diff options
Diffstat (limited to 'gnu/packages/tls.scm')
| -rw-r--r-- | gnu/packages/tls.scm | 154 |
1 files changed, 47 insertions, 107 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b0950ec2e5..c776085cad 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke <marius@gnu.org> +;;; Copyright © 2017-2022 Marius Bakke <marius@gnu.org> ;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> @@ -383,6 +383,7 @@ OpenSSL for TARGET." (package (name "openssl") (version "1.1.1l") + (replacement openssl/fixed) (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -508,113 +509,52 @@ OpenSSL for TARGET." (license license:openssl) (home-page "https://www.openssl.org/"))) -;; We will not add any new uses of this package. If you add new code that uses -;; this package, your change will be reverted! -;; -;; The only acceptable use for this package is to bootstrap Rust, in -;; ((gnu packages rust) rust-1.19). -;; -;; OpenSSL 1.0 is no longer suppported upstream [0] and has several security -;; vulnerabilities that will not be fixed [1]. -;; -;; For more information from the Guix point of view, see -;; <https://bugs.gnu.org/46602>. -;; -;; [0] https://www.openssl.org/policies/releasestrat.html -;; [1] https://www.openssl.org/news/vulnerabilities.html -(define-public openssl-1.0 - (hidden-package - (package - (inherit openssl) - (name "openssl") - (version "1.0.2u") - (source (origin - (method url-fetch) - (uri (list (string-append "https://www.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/" - "openssl-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/openssl-" version ".tar.gz"))) - (sha256 - (base32 - "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) - (outputs '("out" - "doc" ;1.5MiB of man3 pages - "static")) ;6MiB of .a files - (arguments - (substitute-keyword-arguments (package-arguments openssl) - ;; Parallel build is not supported in 1.0.x. - ((#:parallel-build? _ #f) #f) - ((#:phases phases) - #~(modify-phases #$phases - (add-before 'patch-source-shebangs 'patch-tests - (lambda* (#:key inputs native-inputs #:allow-other-keys) - (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) - (substitute* (find-files "test" ".*") - (("/bin/sh") - (string-append bash "/bin/sh")) - (("/bin/rm") - "rm")) - #t))) - (add-before 'configure 'patch-Makefile.org - (lambda* (#:key outputs #:allow-other-keys) - ;; The default MANDIR is some unusual place. Fix that. - (let ((out (assoc-ref outputs "out"))) - (patch-makefile-SHELL "Makefile.org") - (substitute* "Makefile.org" - (("^MANDIR[[:blank:]]*=.*$") - (string-append "MANDIR = " out "/share/man\n"))) - #t))) - (replace 'configure - ;; Override this phase because OpenSSL 1.0 does not understand -rpath. - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (invoke #$@(if (%current-target-system) - #~("./Configure") - #~("./config")) - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" #$version) +(define openssl/fixed + (package + (inherit openssl) + (name "openssl") + (version "1.1.1n") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (sha256 + (base32 + "0ymif8rlc5cf5qp5bh2pxlrgq6xryh7g4sqfvrdjg9gnli8ypp20")))))) - (string-append "--prefix=" out) - #$@(if (%current-target-system) - '((getenv "CONFIGURE_TARGET_ARCH")) - '()))))) - (delete 'move-extra-documentation) - (add-after 'install 'move-man3-pages - (lambda* (#:key outputs #:allow-other-keys) - ;; Move section 3 man pages to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (doc (assoc-ref outputs "doc")) - (target (string-append doc "/share/man/man3"))) - (mkdir-p target) - (for-each (lambda (file) - (rename-file file - (string-append target "/" - (basename file)))) - (find-files man3)) - (delete-file-recursively man3) - #t))) - ;; XXX: Duplicate this phase to make sure 'version' evaluates - ;; in the current scope and not the inherited one. - (replace 'remove-miscellany - (lambda* (#:key outputs #:allow-other-keys) - ;; The 'misc' directory contains random undocumented shell and Perl - ;; scripts. Remove them to avoid retaining a reference on Perl. - (let ((out (assoc-ref outputs "out"))) - (delete-file-recursively (string-append out "/share/openssl-" - #$version "/misc")) - #t)))))))))) +(define-public openssl-3.0 + (package + (inherit openssl) + (version "3.0.2") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (patches (search-patches "openssl-3.0-c-rehash-in.patch")) + (sha256 + (base32 + "0qyvvw8n97f0gs786l2dkxnmi3hs344mxplw7jp5cisdmp71rscq")))) + (arguments + (substitute-keyword-arguments (package-arguments openssl) + ((#:phases phases '%standard-phases) + #~(modify-phases #$phases + (add-before 'configure 'configure-perl + (lambda* (#:key native-inputs inputs #:allow-other-keys) + (setenv "HASHBANGPERL" + (search-input-file (or native-inputs inputs) + "/bin/perl")))))))) + (license license:asl2.0))) (define-public bearssl (package |