summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/patches/openssl-c-rehash-in.patch17
-rw-r--r--gnu/packages/tls.scm23
3 files changed, 40 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 9cf67f3800..7cfc48520b 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -631,6 +631,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/openjpeg-use-after-free-fix.patch	\
   gnu/packages/patches/openssl-runpath.patch			\
   gnu/packages/patches/openssl-c-rehash.patch			\
+  gnu/packages/patches/openssl-c-rehash-in.patch		\
   gnu/packages/patches/orpheus-cast-errors-and-includes.patch	\
   gnu/packages/patches/ots-no-include-missing-file.patch	\
   gnu/packages/patches/patchelf-page-size.patch			\
diff --git a/gnu/packages/patches/openssl-c-rehash-in.patch b/gnu/packages/patches/openssl-c-rehash-in.patch
new file mode 100644
index 0000000000..bd3d3178f1
--- /dev/null
+++ b/gnu/packages/patches/openssl-c-rehash-in.patch
@@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2g/tools/c_rehash.in	2015-09-09 18:36:07.313316482 +0200
++++ openssl-1.0.2g/tools/c_rehash.in	2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/local/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ 
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 57f0ca1114..dc27366448 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
@@ -179,6 +179,7 @@ required structures.")
 
 (define-public openssl
   (package
+   (replacement openssl-1.0.2g)
    (name "openssl")
    (version "1.0.2f")
    (source (origin
@@ -282,6 +283,26 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
 
+(define openssl-1.0.2g
+  (package
+    (inherit openssl)
+    (replacement #f)
+    (source
+     (let ((name "openssl") (version "1.0.2g"))
+       (origin
+         (method url-fetch)
+         (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                   name "-" version ".tar.gz")
+                    (string-append "ftp://ftp.openssl.org/source/old/"
+                                   (string-trim-right version char-set:letter)
+                                   "/" name "-" version ".tar.gz")))
+         (sha256
+          (base32
+           "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
+         (patches (map search-patch
+                       '("openssl-runpath.patch"
+                         "openssl-c-rehash-in.patch"))))))))
+
 (define-public libressl
   (package
     (name "libressl")