diff options
| author | Tyler Langlois <tjl@byu.net> | 2022-07-16 16:27:33 -0600 |
|---|---|---|
| committer | Tyler Langlois <tjl@byu.net> | 2022-07-16 16:27:33 -0600 |
| commit | 922bb56029fdee1ae004e006a59e05c32e49bd91 (patch) | |
| tree | 1780b2c559d26a2335a5d7926732725d5fcf2655 | |
| parent | 52272c9f03795c1a72a39f4f8b56522061c96c2e (diff) | |
| download | nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.tar nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.tar.gz nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.tar.bz2 nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.tar.lz nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.tar.xz nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.tar.zst nixpkgs-922bb56029fdee1ae004e006a59e05c32e49bd91.zip | |
glusterfs: patch around SSL_CERT_PATH detection
The upstream configure.ac invokes `openssl version -d` in order to find the system path for certificates. This is problematic for us since that resolves to the nix store and lots of other mechanisms (including the glusterfs module) expect /etc/ssl to be the place for certificates, so this addition patches the file to set the value manually.
| -rw-r--r-- | pkgs/tools/filesystems/glusterfs/default.nix | 11 | ||||
| -rw-r--r-- | pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch | 23 |
2 files changed, 34 insertions, 0 deletions
diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix index e25c50e0950..125fb01d88a 100644 --- a/pkgs/tools/filesystems/glusterfs/default.nix +++ b/pkgs/tools/filesystems/glusterfs/default.nix @@ -65,6 +65,17 @@ in stdenv.mkDerivation rec { }; inherit buildInputs propagatedBuildInputs; + patches = [ + # Upstream invokes `openssl version -d` to derive the canonical system path + # for certificates, which resolves to a nix store path, so this patch + # statically sets the configure.ac value. There's probably a less-brittle + # way to do this! (this will likely fail on a version bump) + # References: + # - https://github.com/gluster/glusterfs/issues/3234 + # - https://github.com/gluster/glusterfs/commit/a7dc43f533ad4b8ff68bf57704fefc614da65493 + ./ssl_cert_path.patch + ]; + postPatch = '' sed -e '/chmod u+s/d' -i contrib/fuse-util/Makefile.am substituteInPlace libglusterfs/src/glusterfs/lvm-defaults.h \ diff --git a/pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch b/pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch new file mode 100644 index 00000000000..5964e14787e --- /dev/null +++ b/pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch @@ -0,0 +1,23 @@ +diff --git a/configure.ac b/configure.ac +index fb8db11e9e..4c40683057 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -766,14 +766,10 @@ AS_IF([test "x$enable_fuse_notifications" != "xno"], [ + + dnl Find out OpenSSL trusted certificates path + AC_MSG_CHECKING([for OpenSSL trusted certificates path]) +-SSL_CERT_PATH=$(openssl version -d | sed -e 's|OPENSSLDIR: "\(.*\)".*|\1|') +-if test -d $SSL_CERT_PATH 1>/dev/null 2>&1; then +- AC_MSG_RESULT([$SSL_CERT_PATH]) +- AC_DEFINE_UNQUOTED(SSL_CERT_PATH, ["$SSL_CERT_PATH"], [Path to OpenSSL trusted certificates.]) +- AC_SUBST(SSL_CERT_PATH) +-else +- AC_MSG_ERROR([Unable to detect path to OpenSSL trusted certificates]) +-fi ++SSL_CERT_PATH=/etc/ssl ++AC_MSG_RESULT([$SSL_CERT_PATH]) ++AC_DEFINE_UNQUOTED(SSL_CERT_PATH, ["$SSL_CERT_PATH"], [Path to OpenSSL trusted certificates.]) ++AC_SUBST(SSL_CERT_PATH) + + AC_CHECK_LIB([ssl], TLS_method, [HAVE_OPENSSL_1_1="yes"], [HAVE_OPENSSL_1_1="no"]) + if test "x$HAVE_OPENSSL_1_1" = "xyes"; then |