diff options
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 5188417c3dc5..01f9eca15bb9 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -6,11 +6,6 @@ let opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ] (throw "openssl needs its platform name cross building" null) stdenv.cross; - - hurdGNUSourcePatch = fetchurl { - url = http://patch-tracker.debian.org/patch/series/dl/openssl/1.0.0e-2.1/gnu_source.patch; - sha256 = "0zp4x8bql92fbqywnigqfsfj2vvabb66wv6g6zgzh0y6js1ic4pn"; - }; in stdenv.mkDerivation { @@ -22,8 +17,16 @@ stdenv.mkDerivation { }; patches = - stdenv.lib.optional stdenv.isDarwin ./darwin-arch.patch - ++ stdenv.lib.optional (stdenv.system == "x86_64-freebsd") ./freebsd-x86_64-asm.patch; + [ # Allow the location of the X509 certificate file (the CA + # bundle) to be set through the environment variable + # ‘OPENSSL_X509_CERT_FILE’. This is necessary because the + # default location ($out/ssl/cert.pem) doesn't exist, and + # hardcoding something like /etc/ssl/cert.pem is impure and + # cannot be overriden per-process. For security, the + # environment variable is ignored for setuid binaries. + ./cert-file.patch + ] + ++ stdenv.lib.optional stdenv.isDarwin ./darwin-arch.patch; buildNativeInputs = [ perl ]; @@ -34,6 +37,8 @@ stdenv.mkDerivation { configureFlags = "shared --libdir=lib"; + makeFlags = "MANDIR=$(out)/share/man"; + postInstall = '' # If we're building dynamic libraries, then don't install static @@ -49,17 +54,6 @@ stdenv.mkDerivation { export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}" ''; - patches = stdenv.lib.optionals (opensslCrossSystem == "hurd-x86") [ - # OpenSSL only defines _GNU_SOURCE on Linux, but we need it on GNU - hurdGNUSourcePatch - - # Use the target settings from Debian's "debian-hurd-i386" target. - # see http://patch-tracker.debian.org/patch/series/view/openssl/1.0.0e-2.1/debian-targets.patch - # In particular, this sets the shared library extension properly so that - # make install succeeds - ./hurd-target.patch - ]; - postInstall = '' # Openssl installs readonly files, which otherwise we can't strip. # This could at some stdenv hash change be put out of crossAttrs, too |