On Fri, Sep 02, 2016 at 02:43:58PM +0200, Ludovic Courtès wrote: > > I also read about lots of breakage due to the update so I think it’s > > okay to add it as “openssl-next” for now. > > Agreed (though its fine to use “openssl” in the ‘name’ field IMO.)
When I put "openssl" in the 'name' field, as attached, `guix build openssl` gives me 1.1.0, which is not right. The other *-next packages all seem to use "name-next" as the name.
From b09132baa7181542b82804985aac7d5f030ec545 Mon Sep 17 00:00:00 2001
From: Leo Famulari <l...@famulari.name>
Date: Fri, 2 Sep 2016 16:07:29 -0400
Subject: [PATCH] gnu: Add openssl-next.
* gnu/packages/tls.scm (openssl-next): New variable.
* gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 1 +
.../patches/openssl-1.1.0-c-rehash-in.patch | 19 ++++
gnu/packages/tls.scm | 103 +++++++++++++++++++++
3 files changed, 123 insertions(+)
create mode 100644 gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index efb00b9..0c2740d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -699,6 +699,7 @@ dist_patch_DATA =
\
%D%/packages/patches/openjpeg-CVE-2015-6581.patch \
%D%/packages/patches/openjpeg-use-after-free-fix.patch \
%D%/packages/patches/openssl-runpath.patch \
+ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
%D%/packages/patches/openssl-CVE-2016-2177.patch \
%D%/packages/patches/openssl-CVE-2016-2178.patch \
diff --git a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
new file mode 100644
index 0000000..e3a982b
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
@@ -0,0 +1,19 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index 2fef627..9d40eae 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,4 +1,6 @@
+-#!{- $config{hashbangperl} -}
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++ & eval 'exec perl -wS "$0" $argv:q'
++ if 0;
+
+ # {- join("\n# ", @autowarntext) -}
+ # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 4b87150..389fea4 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -323,6 +323,109 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/";)))
+(define-public openssl-next
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.1.0")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/";
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/";
+ (string-trim-right version
char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
+ (outputs '("out"
+ "doc" ;1.3MiB of man3 pages
+ "static")) ; 5.5MiB of .a files
+ (arguments
+ (substitute-keyword-arguments (package-arguments openssl)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (add-after 'configure 'patch-runpath
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
+ (substitute* "Makefile.shared"
+ (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
+ (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
+ " -Wl,-rpath," lib)))
+ #t)))
+ (replace
+ 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (zero?
+ (system* "./config"
+ "shared" ;build shared libraries
+ "--libdir=lib"
+
+ ;; The default for this catch-all directory is
+ ;; PREFIX/ssl. Change that to something more
+ ;; conventional.
+ (string-append "--openssldir=" out
+ "/share/openssl-" ,version)
+
+ (string-append "--prefix=" out)
+
+ ;; XXX FIXME: Work around a code generation bug in GCC
+ ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
+ ;;
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
+ ,@(if (and (not (%current-target-system))
+ (string-prefix? "armhf" (%current-system)))
+ '("-mfpu=vfpv3")
+ '()))))))
+ (add-after
+ 'install 'make-libraries-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Make libraries writable so that 'strip' does its job.
+ (let ((out (assoc-ref outputs "out")))
+ (for-each (lambda (file)
+ (chmod file #o644))
+ (find-files (string-append out "/lib")
+ "\\.so"))
+ #t)))
+ (add-after 'install 'move-static-libraries
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move static libraries to the "static" output.
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib"))
+ (static (assoc-ref outputs "static"))
+ (slib (string-append static "/lib")))
+ (mkdir-p slib)
+ (for-each (lambda (file)
+ (install-file file slib)
+ (delete-file file))
+ (find-files lib "\\.a$"))
+ #t)))
+ (add-after 'install 'move-man3-pages
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move section 3 man pages to "doc".
+ (let* ((out (assoc-ref outputs "out"))
+ (man3 (string-append out "/share/man/man3"))
+ (doc (assoc-ref outputs "doc"))
+ (target (string-append doc "/share/man/man3")))
+ (mkdir-p target)
+ (for-each (lambda (file)
+ (rename-file file
+ (string-append target "/"
+ (basename file))))
+ (find-files man3))
+ (delete-file-recursively man3)
+ #t)))
+ (add-after
+ 'install 'remove-miscellany
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; The 'misc' directory contains random undocumented shell and
Perl
+ ;; scripts. Remove them to avoid retaining a reference on Perl.
+ (let ((out (assoc-ref outputs "out")))
+ (delete-file-recursively (string-append out "/share/openssl-"
+ ,version "/misc"))
+ #t)))))))))
+
(define-public libressl
(package
(name "libressl")
--
2.9.3
signature.asc
Description: PGP signature
