summary refs log tree commit diff
path: root/pkgs/development/libraries/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/openssl')
-rw-r--r--pkgs/development/libraries/openssl/chacha.nix10
-rw-r--r--pkgs/development/libraries/openssl/default.nix86
2 files changed, 63 insertions, 33 deletions
diff --git a/pkgs/development/libraries/openssl/chacha.nix b/pkgs/development/libraries/openssl/chacha.nix
index b37142082d8..bae3e53f441 100644
--- a/pkgs/development/libraries/openssl/chacha.nix
+++ b/pkgs/development/libraries/openssl/chacha.nix
@@ -1,8 +1,8 @@
-{ stdenv, fetchFromGitHub, perl, zlib
+{ lib, stdenv, fetchFromGitHub, perl, zlib
 , withCryptodev ? false, cryptodev
 }:
 
-with stdenv.lib;
+with lib;
 stdenv.mkDerivation {
   pname = "openssl-chacha";
   version = "2016-08-22";
@@ -18,7 +18,7 @@ stdenv.mkDerivation {
   setOutputFlags = false;
 
   nativeBuildInputs = [ perl zlib ];
-  buildInputs = stdenv.lib.optional withCryptodev cryptodev;
+  buildInputs = lib.optional withCryptodev cryptodev;
 
   configureScript = "./config";
 
@@ -32,7 +32,7 @@ stdenv.mkDerivation {
     "enable-gost"
     "--libdir=lib"
     "--openssldir=etc/ssl"
-  ] ++ stdenv.lib.optionals withCryptodev [
+  ] ++ lib.optionals withCryptodev [
     "-DHAVE_CRYPTODEV"
     "-DUSE_CRYPTODEV_DIGESTS"
   ];
@@ -75,7 +75,7 @@ stdenv.mkDerivation {
     homepage = "https://www.openssl.org/";
     description = "A cryptographic library that implements the SSL and TLS protocols";
     platforms = [ "x86_64-linux" ];
-    maintainers = [ stdenv.lib.maintainers.cstrahan ];
+    maintainers = [ lib.maintainers.cstrahan ];
     license = licenses.openssl;
     priority = 10; # resolves collision with ‘man-pages’
   };
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 1fc38dd8aaa..d4be8cc2428 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -1,16 +1,25 @@
-{ stdenv, fetchurl, buildPackages, perl, coreutils
+{ lib, stdenv, fetchurl, buildPackages, perl, coreutils
 , withCryptodev ? false, cryptodev
 , enableSSL2 ? false
 , enableSSL3 ? false
-, static ? false
+, static ? stdenv.hostPlatform.isStatic
+# Used to avoid cross compiling perl, for example, in darwin bootstrap tools.
+# This will cause c_rehash to refer to perl via the environment, but otherwise
+# will produce a perfectly functional openssl binary and library.
+, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform
 }:
 
+assert (
+  lib.assertMsg (!withPerl -> stdenv.hostPlatform != stdenv.buildPlatform)
+  "withPerl should not be disabled unless cross compiling"
+);
+
 # Note: this package is used for bootstrapping fetchurl, and thus
 # cannot use fetchpatch! All mutable patches (generated by GitHub or
 # cgit) that are needed here should be included directly in Nixpkgs as
 # files.
 
-with stdenv.lib;
+with lib;
 
 let
   common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
@@ -33,8 +42,10 @@ let
         substituteInPlace "$a" \
           --replace /bin/rm rm
       done
-    '' + optionalString (versionAtLeast version "1.1.1") ''
-      substituteInPlace config --replace '/usr/bin/env' '${coreutils}/bin/env'
+    ''
+    # config is a configure script which is not installed.
+    + optionalString (versionAtLeast version "1.1.1") ''
+      substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env'
     '' + optionalString (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) ''
       substituteInPlace crypto/async/arch/async_posix.h \
         --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \
@@ -43,10 +54,16 @@ let
 
     outputs = [ "bin" "dev" "out" "man" ] ++ optional withDocs "doc";
     setOutputFlags = false;
-    separateDebugInfo = !(stdenv.hostPlatform.useLLVM or false) && stdenv.cc.isGNU;
+    separateDebugInfo =
+      !stdenv.hostPlatform.isDarwin &&
+      !(stdenv.hostPlatform.useLLVM or false) &&
+      stdenv.cc.isGNU;
 
     nativeBuildInputs = [ perl ];
-    buildInputs = stdenv.lib.optional withCryptodev cryptodev;
+    buildInputs = lib.optional withCryptodev cryptodev
+      # perl is included to allow the interpreter path fixup hook to set the
+      # correct interpreter in c_rehash.
+      ++ lib.optional withPerl perl;
 
     # TODO(@Ericson2314): Improve with mass rebuild
     configurePlatforms = [];
@@ -55,39 +72,46 @@ let
         armv6l-linux = "./Configure linux-armv4 -march=armv6";
         armv7l-linux = "./Configure linux-armv4 -march=armv7-a";
         x86_64-darwin  = "./Configure darwin64-x86_64-cc";
+        aarch64-darwin = "./Configure darwin64-arm64-cc";
         x86_64-linux = "./Configure linux-x86_64";
         x86_64-solaris = "./Configure solaris64-x86_64-gcc";
       }.${stdenv.hostPlatform.system} or (
         if stdenv.hostPlatform == stdenv.buildPlatform
           then "./config"
+        else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_64
+          then "./Configure BSD-x86_64"
+        else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_32
+          then "./Configure BSD-x86" + lib.optionalString (stdenv.hostPlatform.parsed.kernel.execFormat.name == "elf") "-elf"
+        else if stdenv.hostPlatform.isBSD
+          then "./Configure BSD-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
         else if stdenv.hostPlatform.isMinGW
           then "./Configure mingw${optionalString
                                      (stdenv.hostPlatform.parsed.cpu.bits != 32)
                                      (toString stdenv.hostPlatform.parsed.cpu.bits)}"
         else if stdenv.hostPlatform.isLinux
-          then (if stdenv.hostPlatform.isx86_64
-            then "./Configure linux-x86_64"
-            else "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}")
+          then "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
         else if stdenv.hostPlatform.isiOS
           then "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross"
         else
           throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}"
       );
 
+    # OpenSSL doesn't like the `--enable-static` / `--disable-shared` flags.
+    dontAddStaticConfigureFlags = true;
     configureFlags = [
       "shared" # "shared" builds both shared and static libraries
       "--libdir=lib"
       "--openssldir=etc/ssl"
-    ] ++ stdenv.lib.optionals withCryptodev [
+    ] ++ lib.optionals withCryptodev [
       "-DHAVE_CRYPTODEV"
       "-DUSE_CRYPTODEV_DIGESTS"
-    ] ++ stdenv.lib.optional enableSSL2 "enable-ssl2"
-      ++ stdenv.lib.optional enableSSL3 "enable-ssl3"
-      ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng"
+    ] ++ lib.optional enableSSL2 "enable-ssl2"
+      ++ lib.optional enableSSL3 "enable-ssl3"
+      ++ lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng"
       # OpenSSL needs a specific `no-shared` configure flag.
       # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
       # for a comprehensive list of configuration options.
-      ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && static) "no-shared";
+      ++ lib.optional (versionAtLeast version "1.1.0" && static) "no-shared";
 
     makeFlags = [
       "MANDIR=$(man)/share/man"
@@ -101,22 +125,28 @@ let
     enableParallelBuilding = true;
 
     postInstall =
-    stdenv.lib.optionalString (!static) ''
+    lib.optionalString (!static) ''
       # If we're building dynamic libraries, then don't install static
       # libraries.
       if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
           rm "$out/lib/"*.a
       fi
-
-    '' +
+    '' + lib.optionalString (!stdenv.hostPlatform.isWindows)
+      # Fix bin/c_rehash's perl interpreter line
+      #
+      # - openssl 1_0_2: embeds a reference to buildPackages.perl
+      # - openssl 1_1:   emits "#!/usr/bin/env perl"
+      #
+      # In the case of openssl_1_0_2, reset the invalid reference and let the
+      # interpreter hook take care of it.
+      #
+      # In both cases, if withPerl = false, the intepreter line is expected be
+      # "#!/usr/bin/env perl"
     ''
+      substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl}/bin/perl "/usr/bin/env perl"
+    '' + ''
       mkdir -p $bin
-    '' + stdenv.lib.optionalString (!stdenv.hostPlatform.isWindows)
-    ''
-      substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl} ${perl}
-    '' +
-    ''
-      mv $out/bin $bin/
+      mv $out/bin $bin/bin
 
       mkdir $dev
       mv $out/include $dev/
@@ -127,7 +157,7 @@ let
       rmdir $out/etc/ssl/{certs,private}
     '';
 
-    postFixup = stdenv.lib.optionalString (!stdenv.hostPlatform.isWindows) ''
+    postFixup = lib.optionalString (!stdenv.hostPlatform.isWindows) ''
       # Check to make sure the main output doesn't depend on perl
       if grep -r '${buildPackages.perl}' $out; then
         echo "Found an erroneous dependency on perl ^^^" >&2
@@ -135,7 +165,7 @@ let
       fi
     '';
 
-    meta = with stdenv.lib; {
+    meta = with lib; {
       homepage = "https://www.openssl.org/";
       description = "A cryptographic library that implements the SSL and TLS protocols";
       license = licenses.openssl;
@@ -160,8 +190,8 @@ in {
   };
 
   openssl_1_1 = common {
-    version = "1.1.1g";
-    sha256 = "0ikdcc038i7jk8h7asq5xcn8b1xc2rrbc88yfm4hqbz3y5s4gc6x";
+    version = "1.1.1k";
+    sha256 = "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9";
     patches = [
       ./1.1/nix-ssl-cert-file.patch
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-31 01:30:24 +0000