Re: [PATCH 0/1] OpenSSL 1.1.0

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Leo Famulari <leo@famulari.name>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH 0/1] OpenSSL 1.1.0
Date: Mon, 5 Sep 2016 19:05:46 -0400	[thread overview]
Message-ID: <20160905230546.GA9527@jasmine> (raw)
In-Reply-To: <87h99uw0ea.fsf@gnu.org>

[-- Attachment #1: Type: text/plain, Size: 635 bytes --]

On Mon, Sep 05, 2016 at 10:35:09PM +0200, Ludovic Courtès wrote:
> Seems like most of the arguments and phases are shared with ‘openssl’,
> right?  What about using ‘substitute-keyword-arguments’ to reduce
> duplication?  Or are you concerned about potential breakage when one
> series or the other changes?

I've attached an updated patch using 'substitute-keyword-arguments'.

BTW, my previous patch made a one-line change to 'move-man3-pages',
deleting the leftover empty man3 directory in the main output after
copying the manpages to the 'doc' output. Is this change desired?

We can deal with breakage when it breaks :)

[-- Attachment #2: 0001-gnu-Add-openssl-next.patch --]
[-- Type: text/plain, Size: 4090 bytes --]

From 83405a4ea3628cababd2ee5904c8d0628a002d05 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 2 Sep 2016 16:07:29 -0400
Subject: [PATCH] gnu: Add openssl-next.

* gnu/packages/tls.scm (openssl-next): New variable.
* gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |  1 +
 .../patches/openssl-1.1.0-c-rehash-in.patch        | 19 ++++++++++++
 gnu/packages/tls.scm                               | 35 ++++++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 50363ef..eb8476a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -701,6 +701,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openjpeg-CVE-2015-6581.patch		\
   %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
   %D%/packages/patches/openssl-runpath.patch			\
+  %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/openssl-CVE-2016-2177.patch		\
   %D%/packages/patches/openssl-CVE-2016-2178.patch		\
diff --git a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
new file mode 100644
index 0000000..e3a982b
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
@@ -0,0 +1,19 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index 2fef627..9d40eae 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,4 +1,6 @@
+-#!{- $config{hashbangperl} -}
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ 
+ # {- join("\n# ", @autowarntext) -}
+ # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 4b87150..efc1190 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -323,6 +323,41 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
 
+(define-public openssl-next
+  (package
+    (inherit openssl)
+    (name "openssl")
+    (version "1.1.0")
+    (source (origin
+             (method url-fetch)
+             (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                       name "-" version ".tar.gz")
+                        (string-append "ftp://ftp.openssl.org/source/old/"
+                                       (string-trim-right version char-set:letter)
+                                       "/" name "-" version ".tar.gz")))
+              (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+              (sha256
+               (base32
+                "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
+    (outputs '("out"
+               "doc"        ;1.3MiB of man3 pages
+               "static"))   ; 5.5MiB of .a files
+    (arguments
+     (substitute-keyword-arguments (package-arguments openssl)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (delete 'patch-tests)          ; These two phases are not needed by
+           (delete 'patch-Makefile.org)   ; OpenSSL 1.1.0.
+
+           (add-after 'configure 'patch-runpath
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
+                 (substitute* "Makefile.shared"
+                   (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
+                    (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
+                                   " -Wl,-rpath," lib)))
+                 #t)))))))))
+
 (define-public libressl
   (package
     (name "libressl")
-- 
2.10.0

next prev parent reply	other threads:[~2016-09-05 23:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-02  1:59 [PATCH 0/1] OpenSSL 1.1.0 Leo Famulari
2016-09-02  1:59 ` [PATCH 1/1] gnu: openssl: Update to 1.1.0 Leo Famulari
2016-09-02  7:40 ` [PATCH 0/1] OpenSSL 1.1.0 Ricardo Wurmus
2016-09-02 12:43   ` Ludovic Courtès
2016-09-02 20:14     ` Leo Famulari
2016-09-02 20:30       ` Leo Famulari
2016-09-03 13:50       ` Ludovic Courtès
2016-09-03 14:06         ` Leo Famulari
2016-09-03 14:34           ` Ludovic Courtès
2016-09-04  2:20             ` Leo Famulari
2016-09-04  2:48               ` Leo Famulari
2016-09-05 20:35               ` Ludovic Courtès
2016-09-05 23:05                 ` Leo Famulari [this message]
2016-09-06 12:29                   ` Ludovic Courtès
2016-09-06 17:47                     ` Leo Famulari

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:50363ef dfblob:eb8476a dfblob:e3a982b dfblob:4b87150
dfblob:efc1190 )
 OR (
bs:"gnu: Add openssl-next." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160905230546.GA9527@jasmine \
    --to=leo@famulari.name \
    --cc=guix-devel@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).