diff --git a/5pkgs/cmpforopenssl/default.nix b/5pkgs/cmpforopenssl/default.nix new file mode 100644 index 0000000..3b9a200 --- /dev/null +++ b/5pkgs/cmpforopenssl/default.nix @@ -0,0 +1,82 @@ +{ stdenv, fetchurl, buildPackages, perl, fetchgit +, hostPlatform +}: + +with stdenv.lib; + +let + + common = args@{ rev, sha256, patches ? [] }: stdenv.mkDerivation rec { + name = "cmpforopenssl-${rev}"; + + src = fetchgit { + url = "https://git.code.sf.net/p/cmpforopenssl/git"; + inherit sha256 rev; + fetchSubmodules = false; + deepClone = false; + }; + + patches = + (args.patches or []) + ++ [ ./nix-ssl-cert-file.patch ]; + + outputs = [ "bin" "dev" "out" "man" ]; + setOutputFlags = false; + separateDebugInfo = stdenv.isLinux; + + nativeBuildInputs = [ perl ]; + + configureScript = "./config"; + + configureFlags = [ + "shared" + "--libdir=lib" + "--openssldir=etc/ssl" + ] ; + + makeFlags = [ "MANDIR=$(man)/share/man" ]; + + # Parallel building is broken in OpenSSL. + enableParallelBuilding = false; + + postInstall = '' + # If we're building dynamic libraries, then don't install static + # libraries. + if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then + rm "$out/lib/"*.a + fi + + mkdir -p $bin + mv $out/bin $bin/ + + mkdir $dev + mv $out/include $dev/ + + # remove dependency on Perl at runtime + rm -r $out/etc/ssl/misc + + rmdir $out/etc/ssl/{certs,private} + ''; + + postFixup = '' + # Check to make sure the main output doesn't depend on perl + if grep -r '${buildPackages.perl}' $out; then + echo "Found an erroneous dependency on perl ^^^" >&2 + exit 1 + fi + ''; + + + meta = { + homepage = https://sourceforge.net/p/cmpforopenssl ; + description = "A cryptographic library that implements the SSL and TLS protocols"; + platforms = stdenv.lib.platforms.all; + maintainers = [ stdenv.lib.maintainers.makefu ]; + priority = 0; # resolves collision with ‘man-pages’ + }; + }; + +in common { + rev = "462b3"; + sha256 = "1h2k1c4lg27gmsyd72zrlr303jw765x8sscxblq2jwb44jag85na"; + } diff --git a/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch b/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch new file mode 100644 index 0000000..b615f14 --- /dev/null +++ b/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch @@ -0,0 +1,14 @@ +diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c +--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 +@@ -97,7 +97,9 @@ + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)getenv(X509_get_default_cert_file_env()); ++ file = (char *)getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = (char *)getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0);