blob: 0c32bf03438743b3be12d0fdc7a4ceb111afd5b5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
{ stdenv, fetchurl, perl
, withCryptodev ? false, cryptodevHeaders }:
with stdenv.lib;
let
opensslCrossSystem = stdenv.cross.openssl.system or
(throw "openssl needs its platform name cross building");
common = args@{ version, sha256, patches ? [] }: stdenv.mkDerivation rec {
name = "openssl-${version}";
src = fetchurl {
url = "http://www.openssl.org/source/${name}.tar.gz";
inherit sha256;
};
patches =
(args.patches or [])
++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch
++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch
++ optional
(versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")))
./darwin-arch.patch;
outputs = [ "dev" "out" "man" "bin" ];
setOutputFlags = false;
nativeBuildInputs = [ perl ];
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
configureFlags = [
"shared"
"--libdir=lib"
"--openssldir=etc/ssl"
] ++ stdenv.lib.optionals withCryptodev [
"-DHAVE_CRYPTODEV"
"-DUSE_CRYPTODEV_DIGESTS"
];
makeFlags = [ "MANDIR=$(man)/share/man" ];
# Parallel building is broken in OpenSSL.
enableParallelBuilding = false;
postInstall = ''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
rm "$out/lib/"*.a
fi
mkdir -p $bin
mv $out/bin $bin/
mkdir $dev
mv $out/include $dev/
# remove dependency on Perl at runtime
rm -r $out/etc/ssl/misc
rmdir $out/etc/ssl/{certs,private}
'';
postFixup = ''
# Check to make sure the main output doesn't depend on perl
if grep -r '${perl}' $out; then
echo "Found an erroneous dependency on perl ^^^" >&2
exit 1
fi
'';
crossAttrs = {
# upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558
postPatch = ''
sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared
'';
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}"
# WINDRES and RANLIB need to be prefixed when cross compiling;
# the openssl configure script doesn't do that for us
export WINDRES=${stdenv.cross.config}-windres
export RANLIB=${stdenv.cross.config}-ranlib
'';
configureScript = "./Configure";
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.peti ];
priority = 10; # resolves collision with ‘man-pages’
};
};
in {
openssl_1_0_1 = common {
version = "1.0.1t";
sha256 = "4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088";
patches = [
# https://git.openssl.org/?p=openssl.git;a=commit;h=6f35f6deb5ca7daebe289f86477e061ce3ee5f46
./1.0.1-CVE-2016-2177.diff
];
};
openssl_1_0_2 = common {
version = "1.0.2h";
sha256 = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919";
patches = [
# https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
./1.0.2-CVE-2016-2177.diff
];
};
openssl_1_1_0 = common {
version = "1.1.0";
sha256 = "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm";
};
}
|