{ stdenv, fetchurl, fetchgit, nspr, perl, zlib, sqlite , includeTools ? false }: let nssPEM = fetchgit { url = "git://git.fedorahosted.org/git/nss-pem.git"; rev = "07a683505d4a0a1113c4085c1ce117425d0afd80"; sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8"; }; secLoadPatch = fetchurl { url = "http://patch-tracker.debian.org/patch/series/dl/nss/2:3.13.5-1/85_security_load.patch"; sha256 = "8a8d0ae4ebbd7c389973fa5d26d8bc5f473046c6cb1d8283cb9a3c1f4c565c47"; }; in stdenv.mkDerivation rec { name = "nss-${version}"; version = "3.13.6"; src = let uscoreVersion = stdenv.lib.replaceChars ["."] ["_"] version; releasePath = "releases/NSS_${uscoreVersion}_RTM/src/nss-${version}.tar.gz"; in fetchurl { url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/${releasePath}"; sha256 = "f7e90727e0ecc1c29de10da39a79bc9c53b814ccfbf40720e053b29c683d43a0"; }; buildInputs = [ nspr perl zlib sqlite ]; postUnpack = '' cp -rdv "${nssPEM}/mozilla/security/nss/lib/ckfw/pem" \ "$sourceRoot/mozilla/security/nss/lib/ckfw/" chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem" ''; patches = [ ./nss-3.12.5-gentoo-fixups.diff secLoadPatch ./nix_secload_fixup.patch ]; postPatch = '' sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn sed -i -e "/^PREFIX =/s:= /usr:= $out:" mozilla/security/nss/config/Makefile ''; preConfigure = "cd mozilla/security/nss"; makeFlags = [ "NSPR_INCLUDE_DIR=${nspr}/include/nspr" "NSPR_LIB_DIR=${nspr}/lib" "NSDISTMODE=copy" "BUILD_OPT=1" "SOURCE_PREFIX=\$(out)" "NSS_ENABLE_ECC=1" "NSS_USE_SYSTEM_SQLITE=1" ] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1"; buildFlags = [ "build_coreconf" "build_dbm" "all" ]; postInstall = '' rm -rf $out/private mv $out/public $out/include mv $out/*.OBJ/* $out/ rmdir $out/*.OBJ ${if includeTools then "" else "rm -rf $out/bin; mkdir $out/bin"} cp -av config/nss-config $out/bin/nss-config ''; postFixup = '' for libname in freebl3 nssdbm3 softokn3 do libfile="$out/lib/lib$libname.so" LD_LIBRARY_PATH=$out/lib $out/bin/shlibsign -v -i "$libfile" done ''; }