firefox: use nss without p11-kit

Quickfix to allow firefox to recognize certificates as trusted by
Mozilla.

Related: #126065
(cherry picked from commit 42e25d855fa959b7832fbdbc0a384294460d9258)
This commit is contained in:
Martin Weinelt 2021-06-08 20:29:28 +02:00 committed by github-actions[bot]
parent 60cce7e5e1
commit 0647103d18
1 changed files with 3 additions and 1 deletions

View File

@ -122,7 +122,9 @@ let
then overrideCC stdenv llvmPackages.clangUseLLVM
else stdenv;
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss;
# Disable p11-kit support in nss until our cacert packages has caught up exposing CKA_NSS_MOZILLA_CA_POLICY
# https://github.com/NixOS/nixpkgs/issues/126065
nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss.override { useP11kit = false; };
# --enable-release adds -ffunction-sections & LTO that require a big amount of
# RAM and the 32-bit memory space cannot handle that linking