New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[staging]: nss + cacert -> 3.60 #106704
[staging]: nss + cacert -> 3.60 #106704
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I rebuilt my personal system with this.
Should be labeled security and backported since certificate authority certificates were removed.
Please test that firefox-esr & thunderbird are still working with this.
Those have been the usual candidates that fail on NSS bumps.
|
I thought esr uses an older nss for exactly that reason? |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All sounds good.
As Firefox 84 is released now, we might want to merge the nss part of this and the new firefox, assuming it requires that nss, to master and only going through staging with cacert. |
Probably not needed. 84 is said to be paired to 3.59. Their calendar now gives about a month of space between NSS release and the corresponding FF release: https://wiki.mozilla.org/NSS:Release_Versions |
Motivation for this change
Upstream release: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60_release_notes
It has a bunch of CA changes, so I bumped cacert as well. This can (easily) be split in two PRs if necessary.
Firefox 83 still at least compiles with this, I haven't tested if it runs.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)