diff options
Diffstat (limited to 'pkgs/development/libraries/openssl')
-rw-r--r-- | pkgs/development/libraries/openssl/chacha.nix | 10 | ||||
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 86 |
2 files changed, 63 insertions, 33 deletions
diff --git a/pkgs/development/libraries/openssl/chacha.nix b/pkgs/development/libraries/openssl/chacha.nix index b37142082d8..bae3e53f441 100644 --- a/pkgs/development/libraries/openssl/chacha.nix +++ b/pkgs/development/libraries/openssl/chacha.nix @@ -1,8 +1,8 @@ -{ stdenv, fetchFromGitHub, perl, zlib +{ lib, stdenv, fetchFromGitHub, perl, zlib , withCryptodev ? false, cryptodev }: -with stdenv.lib; +with lib; stdenv.mkDerivation { pname = "openssl-chacha"; version = "2016-08-22"; @@ -18,7 +18,7 @@ stdenv.mkDerivation { setOutputFlags = false; nativeBuildInputs = [ perl zlib ]; - buildInputs = stdenv.lib.optional withCryptodev cryptodev; + buildInputs = lib.optional withCryptodev cryptodev; configureScript = "./config"; @@ -32,7 +32,7 @@ stdenv.mkDerivation { "enable-gost" "--libdir=lib" "--openssldir=etc/ssl" - ] ++ stdenv.lib.optionals withCryptodev [ + ] ++ lib.optionals withCryptodev [ "-DHAVE_CRYPTODEV" "-DUSE_CRYPTODEV_DIGESTS" ]; @@ -75,7 +75,7 @@ stdenv.mkDerivation { homepage = "https://www.openssl.org/"; description = "A cryptographic library that implements the SSL and TLS protocols"; platforms = [ "x86_64-linux" ]; - maintainers = [ stdenv.lib.maintainers.cstrahan ]; + maintainers = [ lib.maintainers.cstrahan ]; license = licenses.openssl; priority = 10; # resolves collision with ‘man-pages’ }; diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 1fc38dd8aaa..d4be8cc2428 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,16 +1,25 @@ -{ stdenv, fetchurl, buildPackages, perl, coreutils +{ lib, stdenv, fetchurl, buildPackages, perl, coreutils , withCryptodev ? false, cryptodev , enableSSL2 ? false , enableSSL3 ? false -, static ? false +, static ? stdenv.hostPlatform.isStatic +# Used to avoid cross compiling perl, for example, in darwin bootstrap tools. +# This will cause c_rehash to refer to perl via the environment, but otherwise +# will produce a perfectly functional openssl binary and library. +, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform }: +assert ( + lib.assertMsg (!withPerl -> stdenv.hostPlatform != stdenv.buildPlatform) + "withPerl should not be disabled unless cross compiling" +); + # Note: this package is used for bootstrapping fetchurl, and thus # cannot use fetchpatch! All mutable patches (generated by GitHub or # cgit) that are needed here should be included directly in Nixpkgs as # files. -with stdenv.lib; +with lib; let common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }: @@ -33,8 +42,10 @@ let substituteInPlace "$a" \ --replace /bin/rm rm done - '' + optionalString (versionAtLeast version "1.1.1") '' - substituteInPlace config --replace '/usr/bin/env' '${coreutils}/bin/env' + '' + # config is a configure script which is not installed. + + optionalString (versionAtLeast version "1.1.1") '' + substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env' '' + optionalString (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) '' substituteInPlace crypto/async/arch/async_posix.h \ --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \ @@ -43,10 +54,16 @@ let outputs = [ "bin" "dev" "out" "man" ] ++ optional withDocs "doc"; setOutputFlags = false; - separateDebugInfo = !(stdenv.hostPlatform.useLLVM or false) && stdenv.cc.isGNU; + separateDebugInfo = + !stdenv.hostPlatform.isDarwin && + !(stdenv.hostPlatform.useLLVM or false) && + stdenv.cc.isGNU; nativeBuildInputs = [ perl ]; - buildInputs = stdenv.lib.optional withCryptodev cryptodev; + buildInputs = lib.optional withCryptodev cryptodev + # perl is included to allow the interpreter path fixup hook to set the + # correct interpreter in c_rehash. + ++ lib.optional withPerl perl; # TODO(@Ericson2314): Improve with mass rebuild configurePlatforms = []; @@ -55,39 +72,46 @@ let armv6l-linux = "./Configure linux-armv4 -march=armv6"; armv7l-linux = "./Configure linux-armv4 -march=armv7-a"; x86_64-darwin = "./Configure darwin64-x86_64-cc"; + aarch64-darwin = "./Configure darwin64-arm64-cc"; x86_64-linux = "./Configure linux-x86_64"; x86_64-solaris = "./Configure solaris64-x86_64-gcc"; }.${stdenv.hostPlatform.system} or ( if stdenv.hostPlatform == stdenv.buildPlatform then "./config" + else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_64 + then "./Configure BSD-x86_64" + else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_32 + then "./Configure BSD-x86" + lib.optionalString (stdenv.hostPlatform.parsed.kernel.execFormat.name == "elf") "-elf" + else if stdenv.hostPlatform.isBSD + then "./Configure BSD-generic${toString stdenv.hostPlatform.parsed.cpu.bits}" else if stdenv.hostPlatform.isMinGW then "./Configure mingw${optionalString (stdenv.hostPlatform.parsed.cpu.bits != 32) (toString stdenv.hostPlatform.parsed.cpu.bits)}" else if stdenv.hostPlatform.isLinux - then (if stdenv.hostPlatform.isx86_64 - then "./Configure linux-x86_64" - else "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}") + then "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}" else if stdenv.hostPlatform.isiOS then "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross" else throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}" ); + # OpenSSL doesn't like the `--enable-static` / `--disable-shared` flags. + dontAddStaticConfigureFlags = true; configureFlags = [ "shared" # "shared" builds both shared and static libraries "--libdir=lib" "--openssldir=etc/ssl" - ] ++ stdenv.lib.optionals withCryptodev [ + ] ++ lib.optionals withCryptodev [ "-DHAVE_CRYPTODEV" "-DUSE_CRYPTODEV_DIGESTS" - ] ++ stdenv.lib.optional enableSSL2 "enable-ssl2" - ++ stdenv.lib.optional enableSSL3 "enable-ssl3" - ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng" + ] ++ lib.optional enableSSL2 "enable-ssl2" + ++ lib.optional enableSSL3 "enable-ssl3" + ++ lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. - ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && static) "no-shared"; + ++ lib.optional (versionAtLeast version "1.1.0" && static) "no-shared"; makeFlags = [ "MANDIR=$(man)/share/man" @@ -101,22 +125,28 @@ let enableParallelBuilding = true; postInstall = - stdenv.lib.optionalString (!static) '' + lib.optionalString (!static) '' # If we're building dynamic libraries, then don't install static # libraries. if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then rm "$out/lib/"*.a fi - - '' + + '' + lib.optionalString (!stdenv.hostPlatform.isWindows) + # Fix bin/c_rehash's perl interpreter line + # + # - openssl 1_0_2: embeds a reference to buildPackages.perl + # - openssl 1_1: emits "#!/usr/bin/env perl" + # + # In the case of openssl_1_0_2, reset the invalid reference and let the + # interpreter hook take care of it. + # + # In both cases, if withPerl = false, the intepreter line is expected be + # "#!/usr/bin/env perl" '' + substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl}/bin/perl "/usr/bin/env perl" + '' + '' mkdir -p $bin - '' + stdenv.lib.optionalString (!stdenv.hostPlatform.isWindows) - '' - substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl} ${perl} - '' + - '' - mv $out/bin $bin/ + mv $out/bin $bin/bin mkdir $dev mv $out/include $dev/ @@ -127,7 +157,7 @@ let rmdir $out/etc/ssl/{certs,private} ''; - postFixup = stdenv.lib.optionalString (!stdenv.hostPlatform.isWindows) '' + postFixup = lib.optionalString (!stdenv.hostPlatform.isWindows) '' # Check to make sure the main output doesn't depend on perl if grep -r '${buildPackages.perl}' $out; then echo "Found an erroneous dependency on perl ^^^" >&2 @@ -135,7 +165,7 @@ let fi ''; - meta = with stdenv.lib; { + meta = with lib; { homepage = "https://www.openssl.org/"; description = "A cryptographic library that implements the SSL and TLS protocols"; license = licenses.openssl; @@ -160,8 +190,8 @@ in { }; openssl_1_1 = common { - version = "1.1.1g"; - sha256 = "0ikdcc038i7jk8h7asq5xcn8b1xc2rrbc88yfm4hqbz3y5s4gc6x"; + version = "1.1.1k"; + sha256 = "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"; patches = [ ./1.1/nix-ssl-cert-file.patch |