summary refs log tree commit diff
diff options
context:
space:
mode:
authorMartin Weinelt <hexa@darmstadt.ccc.de>2021-06-08 20:29:28 +0200
committerMartin Weinelt <hexa@darmstadt.ccc.de>2021-06-09 00:01:00 +0200
commit42e25d855fa959b7832fbdbc0a384294460d9258 (patch)
tree09f6565e8283dec7dc3a6574db579ca11b66bd6d
parent9be8db34cf5c05aad77128c87c746bcc909f570d (diff)
downloadnixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.tar
nixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.tar.gz
nixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.tar.bz2
nixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.tar.lz
nixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.tar.xz
nixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.tar.zst
nixpkgs-42e25d855fa959b7832fbdbc0a384294460d9258.zip
firefox: use nss without p11-kit
Quickfix to allow firefox to recognize certificates as trusted by
Mozilla.

Related: #126065
Diffstat
-rw-r--r--pkgs/applications/networking/browsers/firefox/common.nix4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index e35fd6ca701..a44fb2032f4 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -116,7 +116,9 @@ let
                 then overrideCC stdenv llvmPackages.clangUseLLVM
                 else stdenv;
 
-  nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss;
+  # Disable p11-kit support in nss until our cacert packages has caught up exposing CKA_NSS_MOZILLA_CA_POLICY
+  # https://github.com/NixOS/nixpkgs/issues/126065
+  nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss.override { useP11kit = false; };
 
   # --enable-release adds -ffunction-sections & LTO that require a big amount of
   # RAM and the 32-bit memory space cannot handle that linking
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-12 07:11:47 +0000