blob: 93f7cbe1a1f4869225cccb913e196201d5767b28 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
{ stdenv, fetchurl, perl
, withCryptodev ? false, cryptodevHeaders }:
let
name = "openssl-1.0.1h";
opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
(throw "openssl needs its platform name cross building" null)
stdenv.cross;
patchesCross = isCross: let
isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");
in
[ # Allow the location of the X509 certificate file (the CA
# bundle) to be set through the environment variable
# ‘OPENSSL_X509_CERT_FILE’. This is necessary because the
# default location ($out/ssl/cert.pem) doesn't exist, and
# hardcoding something like /etc/ssl/cert.pem is impure and
# cannot be overriden per-process. For security, the
# environment variable is ignored for setuid binaries.
./cert-file.patch
]
++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")
[ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
./gnu.patch # submitted upstream
]
++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")
[ ./gnu.patch
./kfreebsd-gnu.patch
]
++ stdenv.lib.optional isDarwin ./darwin-arch.patch;
in
stdenv.mkDerivation {
inherit name;
src = fetchurl {
urls = [
"http://www.openssl.org/source/${name}.tar.gz"
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
];
sha256 = "14yhsgag5as7nhxnw7f0vklwjwa3pmn1i15nmp3f4qxa6sc8l74x";
};
patches = patchesCross false;
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
nativeBuildInputs = [ perl ];
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
makeFlags = "MANDIR=$(out)/share/man";
# Parallel building is broken in OpenSSL.
#enableParallelBuilding = true;
postInstall =
''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib)" ]; then
rm $out/lib/*.a
fi
''; # */
crossAttrs = {
patches = patchesCross true;
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}"
'';
postInstall = ''
# Openssl installs readonly files, which otherwise we can't strip.
# This could at some stdenv hash change be put out of crossAttrs, too
chmod -R +w $out
# Remove references to perl, to avoid depending on it at runtime
rm $out/bin/c_rehash $out/ssl/misc/CA.pl $out/ssl/misc/tsget
'';
configureScript = "./Configure";
} // stdenv.lib.optionalAttrs (opensslCrossSystem == "darwin64-x86_64-cc") {
CC = "gcc";
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.simons ];
priority = 10; # resolves collision with ‘man-pages’
};
}
|