forked from mirrors/nixpkgs
625d7b9043
This includes a lot of fixes for cross-building to Windows and Mac OS X and could possibly fix things even for non-cross-builds, like for example OpenSSL on Windows. The main reason for merging this in 14.04 already is that we already have runInWindowsVM in master and it doesn't work until we actually cross-build Cygwin's setup binary as the upstream version is a fast moving target which gets _overwritten_ on every new release. Conflicts: pkgs/top-level/all-packages.nix
108 lines
3.4 KiB
Nix
108 lines
3.4 KiB
Nix
{ stdenv, fetchurl, perl
|
||
, withCryptodev ? false, cryptodevHeaders }:
|
||
|
||
let
|
||
name = "openssl-1.0.1g";
|
||
|
||
opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
|
||
(throw "openssl needs its platform name cross building" null)
|
||
stdenv.cross;
|
||
|
||
patchesCross = isCross: let
|
||
isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");
|
||
in
|
||
[ # Allow the location of the X509 certificate file (the CA
|
||
# bundle) to be set through the environment variable
|
||
# ‘OPENSSL_X509_CERT_FILE’. This is necessary because the
|
||
# default location ($out/ssl/cert.pem) doesn't exist, and
|
||
# hardcoding something like /etc/ssl/cert.pem is impure and
|
||
# cannot be overriden per-process. For security, the
|
||
# environment variable is ignored for setuid binaries.
|
||
./cert-file.patch
|
||
]
|
||
|
||
++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")
|
||
[ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
|
||
./gnu.patch # submitted upstream
|
||
]
|
||
|
||
++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")
|
||
[ ./gnu.patch
|
||
./kfreebsd-gnu.patch
|
||
]
|
||
|
||
++ stdenv.lib.optional isDarwin ./darwin-arch.patch;
|
||
|
||
in
|
||
|
||
stdenv.mkDerivation {
|
||
inherit name;
|
||
|
||
src = fetchurl {
|
||
urls = [
|
||
"http://www.openssl.org/source/${name}.tar.gz"
|
||
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
|
||
];
|
||
sha256 = "0a70qdqccg16nw4bbawa6pjvzn05vfp5wkwg6jl0grch7f683jsk";
|
||
};
|
||
|
||
patches = patchesCross false;
|
||
|
||
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
|
||
|
||
nativeBuildInputs = [ perl ];
|
||
|
||
# On x86_64-darwin, "./config" misdetects the system as
|
||
# "darwin-i386-cc". So specify the system type explicitly.
|
||
configureScript =
|
||
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
|
||
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
|
||
else "./config";
|
||
|
||
configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
|
||
stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
|
||
|
||
makeFlags = "MANDIR=$(out)/share/man";
|
||
|
||
# Parallel building is broken in OpenSSL.
|
||
#enableParallelBuilding = true;
|
||
|
||
postInstall =
|
||
''
|
||
# If we're building dynamic libraries, then don't install static
|
||
# libraries.
|
||
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib)" ]; then
|
||
rm $out/lib/*.a
|
||
fi
|
||
''; # */
|
||
|
||
crossAttrs = {
|
||
patches = patchesCross true;
|
||
|
||
preConfigure=''
|
||
# It's configure does not like --build or --host
|
||
export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}"
|
||
'';
|
||
|
||
postInstall = ''
|
||
# Openssl installs readonly files, which otherwise we can't strip.
|
||
# This could at some stdenv hash change be put out of crossAttrs, too
|
||
chmod -R +w $out
|
||
|
||
# Remove references to perl, to avoid depending on it at runtime
|
||
rm $out/bin/c_rehash $out/ssl/misc/CA.pl $out/ssl/misc/tsget
|
||
'';
|
||
configureScript = "./Configure";
|
||
} // stdenv.lib.optionalAttrs (opensslCrossSystem == "darwin64-x86_64-cc") {
|
||
CC = "gcc";
|
||
};
|
||
|
||
meta = {
|
||
homepage = http://www.openssl.org/;
|
||
description = "A cryptographic library that implements the SSL and TLS protocols";
|
||
platforms = stdenv.lib.platforms.all;
|
||
maintainers = [ stdenv.lib.maintainers.simons ];
|
||
priority = 10; # resolves collision with ‘man-pages’
|
||
};
|
||
}
|