diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-01-03 23:55:00 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-02-19 11:03:39 +0000 |
commit | f4cf97a04cd5d0b86aa46baec9fb228a8f671c03 (patch) | |
tree | 28192415ff39a661d0001563bf81cc93fa25d16d /nixpkgs/pkgs/development/libraries/openssl | |
parent | f8422837c9bde058e8f2de37702e7e94b2226040 (diff) | |
parent | 18c84ea816348e2a098390101b92d1e39a9dbd45 (diff) | |
download | nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.gz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.bz2 nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.lz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.xz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.zst nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.zip |
Merge commit '18c84ea816348e2a098390101b92d1e39a9dbd45'
Conflicts: nixpkgs/nixos/modules/misc/documentation.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/interpreters/ruby/patchsets.nix nixpkgs/pkgs/development/libraries/boehm-gc/7.6.6.nix nixpkgs/pkgs/development/python-modules/django-mailman3/default.nix nixpkgs/pkgs/servers/mail/mailman/web.nix nixpkgs/pkgs/top-level/aliases.nix nixpkgs/pkgs/top-level/all-packages.nix nixpkgs/pkgs/top-level/impure.nix
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/openssl')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch | 15 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch | 22 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/default.nix | 27 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch (renamed from nixpkgs/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch) | 0 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch (renamed from nixpkgs/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch) | 0 |
5 files changed, 62 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch b/nixpkgs/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch new file mode 100644 index 000000000000..e7090f49db6a --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch @@ -0,0 +1,15 @@ +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index 37d73ca84c..e328896234 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -54,7 +54,9 @@ static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = ossl_safe_getenv(X509_get_default_cert_file_env()); ++ file = ossl_safe_getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = ossl_safe_getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file_ex(ctx, file, X509_FILETYPE_PEM, + libctx, propq) != 0); diff --git a/nixpkgs/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch b/nixpkgs/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch new file mode 100644 index 000000000000..baf162e88d09 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch @@ -0,0 +1,22 @@ +diff --git a/Configure b/Configure +index f0ad787bc4..a48d2008c6 100755 +--- a/Configure ++++ b/Configure +@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) { + unless ($disabled{ktls}) { + $config{ktls}=""; + if ($target =~ m/^linux/) { +- my $usr = "/usr/$config{cross_compile_prefix}"; +- chop($usr); +- if ($config{cross_compile_prefix} eq "") { +- $usr = "/usr"; +- } +- my $minver = (4 << 16) + (13 << 8) + 0; +- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`); +- +- if ($verstr[2] < $minver) { +- disable('too-old-kernel', 'ktls'); +- } + } elsif ($target =~ m/^BSD/) { + my $cc = $config{CROSS_COMPILE}.$config{CC}; + system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1"); diff --git a/nixpkgs/pkgs/development/libraries/openssl/default.nix b/nixpkgs/pkgs/development/libraries/openssl/default.nix index ca44788a289e..30721129073b 100644 --- a/nixpkgs/pkgs/development/libraries/openssl/default.nix +++ b/nixpkgs/pkgs/development/libraries/openssl/default.nix @@ -108,6 +108,7 @@ let "-DUSE_CRYPTODEV_DIGESTS" ] ++ lib.optional enableSSL2 "enable-ssl2" ++ lib.optional enableSSL3 "enable-ssl3" + ++ lib.optional (versionAtLeast version "3.0.0") "enable-ktls" ++ lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options @@ -198,11 +199,33 @@ in { ./1.1/nix-ssl-cert-file.patch (if stdenv.hostPlatform.isDarwin - then ./1.1/use-etc-ssl-certs-darwin.patch - else ./1.1/use-etc-ssl-certs.patch) + then ./use-etc-ssl-certs-darwin.patch + else ./use-etc-ssl-certs.patch) ] ++ lib.optionals (stdenv.isDarwin) [ ./1.1/macos-yosemite-compat.patch ]; withDocs = true; }; + + openssl_3_0 = common { + version = "3.0.1"; + sha256 = "sha256-wxGthTNTvOeW7a0BqGLFCopYf2Ln4hAO9GWrU+ybBtE="; + patches = [ + ./3.0/nix-ssl-cert-file.patch + + # openssl will only compile in KTLS if the current kernel supports it. + # This patch disables build-time detection. + ./3.0/openssl-disable-kernel-detection.patch + + (if stdenv.hostPlatform.isDarwin + then ./use-etc-ssl-certs-darwin.patch + else ./use-etc-ssl-certs.patch) + ]; + + withDocs = true; + + extraMeta = with lib; { + license = licenses.asl20; + }; + }; } diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch b/nixpkgs/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch index 2c98ccfa7ed0..2c98ccfa7ed0 100644 --- a/nixpkgs/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch +++ b/nixpkgs/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch b/nixpkgs/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch index 67d199681f96..67d199681f96 100644 --- a/nixpkgs/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch +++ b/nixpkgs/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch |