From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/1] OpenSSL 1.1.0 Date: Mon, 5 Sep 2016 19:05:46 -0400 Message-ID: <20160905230546.GA9527@jasmine> References: <87y43albe9.fsf@gnu.org> <20160902201422.GA3701@jasmine> <8737lhm6rk.fsf@gnu.org> <20160903140613.GB12802@jasmine> <87oa45jblg.fsf@gnu.org> <20160904022049.GA30856@jasmine> <87h99uw0ea.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="AhhlLboLdkugWU4S" Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39189) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bh2xq-0008Tq-Rm for guix-devel@gnu.org; Mon, 05 Sep 2016 19:06:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bh2xl-0003xV-UT for guix-devel@gnu.org; Mon, 05 Sep 2016 19:06:06 -0400 Content-Disposition: inline In-Reply-To: <87h99uw0ea.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: guix-devel@gnu.org --AhhlLboLdkugWU4S Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit On Mon, Sep 05, 2016 at 10:35:09PM +0200, Ludovic Courtès wrote: > Seems like most of the arguments and phases are shared with ‘openssl’, > right? What about using ‘substitute-keyword-arguments’ to reduce > duplication? Or are you concerned about potential breakage when one > series or the other changes? I've attached an updated patch using 'substitute-keyword-arguments'. BTW, my previous patch made a one-line change to 'move-man3-pages', deleting the leftover empty man3 directory in the main output after copying the manpages to the 'doc' output. Is this change desired? We can deal with breakage when it breaks :) --AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-Add-openssl-next.patch" >From 83405a4ea3628cababd2ee5904c8d0628a002d05 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 2 Sep 2016 16:07:29 -0400 Subject: [PATCH] gnu: Add openssl-next. * gnu/packages/tls.scm (openssl-next): New variable. * gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + .../patches/openssl-1.1.0-c-rehash-in.patch | 19 ++++++++++++ gnu/packages/tls.scm | 35 ++++++++++++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch diff --git a/gnu/local.mk b/gnu/local.mk index 50363ef..eb8476a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -701,6 +701,7 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2015-6581.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openssl-runpath.patch \ + %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/openssl-CVE-2016-2177.patch \ %D%/packages/patches/openssl-CVE-2016-2178.patch \ diff --git a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch new file mode 100644 index 0000000..e3a982b --- /dev/null +++ b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch @@ -0,0 +1,19 @@ +This patch removes the explicit reference to the 'perl' binary, +such that OpenSSL does not retain a reference to Perl. + +The 'c_rehash' program is seldom used, but it is used nonetheless +to create symbolic links to certificates, for instance in the 'nss-certs' +package. + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index 2fef627..9d40eae 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -1,4 +1,6 @@ +-#!{- $config{hashbangperl} -} ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; + + # {- join("\n# ", @autowarntext) -} + # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 4b87150..efc1190 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -323,6 +323,41 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define-public openssl-next + (package + (inherit openssl) + (name "openssl") + (version "1.1.0") + (source (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) + (sha256 + (base32 + "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm")))) + (outputs '("out" + "doc" ;1.3MiB of man3 pages + "static")) ; 5.5MiB of .a files + (arguments + (substitute-keyword-arguments (package-arguments openssl) + ((#:phases phases) + `(modify-phases ,phases + (delete 'patch-tests) ; These two phases are not needed by + (delete 'patch-Makefile.org) ; OpenSSL 1.1.0. + + (add-after 'configure 'patch-runpath + (lambda* (#:key outputs #:allow-other-keys) + (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) + (substitute* "Makefile.shared" + (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") + (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" + " -Wl,-rpath," lib))) + #t))))))))) + (define-public libressl (package (name "libressl") -- 2.10.0 --AhhlLboLdkugWU4S--