Mark H Weaver writes: > 宋文武 writes: > >> * gnu/packages/patches/nss.patch: New file. >> * gnu-system.scm (dist_patch_DATA): Add it. >> * gnu/packages/polkit.scm (nss): New variable. > > polkit.scm seems like the wrong place for 'nss', although admittedly > it's not obvious where it should go. Maybe move it and nspr gnuzilla.scm? Since they are both from mozilla. > >> --- >> gnu-system.am | 1 + >> gnu/packages/patches/nss.patch | 241 +++++++++++++++++++++++++++++++++++++++++ >> gnu/packages/polkit.scm | 84 ++++++++++++++ >> 3 files changed, 326 insertions(+) >> create mode 100644 gnu/packages/patches/nss.patch >> >> diff --git a/gnu-system.am b/gnu-system.am >> index 4086067..046ded5 100644 >> --- a/gnu-system.am >> +++ b/gnu-system.am >> @@ -422,6 +422,7 @@ dist_patch_DATA = \ >> gnu/packages/patches/mupdf-buildsystem-fix.patch \ >> gnu/packages/patches/mutt-CVE-2014-9116.patch \ >> gnu/packages/patches/net-tools-bitrot.patch \ >> + gnu/packages/patches/nss.patch \ >> gnu/packages/patches/nvi-assume-preserve-path.patch \ >> gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ >> gnu/packages/patches/ots-no-include-missing-file.patch \ >> diff --git a/gnu/packages/patches/nss.patch b/gnu/packages/patches/nss.patch >> new file mode 100644 >> index 0000000..356ff0d >> --- /dev/null >> +++ b/gnu/packages/patches/nss.patch >> @@ -0,0 +1,241 @@ >> +--- nss-3.17.1/nss/config/Makefile >> ++++ nss-3.17.1/nss/config/Makefile >> +@@ -0,0 +1,40 @@ >> ++CORE_DEPTH = .. >> ++DEPTH = .. >> ++ >> ++include $(CORE_DEPTH)/coreconf/config.mk >> ++ >> ++NSS_MAJOR_VERSION = `grep "NSS_VMAJOR" ../lib/nss/nss.h | awk '{print $$3}'` >> ++NSS_MINOR_VERSION = `grep "NSS_VMINOR" ../lib/nss/nss.h | awk '{print $$3}'` >> ++NSS_PATCH_VERSION = `grep "NSS_VPATCH" ../lib/nss/nss.h | awk '{print $$3}'` >> ++PREFIX = /usr >> ++ >> ++all: export libs >> ++ >> ++export: >> ++ # Create the nss.pc file >> ++ mkdir -p $(DIST)/lib/pkgconfig >> ++ sed -e "s,@prefix@,$(PREFIX)," \ >> ++ -e "s,@exec_prefix@,\$${prefix}," \ >> ++ -e "s,@libdir@,\$${prefix}/lib," \ >> ++ -e "s,@includedir@,\$${prefix}/include/nss," \ >> ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \ >> ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ >> ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ >> ++ nss.pc.in > nss.pc >> ++ chmod 0644 nss.pc >> ++ cp nss.pc $(DIST)/lib/pkgconfig >> ++ >> ++ # Create the nss-config script >> ++ mkdir -p $(DIST)/bin >> ++ sed -e "s,@prefix@,$(PREFIX)," \ >> ++ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION)," \ >> ++ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \ >> ++ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \ >> ++ nss-config.in > nss-config >> ++ chmod 0755 nss-config >> ++ cp nss-config $(DIST)/bin >> ++ >> ++libs: >> ++ >> ++dummy: all export libs >> ++ >> +--- nss-3.17.1/nss/config/nss-config.in >> ++++ nss-3.17.1/nss/config/nss-config.in >> +@@ -0,0 +1,145 @@ >> ++#!/bin/sh >> ++ >> ++prefix=@prefix@ >> ++ >> ++major_version=@NSS_MAJOR_VERSION@ >> ++minor_version=@NSS_MINOR_VERSION@ >> ++patch_version=@NSS_PATCH_VERSION@ >> ++ >> ++usage() >> ++{ >> ++ cat <> ++Usage: nss-config [OPTIONS] [LIBRARIES] >> ++Options: >> ++ [--prefix[=DIR]] >> ++ [--exec-prefix[=DIR]] >> ++ [--includedir[=DIR]] >> ++ [--libdir[=DIR]] >> ++ [--version] >> ++ [--libs] >> ++ [--cflags] >> ++Dynamic Libraries: >> ++ nss >> ++ ssl >> ++ smime >> ++ nssutil >> ++EOF >> ++ exit $1 >> ++} >> ++ >> ++if test $# -eq 0; then >> ++ usage 1 1>&2 >> ++fi >> ++ >> ++lib_ssl=yes >> ++lib_smime=yes >> ++lib_nss=yes >> ++lib_nssutil=yes >> ++ >> ++while test $# -gt 0; do >> ++ case "$1" in >> ++ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; >> ++ *) optarg= ;; >> ++ esac >> ++ >> ++ case $1 in >> ++ --prefix=*) >> ++ prefix=$optarg >> ++ ;; >> ++ --prefix) >> ++ echo_prefix=yes >> ++ ;; >> ++ --exec-prefix=*) >> ++ exec_prefix=$optarg >> ++ ;; >> ++ --exec-prefix) >> ++ echo_exec_prefix=yes >> ++ ;; >> ++ --includedir=*) >> ++ includedir=$optarg >> ++ ;; >> ++ --includedir) >> ++ echo_includedir=yes >> ++ ;; >> ++ --libdir=*) >> ++ libdir=$optarg >> ++ ;; >> ++ --libdir) >> ++ echo_libdir=yes >> ++ ;; >> ++ --version) >> ++ echo ${major_version}.${minor_version}.${patch_version} >> ++ ;; >> ++ --cflags) >> ++ echo_cflags=yes >> ++ ;; >> ++ --libs) >> ++ echo_libs=yes >> ++ ;; >> ++ ssl) >> ++ lib_ssl=yes >> ++ ;; >> ++ smime) >> ++ lib_smime=yes >> ++ ;; >> ++ nss) >> ++ lib_nss=yes >> ++ ;; >> ++ nssutil) >> ++ lib_nssutil=yes >> ++ ;; >> ++ *) >> ++ usage 1 1>&2 >> ++ ;; >> ++ esac >> ++ shift >> ++done >> ++ >> ++# Set variables that may be dependent upon other variables >> ++if test -z "$exec_prefix"; then >> ++ exec_prefix=`pkg-config --variable=exec_prefix nss` >> ++fi >> ++if test -z "$includedir"; then >> ++ includedir=`pkg-config --variable=includedir nss` >> ++fi >> ++if test -z "$libdir"; then >> ++ libdir=`pkg-config --variable=libdir nss` >> ++fi >> ++ >> ++if test "$echo_prefix" = "yes"; then >> ++ echo $prefix >> ++fi >> ++ >> ++if test "$echo_exec_prefix" = "yes"; then >> ++ echo $exec_prefix >> ++fi >> ++ >> ++if test "$echo_includedir" = "yes"; then >> ++ echo $includedir >> ++fi >> ++ >> ++if test "$echo_libdir" = "yes"; then >> ++ echo $libdir >> ++fi >> ++ >> ++if test "$echo_cflags" = "yes"; then >> ++ echo -I$includedir >> ++fi >> ++ >> ++if test "$echo_libs" = "yes"; then >> ++ libdirs="" >> ++ if test -n "$lib_ssl"; then >> ++ libdirs="$libdirs -lssl${major_version}" >> ++ fi >> ++ if test -n "$lib_smime"; then >> ++ libdirs="$libdirs -lsmime${major_version}" >> ++ fi >> ++ if test -n "$lib_nss"; then >> ++ libdirs="$libdirs -lnss${major_version}" >> ++ fi >> ++ if test -n "$lib_nssutil"; then >> ++ libdirs="$libdirs -lnssutil${major_version}" >> ++ fi >> ++ echo $libdirs >> ++fi >> ++ >> +--- nss-3.17.1/nss/config/nss.pc.in >> ++++ nss-3.17.1/nss/config/nss.pc.in >> +@@ -0,0 +1,12 @@ >> ++prefix=@prefix@ >> ++exec_prefix=@exec_prefix@ >> ++libdir=@libdir@ >> ++includedir=@includedir@ >> ++ >> ++Name: NSS >> ++Description: Network Security Services >> ++Version: @NSS_MAJOR_VERSION@.@NSS_MINOR_VERSION@.@NSS_PATCH_VERSION@ >> ++Requires: nspr >= 4.8 >> ++Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3 >> ++Cflags: -I${includedir} >> ++ >> +--- nss-3.17.1/nss/Makefile >> ++++ nss-3.17.1/nss/Makefile >> +@@ -44,7 +44,7 @@ >> + # (7) Execute "local" rules. (OPTIONAL). # >> + ####################################################################### >> + >> +-nss_build_all: build_nspr all >> ++nss_build_all: all >> + >> + nss_clean_all: clobber_nspr clobber >> + >> +@@ -109,12 +109,6 @@ >> + --with-dist-prefix='$(NSPR_PREFIX)' \ >> + --with-dist-includedir='$(NSPR_PREFIX)/include' >> + >> +-build_nspr: $(NSPR_CONFIG_STATUS) >> +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) >> +- >> +-clobber_nspr: $(NSPR_CONFIG_STATUS) >> +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber >> +- >> + build_docs: >> + $(MAKE) -C $(CORE_DEPTH)/doc >> + >> +--- nss-3.17.1/nss/manifest.mn >> ++++ nss-3.17.1/nss/manifest.mn >> +@@ -10,7 +10,7 @@ >> + >> + RELEASE = nss >> + >> +-DIRS = coreconf lib cmd >> ++DIRS = coreconf lib cmd config >> + >> + ifdef NSS_BUILD_GTESTS >> + DIRS += external_tests > > Why is this patch needed? I find it surprising how much stuff you had > to add in order to get this to build. Where did it all come from? It's to install nss.pc and nss-config, from nixpkgs (from gentoo). > > Some explanation will be needed at the top of the patch, and also the > patch should have a more descriptive name than "nss.patch". OK. > >> diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm >> index 2be1d0b..8a6fa7c 100644 >> --- a/gnu/packages/polkit.scm >> +++ b/gnu/packages/polkit.scm >> @@ -1,5 +1,6 @@ >> ;;; GNU Guix --- Functional package management for GNU >> ;;; Copyright © 2014 Andreas Enge >> +;;; Copyright © 2015 Sou Bunnbu >> ;;; >> ;;; This file is part of GNU Guix. >> ;;; >> @@ -23,6 +24,8 @@ >> #:use-module (guix build-system cmake) >> #:use-module (guix build-system gnu) >> #:use-module (gnu packages) >> + #:use-module (gnu packages compression) >> + #:use-module (gnu packages databases) >> #:use-module (gnu packages glib) >> #:use-module (gnu packages linux) >> #:use-module (gnu packages perl) >> @@ -103,6 +106,87 @@ platform-neutral API for system level and libc-like functions. It is used >> in the Mozilla clients.") >> (license mpl2.0))) >> >> +(define-public nss >> + (package >> + (name "nss") >> + (version "3.17.3") >> + (source (origin >> + (method url-fetch) >> + (uri (string-append >> + "ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/" >> + "releases/NSS_3_17_3_RTM/src/nss-3.17.3.tar.gz")) >> + (sha256 >> + (base32 >> + "1m91z80x4zh1mxgf53bl33lp43gn1wxxx0y26mgz511gb81ykmgl")) >> + (patches (list (search-patch "nss.patch"))))) >> + (build-system gnu-build-system) >> + (outputs '("out" "bin")) >> + (arguments >> + '(#:parallel-build? #f ; failed >> + #:make-flags >> + (let* ((out (assoc-ref %outputs "out")) >> + (nspr (string-append (assoc-ref %build-inputs "nspr"))) >> + (rpath (string-append "-Wl,-rpath=" out "/lib"))) >> + (list "-C" "nss" (string-append "PREFIX=" out) >> + "NSDISTMODE=copy" >> + "NSS_USE_SYSTEM_SQLITE=1" >> + (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr") >> + ;; Add $out/lib to RPATH. >> + (string-append "RPATH=" rpath) >> + (string-append "LDFLAGS=" rpath))) >> + #:modules ((guix build gnu-build-system) >> + (guix build utils) >> + (ice-9 ftw) >> + (srfi srfi-26)) >> + #:imported-modules ((guix build gnu-build-system) >> + (guix build utils)) >> + #:phases >> + (alist-replace >> + 'configure >> + (lambda* (#:key system inputs #:allow-other-keys) >> + (when (string-prefix? "x86_64" system) >> + (setenv "USE_64" "1"))) >> + (alist-replace >> + 'check >> + (lambda _ >> + (setenv "DOMSUF" "(none)") >> + (setenv "USE_IP" "TRUE") >> + (setenv "IP_ADDRESS" "127.0.0.1") >> + (system "./nss/tests/all.sh")) > > This last expression should be (zero? (system "./nss/tests/all.sh")), to > signal an error if ./nss/tests/all.sh returns a non-zero status code. OK. > >> + (alist-replace >> + 'install >> + (lambda* (#:key outputs #:allow-other-keys) >> + (let* ((out (assoc-ref outputs "out")) >> + (bin (string-append (assoc-ref outputs "bin") "/bin")) >> + (inc (string-append out "/include/nss")) >> + (lib (string-append out "/lib")) >> + (obj (car (scandir "dist" (cut string-suffix? >> "OBJ" <>)))) NSS contains many static libraries which I think will not mostly used by other. How about split them to a 'static-lib' (or a better name). > > This looks potentially non-deterministic, if that 'scandir' call might > return more than one element. If you expect only one, how about this > instead: > > (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>)) > ((obj) obj))) > > That way, if there's more than one, an error will be reported. You'll > need to add (ice-9 match) to #:modules. Adjusted. > > Mark Updated patch: