G /THzIkxG9isWVy7ADG3YMjbSOc2Xls83K63rzZNXmXQqtDmhZar0dHnu1qUQzGdq BV6ym117KOWzUJjvj8UOna+TNjeAJx0reLBcLdBgFuFAxgfNM19UP+jIqsOSKAjS 0wJqa/2MKK/bBhV4HSeTuYGJ/0MEbXrSSHQcGS8Ku00Shwoh4fBXg5ucczH+47Cn b3/QYZTyHtPZEQf7hTJZHZ+rfSBK/SBWyX7lBjtveYXEnrBcs673YJd97oGO/aaE DyxxhRkkGFKK+a8tYD/jmiQW+36mWUIL/1rN2E9O1+YIu3N7gicurvkclH5z4wP/ kzgN3gMBTCQez4BJNneUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722398107; x= 1722484507; bh=1rhjv2L81+g8qZi64AubNkHzZl2s4wtlCwF6ZAxRUI0=; b=I MV0gVUtrtKvc8/uqymVRIliBHmzK3bBw4UjTYlUUPhLtR22YlN8YsYlhQKz5HoYn mHcGZOYYHTVdDfe+OITlNCjTY6FA63pfrGBGm4cLZ3hX9UMdc0FmukyuyFEg20lW U2MfoN4WBRUOEUkzMHGorMrXL1np5o9ueJ01fy0cEFakuMj73yn0paeIdXm4BoRs Cq8PYDv4CpGn1LB+S7ptXmngz3BaD2jl04Tk9SQreVNk84fMKAnm88xBnQ6vki8x xReiZXPaOeUfsaA5ilQx46x8OgmtuTPQxmT+cVyXAW76GhMxLKynr3mLAyXOSVyl du7ALHEz7x5CZYpgK4QkQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeehgdejkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdr thhvqeenucggtffrrghtthgvrhhnpefgteeiffdvleejleeiieevgeegleegieevjeekfe evledugfehteetgfeuffevhfenucffohhmrghinhepmhhoiihilhhlrgdrohhrghenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvg htrhhoshhpvggtrdhtvhdpnhgspghrtghpthhtoheptd X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 23:55:06 -0400 (EDT) From: Ian Eure Date: Tue, 30 Jul 2024 20:54:59 -0700 Message-ID: <20240731035501.27512-2-ian@retrospec.tv> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240731035501.27512-1-ian@retrospec.tv> References: <20240731035501.27512-1-ian@retrospec.tv> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -9.06 X-Migadu-Queue-Id: CEAD97267B X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -9.06 X-TUID: wzF8WGgzNEWO * gnu/packages/nss.scm (nss-rapid): New variable. Change-Id: I2bdd2119fb0c857feae9eb2e47a28909b8228cd7 --- gnu/packages/nss.scm | 80 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 74 insertions(+), 6 deletions(-) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 9224a8ed5a..17f05a65b0 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -106,6 +106,9 @@ (define-public nspr-4.32 (base32 "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv")))))) +;; nss should track ESRs, but currently doesn't. When the next ESR it out, it +;; should get updated. + (define-public nss (package (name "nss") @@ -153,13 +156,13 @@ (define-public nss ;; Ensure we are building for the (%current-target-system). #$@(if (%current-target-system) #~((string-append - "OS_TEST=" - (string-take #$(%current-target-system) - (string-index #$(%current-target-system) #\-))) + "OS_TEST=" + (string-take #$(%current-target-system) + (string-index #$(%current-target-system) #\-))) (string-append - "KERNEL=" (cond (#$(target-hurd?) "gnu") - (#$(target-linux?) "linux") - (else "")))) + "KERNEL=" (cond (#$(target-hurd?) "gnu") + (#$(target-linux?) "linux") + (else "")))) #~()) #$@(if (%current-target-system) #~("CROSS_COMPILE=1") @@ -303,6 +306,71 @@ (define-public nss/fixed (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) (format #t "test suite not run~%")))))))))))) +;; nss-rapid tracks the rapid release channel. Unless your package requires a +;; newer version, you should prefer the `nss' package, which tracks the ESR +;; channel. +;; +;; See https://wiki.mozilla.org/NSS:Release_Versions +;; and https://wiki.mozilla.org/Rapid_Release_Model + +(define-public nss-rapid + (package + (inherit nss) + (name "nss-rapid") + (version "3.102.1") + (source (origin + (inherit (package-source nss)) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "1k1pjxz0ab4lg8xqggbb8pw77c1q8h4bldi09z4pj5g4hwsjv62l")))) + (arguments + (substitute-keyword-arguments (package-arguments nss) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (if tests? + (begin + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for + ;; testing. The latter requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; This specific test is looking at performance "now + ;; verify that we can quickly dump a database", and + ;; we're not testing performance here (especially + ;; since we're using faketime), so raise the + ;; threshold + (substitute* "nss/tests/dbtests/dbtests.sh" + ((" -lt 5") " -lt 50")) + + ;; Since the test suite is very lengthy, run the test + ;; suite once, not thrice as done by default, by + ;; selecting only the 'standard' cycle. + (setenv "NSS_CYCLES" "standard") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2024-01-23" "./nss/tests/all.sh")) + (format #t "test suite not run~%")))))))) + (synopsis "Network Security Services (Rapid Release)") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards. + +This package tracks the Rapid Release channel, which updates frequently."))) (define-public nsncd (package (name "nsncd") -- 2.45.2