Merge pull request #126271 from mweinelt/firefox

This commit is contained in:
Martin Weinelt 2021-06-09 14:51:21 +02:00 committed by GitHub
commit e2701c3115
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 4 deletions

View file

@ -107,8 +107,15 @@ in
'';
};
environment.systemPackages = with pkgs;
[ xdotool firefox chromium falkon midori ];
environment.systemPackages = with pkgs; [
xdotool
# Firefox was disabled here, because we needed to disable p11-kit support in nss,
# which is why it will not use the system certificate store for the time being.
# firefox
chromium
falkon
midori
];
};
testScript = ''
@ -145,7 +152,14 @@ in
with subtest("Unknown CA is untrusted in curl"):
machine.fail("curl -fv https://bad.example.com")
browsers = ["firefox", "chromium", "falkon", "midori"]
browsers = [
# Firefox was disabled here, because we needed to disable p11-kit support in nss,
# which is why it will not use the system certificate store for the time being.
# "firefox",
"chromium",
"falkon",
"midori"
]
errors = ["Security Risk", "not private", "Certificate Error", "Security"]
machine.wait_for_x()

View file

@ -116,7 +116,9 @@ let
then overrideCC stdenv llvmPackages.clangUseLLVM
else stdenv;
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss;
# Disable p11-kit support in nss until our cacert packages has caught up exposing CKA_NSS_MOZILLA_CA_POLICY
# https://github.com/NixOS/nixpkgs/issues/126065
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss.override { useP11kit = false; };
# --enable-release adds -ffunction-sections & LTO that require a big amount of
# RAM and the 32-bit memory space cannot handle that linking