pyrox.dev / nixpkgs
lol
fork atom

treewide: use lib.getLib for OpenSSL libraries

At some point, I'd like to make another attempt at
71f1f4884b5 ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07df. One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries. This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.

This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching. The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.

I started by making the following global replacements:

${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
${openssl.out}/lib -> ${lib.getLib openssl}/lib

Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.

Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.

Then I manually investigated and fixed the following packages:

- pycurl
- citrix-workspace
- ppp
- wraith
- unbound
- gambit
- acl2

I'm reasonably confindent in my fixes for all of them.

For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all. Removing it doesn't make a difference to the output size, the
file list, or the closure.

I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.

Alyssa Ross fd78240a 30d3d79b

+67 -67
unified split
+1 -1
nixos/modules/system/boot/luksroot.nix
··· 877 877 copy_bin_and_libs ${pkgs.yubikey-personalization}/bin/ykinfo 878 878 copy_bin_and_libs ${pkgs.openssl.bin}/bin/openssl 879 879 880 - cc -O3 -I${pkgs.openssl.dev}/include -L${pkgs.openssl.out}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto 880 + cc -O3 -I${pkgs.openssl.dev}/include -L${lib.getLib pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto 881 881 strip -s pbkdf2-sha512 882 882 copy_bin_and_libs pbkdf2-sha512 883 883
+2 -2
pkgs/applications/audio/spotify/default.nix
··· 126 126 # Work around Spotify referring to a specific minor version of 127 127 # OpenSSL. 128 128 129 - ln -s ${openssl.out}/lib/libssl.so $libdir/libssl.so.1.0.0 130 - ln -s ${openssl.out}/lib/libcrypto.so $libdir/libcrypto.so.1.0.0 129 + ln -s ${lib.getLib openssl}/lib/libssl.so $libdir/libssl.so.1.0.0 130 + ln -s ${lib.getLib openssl}/lib/libcrypto.so $libdir/libcrypto.so.1.0.0 131 131 ln -s ${nspr.out}/lib/libnspr4.so $libdir/libnspr4.so 132 132 ln -s ${nspr.out}/lib/libplc4.so $libdir/libplc4.so 133 133
+1 -1
pkgs/applications/blockchains/snarkos/default.nix
··· 27 27 28 28 # Needed to get openssl-sys to use pkg-config. 29 29 OPENSSL_NO_VENDOR = 1; 30 - OPENSSL_LIB_DIR = "${openssl.out}/lib"; 30 + OPENSSL_LIB_DIR = "${lib.getLib openssl}/lib"; 31 31 OPENSSL_DIR="${lib.getDev openssl}"; 32 32 33 33 LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib";
+1 -1
pkgs/applications/blockchains/solana/default.nix
··· 37 37 # checkInputs = lib.optionals stdenv.isDarwin [ pkg-config rustfmt ]; 38 38 # Needed to get openssl-sys to use pkg-config. 39 39 # OPENSSL_NO_VENDOR = 1; 40 - # OPENSSL_LIB_DIR = "${openssl.out}/lib"; 40 + # OPENSSL_LIB_DIR = "${lib.getLib openssl}/lib"; 41 41 # OPENSSL_DIR="${lib.getDev openssl}"; 42 42 # LLVM_CONFIG_PATH="${llvm}/bin/llvm-config"; 43 43 # LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib";
+1 -1
pkgs/applications/editors/kodestudio/default.nix
··· 57 57 $out/kodestudio 58 58 patchelf \ 59 59 --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ 60 - --set-rpath ".:${stdenv.cc.libc}/lib:${xorg.libXinerama}/lib:${xorg.libX11}/lib:${alsa-lib}/lib:${libGL}/lib:${libGLU}/lib:${openssl.out}/lib" \ 60 + --set-rpath ".:${stdenv.cc.libc}/lib:${xorg.libXinerama}/lib:${xorg.libX11}/lib:${alsa-lib}/lib:${libGL}/lib:${libGLU}/lib:${lib.getLib openssl}/lib" \ 61 61 $out/resources/app/extensions/krom/Krom/linux/Krom 62 62 patchelf \ 63 63 --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+1 -1
pkgs/applications/editors/sublime/3/common.nix
··· 101 101 "''${gappsWrapperArgs[@]}" 102 102 103 103 # Without this, plugin_host crashes, even though it has the rpath 104 - wrapProgram $out/plugin_host --prefix LD_PRELOAD : ${stdenv.cc.cc.lib}/lib${lib.optionalString stdenv.is64bit "64"}/libgcc_s.so.1:${openssl.out}/lib/libssl.so:${bzip2.out}/lib/libbz2.so 104 + wrapProgram $out/plugin_host --prefix LD_PRELOAD : ${stdenv.cc.cc.lib}/lib${lib.optionalString stdenv.is64bit "64"}/libgcc_s.so.1:${lib.getLib openssl}/lib/libssl.so:${bzip2.out}/lib/libbz2.so 105 105 ''; 106 106 }; 107 107 in stdenv.mkDerivation (rec {
+1 -1
pkgs/applications/editors/vscode/extensions/ms-dotnettools-csharp/default.nix
··· 107 107 patchelf_add_icu_as_needed "$elf" 108 108 patchelf --add-needed "libssl.so" "$elf" 109 109 patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ 110 - --set-rpath "${lib.makeLibraryPath [ stdenv.cc.cc openssl.out icu.out ]}:\$ORIGIN" \ 110 + --set-rpath "${lib.makeLibraryPath [ stdenv.cc.cc openssl icu.out ]}:\$ORIGIN" \ 111 111 "$elf" 112 112 } 113 113
+1 -1
pkgs/applications/networking/irc/wraith/configure.patch
··· 52 52 -fi 53 53 -unset cf_openssl_basedir 54 54 +SSL_INCLUDES="-I@openssl.dev@/include" 55 - +SSL_LIBS="-L@openssl.out@/lib" 55 + +SSL_LIBS="-L@openssl-lib@/lib" 56 56 57 57 save_CXX="$CXX" 58 58 CXX="$CXX $SSL_INCLUDES"
+3 -3
pkgs/applications/networking/irc/wraith/default.nix
··· 12 12 patches = [ ./configure.patch ./dlopen.patch ]; 13 13 postPatch = '' 14 14 substituteInPlace configure --subst-var-by openssl.dev ${openssl.dev} \ 15 - --subst-var-by openssl.out ${openssl.out} 16 - substituteInPlace src/libssl.cc --subst-var-by openssl ${openssl.out} 17 - substituteInPlace src/libcrypto.cc --subst-var-by openssl ${openssl.out} 15 + --subst-var-by openssl-lib ${lib.getLib openssl} 16 + substituteInPlace src/libssl.cc --subst-var-by openssl ${lib.getLib openssl} 17 + substituteInPlace src/libcrypto.cc --subst-var-by openssl ${lib.getLib openssl} 18 18 ''; 19 19 installPhase = '' 20 20 mkdir -p $out/bin
+1 -1
pkgs/applications/networking/mailreaders/mailspring/default.nix
··· 70 70 --replace dirname ${coreutils}/bin/dirname 71 71 72 72 ln -s $out/share/mailspring/mailspring $out/bin/mailspring 73 - ln -s ${openssl.out}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 73 + ln -s ${lib.getLib openssl}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 74 74 75 75 runHook postInstall 76 76 '';
+1 -1
pkgs/applications/networking/remote/citrix-workspace/generic.nix
··· 14 14 openssl' = symlinkJoin { 15 15 name = "openssl-backwards-compat"; 16 16 nativeBuildInputs = [ makeWrapper ]; 17 - paths = [ openssl.out ]; 17 + paths = [ (lib.getLib openssl) ]; 18 18 postBuild = '' 19 19 ln -sf $out/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 20 20 ln -sf $out/lib/libssl.so $out/lib/libssl.so.1.0.0
+1 -1
pkgs/applications/version-management/subversion/default.nix
··· 92 92 --replace "${expat.dev}/lib" "${expat.out}/lib" \ 93 93 --replace "${zlib.dev}/lib" "${zlib.out}/lib" \ 94 94 --replace "${sqlite.dev}/lib" "${sqlite.out}/lib" \ 95 - --replace "${openssl.dev}/lib" "${openssl.out}/lib" 95 + --replace "${openssl.dev}/lib" "${lib.getLib openssl}/lib" 96 96 done 97 97 ''; 98 98
+2 -2
pkgs/development/compilers/gambit/build.nix
··· 86 86 87 87 # OS-specific paths are hardcoded in ./configure 88 88 substituteInPlace config.status \ 89 - --replace "/usr/local/opt/openssl@1.1" "${openssl.out}" \ 90 - --replace "/usr/local/opt/openssl" "${openssl.out}" 89 + --replace "/usr/local/opt/openssl@1.1" "${lib.getLib openssl}" \ 90 + --replace "/usr/local/opt/openssl" "${lib.getLib openssl}" 91 91 92 92 ./config.status 93 93 '';
+1 -1
pkgs/development/compilers/urweb/default.nix
··· 27 27 28 28 export CC="${gcc}/bin/gcc"; 29 29 export CCARGS="-I$out/include \ 30 - -L${openssl.out}/lib \ 30 + -L${lib.getLib openssl}/lib \ 31 31 -L${libmysqlclient}/lib \ 32 32 -L${postgresql.lib}/lib \ 33 33 -L${sqlite.out}/lib";
+3 -3
pkgs/development/interpreters/acl2/default.nix
··· 36 36 patches = [(substituteAll { 37 37 src = ./0001-Fix-some-paths-for-Nix-build.patch; 38 38 libipasir = "${libipasir}/lib/${libipasir.libname}"; 39 - libssl = "${openssl.out}/lib/libssl${stdenv.hostPlatform.extensions.sharedLibrary}"; 40 - libcrypto = "${openssl.out}/lib/libcrypto${stdenv.hostPlatform.extensions.sharedLibrary}"; 39 + libssl = "${lib.getLib openssl}/lib/libssl${stdenv.hostPlatform.extensions.sharedLibrary}"; 40 + libcrypto = "${lib.getLib openssl}/lib/libcrypto${stdenv.hostPlatform.extensions.sharedLibrary}"; 41 41 })]; 42 42 43 43 buildInputs = [ ··· 47 47 # To build community books, we need Perl and a couple of utilities: 48 48 which perl hostname makeWrapper 49 49 # Some of the books require one or more of these external tools: 50 - openssl.out glucose minisat abc-verifier libipasir 50 + glucose minisat abc-verifier libipasir 51 51 z3 (python2.withPackages (ps: [ ps.z3 ])) 52 52 ]; 53 53
+1 -1
pkgs/development/libraries/apr-util/default.nix
··· 58 58 substituteInPlace $f \ 59 59 --replace "${expat.dev}/lib" "${expat.out}/lib" \ 60 60 --replace "${db.dev}/lib" "${db.out}/lib" \ 61 - --replace "${openssl.dev}/lib" "${openssl.out}/lib" 61 + --replace "${openssl.dev}/lib" "${lib.getLib openssl}/lib" 62 62 done 63 63 64 64 # Give apr1 access to sed for runtime invocations.
+1 -1
pkgs/development/libraries/aqbanking/gwenhywfar.nix
··· 23 23 24 24 configureFlags = [ 25 25 "--with-openssl-includes=${openssl.dev}/include" 26 - "--with-openssl-libs=${openssl.out}/lib" 26 + "--with-openssl-libs=${lib.getLib openssl}/lib" 27 27 ]; 28 28 29 29 preConfigure = ''
+1 -1
pkgs/development/libraries/ggz_base_libs/default.nix
··· 15 15 patchPhase = '' 16 16 substituteInPlace configure \ 17 17 --replace "/usr/local/ssl/include" "${openssl.dev}/include" \ 18 - --replace "/usr/local/ssl/lib" "${openssl.out}/lib" 18 + --replace "/usr/local/ssl/lib" "${lib.getLib openssl}/lib" 19 19 ''; 20 20 21 21 configureFlags = [
+1 -1
pkgs/development/libraries/libarchive/default.nix
··· 43 43 44 44 preFixup = '' 45 45 sed -i $lib/lib/libarchive.la \ 46 - -e 's|-lcrypto|-L${openssl.out}/lib -lcrypto|' \ 46 + -e 's|-lcrypto|-L${lib.getLib openssl}/lib -lcrypto|' \ 47 47 -e 's|-llzo2|-L${lzo}/lib -llzo2|' 48 48 ''; 49 49
+2 -2
pkgs/development/libraries/live555/default.nix
··· 27 27 28 28 postPatch = '' 29 29 substituteInPlace config.macosx-catalina \ 30 - --replace '/usr/lib/libssl.46.dylib' "${openssl.out}/lib/libssl.dylib" \ 31 - --replace '/usr/lib/libcrypto.44.dylib' "${openssl.out}/lib/libcrypto.dylib" 30 + --replace '/usr/lib/libssl.46.dylib' "${lib.getLib openssl}/lib/libssl.dylib" \ 31 + --replace '/usr/lib/libcrypto.44.dylib' "${lib.getLib openssl}/lib/libcrypto.dylib" 32 32 sed -i -e 's|/bin/rm|rm|g' genMakefiles 33 33 sed -i \ 34 34 -e 's/$(INCLUDES) -I. -O2 -DSOCKLEN_T/$(INCLUDES) -I. -O2 -I. -fPIC -DRTSPCLIENT_SYNCHRONOUS_INTERFACE=1 -DSOCKLEN_T/g' \
+1 -1
pkgs/development/libraries/openldap/default.nix
··· 74 74 rm -r libraries/*/.libs 75 75 rm -r contrib/slapd-modules/passwd/*/.libs 76 76 for f in $out/lib/libldap.la $out/lib/libldap_r.la; do 77 - substituteInPlace "$f" --replace '-lssl' '-L${openssl.out}/lib -lssl' 77 + substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl' 78 78 '' + lib.optionalString withCyrusSasl '' 79 79 substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2' 80 80 '' + ''
+1 -1
pkgs/development/libraries/qt-5/modules/qtbase.nix
··· 261 261 "-I" "${harfbuzz.dev}/include" 262 262 "-system-pcre" 263 263 "-openssl-linked" 264 - "-L" "${openssl.out}/lib" 264 + "-L" "${lib.getLib openssl}/lib" 265 265 "-I" "${openssl.dev}/include" 266 266 "-system-sqlite" 267 267 ''-${if libmysqlclient != null then "plugin" else "no"}-sql-mysql''
+1 -1
pkgs/development/libraries/unixODBCDrivers/default.nix
··· 157 157 ''; 158 158 159 159 postFixup = '' 160 - patchelf --set-rpath ${lib.makeLibraryPath [ unixODBC openssl.out libkrb5 libuuid stdenv.cc.cc ]} \ 160 + patchelf --set-rpath ${lib.makeLibraryPath [ unixODBC openssl libkrb5 libuuid stdenv.cc.cc ]} \ 161 161 $out/lib/libmsodbcsql-${versionMajor}.${versionMinor}.so.${versionAdditional} 162 162 ''; 163 163
+1 -1
pkgs/development/lisp-modules/quicklisp-to-nix-overrides.nix
··· 64 64 propagatedBuildInputs = [pkgs.openssl]; 65 65 overrides = y: (x.overrides y) // { 66 66 prePatch = '' 67 - sed 's|libssl.so|${pkgs.openssl.out}/lib/libssl.so|' -i src/reload.lisp 67 + sed 's|libssl.so|${pkgs.lib.getLib pkgs.openssl}/lib/libssl.so|' -i src/reload.lisp 68 68 ''; 69 69 }; 70 70 };
+1 -1
pkgs/development/python-modules/bitcoinlib/default.nix
··· 17 17 postPatch = '' 18 18 substituteInPlace bitcoin/core/key.py --replace \ 19 19 "ctypes.util.find_library('ssl') or 'libeay32'" \ 20 - "'${openssl.out}/lib/libssl.${ext}'" 20 + "'${lib.getLib openssl}/lib/libssl.${ext}'" 21 21 ''; 22 22 23 23 meta = {
+1 -1
pkgs/development/python-modules/proton-client/default.nix
··· 34 34 # but it is not working as intended. 35 35 #patchPhase = '' 36 36 # substituteInPlace proton/srp/_ctsrp.py --replace \ 37 - # "ctypes.cdll.LoadLibrary('libssl.so.10')" "'${openssl.out}/lib/libssl.so'" 37 + # "ctypes.cdll.LoadLibrary('libssl.so.10')" "'${lib.getLib openssl}/lib/libssl.so'" 38 38 #''; 39 39 # Regarding the issue above, I'm disabling tests for now 40 40 doCheck = false;
+1 -1
pkgs/development/python-modules/pycurl/default.nix
··· 27 27 28 28 buildInputs = [ 29 29 curl 30 - openssl.out 30 + openssl 31 31 ]; 32 32 33 33 nativeBuildInputs = [
+1 -1
pkgs/development/python-modules/telethon/default.nix
··· 12 12 13 13 patchPhase = '' 14 14 substituteInPlace telethon/crypto/libssl.py --replace \ 15 - "ctypes.util.find_library('ssl')" "'${openssl.out}/lib/libssl.so'" 15 + "ctypes.util.find_library('ssl')" "'${lib.getLib openssl}/lib/libssl.so'" 16 16 ''; 17 17 18 18 propagatedBuildInputs = [
+3 -3
pkgs/development/r-modules/default.nix
··· 1083 1083 patchShebangs configure 1084 1084 ''; 1085 1085 PKGCONFIG_CFLAGS = "-I${pkgs.openssl.dev}/include"; 1086 - PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -lssl -lcrypto"; 1086 + PKGCONFIG_LIBS = "-Wl,-rpath,${lib.getLib pkgs.openssl}/lib -L${lib.getLib pkgs.openssl}/lib -lssl -lcrypto"; 1087 1087 }); 1088 1088 1089 1089 websocket = old.websocket.overrideDerivation (attrs: { 1090 1090 PKGCONFIG_CFLAGS = "-I${pkgs.openssl.dev}/include"; 1091 - PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -lssl -lcrypto"; 1091 + PKGCONFIG_LIBS = "-Wl,-rpath,${lib.getLib pkgs.openssl}/lib -L${lib.getLib pkgs.openssl}/lib -lssl -lcrypto"; 1092 1092 }); 1093 1093 1094 1094 Rserve = old.Rserve.overrideDerivation (attrs: { ··· 1193 1193 patchShebangs configure 1194 1194 ''; 1195 1195 PKGCONFIG_CFLAGS = "-I${pkgs.openssl.dev}/include -I${pkgs.cyrus_sasl.dev}/include -I${pkgs.zlib.dev}/include"; 1196 - PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz"; 1196 + PKGCONFIG_LIBS = "-Wl,-rpath,${lib.getLib pkgs.openssl}/lib -L${lib.getLib pkgs.openssl}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz"; 1197 1197 }); 1198 1198 1199 1199 ps = old.ps.overrideDerivation (attrs: {
+2 -2
pkgs/development/tools/clpm/default.nix
··· 27 27 28 28 postPatch = '' 29 29 # patch cl-plus-ssl to ensure that it finds libssl and libcrypto 30 - sed 's|libssl.so|${openssl.out}/lib/libssl.so|' -i ext/cl-plus-ssl/src/reload.lisp 31 - sed 's|libcrypto.so|${openssl.out}/lib/libcrypto.so|' -i ext/cl-plus-ssl/src/reload.lisp 30 + sed 's|libssl.so|${lib.getLib openssl}/lib/libssl.so|' -i ext/cl-plus-ssl/src/reload.lisp 31 + sed 's|libcrypto.so|${lib.getLib openssl}/lib/libcrypto.so|' -i ext/cl-plus-ssl/src/reload.lisp 32 32 # patch dexador to avoid error due to dexador being loaded multiple times 33 33 sed -i 's/defpackage/uiop:define-package/g' ext/dexador/src/dexador.lisp 34 34 '';
+1 -1
pkgs/development/tools/database/prisma-engines/default.nix
··· 33 33 34 34 preBuild = '' 35 35 export OPENSSL_DIR=${lib.getDev openssl} 36 - export OPENSSL_LIB_DIR=${openssl.out}/lib 36 + export OPENSSL_LIB_DIR=${lib.getLib openssl}/lib 37 37 38 38 export PROTOC=${protobuf}/bin/protoc 39 39 export PROTOC_INCLUDE="${protobuf}/include";
+1 -1
pkgs/servers/dns/bind/default.nix
··· 65 65 moveToOutput bin/nsupdate $dnsutils 66 66 67 67 for f in "$lib/lib/"*.la "$dev/bin/"bind*-config; do 68 - sed -i "$f" -e 's|-L${openssl.dev}|-L${openssl.out}|g' 68 + sed -i "$f" -e 's|-L${openssl.dev}|-L${lib.getLib openssl}|g' 69 69 done 70 70 ''; 71 71
+1 -1
pkgs/servers/monitoring/net-snmp/default.nix
··· 53 53 54 54 postInstall = '' 55 55 for f in "$lib/lib/"*.la $bin/bin/net-snmp-config $bin/bin/net-snmp-create-v3-user; do 56 - sed 's|-L${openssl.dev}|-L${openssl.out}|g' -i $f 56 + sed 's|-L${openssl.dev}|-L${lib.getLib openssl}|g' -i $f 57 57 done 58 58 mkdir $dev/bin 59 59 mv $bin/bin/net-snmp-config $dev/bin
+1 -1
pkgs/servers/openxpki/default.nix
··· 53 53 preConfigure = '' 54 54 substituteInPlace core/server/Makefile.PL \ 55 55 --replace "my \$openssl_inc_dir = ''';" "my \$openssl_inc_dir = '${openssl.dev}/include';" \ 56 - --replace "my \$openssl_lib_dir = ''';" "my \$openssl_lib_dir = '${openssl.out}/lib';" \ 56 + --replace "my \$openssl_lib_dir = ''';" "my \$openssl_lib_dir = '${lib.getLib openssl}/lib';" \ 57 57 --replace "my \$openssl_binary = ''';" "my \$openssl_binary = '${openssl.bin}/bin/openssl';" 58 58 substituteInPlace tools/vergen --replace "#!/usr/bin/perl" "#!${perl}/bin/perl" 59 59 cp ${./vergen_revision_state} .vergen_revision_state
+1 -1
pkgs/servers/web-apps/lemmy/server.nix
··· 32 32 # As of version 0.10.35 rust-openssl looks for openssl on darwin 33 33 # with a hardcoded path to /usr/lib/libssl.x.x.x.dylib 34 34 # https://github.com/sfackler/rust-openssl/blob/master/openssl-sys/build/find_normal.rs#L115 35 - OPENSSL_LIB_DIR = "${openssl.out}/lib"; 35 + OPENSSL_LIB_DIR = "${lib.getLib openssl}/lib"; 36 36 OPENSSL_INCLUDE_DIR = "${openssl.dev}/include"; 37 37 38 38 PROTOC = "${protobuf}/bin/protoc";
+1 -1
pkgs/stdenv/darwin/make-bootstrap-tools.nix
··· 80 80 cp ${curl_.bin}/bin/curl $out/bin 81 81 cp -d ${curl_.out}/lib/libcurl*.dylib $out/lib 82 82 cp -d ${libssh2.out}/lib/libssh*.dylib $out/lib 83 - cp -d ${openssl.out}/lib/*.dylib $out/lib 83 + cp -d ${lib.getLib openssl}/lib/*.dylib $out/lib 84 84 85 85 cp -d ${gnugrep.pcre.out}/lib/libpcre*.dylib $out/lib 86 86 cp -d ${lib.getLib libiconv}/lib/lib*.dylib $out/lib
+1 -1
pkgs/tools/admin/salt/default.nix
··· 46 46 47 47 postPatch = '' 48 48 substituteInPlace "salt/utils/rsax931.py" \ 49 - --subst-var-by "libcrypto" "${openssl.out}/lib/libcrypto.so" 49 + --subst-var-by "libcrypto" "${lib.getLib openssl}/lib/libcrypto.so" 50 50 substituteInPlace requirements/base.txt \ 51 51 --replace contextvars "" 52 52 '';
+1 -1
pkgs/tools/filesystems/xtreemfs/default.nix
··· 31 31 export BOOST_INCLUDEDIR=${boost.dev}/include 32 32 export BOOST_LIBRARYDIR=${boost.out}/lib 33 33 export CMAKE_INCLUDE_PATH=${openssl.dev}/include 34 - export CMAKE_LIBRARY_PATH=${openssl.out}/lib 34 + export CMAKE_LIBRARY_PATH=${lib.getLib openssl}/lib 35 35 36 36 substituteInPlace cpp/cmake/FindValgrind.cmake \ 37 37 --replace "/usr/local" "${valgrind}"
+1 -1
pkgs/tools/networking/drill/default.nix
··· 24 24 pkg-config 25 25 ]; 26 26 27 - OPENSSL_LIB_DIR = "${openssl.out}/lib"; 27 + OPENSSL_LIB_DIR = "${lib.getLib openssl}/lib"; 28 28 OPENSSL_DIR="${lib.getDev openssl}"; 29 29 30 30 buildInputs = lib.optionals stdenv.isLinux [
+1 -1
pkgs/tools/networking/ntp/default.nix
··· 12 12 configureFlags = [ 13 13 "--sysconfdir=/etc" 14 14 "--localstatedir=/var" 15 - "--with-openssl-libdir=${openssl.out}/lib" 15 + "--with-openssl-libdir=${lib.getLib openssl}/lib" 16 16 "--with-openssl-incdir=${openssl.dev}/include" 17 17 "--enable-ignore-dns-errors" 18 18 "--with-yielding-select=yes"
+1 -1
pkgs/tools/networking/ppp/default.nix
··· 23 23 src = ./nix-purity.patch; 24 24 glibc = stdenv.cc.libc.dev or stdenv.cc.libc; 25 25 openssl_dev = openssl.dev; 26 - openssl_out = openssl.out; 26 + openssl_lib = lib.getLib openssl; 27 27 }) 28 28 # Without nonpriv.patch, pppd --version doesn't work when not run as root. 29 29 ./nonpriv.patch
+1 -1
pkgs/tools/networking/ppp/nix-purity.patch
··· 9 9 -CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include 10 10 -LIBS += -lsrp -L/usr/local/ssl/lib 11 11 +CFLAGS += -DUSE_SRP -DOPENSSL -I@openssl_dev@/include/openssl 12 - +LIBS += -lsrp -L@openssl_out@/lib 12 + +LIBS += -lsrp -L@openssl_lib@/lib 13 13 NEEDCRYPTOLIB = y 14 14 TARGETS += srp-entry 15 15 EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
+2 -2
pkgs/tools/networking/unbound/default.nix
··· 32 32 , withDNSTAP ? false 33 33 , withTFO ? false 34 34 , withRedis ? false 35 - # Avoid .lib depending on openssl.out 35 + # Avoid .lib depending on lib.getLib openssl 36 36 # The build gets a little hacky, so in some cases we disable this approach. 37 37 , withSlimLib ? stdenv.isLinux && !stdenv.hostPlatform.isMusl && !withDNSTAP 38 38 , libnghttp2 ··· 110 110 111 111 preFixup = lib.optionalString withSlimLib 112 112 # Build libunbound again, but only against nettle instead of openssl. 113 - # This avoids gnutls.out -> unbound.lib -> openssl.out. 113 + # This avoids gnutls.out -> unbound.lib -> lib.getLib openssl. 114 114 '' 115 115 configureFlags="$configureFlags --with-nettle=${nettle.dev} --with-libunbound-only" 116 116 configurePhase
+1 -1
pkgs/tools/networking/uwimap/default.nix
··· 29 29 postPatch = '' 30 30 sed -i src/osdep/unix/Makefile -e 's,/usr/local/ssl,${openssl.dev},' 31 31 sed -i src/osdep/unix/Makefile -e 's,^SSLCERTS=.*,SSLCERTS=/etc/ssl/certs,' 32 - sed -i src/osdep/unix/Makefile -e 's,^SSLLIB=.*,SSLLIB=${openssl.out}/lib,' 32 + sed -i src/osdep/unix/Makefile -e 's,^SSLLIB=.*,SSLLIB=${lib.getLib openssl}/lib,' 33 33 ''; 34 34 35 35 NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin
+1 -1
pkgs/tools/security/eid-mw/default.nix
··· 34 34 buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; 35 35 preConfigure = '' 36 36 mkdir openssl 37 - ln -s ${openssl.out}/lib openssl 37 + ln -s ${lib.getLib openssl}/lib openssl 38 38 ln -s ${openssl.bin}/bin openssl 39 39 ln -s ${openssl.dev}/include openssl 40 40 export SSL_PREFIX=$(realpath openssl)
+1 -1
pkgs/tools/security/pcsc-safenet/default.nix
··· 69 69 ln -sf libAksIfdh.so.10.0 libAksIfdh.so 70 70 ln -sf libAksIfdh.so.10.0 libAksIfdh.so.10 71 71 72 - ln -sf ${openssl.out}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 72 + ln -sf ${lib.getLib openssl}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 73 73 ''; 74 74 75 75 dontAutoPatchelf = true;
+1 -1
pkgs/tools/security/quill/default.nix
··· 27 27 export IC_NNS_COMMON_PROTO_INCLUDES=${ic}/rs/nns/common/proto 28 28 export PROTOC=${buildPackages.protobuf}/bin/protoc 29 29 export OPENSSL_DIR=${openssl.dev} 30 - export OPENSSL_LIB_DIR=${openssl.out}/lib 30 + export OPENSSL_LIB_DIR=${lib.getLib openssl}/lib 31 31 ''; 32 32 33 33 cargoSha256 = "sha256-YxuBABGaZ+ti31seEYR6bB+OMgrSvl1lZyu4bqdxPIk=";
+1 -1
pkgs/tools/security/rbw/default.nix
··· 66 66 67 67 preConfigure = '' 68 68 export OPENSSL_INCLUDE_DIR="${openssl.dev}/include" 69 - export OPENSSL_LIB_DIR="${openssl.out}/lib" 69 + export OPENSSL_LIB_DIR="${lib.getLib openssl}/lib" 70 70 ''; 71 71 72 72 postInstall = ''
+1 -1
pkgs/tools/system/monit/default.nix
··· 28 28 (lib.withFeature usePAM "pam") 29 29 ] ++ (if useSSL then [ 30 30 "--with-ssl-incl-dir=${openssl.dev}/include" 31 - "--with-ssl-lib-dir=${openssl.out}/lib" 31 + "--with-ssl-lib-dir=${lib.getLib openssl}/lib" 32 32 ] else [ 33 33 "--without-ssl" 34 34 ]) ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+7 -7
pkgs/top-level/perl-packages.nix
··· 4709 4709 sha256 = "b66fab514edf97fc32f58da257582704a210c2b35e297d5c31b7fa2ffd08e908"; 4710 4710 }; 4711 4711 NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; 4712 - NIX_CFLAGS_LINK = "-L${pkgs.openssl.out}/lib -lcrypto"; 4712 + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; 4713 4713 meta = with lib; { 4714 4714 description = "Perl wrapper around OpenSSL's AES library"; 4715 4715 license = with licenses; [ artistic1 gpl1Plus ]; ··· 4724 4724 sha256 = "1p22znbajq91lbk2k3yg12ig7hy5b4vy8igxwqkmbm4nhgxp4ki3"; 4725 4725 }; 4726 4726 NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; 4727 - NIX_CFLAGS_LINK = "-L${pkgs.openssl.out}/lib -lcrypto"; 4727 + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; 4728 4728 }; 4729 4729 4730 4730 CryptOpenSSLGuess = buildPerlPackage { ··· 4749 4749 sha256 = "1x6ffps8q7mnawmcfq740llzy7i10g3319vap0wiw4d33fm6z1zh"; 4750 4750 }; 4751 4751 NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; 4752 - NIX_CFLAGS_LINK = "-L${pkgs.openssl.out}/lib -lcrypto"; 4752 + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; 4753 4753 buildInputs = [ CryptOpenSSLGuess ]; 4754 4754 }; 4755 4755 ··· 4762 4762 }; 4763 4763 propagatedBuildInputs = [ CryptOpenSSLRandom ]; 4764 4764 NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; 4765 - NIX_CFLAGS_LINK = "-L${pkgs.openssl.out}/lib -lcrypto"; 4765 + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; 4766 4766 buildInputs = [ CryptOpenSSLGuess ]; 4767 4767 }; 4768 4768 ··· 4774 4774 sha256 = "684bd888d2ed4c748f8f6dd8e87c14afa2974b12ee01faa082ad9cfa1e321e62"; 4775 4775 }; 4776 4776 NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; 4777 - NIX_CFLAGS_LINK = "-L${pkgs.openssl.out}/lib -lcrypto"; 4777 + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; 4778 4778 meta = { 4779 4779 homepage = "https://github.com/dsully/perl-crypt-openssl-x509"; 4780 4780 description = "Perl extension to OpenSSL's X509 API"; ··· 4843 4843 sha256 = "0b159lw3ia5r87qsgff3qhdnz3l09xcz04rbk4ji7fbyr12wmv7q"; 4844 4844 }; 4845 4845 4846 - makeMakerFlags = "--libpath=${pkgs.openssl.out}/lib --incpath=${pkgs.openssl.dev}/include"; 4846 + makeMakerFlags = "--libpath=${lib.getLib pkgs.openssl}/lib --incpath=${pkgs.openssl.dev}/include"; 4847 4847 buildInputs = [ PathClass ]; 4848 4848 propagatedBuildInputs = [ BytesRandomSecure LWPProtocolHttps ]; 4849 4849 }; ··· 16739 16739 doCheck = false; # Test performs network access. 16740 16740 preConfigure = '' 16741 16741 mkdir openssl 16742 - ln -s ${pkgs.openssl.out}/lib openssl 16742 + ln -s ${lib.getLib pkgs.openssl}/lib openssl 16743 16743 ln -s ${pkgs.openssl.bin}/bin openssl 16744 16744 ln -s ${pkgs.openssl.dev}/include openssl 16745 16745 export OPENSSL_PREFIX=$(realpath openssl)