New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nss: 3.57 -> 3.59 #100765
nss: 3.57 -> 3.59 #100765
Conversation
|
But current FF won't compile against it (for me, tried atop nixpkgs master):
|
Same on staging as of 347696a… I thought I tested compiling Firefox, sorry. |
There's a major FF release scheduled in two days that should not require this nss version yet and I hope it might fix this error. |
I'm working on the firefox 82 package and as of now (it is still building) it doesn't require the newer NSS version. I'll try if it supports being built with this PR later. |
Bad "luck":
EDIT: same for ESR 78.4.0. |
ESR-78 still fails with 3.59 As does 82. yay. -.- |
Maybe we'll have to downgrade nss for 78? (for FF ESR and TB) Upstream apparently means 78 to be used with 3.53.x: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases I expect 73 to be OK with 3.58 (and maybe even 3.59); it's scheduled for release in two days. |
Ok, lets add an older version of NSS for those two? It isn't great but probably not worth blocking this much longer. Firefox 83 now requires 3.58 and I'd rather pick this instead. |
Another thing that we can also do is to change/decouple |
We still have 3.44, currently used for That's probably too old, though. |
I'm looking into the rebuild amounts that NSS vs cacert are causing right now. It could be a nice way to handle this as long as we regulary bump cacert then. |
We've had some "nss only" rebuilds a while ago, when I was changing the build system to gyp and didn't get everything right on the first try. AFAIR the amount of rebuilds when just changing nss but not nss.src is at least an order of magnitude smaller. |
If my invocations with |
I'm trying to decouple cacert in the upcoming Firefox 83 PR. I'll also include this bump as it should then be just a minor rebuild. |
In [NixOS#100765] @vcunat pointed out that we could decouple cacert from the NSS package to make it more rebuild friendly. Just rebuilding packages that depend on NSS seems to be about ~100. Rebuilding all the packages that depend on cacert is >9k as of this writing. This makes it much more feasible to upgrade high-profile packages that are (rightfully) pedantic on their NSS version like firefox and thunderbird. [NixOS#100765]: NixOS#100765
In [#100765] @vcunat pointed out that we could decouple cacert from the NSS package to make it more rebuild friendly. Just rebuilding packages that depend on NSS seems to be about ~100. Rebuilding all the packages that depend on cacert is >9k as of this writing. This makes it much more feasible to upgrade high-profile packages that are (rightfully) pedantic on their NSS version like firefox and thunderbird. [#100765]: #100765 (cherry picked from commit 94448ba)
Motivation for this change
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)