2019-09-19 17:37:34 +01:00
|
|
|
{ stdenv, fetchurl, lib, cmake, cacert, fetchpatch, buildShared ? true }:
|
2017-07-20 18:31:08 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
|
2019-09-19 17:35:55 +01:00
|
|
|
generic = { version, sha256, patches ? [] }: stdenv.mkDerivation rec {
|
2019-08-15 13:41:18 +01:00
|
|
|
pname = "libressl";
|
2017-07-20 18:31:08 +01:00
|
|
|
inherit version;
|
|
|
|
|
|
|
|
src = fetchurl {
|
2019-08-15 13:41:18 +01:00
|
|
|
url = "mirror://openbsd/LibreSSL/${pname}-${version}.tar.gz";
|
2017-07-20 18:31:08 +01:00
|
|
|
inherit sha256;
|
|
|
|
};
|
|
|
|
|
2019-05-04 14:55:14 +01:00
|
|
|
nativeBuildInputs = [ cmake ];
|
|
|
|
|
2019-08-20 23:07:38 +01:00
|
|
|
cmakeFlags = [
|
|
|
|
"-DENABLE_NC=ON"
|
|
|
|
# Ensure that the output libraries do not require an executable stack.
|
|
|
|
# Without this define, assembly files in libcrypto do not include a
|
|
|
|
# .note.GNU-stack section, and if that section is missing from any object,
|
|
|
|
# the linker will make the stack executable.
|
|
|
|
"-DCMAKE_C_FLAGS=-DHAVE_GNU_STACK"
|
2019-10-14 10:28:33 +01:00
|
|
|
# libressl will append this to the regular prefix for libdir
|
|
|
|
"-DCMAKE_INSTALL_LIBDIR=lib"
|
2019-09-19 17:37:34 +01:00
|
|
|
] ++ lib.optional buildShared "-DBUILD_SHARED_LIBS=ON";
|
2019-05-04 14:55:14 +01:00
|
|
|
|
|
|
|
# The autoconf build is broken as of 2.9.1, resulting in the following error:
|
|
|
|
# libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'.
|
|
|
|
# Fortunately LibreSSL provides a CMake build as well, so opt for CMake by
|
|
|
|
# removing ./configure pre-config.
|
|
|
|
preConfigure = ''
|
|
|
|
rm configure
|
|
|
|
'';
|
2018-04-28 01:33:05 +01:00
|
|
|
|
2019-09-19 17:35:55 +01:00
|
|
|
inherit patches;
|
|
|
|
|
2019-09-09 23:01:59 +01:00
|
|
|
# Since 2.9.x the default location can't be configured from the build using
|
|
|
|
# DEFAULT_CA_FILE anymore, instead we have to patch the default value.
|
|
|
|
postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") ''
|
|
|
|
substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"'
|
|
|
|
'';
|
|
|
|
|
2017-07-20 18:31:08 +01:00
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
2018-04-29 20:46:54 +01:00
|
|
|
outputs = [ "bin" "dev" "out" "man" "nc" ];
|
|
|
|
|
|
|
|
postFixup = ''
|
|
|
|
moveToOutput "bin/nc" "$nc"
|
2019-05-04 14:55:14 +01:00
|
|
|
moveToOutput "bin/openssl" "$bin"
|
|
|
|
moveToOutput "bin/ocspcheck" "$bin"
|
2018-04-29 21:14:34 +01:00
|
|
|
moveToOutput "share/man/man1/nc.1${lib.optionalString (dontGzipMan==null) ".gz"}" "$nc"
|
2018-04-29 20:46:54 +01:00
|
|
|
'';
|
2017-07-20 18:31:08 +01:00
|
|
|
|
|
|
|
dontGzipMan = if stdenv.isDarwin then true else null; # not sure what's wrong
|
|
|
|
|
2018-04-29 20:46:54 +01:00
|
|
|
meta = with lib; {
|
2017-07-20 18:31:08 +01:00
|
|
|
description = "Free TLS/SSL implementation";
|
2018-05-13 14:26:34 +01:00
|
|
|
homepage = "https://www.libressl.org";
|
2019-06-24 09:16:02 +01:00
|
|
|
license = with licenses; [ publicDomain bsdOriginal bsd0 bsd3 gpl3 isc openssl ];
|
2017-07-20 18:31:08 +01:00
|
|
|
platforms = platforms.all;
|
2019-08-20 18:36:05 +01:00
|
|
|
maintainers = with maintainers; [ thoughtpolice fpletz ];
|
2017-07-20 18:31:08 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
2018-12-17 22:59:24 +00:00
|
|
|
libressl_2_9 = generic {
|
2019-06-01 16:48:38 +01:00
|
|
|
version = "2.9.2";
|
|
|
|
sha256 = "1m6mz515dcbrbnyz8hrpdfjzdmj1c15vbgnqxdxb89g3z9kq3iy4";
|
2019-09-19 17:35:55 +01:00
|
|
|
patches = stdenv.lib.optional stdenv.hostPlatform.isMusl [
|
|
|
|
(fetchpatch {
|
|
|
|
url = "https://github.com/libressl-portable/portable/pull/529/commits/a747aacc23607c993cc481378782b2c7dd5bc53b.patch";
|
|
|
|
sha256 = "0wbrcscdkjpk4mhh7f3saghi4smia4lhf7fl6la3ahhgx1krn5zm";
|
|
|
|
})
|
|
|
|
];
|
2018-12-17 22:59:24 +00:00
|
|
|
};
|
2019-08-10 19:18:28 +01:00
|
|
|
|
|
|
|
libressl_3_0 = generic {
|
2019-10-23 18:08:55 +01:00
|
|
|
version = "3.0.2";
|
|
|
|
sha256 = "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz";
|
2019-08-10 19:18:28 +01:00
|
|
|
};
|
2017-07-20 18:31:08 +01:00
|
|
|
}
|