1 files changed, 93 insertions, 0 deletions
diff --git a/pkgs/tools/security/cipherscan/path.patch b/pkgs/tools/security/cipherscan/path.patch
new file mode 100644
index 000000000000..3b6d8ef80509
--- /dev/null
+++ b/pkgs/tools/security/cipherscan/path.patch
@@ -0,0 +1,93 @@
+diff --git a/analyze.py b/analyze.py
+index bb62af8..e929253 100755
+--- a/analyze.py
++++ b/analyze.py
+@@ -418,13 +418,7 @@ def build_ciphers_lists(opensslbin):
+ 
+     # use system openssl if not on linux 64
+     if not opensslbin:
+-        if platform.system() == 'Linux' and platform.architecture()[0] == '64bit':
+-            opensslbin = mypath + '/openssl'
+-        elif platform.system() == 'Darwin' and platform.architecture()[0] == '64bit':
+-            opensslbin = mypath + '/openssl-darwin64'
+-        else:
+-            opensslbin='openssl'
+-            print("warning: analyze.py is using system's openssl, which may limit the tested ciphers and recommendations")
++        opensslbin = "@OPENSSLBIN@"
+ 
+     logging.debug('Loading all ciphers: ' + allC)
+     all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC],
+diff --git a/cipherscan b/cipherscan
+index 236b34f..a240d13 100755
+--- a/cipherscan
++++ b/cipherscan
+@@ -30,43 +30,12 @@ if [[ -n $NOAUTODETECT ]]; then
+ else
+     case "$(uname -s)" in
+         Darwin)
+-            opensslbin_name="openssl-darwin64"
+-
+-            READLINKBIN=$(which greadlink 2>/dev/null)
+-            if [[ -z $READLINKBIN ]]; then
+-                echo "greadlink not found. (try: brew install coreutils)" 1>&2
+-                exit 1
+-            fi
+-            TIMEOUTBIN=$(which gtimeout 2>/dev/null)
+-            if [[ -z $TIMEOUTBIN ]]; then
+-                echo "gtimeout not found. (try: brew install coreutils)" 1>&2
+-                exit 1
+-            fi
++            READLINKBIN="@READLINKBIN@"
++            TIMEOUTBIN="@TIMEOUTBIN@"
+             ;;
+         *)
+-            opensslbin_name="openssl"
+-
+-            # test that readlink or greadlink (darwin) are present
+-            READLINKBIN="$(which readlink)"
+-
+-            if [[ -z $READLINKBIN ]]; then
+-                READLINKBIN="$(which greadlink)"
+-                if [[ -z $READLINKBIN ]]; then
+-                    echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2
+-                    exit 1
+-                fi
+-            fi
+-
+-            # test that timeout or gtimeout (darwin) are present
+-            TIMEOUTBIN="$(which timeout)"
+-
+-            if [[ -z $TIMEOUTBIN ]]; then
+-                TIMEOUTBIN="$(which gtimeout)"
+-                if [[ -z $TIMEOUTBIN ]]; then
+-                    echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2
+-                    exit 1
+-                fi
+-            fi
++            READLINKBIN="@READLINKBIN@"
++            TIMEOUTBIN="@TIMEOUTBIN@"
+ 
+             # Check for busybox, which has different arguments
+             TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)"
+@@ -1944,20 +1913,7 @@ do
+ done
+ 
+ if [[ -z $OPENSSLBIN ]]; then
+-    readlink_result=$("$READLINKBIN" -f "$0")
+-    if [[ -z $readlink_result ]]; then
+-        echo "$READLINKBIN -f $0 failed, aborting." 1>&2
+-        exit 1
+-    fi
+-    REALPATH=$(dirname "$readlink_result")
+-    if [[ -z $REALPATH ]]; then
+-        echo "dirname $REALPATH failed, aborting." 1>&2
+-        exit 1
+-    fi
+-    OPENSSLBIN="${REALPATH}/${opensslbin_name}"
+-    if ! [[ -x "${OPENSSLBIN}" ]]; then
+-        OPENSSLBIN="$(which openssl)"  # fallback to generic openssl
+-    fi
++    OPENSSLBIN="@OPENSSLBIN@"
+ fi
+ # use custom config file to enable GOST ciphers
+ if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then