ma pkgs.cmpforopenssl: init

5pkgs/cmpforopenssl/default.nix

@@ -0,0 +1,82 @@
+{ stdenv, fetchurl, buildPackages, perl, fetchgit
+, hostPlatform
+}:
+
+with stdenv.lib;
+
+let
+
+  common = args@{ rev, sha256, patches ? [] }: stdenv.mkDerivation rec {
+    name = "cmpforopenssl-${rev}";
+
+    src = fetchgit {
+      url = "https://git.code.sf.net/p/cmpforopenssl/git";
+      inherit sha256 rev;
+      fetchSubmodules = false;
+      deepClone = false;
+    };
+
+    patches =
+      (args.patches or [])
+      ++ [ ./nix-ssl-cert-file.patch ];
+
+    outputs = [ "bin" "dev" "out" "man" ];
+    setOutputFlags = false;
+    separateDebugInfo = stdenv.isLinux;
+
+    nativeBuildInputs = [ perl ];
+
+    configureScript = "./config";
+
+    configureFlags = [
+      "shared"
+      "--libdir=lib"
+      "--openssldir=etc/ssl"
+    ] ;
+
+    makeFlags = [ "MANDIR=$(man)/share/man" ];
+
+    # Parallel building is broken in OpenSSL.
+    enableParallelBuilding = false;
+
+    postInstall = ''
+      # If we're building dynamic libraries, then don't install static
+      # libraries.
+      if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
+          rm "$out/lib/"*.a
+      fi
+
+      mkdir -p $bin
+      mv $out/bin $bin/
+
+      mkdir $dev
+      mv $out/include $dev/
+
+      # remove dependency on Perl at runtime
+      rm -r $out/etc/ssl/misc
+
+      rmdir $out/etc/ssl/{certs,private}
+    '';
+
+    postFixup = ''
+      # Check to make sure the main output doesn't depend on perl
+      if grep -r '${buildPackages.perl}' $out; then
+        echo "Found an erroneous dependency on perl ^^^" >&2
+        exit 1
+      fi
+    '';
+
+
+    meta = {
+      homepage = https://sourceforge.net/p/cmpforopenssl ;
+      description = "A cryptographic library that implements the SSL and TLS protocols";
+      platforms = stdenv.lib.platforms.all;
+      maintainers = [ stdenv.lib.maintainers.makefu ];
+      priority = 0; # resolves collision with ‘man-pages’
+    };
+  };
+
+in common {
+    rev = "462b3";
+    sha256 = "1h2k1c4lg27gmsyd72zrlr303jw765x8sscxblq2jwb44jag85na";
+  }

5pkgs/cmpforopenssl/nix-ssl-cert-file.patch

@@ -0,0 +1,14 @@
+diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
+--- openssl-1.0.2j-orig/crypto/x509/by_file.c	2016-09-26 11:49:07.000000000 +0200
++++ openssl-1.0.2j/crypto/x509/by_file.c	2016-10-13 16:54:31.400288302 +0200
+@@ -97,7 +97,9 @@
+     switch (cmd) {
+     case X509_L_FILE_LOAD:
+         if (argl == X509_FILETYPE_DEFAULT) {
+-            file = (char *)getenv(X509_get_default_cert_file_env());
++            file = (char *)getenv("NIX_SSL_CERT_FILE");
++            if (!file)
++                file = (char *)getenv(X509_get_default_cert_file_env());
+             if (file)
+                 ok = (X509_load_cert_crl_file(ctx, file,
+                                               X509_FILETYPE_PEM) != 0);