gnu: nss-certs: Avoid top-level reference to NSS.

This is the only hammer I know for dealing with module cycles and effectively fixes, for example, ‘guix show nss’ today. It's also a very poor solution. * gnu/packages/certs.scm (nss-certs)[version, source]: Copy verbatim from the nss package rather than referring to it at the top level. Reported by several users of #guix.
2021-12-16 01:12:10 +01:00 · 2021-12-16 01:12:10 +01:00 · ceb9c6c50e
parent 18b1497673
commit ceb9c6c50e
2 changed files with 27 additions and 5 deletions
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@ -33,7 +33,6 @@
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system trivial)
  #:use-module (gnu packages)
-  #:use-module (gnu packages nss)
  #:use-module (gnu packages curl)
  #:use-module (gnu packages python)
  #:use-module (gnu packages perl)
@ -128,8 +127,31 @@ that was originally contributed to Debian.")
 (define-public nss-certs
  (package
    (name "nss-certs")
-    (version (package-version nss))
-    (source (package-source nss))
+    ;; XXX We used to refer to the nss package here, but that eventually caused
+    ;; module cycles.  The below is a quick copy-paste job that must be kept in
+    ;; sync manually.  Surely there's a better way…?
+    (version "3.71")
+    (source (origin
+              (method url-fetch)
+              (uri (let ((version-with-underscores
+                          (string-join (string-split version #\.) "_")))
+                     (string-append
+                      "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
+                      "releases/NSS_" version-with-underscores "_RTM/src/"
+                      "nss-" version ".tar.gz")))
+              (sha256
+               (base32
+                "0ly2l3dv6z5hlxs72h5x6796ni3x1bq60saavaf42ddgv4ax7b4r"))
+              ;; Create nss.pc and nss-config.
+              (patches (search-patches "nss-3.56-pkgconfig.patch"
+                                       "nss-getcwd-nonnull.patch"
+                                       "nss-increase-test-timeout.patch"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete the bundled copy of these libraries.
+                  (delete-file-recursively "nss/lib/zlib")
+                  (delete-file-recursively "nss/lib/sqlite")))))
    (build-system gnu-build-system)
    (outputs '("out"))
    (native-inputs
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@ -107,11 +107,11 @@ in the Mozilla clients.")
              (base32
               "0v3zds1id71j5a5si42a658fjz8nv2f6zp6w4gqrqmdr6ksz8sxv"))))))

-;;; Note: When updating, verify that the nss-certs package still builds fine
-;;; as it inherits its source from the nss package.
 (define-public nss
  (package
    (name "nss")
+    ;; Also update and test the nss-certs package, which duplicates version and
+    ;; source to avoid a top-level variable reference & module cycle.
    (version "3.71")
    (source (origin
              (method url-fetch)