summary refs log tree commit diff
path: root/pkgs/tools/networking/unbound/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/networking/unbound/default.nix')
-rw-r--r--pkgs/tools/networking/unbound/default.nix6
1 files changed, 4 insertions, 2 deletions
diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix
index 98b7b2547d6..f9ff82735b9 100644
--- a/pkgs/tools/networking/unbound/default.nix
+++ b/pkgs/tools/networking/unbound/default.nix
@@ -32,6 +32,9 @@
 , withDNSTAP ? false
 , withTFO ? false
 , withRedis ? false
+# Avoid .lib depending on openssl.out
+# The build gets a little hacky, so in some cases we disable this approach.
+, withSlimLib ? stdenv.isLinux && !stdenv.hostPlatform.isMusl && !withDNSTAP
 , libnghttp2
 }:
 
@@ -105,10 +108,9 @@ stdenv.mkDerivation rec {
       --prefix PATH : ${lib.makeBinPath [ openssl ]}
   '';
 
-  preFixup = lib.optionalString (stdenv.isLinux && !stdenv.hostPlatform.isMusl) # XXX: revisit
+  preFixup = lib.optionalString withSlimLib
     # Build libunbound again, but only against nettle instead of openssl.
     # This avoids gnutls.out -> unbound.lib -> openssl.out.
-    # There was some problem with this on Darwin; let's not complicate non-Linux.
     ''
       configureFlags="$configureFlags --with-nettle=${nettle.dev} --with-libunbound-only"
       configurePhase