about summary refs log tree commit diff
path: root/pkgs/development/libraries/gnutls/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/gnutls/default.nix')
-rw-r--r--pkgs/development/libraries/gnutls/default.nix14
1 files changed, 9 insertions, 5 deletions
diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index 627e5f46f7281..f6c6aca19a226 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -5,7 +5,8 @@
 , guileBindings ? config.gnutls.guile or false, guile
 , tpmSupport ? false, trousers, which, nettools, libunistring
 , withP11-kit ? !stdenv.hostPlatform.isStatic, p11-kit
-, withSecurity ? false, Security  # darwin Security.framework
+, withSecurity ? true, Security  # darwin Security.framework
+# certificate compression - only zlib now, more possible: zstd, brotli
 }:
 
 assert guileBindings -> guile != null;
@@ -21,11 +22,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "gnutls";
-  version = "3.7.3";
+  version = "3.7.6";
 
   src = fetchurl {
     url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
-    sha256 = "16n4yvw3792gcdxkikjmhddr6cbs4wlk027zfxlhmchsqcxw8ngw";
+    sha256 = "1zv2097v9f6f4c66q7yn3c6gggjk9jz38095ma7v3gs5lccmf1kp";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
@@ -35,6 +36,8 @@ stdenv.mkDerivation rec {
 
   patches = [ ./nix-ssl-cert-file.patch ]
     # Disable native add_system_trust.
+    # FIXME: apparently it's not enough to drop the framework anymore; maybe related to
+    # https://gitlab.com/gnutls/gnutls/-/commit/c19cb93d492e45141bfef9b926dfeba36003261c
     ++ lib.optional (isDarwin && !withSecurity) ./no-security-framework.patch;
 
   # Skip some tests:
@@ -73,7 +76,6 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ lzo lzip libtasn1 libidn2 zlib gmp libunistring unbound gettext libiconv ]
     ++ lib.optional (withP11-kit) p11-kit
-    ++ lib.optional (isDarwin && withSecurity) Security
     ++ lib.optional (tpmSupport && stdenv.isLinux) trousers
     ++ lib.optional guileBindings guile;
 
@@ -81,7 +83,9 @@ stdenv.mkDerivation rec {
     ++ lib.optionals (isDarwin && !withSecurity) [ autoconf automake ]
     ++ lib.optionals doCheck [ which nettools util-linux ];
 
-  propagatedBuildInputs = [ nettle ];
+  propagatedBuildInputs = [ nettle ]
+    # Builds dynamically linking against gnutls seem to need the framework now.
+    ++ lib.optional (isDarwin && withSecurity) Security;
 
   inherit doCheck;
   # stdenv's `NIX_SSL_CERT_FILE=/no-cert-file.crt` breaks tests.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-09 16:43:48 +0000