Fixes <https://issues.guix.gnu.org/56137>.
* gnu/packages/tls.scm (openssl-1.1): Bind a RELEASE-DATE variable.
[arguments]: Invoke the test suite through datefudge, to avoid certificates
from expiring as time passes.
[native-inputs]: Add datefudge.
---
gnu/packages/tls.scm | 266 +++++++++++++++++++++++--------------------
1 file changed, 144 insertions(+), 122 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 524b801443..c20548e89a 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -492,130 +492,152 @@ (define (target->openssl-target target)
(string-append kernel "-" arch))))
(define-public openssl-1.1
- (package
- (name "openssl")
- (version "1.1.1l")
- (replacement openssl/fixed)
- (source (origin
- (method url-fetch)
- (uri (list (string-append
"https://www.openssl.org/source/openssl-";
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/";
- "openssl-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/";
- (string-trim-right version
char-set:letter)
- "/openssl-" version ".tar.gz")))
- (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
- (sha256
- (base32
- "1lbblxps2fhmz7bqh058iywh5wxfignbfx1s1kz2fj63b5g3wyhb"))))
- (build-system gnu-build-system)
- (outputs '("out"
- "doc" ;6.8 MiB of man3 pages and full HTML documentation
- "static")) ;6.4 MiB of .a files
- (native-inputs (list perl))
- (arguments
- (list
- #:parallel-tests? #f
- #:test-target "test"
-
- ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
- ;; so we explicitly disallow it here.
- #:disallowed-references (list (canonical-package perl))
- #:phases
- #~(modify-phases %standard-phases
- #$@(if (%current-target-system)
- #~((add-before 'configure 'set-cross-compile
- (lambda* (#:key target #:allow-other-keys)
- (setenv "CROSS_COMPILE" (string-append target "-"))
- (setenv "CONFIGURE_TARGET_ARCH"
- #$(target->openssl-target
- (%current-target-system))))))
- #~())
- ;; This test seems to be dependant on kernel features.
- ;; https://github.com/openssl/openssl/issues/12242
- #$@(if (or (target-arm?)
- (target-riscv64?))
- #~((replace 'check
- (lambda* (#:key tests? test-target #:allow-other-keys)
- (when tests?
- (invoke "make" "TESTS=-test_afalg" test-target)))))
- #~())
- (replace 'configure
- (lambda* (#:key configure-flags #:allow-other-keys)
- (let* ((out #$output)
- (lib (string-append out "/lib")))
- ;; It's not a shebang so patch-source-shebangs misses it.
- (substitute* "config"
- (("/usr/bin/env")
- (string-append (assoc-ref %build-inputs "coreutils")
- "/bin/env")))
- (apply
- invoke #$@(if (%current-target-system)
- #~("./Configure")
- #~("./config"))
- "shared" ;build shared libraries
- "--libdir=lib"
+ ;; Note to maintainers: when updating this package, make sure to update the
+ ;; RELEASE-DATE variable below. It is used by datefudge to avoid time bombs
+ ;; in the test suite.
+ (let ((release-date "2021-12-14 00:00"))
+ (package
+ (name "openssl")
+ (version "1.1.1l")
+ (replacement openssl/fixed)
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append
"https://www.openssl.org/source/openssl-";
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/";
+ "openssl-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/";
+ (string-trim-right version
char-set:letter)
+ "/openssl-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "1lbblxps2fhmz7bqh058iywh5wxfignbfx1s1kz2fj63b5g3wyhb"))))
+ (build-system gnu-build-system)
+ (outputs '("out"
+ "doc" ;6.8 MiB of man3 pages and full HTML documentation
+ "static")) ;6.4 MiB of .a files
+ (native-inputs (list datefudge perl))
+ (arguments
+ (list
+ #:modules '((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-34))
+ #:parallel-tests? #f
+ #:test-target "test"
+ #:make-flags
+ #~(list #$@(if (or (target-arm?)
+ (target-riscv64?))
+ ;; This test seems to be dependant on kernel features.
+ ;; https://github.com/openssl/openssl/issues/12242
+ #~("TESTS=-test_afalg")
+ #~()))
+ ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the
closure,
+ ;; so we explicitly disallow it here.
+ #:disallowed-references (list (canonical-package perl))
+ #:phases
+ #~(modify-phases %standard-phases
+ #$@(if (%current-target-system)
+ #~((add-before 'configure 'set-cross-compile
+ (lambda* (#:key target #:allow-other-keys)
+ (setenv "CROSS_COMPILE" (string-append target "-"))
+ (setenv "CONFIGURE_TARGET_ARCH"
+ #$(target->openssl-target
+ (%current-target-system))))))
+ #~())
+ (replace 'check
+ (lambda* (#:key target make-flags tests? test-target
+ parallel-tests? test-suite-log-regexp
+ #:allow-other-keys)
+ (if tests?
+ (guard (c ((invoke-error? c)
+ ;; Dump the test suite log to facilitate
debugging.
+ (display "\nTest suite failed, dumping logs.\n"
+ (current-error-port))
+ (dump-file-contents "." test-suite-log-regexp)
+ (raise c)))
+ (apply invoke "datefudge" #$release-date
+ "make" test-target
+ `(,@(if parallel-tests?
+ `("-j" ,(number->string
(parallel-job-count)))
+ '())
+ ,@make-flags)))
+ (format #t "test suite not run~%"))))
+ (replace 'configure
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (let* ((out #$output)
+ (lib (string-append out "/lib")))
+ ;; It's not a shebang so patch-source-shebangs misses it.
+ (substitute* "config"
+ (("/usr/bin/env")
+ (string-append (assoc-ref %build-inputs "coreutils")
+ "/bin/env")))
+ (apply
+ invoke #$@(if (%current-target-system)
+ #~("./Configure")
+ #~("./config"))
+ "shared" ;build shared libraries
+ "--libdir=lib"
- ;; The default for this catch-all directory is
- ;; PREFIX/ssl. Change that to something more
- ;; conventional.
- (string-append "--openssldir=" out
- "/share/openssl-"
- #$(package-version this-package))
+ ;; The default for this catch-all directory is
+ ;; PREFIX/ssl. Change that to something more
+ ;; conventional.
+ (string-append "--openssldir=" out
+ "/share/openssl-"
+ #$(package-version this-package))
- (string-append "--prefix=" out)
- (string-append "-Wl,-rpath," lib)
- #$@(if (%current-target-system)
- #~((getenv "CONFIGURE_TARGET_ARCH"))
- #~())
- configure-flags)
- ;; Output the configure variables.
- (invoke "perl" "configdata.pm" "--dump"))))
- (add-after 'install 'move-static-libraries
- (lambda _
- ;; Move static libraries to the "static" output.
- (let* ((out #$output)
- (lib (string-append out "/lib"))
- (static #$output:static)
- (slib (string-append static "/lib")))
- (for-each (lambda (file)
- (install-file file slib)
- (delete-file file))
- (find-files
- lib
- #$(if (target-mingw?)
- '(lambda (filename _)
- (and (string-suffix? ".a" filename)
- (not (string-suffix? ".dll.a"
filename))))
- "\\.a$"))))))
- (add-after 'install 'move-extra-documentation
- (lambda _
- ;; Move man pages and full HTML documentation to "doc".
- (let* ((out #$output)
- (man (string-append out "/share/man"))
- (html (string-append out "/share/doc/openssl"))
- (doc #$output:doc)
- (man-target (string-append doc "/share/man"))
- (html-target (string-append doc "/share/doc/openssl")))
- (mkdir-p (dirname man-target))
- (mkdir-p (dirname html-target))
- (rename-file man man-target)
- (rename-file html html-target))))
- (add-after
- 'install 'remove-miscellany
- (lambda _
- ;; The 'misc' directory contains random undocumented shell and
Perl
- ;; scripts. Remove them to avoid retaining a reference on Perl.
- (delete-file-recursively (string-append #$output
"/share/openssl-"
- #$(package-version
this-package)
- "/misc")))))))
- (native-search-paths
- (list $SSL_CERT_DIR $SSL_CERT_FILE))
- (synopsis "SSL/TLS implementation")
- (description "OpenSSL is an implementation of SSL/TLS.")
- (license license:openssl)
- (home-page "https://www.openssl.org/";)))
+ (string-append "--prefix=" out)
+ (string-append "-Wl,-rpath," lib)
+ #$@(if (%current-target-system)
+ #~((getenv "CONFIGURE_TARGET_ARCH"))
+ #~())
+ configure-flags)
+ ;; Output the configure variables.
+ (invoke "perl" "configdata.pm" "--dump"))))
+ (add-after 'install 'move-static-libraries
+ (lambda _
+ ;; Move static libraries to the "static" output.
+ (let* ((out #$output)
+ (lib (string-append out "/lib"))
+ (static #$output:static)
+ (slib (string-append static "/lib")))
+ (for-each (lambda (file)
+ (install-file file slib)
+ (delete-file file))
+ (find-files
+ lib
+ #$(if (target-mingw?)
+ '(lambda (filename _)
+ (and (string-suffix? ".a" filename)
+ (not (string-suffix? ".dll.a"
filename))))
+ "\\.a$"))))))
+ (add-after 'install 'move-extra-documentation
+ (lambda _
+ ;; Move man pages and full HTML documentation to "doc".
+ (let* ((out #$output)
+ (man (string-append out "/share/man"))
+ (html (string-append out "/share/doc/openssl"))
+ (doc #$output:doc)
+ (man-target (string-append doc "/share/man"))
+ (html-target (string-append doc "/share/doc/openssl")))
+ (mkdir-p (dirname man-target))
+ (mkdir-p (dirname html-target))
+ (rename-file man man-target)
+ (rename-file html html-target))))
+ (add-after
+ 'install 'remove-miscellany
+ (lambda _
+ ;; The 'misc' directory contains random undocumented shell and
Perl
+ ;; scripts. Remove them to avoid retaining a reference on
Perl.
+ (delete-file-recursively (string-append #$output
"/share/openssl-"
+ #$(package-version
this-package)
+ "/misc")))))))
+ (native-search-paths
+ (list $SSL_CERT_DIR $SSL_CERT_FILE))
+ (synopsis "SSL/TLS implementation")
+ (description "OpenSSL is an implementation of SSL/TLS.")
+ (license license:openssl)
+ (home-page "https://www.openssl.org/";))))
(define openssl/fixed
(package
--
2.39.1
