From 3415872fe4e0d1ba082b7a90829b2e54ff6c6f7c Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Sat, 4 May 2019 15:07:34 +0200 Subject: libressl_2_9: 2.9.0 -> 2.9.1 This new version does not build as-is, it will need to be patched. --- pkgs/development/libraries/libressl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs') diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 11ed2eb0044a..701d151eb9a3 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -46,7 +46,7 @@ in { }; libressl_2_9 = generic { - version = "2.9.0"; - sha256 = "1x1wl6b449m6hfhyxxzxbf2v8yfb5q92q6d01hdg28xp1222jpzb"; + version = "2.9.1"; + sha256 = "1y32iz64rqh74m1g641b39h3293dqi4la7i0ckai1p4lcs2xvr1r"; }; } -- cgit 1.4.1 From 8c7cde5df2dc16599397f0511432c9d52317217a Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Sat, 4 May 2019 15:55:14 +0200 Subject: libressl: build with cmake LibreSSL 2.9.1 no longer builds with the default autotools configuration. When I searched for the error, I noticed that Buildroot ran into the same issue, and they resolved the problem by building with CMake rather than autotools. [1] I followed the same approach here. [1]: https://github.com/buildroot/buildroot/commit/e783d60473944f8b39f1def45d8d6b483a062158 --- pkgs/development/libraries/libressl/default.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'pkgs') diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 701d151eb9a3..62fed24200ee 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, lib }: +{ stdenv, fetchurl, lib, cmake }: let @@ -11,7 +11,17 @@ let inherit sha256; }; - configureFlags = [ "--enable-nc" ]; + nativeBuildInputs = [ cmake ]; + + cmakeFlags = [ "-DENABLE_NC=ON" ]; + + # The autoconf build is broken as of 2.9.1, resulting in the following error: + # libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. + # Fortunately LibreSSL provides a CMake build as well, so opt for CMake by + # removing ./configure pre-config. + preConfigure = '' + rm configure + ''; enableParallelBuilding = true; @@ -19,6 +29,8 @@ let postFixup = '' moveToOutput "bin/nc" "$nc" + moveToOutput "bin/openssl" "$bin" + moveToOutput "bin/ocspcheck" "$bin" moveToOutput "share/man/man1/nc.1${lib.optionalString (dontGzipMan==null) ".gz"}" "$nc" ''; -- cgit 1.4.1 From 5f594be46317e71e66e587670ebbf95e386ac365 Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Sat, 4 May 2019 18:40:21 +0200 Subject: libressl: ensure we can link against libtls Without setting BUILD_SHARED_LIBS, the package would build file, but when linking it into acme-client or nginx, I got the following error: libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5' binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status After looking at the CMakeLists.txt in libressl/tls, I noticed the BUILD_SHARED_LIBS option, and setting it resolves the linking error. --- pkgs/development/libraries/libressl/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkgs') diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 62fed24200ee..e694c353df09 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -13,7 +13,7 @@ let nativeBuildInputs = [ cmake ]; - cmakeFlags = [ "-DENABLE_NC=ON" ]; + cmakeFlags = [ "-DENABLE_NC=ON" "-DBUILD_SHARED_LIBS=ON" ]; # The autoconf build is broken as of 2.9.1, resulting in the following error: # libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. -- cgit 1.4.1