libressl: fixing nc for version>=2.9

This addresses https://github.com/NixOS/nixpkgs/issues/68286 When `-R` (CA file location) is not specified, nc tries to fall back to a default location. In 2.8 this was still configurable at compile time, but was changed somewhere after. This replaces `/etc/ssl/cert.pem` with `${cacert}/etc/ssl/cert.pem` in the code directly. For a discussion of this, see https://github.com/NixOS/nixpkgs/pull/68456
2019-09-10 00:01:59 +02:00 · 2019-09-10 00:01:59 +02:00 · 044f771d59
commit 044f771d59
parent 78879ae0e9
1 changed files with 7 additions and 1 deletions
--- a/pkgs/development/libraries/libressl/default.nix
+++ b/pkgs/development/libraries/libressl/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lib, cmake }:
+{ stdenv, fetchurl, lib, cmake, cacert }:

 let

@ -31,6 +31,12 @@ let
      rm configure
    '';

+    # Since 2.9.x the default location can't be configured from the build using
+    # DEFAULT_CA_FILE anymore, instead we have to patch the default value.
+    postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") ''
+      substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"'
+    '';
+
    enableParallelBuilding = true;

    outputs = [ "bin" "dev" "out" "man" "nc" ];