mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00
Code Issues Wiki Activity
nixpkgs/pkgs/development/libraries/openssl/default.nix
Alyssa Ross ae29a9e688
openssl: 1.0.2p -> 1.0.2q 
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407

No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
patches into subdirectories (and remove an unused one).
2018-11-20 16:51:48 +00:00

140 lines
4.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, buildPackages, perl, coreutils
, withCryptodev ? false, cryptodevHeaders
, enableSSL2 ? false
, static ? false
}:
with stdenv.lib;
let
common = args@{ version, sha256, patches ? [] }: stdenv.mkDerivation rec {
name = "openssl-${version}";
src = fetchurl {
url = "https://www.openssl.org/source/${name}.tar.gz";
inherit sha256;
};
inherit patches;
postPatch = ''
patchShebangs Configure
'' + optionalString (versionOlder version "1.1.0") ''
patchShebangs test/*
for a in test/t* ; do
substituteInPlace "$a" \
--replace /bin/rm rm
done
'' + optionalString (versionAtLeast version "1.1.1") ''
substituteInPlace config --replace '/usr/bin/env' '${coreutils}/bin/env'
'' + optionalString (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) ''
substituteInPlace crypto/async/arch/async_posix.h \
--replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \
'!defined(__ANDROID__) && !defined(__OpenBSD__) && 0'
'';
outputs = [ "bin" "dev" "out" "man" ];
setOutputFlags = false;
separateDebugInfo = stdenv.hostPlatform.isLinux;
nativeBuildInputs = [ perl ];
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
# TODO(@Ericson2314): Improve with mass rebuild
configurePlatforms = [];
configureScript = {
"x86_64-darwin" = "./Configure darwin64-x86_64-cc";
"x86_64-solaris" = "./Configure solaris64-x86_64-gcc";
"armv6l-linux" = "./Configure linux-armv4 -march=armv6";
"armv7l-linux" = "./Configure linux-armv4 -march=armv7-a";
}.${stdenv.hostPlatform.system} or (
if stdenv.hostPlatform == stdenv.buildPlatform
then "./config"
else if stdenv.hostPlatform.isMinGW
then "./Configure mingw${optionalString
(stdenv.hostPlatform.parsed.cpu.bits != 32)
(toString stdenv.hostPlatform.parsed.cpu.bits)}"
else if stdenv.hostPlatform.isLinux
then "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
else if stdenv.hostPlatform.isiOS
then "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross"
else
throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}"
);
configureFlags = [
"shared" # "shared" builds both shared and static libraries
"--libdir=lib"
"--openssldir=etc/ssl"
] ++ stdenv.lib.optionals withCryptodev [
"-DHAVE_CRYPTODEV"
"-DUSE_CRYPTODEV_DIGESTS"
] ++ stdenv.lib.optional enableSSL2 "enable-ssl2"
++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng";
makeFlags = [ "MANDIR=$(man)/share/man" ];
enableParallelBuilding = true;
postInstall =
stdenv.lib.optionalString (!static) ''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
rm "$out/lib/"*.a
fi
'' +
''
mkdir -p $bin
mv $out/bin $bin/
mkdir $dev
mv $out/include $dev/
# remove dependency on Perl at runtime
rm -r $out/etc/ssl/misc
rmdir $out/etc/ssl/{certs,private}
'';
postFixup = ''
# Check to make sure the main output doesn't depend on perl
if grep -r '${buildPackages.perl}' $out; then
echo "Found an erroneous dependency on perl ^^^" >&2
exit 1
fi
'';
meta = with stdenv.lib; {
homepage = https://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
license = licenses.openssl;
platforms = platforms.all;
maintainers = [ maintainers.peti ];
priority = 10; # resolves collision with man-pages
};
};
in {
openssl_1_0_2 = common {
version = "1.0.2q";
sha256 = "115nisqy7kazbg6br2wrcra9nphyph1l4dgp563b9cf2rv5wyi2p";
patches = [
./1.0.2/nix-ssl-cert-file.patch
(if stdenv.hostPlatform.isDarwin
then ./1.0.2/use-etc-ssl-certs-darwin.patch
else ./1.0.2/use-etc-ssl-certs.patch)
];
};
openssl_1_1 = common {
version = "1.1.1";
sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8";
patches = [ ./nix-ssl-cert-file.patch ];
};
}
View git blame Copy permalink