cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/pkgs/development/libraries/openssl/default.nix
Eelco Dolstra 415407bd93 openssl: Update to 1.0.1n 
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
2015-06-11 18:32:13 +02:00

94 lines
2.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, perl
, withCryptodev ? false, cryptodevHeaders }:
let
name = "openssl-1.0.1n";
opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
(throw "openssl needs its platform name cross building" null)
stdenv.cross;
patchesCross = isCross: let
isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");
in stdenv.lib.optional isDarwin ./darwin-arch.patch;
extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch;
in
stdenv.mkDerivation {
inherit name;
src = fetchurl {
urls = [
"http://www.openssl.org/source/${name}.tar.gz"
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
];
sha1 = "2f6ea1e0f2724aca1805392e4387df8361442ace";
};
patches = (patchesCross false) ++ extraPatches;
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
nativeBuildInputs = [ perl ];
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
# CYGXXX: used to be set for cygwin with optionalString. Not needed
# anymore but kept to prevent rebuild.
preBuild = "";
makeFlags = "MANDIR=$(out)/share/man";
# Parallel building is broken in OpenSSL.
enableParallelBuilding = false;
postInstall =
''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib)" ]; then
rm $out/lib/*.a
fi
# remove dependency on Perl at runtime
rm -rf $out/etc/ssl/misc
''; # */
crossAttrs = {
patches = patchesCross true;
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}"
'';
postInstall = ''
# Openssl installs readonly files, which otherwise we can't strip.
# This could at some stdenv hash change be put out of crossAttrs, too
chmod -R +w $out
# Remove references to perl, to avoid depending on it at runtime
rm $out/bin/c_rehash $out/ssl/misc/CA.pl $out/ssl/misc/tsget
'';
configureScript = "./Configure";
} // stdenv.lib.optionalAttrs (opensslCrossSystem == "darwin64-x86_64-cc") {
CC = "gcc";
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.simons ];
priority = 10; # resolves collision with man-pages
};
}
Reference in a new issue View git blame Copy permalink