2012-09-23 20:50:24 +02:00
|
|
|
|
{ stdenv, fetchurl, perl
|
|
|
|
|
, withCryptodev ? false, cryptodevHeaders }:
|
2008-04-23 09:34:20 +02:00
|
|
|
|
|
2010-03-06 00:22:36 +01:00
|
|
|
|
let
|
2013-02-18 11:53:57 +01:00
|
|
|
|
name = "openssl-1.0.1e";
|
2011-09-21 20:48:04 +02:00
|
|
|
|
|
2010-03-06 00:22:36 +01:00
|
|
|
|
opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
|
|
|
|
|
(throw "openssl needs its platform name cross building" null)
|
|
|
|
|
stdenv.cross;
|
2010-01-20 14:49:07 +01:00
|
|
|
|
|
2012-01-06 22:31:29 +01:00
|
|
|
|
patchesCross = isCross:
|
2011-11-04 19:48:25 +01:00
|
|
|
|
[ # Allow the location of the X509 certificate file (the CA
|
|
|
|
|
# bundle) to be set through the environment variable
|
|
|
|
|
# ‘OPENSSL_X509_CERT_FILE’. This is necessary because the
|
|
|
|
|
# default location ($out/ssl/cert.pem) doesn't exist, and
|
|
|
|
|
# hardcoding something like /etc/ssl/cert.pem is impure and
|
|
|
|
|
# cannot be overriden per-process. For security, the
|
|
|
|
|
# environment variable is ignored for setuid binaries.
|
|
|
|
|
./cert-file.patch
|
|
|
|
|
]
|
2012-01-06 00:46:17 +01:00
|
|
|
|
|
2012-01-23 13:59:18 +01:00
|
|
|
|
++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")
|
2012-01-06 00:46:17 +01:00
|
|
|
|
[ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
|
|
|
|
|
./gnu.patch # submitted upstream
|
2012-01-23 13:59:18 +01:00
|
|
|
|
]
|
2012-01-06 00:46:17 +01:00
|
|
|
|
|
2012-08-13 14:05:27 +02:00
|
|
|
|
++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")
|
|
|
|
|
[ ./gnu.patch
|
|
|
|
|
./kfreebsd-gnu.patch
|
|
|
|
|
]
|
|
|
|
|
|
2012-05-07 21:56:14 +02:00
|
|
|
|
++ stdenv.lib.optional stdenv.isDarwin ./darwin-arch.patch;
|
2012-10-23 18:36:02 +02:00
|
|
|
|
|
2012-01-06 22:31:29 +01:00
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
stdenv.mkDerivation {
|
|
|
|
|
inherit name;
|
|
|
|
|
|
|
|
|
|
src = fetchurl {
|
2012-02-26 18:22:50 +01:00
|
|
|
|
urls = [
|
|
|
|
|
"http://www.openssl.org/source/${name}.tar.gz"
|
|
|
|
|
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
|
|
|
|
|
];
|
2013-02-18 11:53:57 +01:00
|
|
|
|
sha256 = "1qqskk39jh85fvdn3ycmdqjdf67c0b97dwmmbcysl4gzr3l1akzp";
|
2012-01-06 22:31:29 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
patches = patchesCross false;
|
2010-07-18 23:54:14 +02:00
|
|
|
|
|
2012-09-23 20:50:24 +02:00
|
|
|
|
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
|
|
|
|
|
|
2012-12-28 19:20:09 +01:00
|
|
|
|
nativeBuildInputs = [ perl ];
|
2011-09-21 20:45:52 +02:00
|
|
|
|
|
2010-07-25 11:09:32 +02:00
|
|
|
|
# On x86_64-darwin, "./config" misdetects the system as
|
|
|
|
|
# "darwin-i386-cc". So specify the system type explicitly.
|
|
|
|
|
configureScript =
|
|
|
|
|
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc" else "./config";
|
2011-09-21 20:45:52 +02:00
|
|
|
|
|
2012-11-23 17:24:35 +01:00
|
|
|
|
configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
|
2012-09-23 20:50:24 +02:00
|
|
|
|
stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
|
2008-10-09 16:29:06 +02:00
|
|
|
|
|
2011-11-04 19:48:25 +01:00
|
|
|
|
makeFlags = "MANDIR=$(out)/share/man";
|
|
|
|
|
|
2012-11-23 17:24:35 +01:00
|
|
|
|
# Parallel building is broken in OpenSSL.
|
|
|
|
|
#enableParallelBuilding = true;
|
|
|
|
|
|
2011-02-09 16:27:34 +01:00
|
|
|
|
postInstall =
|
|
|
|
|
''
|
|
|
|
|
# If we're building dynamic libraries, then don't install static
|
|
|
|
|
# libraries.
|
2012-12-18 18:03:26 +01:00
|
|
|
|
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib)" ]; then
|
2011-02-09 16:27:34 +01:00
|
|
|
|
rm $out/lib/*.a
|
|
|
|
|
fi
|
|
|
|
|
''; # */
|
|
|
|
|
|
2010-03-06 00:22:36 +01:00
|
|
|
|
crossAttrs = {
|
2012-01-06 22:31:29 +01:00
|
|
|
|
patches = patchesCross true;
|
|
|
|
|
|
2010-07-23 17:05:20 +02:00
|
|
|
|
preConfigure=''
|
2010-08-03 00:10:42 +02:00
|
|
|
|
# It's configure does not like --build or --host
|
|
|
|
|
export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}"
|
2010-03-06 00:22:36 +01:00
|
|
|
|
'';
|
2010-08-09 23:37:31 +02:00
|
|
|
|
|
|
|
|
|
postInstall = ''
|
2010-08-11 22:08:29 +02:00
|
|
|
|
# Openssl installs readonly files, which otherwise we can't strip.
|
|
|
|
|
# This could at some stdenv hash change be put out of crossAttrs, too
|
2010-08-09 23:37:31 +02:00
|
|
|
|
chmod -R +w $out
|
2010-08-11 22:08:29 +02:00
|
|
|
|
|
|
|
|
|
# Remove references to perl, to avoid depending on it at runtime
|
|
|
|
|
rm $out/bin/c_rehash $out/ssl/misc/CA.pl $out/ssl/misc/tsget
|
2010-08-09 23:37:31 +02:00
|
|
|
|
'';
|
2010-08-03 00:10:42 +02:00
|
|
|
|
configureScript = "./Configure";
|
2010-03-06 00:22:36 +01:00
|
|
|
|
};
|
|
|
|
|
|
2008-10-09 16:29:06 +02:00
|
|
|
|
meta = {
|
|
|
|
|
homepage = http://www.openssl.org/;
|
|
|
|
|
description = "A cryptographic library that implements the SSL and TLS protocols";
|
2011-09-21 20:45:52 +02:00
|
|
|
|
platforms = stdenv.lib.platforms.all;
|
|
|
|
|
maintainers = [ stdenv.lib.maintainers.simons ];
|
2012-01-04 20:48:08 +01:00
|
|
|
|
priority = 10; # resolves collision with ‘man-pages’
|
2008-10-09 16:29:06 +02:00
|
|
|
|
};
|
2010-07-18 23:54:14 +02:00
|
|
|
|
}
|