monit: cross-compile, and make openssl optional

Upstream Monit optionally uses OpenSSL to provide TLS support in its
builtin admin web server.  Being able to turn off SSL in Nixpkgs'
monit derivation makes it much easier to build Monit on embedded
systems.

Security implication: if you choose not to build in openssl
then you should probably configure Monit to allow access only from
localhost.
This commit is contained in:
Daniel Barlow 2018-02-20 16:40:39 +00:00
parent e27ad00f85
commit 9cdb7fe722

View file

@ -1,5 +1,7 @@
{stdenv, fetchurl, openssl, bison, flex, pam, zlib, usePAM ? stdenv.isLinux }:
{stdenv, fetchurl, openssl, bison, flex, pam, zlib, usePAM ? stdenv.isLinux
, buildPlatform, hostPlatform }:
let useSSL = (openssl != null);
isCross = ( buildPlatform != hostPlatform ) ; in
stdenv.mkDerivation rec {
name = "monit-5.23.0";
@ -9,12 +11,19 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ bison flex ];
buildInputs = [ openssl zlib.dev ] ++ stdenv.lib.optionals usePAM [ pam ];
buildInputs = [ zlib.dev ] ++
stdenv.lib.optionals useSSL [ openssl ] ++
stdenv.lib.optionals usePAM [ pam ];
configureFlags = [
configureFlags =
if useSSL then [
"--with-ssl-incl-dir=${openssl.dev}/include"
"--with-ssl-lib-dir=${openssl.out}/lib"
] ++ stdenv.lib.optionals (! usePAM) [ "--without-pam" ];
] else [ "--without-ssl" ] ++
stdenv.lib.optionals (! usePAM) [ "--without-pam" ] ++
# will need to check both these are true for musl
stdenv.lib.optionals isCross [ "libmonit_cv_setjmp_available=yes"
"libmonit_cv_vsnprintf_c99_conformant=yes"];
meta = {
homepage = http://mmonit.com/monit/;