From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/1] OpenSSL 1.1.0 Date: Fri, 2 Sep 2016 16:14:22 -0400 Message-ID: <20160902201422.GA3701@jasmine> References: <87y43albe9.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nVMJ2NtxeReIH9PS" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42833) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bfurI-000314-Bz for guix-devel@gnu.org; Fri, 02 Sep 2016 16:14:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bfurE-0006bp-Pv for guix-devel@gnu.org; Fri, 02 Sep 2016 16:14:40 -0400 Content-Disposition: inline In-Reply-To: <87y43albe9.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: guix-devel@gnu.org --nVMJ2NtxeReIH9PS Content-Type: multipart/mixed; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline --SUOF0GtieIMvvwua Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 02, 2016 at 02:43:58PM +0200, Ludovic Court=C3=A8s wrote: > > I also read about lots of breakage due to the update so I think it=E2= =80=99s > > okay to add it as =E2=80=9Copenssl-next=E2=80=9D for now. >=20 > Agreed (though its fine to use =E2=80=9Copenssl=E2=80=9D in the =E2=80=98= name=E2=80=99 field IMO.) When I put "openssl" in the 'name' field, as attached, `guix build openssl` gives me 1.1.0, which is not right. The other *-next packages all seem to use "name-next" as the name. --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-Add-openssl-next.patch" Content-Transfer-Encoding: quoted-printable =46rom b09132baa7181542b82804985aac7d5f030ec545 Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Fri, 2 Sep 2016 16:07:29 -0400 Subject: [PATCH] gnu: Add openssl-next. * gnu/packages/tls.scm (openssl-next): New variable. * gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + .../patches/openssl-1.1.0-c-rehash-in.patch | 19 ++++ gnu/packages/tls.scm | 103 +++++++++++++++++= ++++ 3 files changed, 123 insertions(+) create mode 100644 gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch diff --git a/gnu/local.mk b/gnu/local.mk index efb00b9..0c2740d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -699,6 +699,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/openjpeg-CVE-2015-6581.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openssl-runpath.patch \ + %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/openssl-CVE-2016-2177.patch \ %D%/packages/patches/openssl-CVE-2016-2178.patch \ diff --git a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch b/gnu/pac= kages/patches/openssl-1.1.0-c-rehash-in.patch new file mode 100644 index 0000000..e3a982b --- /dev/null +++ b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch @@ -0,0 +1,19 @@ +This patch removes the explicit reference to the 'perl' binary, +such that OpenSSL does not retain a reference to Perl. + +The 'c_rehash' program is seldom used, but it is used nonetheless +to create symbolic links to certificates, for instance in the 'nss-certs' +package. + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index 2fef627..9d40eae 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -1,4 +1,6 @@ +-#!{- $config{hashbangperl} -} ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; +=20 + # {- join("\n# ", @autowarntext) -} + # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 4b87150..389fea4 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -323,6 +323,109 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) =20 +(define-public openssl-next + (package + (inherit openssl) + (name "openssl") + (version "1.1.0") + (source (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set= :letter) + "/" name "-" version ".tar.gz"))) + (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) + (sha256 + (base32 + "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm")))) + (outputs '("out" + "doc" ;1.3MiB of man3 pages + "static")) ; 5.5MiB of .a files + (arguments + (substitute-keyword-arguments (package-arguments openssl) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'configure 'patch-runpath + (lambda* (#:key outputs #:allow-other-keys) + (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) + (substitute* "Makefile.shared" + (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") + (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" + " -Wl,-rpath," lib))) + #t))) + (replace + 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (zero? + (system* "./config" + "shared" ;build shared libraries + "--libdir=3Dlib" + =20 + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=3D" out + "/share/openssl-" ,version) + =20 + (string-append "--prefix=3D" out) + =20 + ;; XXX FIXME: Work around a code generation bug i= n GCC + ;; 4.9.3 on ARM when compiled with -mfpu=3Dneon. = See: + ;; + ,@(if (and (not (%current-target-system)) + (string-prefix? "armhf" (%current-syst= em))) + '("-mfpu=3Dvfpv3") + '())))))) + (add-after + 'install 'make-libraries-writable + (lambda* (#:key outputs #:allow-other-keys) + ;; Make libraries writable so that 'strip' does its job. + (let ((out (assoc-ref outputs "out"))) + (for-each (lambda (file) + (chmod file #o644)) + (find-files (string-append out "/lib") + "\\.so")) + #t))) + (add-after 'install 'move-static-libraries + (lambda* (#:key outputs #:allow-other-keys) + ;; Move static libraries to the "static" output. + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (static (assoc-ref outputs "static")) + (slib (string-append static "/lib"))) + (mkdir-p slib) + (for-each (lambda (file) + (install-file file slib) + (delete-file file)) + (find-files lib "\\.a$")) + #t))) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + (delete-file-recursively man3) + #t))) + (add-after + 'install 'remove-miscellany + (lambda* (#:key outputs #:allow-other-keys) + ;; The 'misc' directory contains random undocumented shell an= d Perl + ;; scripts. Remove them to avoid retaining a reference on Pe= rl. + (let ((out (assoc-ref outputs "out"))) + (delete-file-recursively (string-append out "/share/openssl= -" + ,version "/misc")) + #t))))))))) + (define-public libressl (package (name "libressl") --=20 2.9.3 --SUOF0GtieIMvvwua-- --nVMJ2NtxeReIH9PS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXyd2aAAoJECZG+jC6yn8IB7EQAMK4aHzncbyCC5WwHJR4IFJ+ QvQJBwf1pT0xw00W3YfwSXVfc8belP0nafIAOZKbOp2zgSsnWUlbWCkLXDlFvYjI 3kLSZYHGZOP7um3F3DZ1eBGdfJB2bs7n7nVR/aBg/7P0AbP+/HOW/H9aig4wGTgC l5tHOoO5uFKT4/XD+ui9kLYqdBINkwhyUWgo9M7ZBfNyahKLO4HrRr4TelsroJmu YR1E6ph9JQx3Dvf4OLP1njbnqX1Q711jCRKA+nqA6XSeDC+b9vLLYBSKKe9n4OOt 3SuN60CgnakztpgX6Hhqm/885yPc6phkNo1lupeqdcaknEYm5lyOLDD+O+8++eHe o7uODyn+KzeUSkxaQHuVaxLzx3CwO0PSmucq7LaNtZ3es1jlh0Bbyc+RIAXqYRZr Z+RqV8puz5O7FwW89FftfJC8hDgEEevGLIw6qOdPO81X1QBTCt/xMkIn/ePSq2TF k4A3jVH37cGo0BGj5i6v//ZJYlQCtU8fxDacGSHYTZDFI2OZoPS4+vTkJhf3joY7 QOsL+iAgkH5EXYfH+r6wqPnm892wZjYXuC1fEBBjtZYQz72iRaE219gXOND15FUj 7dukAZTWkJ91lvGqWonPnwJx0fskul+0nWDxYpAcTA7W1/nCBl3adcMc8MhNI/i/ 3zbq2oMFOj/FixMLiTQ6 =KOQX -----END PGP SIGNATURE----- --nVMJ2NtxeReIH9PS--