tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / libraries / openssl / default.nix
at 17.09 119 lines 3.5 kB view raw
1{ stdenv, fetchurl, buildPackages, perl 2, hostPlatform 3, withCryptodev ? false, cryptodevHeaders 4, enableSSL2 ? false 5}: 6 7with stdenv.lib; 8 9let 10 11 opensslCrossSystem = hostPlatform.openssl.system or 12 (throw "openssl needs its platform name cross building"); 13 14 common = args@{ version, sha256, patches ? [] }: stdenv.mkDerivation rec { 15 name = "openssl-${version}"; 16 17 src = fetchurl { 18 url = "http://www.openssl.org/source/${name}.tar.gz"; 19 inherit sha256; 20 }; 21 22 patches = 23 (args.patches or []) 24 ++ [ ./nix-ssl-cert-file.patch ] 25 ++ optional (versionOlder version "1.1.0") 26 (if stdenv.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) 27 ++ optional (versionOlder version "1.0.2" && hostPlatform.isDarwin) 28 ./darwin-arch.patch; 29 30 outputs = [ "bin" "dev" "out" "man" ]; 31 setOutputFlags = false; 32 separateDebugInfo = stdenv.isLinux; 33 34 nativeBuildInputs = [ perl ]; 35 buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders; 36 37 # On x86_64-darwin, "./config" misdetects the system as 38 # "darwin-i386-cc". So specify the system type explicitly. 39 configureScript = 40 if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc" 41 else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc" 42 else "./config"; 43 44 configureFlags = [ 45 "shared" 46 "--libdir=lib" 47 "--openssldir=etc/ssl" 48 ] ++ stdenv.lib.optionals withCryptodev [ 49 "-DHAVE_CRYPTODEV" 50 "-DUSE_CRYPTODEV_DIGESTS" 51 ] ++ stdenv.lib.optional enableSSL2 "enable-ssl2" 52 ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.isAarch64) "no-afalgeng"; 53 54 makeFlags = [ "MANDIR=$(man)/share/man" ]; 55 56 # Parallel building is broken in OpenSSL. 57 enableParallelBuilding = false; 58 59 postInstall = '' 60 # If we're building dynamic libraries, then don't install static 61 # libraries. 62 if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then 63 rm "$out/lib/"*.a 64 fi 65 66 mkdir -p $bin 67 mv $out/bin $bin/ 68 69 mkdir $dev 70 mv $out/include $dev/ 71 72 # remove dependency on Perl at runtime 73 rm -r $out/etc/ssl/misc 74 75 rmdir $out/etc/ssl/{certs,private} 76 ''; 77 78 postFixup = '' 79 # Check to make sure the main output doesn't depend on perl 80 if grep -r '${buildPackages.perl}' $out; then 81 echo "Found an erroneous dependency on perl ^^^" >&2 82 exit 1 83 fi 84 ''; 85 86 crossAttrs = { 87 # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 88 postPatch = '' 89 sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared 90 ''; 91 preConfigure='' 92 # It's configure does not like --build or --host 93 export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}" 94 ''; 95 configureScript = "./Configure"; 96 }; 97 98 meta = { 99 homepage = https://www.openssl.org/; 100 description = "A cryptographic library that implements the SSL and TLS protocols"; 101 platforms = stdenv.lib.platforms.all; 102 maintainers = [ stdenv.lib.maintainers.peti ]; 103 priority = 10; # resolves collision with ‘man-pages’ 104 }; 105 }; 106 107in { 108 109 openssl_1_0_2 = common { 110 version = "1.0.2l"; 111 sha256 = "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"; 112 }; 113 114 openssl_1_1_0 = common { 115 version = "1.1.0f"; 116 sha256 = "0r97n4n552ns571diz54qsgarihrxvbn7kvyv8wjyfs9ybrldxqj"; 117 }; 118 119}