monit: cross-compile, and make openssl optional

Upstream Monit optionally uses OpenSSL to provide TLS support in its
builtin admin web server.  Being able to turn off SSL in Nixpkgs'
monit derivation makes it much easier to build Monit on embedded
systems.

Security implication: if you choose not to build in openssl
then you should probably configure Monit to allow access only from
localhost.

1 files changed, 16 insertions, 7 deletions

diff --git a/pkgs/tools/system/monit/default.nix b/pkgs/tools/system/monit/default.nix
index 71a4db63c84f..12a0a6f1b99e 100644
--- a/pkgs/tools/system/monit/default.nix
+++ b/pkgs/tools/system/monit/default.nix
@@ -1,5 +1,7 @@
-{stdenv, fetchurl, openssl, bison, flex, pam, zlib, usePAM ? stdenv.isLinux }:
-
+{stdenv, fetchurl, openssl, bison, flex, pam, zlib, usePAM ? stdenv.isLinux
+ , buildPlatform, hostPlatform }:
+let useSSL = (openssl != null);
+    isCross = ( buildPlatform != hostPlatform ) ; in
 stdenv.mkDerivation rec {
   name = "monit-5.23.0";
 
@@ -9,12 +11,19 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ bison flex ];
-  buildInputs = [ openssl zlib.dev ] ++ stdenv.lib.optionals usePAM [ pam ];
+  buildInputs = [ zlib.dev ] ++
+    stdenv.lib.optionals useSSL [ openssl ] ++
+    stdenv.lib.optionals usePAM [ pam ];
 
-  configureFlags = [
-    "--with-ssl-incl-dir=${openssl.dev}/include"
-    "--with-ssl-lib-dir=${openssl.out}/lib"
-  ] ++ stdenv.lib.optionals (! usePAM) [ "--without-pam" ];
+  configureFlags =
+    if useSSL then [
+      "--with-ssl-incl-dir=${openssl.dev}/include"
+      "--with-ssl-lib-dir=${openssl.out}/lib"
+    ] else [ "--without-ssl" ] ++
+    stdenv.lib.optionals (! usePAM) [ "--without-pam" ] ++
+    # will need to check both these are true for musl
+    stdenv.lib.optionals isCross [ "libmonit_cv_setjmp_available=yes"
+                                   "libmonit_cv_vsnprintf_c99_conformant=yes"];
 
   meta = {
     homepage = http://mmonit.com/monit/;