cacert: 3.74 -> 3.77
This commit is contained in:
parent
eb9c616c79
commit
8e77380250
2 changed files with 9 additions and 12 deletions
|
@ -20,7 +20,7 @@ let
|
|||
blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist);
|
||||
extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings);
|
||||
|
||||
srcVersion = "3.74";
|
||||
srcVersion = "3.77";
|
||||
version = if nssOverride != null then nssOverride.version else srcVersion;
|
||||
meta = with lib; {
|
||||
homepage = "https://curl.haxx.se/docs/caextract.html";
|
||||
|
@ -35,7 +35,7 @@ let
|
|||
|
||||
src = if nssOverride != null then nssOverride.src else fetchurl {
|
||||
url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/nss-${version}.tar.gz";
|
||||
sha256 = "0mnhdkm4galhpvfz4rv0918jwmjlwkvcvb1f5va8f3zlz48qi4l8";
|
||||
sha256 = "1pfy33b51914sivqyaxdwfd930hzb77gm07z4f57hnyk5xddypl2";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
|
|
@ -13,14 +13,11 @@
|
|||
# As of this writing there are a few magnitudes more packages depending on
|
||||
# cacert than on nss.
|
||||
#
|
||||
# If the current nixpkgs revision contains the attribute `nss_latest` that will
|
||||
# be used instead of `nss`. This is done to help the stable branch maintenance
|
||||
# where (usually) after branch-off during the first Firefox upgrade that
|
||||
# requries a new NSS version that attribute is introduced.
|
||||
# By having this change in the unstable branch we can safely carry it from
|
||||
# release to release without requiring more backport churn on those doing the
|
||||
# stable maintenance.
|
||||
|
||||
# We use `nss_latest` instead of `nss_esr`, because that is the newer version
|
||||
# and we want up-to-date certificates.
|
||||
# `nss_esr` is used for the ecosystem at large through the `nss` attribute,
|
||||
# because it is updated less frequently and maintained for longer, whereas `nss_latest`
|
||||
# is used for software that actually needs a new nss, e.g. Firefox.
|
||||
|
||||
set -ex
|
||||
|
||||
|
@ -28,7 +25,7 @@ BASEDIR="$(dirname "$0")/../../../.."
|
|||
|
||||
|
||||
CURRENT_PATH=$(nix-build --no-out-link -A cacert.out)
|
||||
PATCHED_PATH=$(nix-build --no-out-link -E "with import $BASEDIR {}; let nss_pkg = pkgs.nss_latest or pkgs.nss; in (cacert.override { nssOverride = nss_pkg; }).out")
|
||||
PATCHED_PATH=$(nix-build --no-out-link -E "with import $BASEDIR {}; (cacert.override { nssOverride = nss_latest; }).out")
|
||||
|
||||
# Check the hash of the etc subfolder
|
||||
# We can't check the entire output as that contains the nix-support folder
|
||||
|
@ -37,6 +34,6 @@ CURRENT_HASH=$(nix-hash "$CURRENT_PATH/etc")
|
|||
PATCHED_HASH=$(nix-hash "$PATCHED_PATH/etc")
|
||||
|
||||
if [[ "$CURRENT_HASH" != "$PATCHED_HASH" ]]; then
|
||||
NSS_VERSION=$(nix-instantiate --json --eval -E "with import $BASEDIR {}; nss.version" | jq -r .)
|
||||
NSS_VERSION=$(nix-instantiate --json --eval -E "with import $BASEDIR {}; nss_latest.version" | jq -r .)
|
||||
update-source-version --version-key=srcVersion cacert.src "$NSS_VERSION"
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue