From cc60c24909a8b207a0a2dfc18082453ab85c46af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 17 May 2022 10:42:46 +0100 Subject: [PATCH] openssl: disable ct feature in static mode (#173288) For static binaries to be relocatable, they can't depend on data files. Co-authored-by: zimbatm --- pkgs/development/libraries/openssl/default.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 26a89fe47a41..a0506dda1f69 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -7,6 +7,7 @@ # This will cause c_rehash to refer to perl via the environment, but otherwise # will produce a perfectly functional openssl binary and library. , withPerl ? stdenv.hostPlatform == stdenv.buildPlatform +, removeReferencesTo }: # Note: this package is used for bootstrapping fetchurl, and thus @@ -112,7 +113,11 @@ let # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. - ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared"; + ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared" + # This introduces a reference to the CTLOG_FILE which is undesired when + # trying to build binaries statically. + ++ lib.optional static "no-ct" + ; makeFlags = [ "MANDIR=$(man)/share/man" @@ -126,13 +131,16 @@ let enableParallelBuilding = true; postInstall = - lib.optionalString (!static) '' + (if static then '' + # OPENSSLDIR has a reference to self + ${removeReferencesTo}/bin/remove-references-to -t $out $out/lib/*.a + '' else '' # If we're building dynamic libraries, then don't install static # libraries. if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then rm "$out/lib/"*.a fi - '' + lib.optionalString (!stdenv.hostPlatform.isWindows) + '') + lib.optionalString (!stdenv.hostPlatform.isWindows) # Fix bin/c_rehash's perl interpreter line # # - openssl 1_0_2: embeds a reference to buildPackages.perl