glusterfs: patch around SSL_CERT_PATH detection

The upstream configure.ac invokes `openssl version -d` in order to find the
system path for certificates. This is problematic for us since that resolves to
the nix store and lots of other mechanisms (including the glusterfs module)
expect /etc/ssl to be the place for certificates, so this addition patches the
file to set the value manually.
This commit is contained in:
Tyler Langlois 2022-07-16 16:27:33 -06:00
parent 52272c9f03
commit 922bb56029
2 changed files with 34 additions and 0 deletions

View file

@ -65,6 +65,17 @@ in stdenv.mkDerivation rec {
};
inherit buildInputs propagatedBuildInputs;
patches = [
# Upstream invokes `openssl version -d` to derive the canonical system path
# for certificates, which resolves to a nix store path, so this patch
# statically sets the configure.ac value. There's probably a less-brittle
# way to do this! (this will likely fail on a version bump)
# References:
# - https://github.com/gluster/glusterfs/issues/3234
# - https://github.com/gluster/glusterfs/commit/a7dc43f533ad4b8ff68bf57704fefc614da65493
./ssl_cert_path.patch
];
postPatch = ''
sed -e '/chmod u+s/d' -i contrib/fuse-util/Makefile.am
substituteInPlace libglusterfs/src/glusterfs/lvm-defaults.h \

View file

@ -0,0 +1,23 @@
diff --git a/configure.ac b/configure.ac
index fb8db11e9e..4c40683057 100644
--- a/configure.ac
+++ b/configure.ac
@@ -766,14 +766,10 @@ AS_IF([test "x$enable_fuse_notifications" != "xno"], [
dnl Find out OpenSSL trusted certificates path
AC_MSG_CHECKING([for OpenSSL trusted certificates path])
-SSL_CERT_PATH=$(openssl version -d | sed -e 's|OPENSSLDIR: "\(.*\)".*|\1|')
-if test -d $SSL_CERT_PATH 1>/dev/null 2>&1; then
- AC_MSG_RESULT([$SSL_CERT_PATH])
- AC_DEFINE_UNQUOTED(SSL_CERT_PATH, ["$SSL_CERT_PATH"], [Path to OpenSSL trusted certificates.])
- AC_SUBST(SSL_CERT_PATH)
-else
- AC_MSG_ERROR([Unable to detect path to OpenSSL trusted certificates])
-fi
+SSL_CERT_PATH=/etc/ssl
+AC_MSG_RESULT([$SSL_CERT_PATH])
+AC_DEFINE_UNQUOTED(SSL_CERT_PATH, ["$SSL_CERT_PATH"], [Path to OpenSSL trusted certificates.])
+AC_SUBST(SSL_CERT_PATH)
AC_CHECK_LIB([ssl], TLS_method, [HAVE_OPENSSL_1_1="yes"], [HAVE_OPENSSL_1_1="no"])
if test "x$HAVE_OPENSSL_1_1" = "xyes"; then