diff options
| author | Martin Weinelt <mweinelt@users.noreply.github.com> | 2021-06-09 15:06:23 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-09 15:06:23 +0200 |
| commit | 69d5c988333f23b13e7be0b24e106ad5bd3abb29 (patch) | |
| tree | 92e43d7ad6139b02fa82b02ea5a387650a8f7e98 | |
| parent | blender: add libharu as dependency (diff) | |
| parent | nixos/tests/custom-ca: disable firefox test integration (diff) | |
| download | nixpkgs-69d5c988333f23b13e7be0b24e106ad5bd3abb29.tar.gz | |
Merge pull request #126358 from NixOS/backport-126271-to-release-21.05
| -rw-r--r-- | nixos/tests/custom-ca.nix | 20 | ||||
| -rw-r--r-- | pkgs/applications/networking/browsers/firefox/common.nix | 4 |
2 files changed, 20 insertions, 4 deletions
diff --git a/nixos/tests/custom-ca.nix b/nixos/tests/custom-ca.nix index 7ce1101911db..26f29a3e68fe 100644 --- a/nixos/tests/custom-ca.nix +++ b/nixos/tests/custom-ca.nix @@ -107,8 +107,15 @@ in ''; }; - environment.systemPackages = with pkgs; - [ xdotool firefox chromium falkon midori ]; + environment.systemPackages = with pkgs; [ + xdotool + # Firefox was disabled here, because we needed to disable p11-kit support in nss, + # which is why it will not use the system certificate store for the time being. + # firefox + chromium + falkon + midori + ]; }; testScript = '' @@ -145,7 +152,14 @@ in with subtest("Unknown CA is untrusted in curl"): machine.fail("curl -fv https://bad.example.com") - browsers = ["firefox", "chromium", "falkon", "midori"] + browsers = [ + # Firefox was disabled here, because we needed to disable p11-kit support in nss, + # which is why it will not use the system certificate store for the time being. + # "firefox", + "chromium", + "falkon", + "midori" + ] errors = ["Security Risk", "not private", "Certificate Error", "Security"] machine.wait_for_x() diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 62e641280b66..51a671cb198f 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -122,7 +122,9 @@ let then overrideCC stdenv llvmPackages.clangUseLLVM else stdenv; - nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss; + # Disable p11-kit support in nss until our cacert packages has caught up exposing CKA_NSS_MOZILLA_CA_POLICY + # https://github.com/NixOS/nixpkgs/issues/126065 + nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss.override { useP11kit = false; }; # --enable-release adds -ffunction-sections & LTO that require a big amount of # RAM and the 32-bit memory space cannot handle that linking |