On Fri, Dec 09, 2016 at 11:11:07AM +0100, Marius Bakke wrote: > I did this change for openssl@1.1.0 (attached). The 'config(ure)' script > now takes a -rpath flag which works as advertised. Thanks for taking this on! > However by duplicating the 'configure' phase, I discovered that the > 'version' variable actually gets the inherited value when using > 'substitute-keyword-arguments', and had to duplicate the > 'remove-miscellany' phase as well, since it tried deleting a directory > called '$out/share/openssl-1.0.2j'. Should I file a bug for this, or > is it something intrinsically unfixable? I don't know, but the patch looks good enough to me, so can you go ahead and push it? We can deduplicate the phases later. > From 2fa175873823afb4b2e05c9ed26772c900a2f5ef Mon Sep 17 00:00:00 2001 > From: Marius Bakke > Date: Fri, 9 Dec 2016 09:48:38 +0100 > Subject: [PATCH] gnu: openssl-next: Update to 1.1.0c [fixes > CVE-{7053,7054,7055}]. > > * gnu/packages/tls.scm (openssl-next): Update to 1.1.0c. > [arguments]: Duplicate 'configure' to add rpath flag previously handled by > now-defunct 'patch-runpath' phase. Duplicate 'remove-miscellany' phase. [...] > + (replace 'configure > (lambda* (#:key outputs #:allow-other-keys) > - (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) > - (substitute* "Makefile.shared" > - (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") > - (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" > - " -Wl,-rpath," lib))) > + (let* ((out (assoc-ref outputs "out")) > + (lib (string-append out "/lib"))) > + (zero? > + (system* "./config" > + "shared" ;build shared libraries > + "--libdir=lib" > + > + ;; The default for this catch-all directory is > + ;; PREFIX/ssl. Change that to something more > + ;; conventional. > + (string-append "--openssldir=" out > + "/share/openssl-" ,version) > + > + (string-append "--prefix=" out) > + > + (string-append "-Wl,-rpath," lib) This is much clearer than patching the Makefile!