nixpkgs/pkgs/development/libraries/openssl/default.nix
Domen Kožar 15f092d7a7 openssl: 1.0.1g -> 1.0.1h
CVE-2014-0224
CVE-2014-0221
CVE-2014-0195
CVE-2014-0198
CVE-2010-5298
CVE-2014-3470
2014-06-05 14:32:11 +02:00

108 lines
3.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, perl
, withCryptodev ? false, cryptodevHeaders }:
let
name = "openssl-1.0.1h";
opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
(throw "openssl needs its platform name cross building" null)
stdenv.cross;
patchesCross = isCross: let
isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");
in
[ # Allow the location of the X509 certificate file (the CA
# bundle) to be set through the environment variable
# OPENSSL_X509_CERT_FILE. This is necessary because the
# default location ($out/ssl/cert.pem) doesn't exist, and
# hardcoding something like /etc/ssl/cert.pem is impure and
# cannot be overriden per-process. For security, the
# environment variable is ignored for setuid binaries.
./cert-file.patch
]
++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")
[ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
./gnu.patch # submitted upstream
]
++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")
[ ./gnu.patch
./kfreebsd-gnu.patch
]
++ stdenv.lib.optional isDarwin ./darwin-arch.patch;
in
stdenv.mkDerivation {
inherit name;
src = fetchurl {
urls = [
"http://www.openssl.org/source/${name}.tar.gz"
"http://openssl.linux-mirror.org/source/${name}.tar.gz"
];
sha256 = "14yhsgag5as7nhxnw7f0vklwjwa3pmn1i15nmp3f4qxa6sc8l74x";
};
patches = patchesCross false;
buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
nativeBuildInputs = [ perl ];
# On x86_64-darwin, "./config" misdetects the system as
# "darwin-i386-cc". So specify the system type explicitly.
configureScript =
if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc"
else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
else "./config";
configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
makeFlags = "MANDIR=$(out)/share/man";
# Parallel building is broken in OpenSSL.
#enableParallelBuilding = true;
postInstall =
''
# If we're building dynamic libraries, then don't install static
# libraries.
if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib)" ]; then
rm $out/lib/*.a
fi
''; # */
crossAttrs = {
patches = patchesCross true;
preConfigure=''
# It's configure does not like --build or --host
export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}"
'';
postInstall = ''
# Openssl installs readonly files, which otherwise we can't strip.
# This could at some stdenv hash change be put out of crossAttrs, too
chmod -R +w $out
# Remove references to perl, to avoid depending on it at runtime
rm $out/bin/c_rehash $out/ssl/misc/CA.pl $out/ssl/misc/tsget
'';
configureScript = "./Configure";
} // stdenv.lib.optionalAttrs (opensslCrossSystem == "darwin64-x86_64-cc") {
CC = "gcc";
};
meta = {
homepage = http://www.openssl.org/;
description = "A cryptographic library that implements the SSL and TLS protocols";
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.simons ];
priority = 10; # resolves collision with man-pages
};
}