pkgs/development/libraries/openssl/default.nix at 19.03

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / libraries / openssl / default.nix
at 19.03 147 lines 4.8 kB view raw
wrap content
  1{ stdenv, fetchurl, buildPackages, perl, coreutils
  2, withCryptodev ? false, cryptodev
  3, enableSSL2 ? false
  4, static ? false
  5}:
  6
  7with stdenv.lib;
  8
  9let
 10  common = args@{ version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec {
 11    name = "openssl-${version}";
 12
 13    src = fetchurl {
 14      url = "https://www.openssl.org/source/${name}.tar.gz";
 15      inherit sha256;
 16    };
 17
 18    inherit patches;
 19
 20    postPatch = ''
 21      patchShebangs Configure
 22    '' + optionalString (versionOlder version "1.1.0") ''
 23      patchShebangs test/*
 24      for a in test/t* ; do
 25        substituteInPlace "$a" \
 26          --replace /bin/rm rm
 27      done
 28    '' + optionalString (versionAtLeast version "1.1.1") ''
 29      substituteInPlace config --replace '/usr/bin/env' '${coreutils}/bin/env'
 30    '' + optionalString (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) ''
 31      substituteInPlace crypto/async/arch/async_posix.h \
 32        --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \
 33                  '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0'
 34    '';
 35
 36    outputs = [ "bin" "dev" "out" "man" ] ++ optional withDocs "doc";
 37    setOutputFlags = false;
 38    separateDebugInfo = stdenv.hostPlatform.isLinux;
 39
 40    nativeBuildInputs = [ perl ];
 41    buildInputs = stdenv.lib.optional withCryptodev cryptodev;
 42
 43    # TODO(@Ericson2314): Improve with mass rebuild
 44    configurePlatforms = [];
 45    configureScript = {
 46        "x86_64-darwin"  = "./Configure darwin64-x86_64-cc";
 47        "x86_64-solaris" = "./Configure solaris64-x86_64-gcc";
 48        "armv6l-linux" = "./Configure linux-armv4 -march=armv6";
 49        "armv7l-linux" = "./Configure linux-armv4 -march=armv7-a";
 50      }.${stdenv.hostPlatform.system} or (
 51        if stdenv.hostPlatform == stdenv.buildPlatform
 52          then "./config"
 53        else if stdenv.hostPlatform.isMinGW
 54          then "./Configure mingw${optionalString
 55                                     (stdenv.hostPlatform.parsed.cpu.bits != 32)
 56                                     (toString stdenv.hostPlatform.parsed.cpu.bits)}"
 57        else if stdenv.hostPlatform.isLinux
 58          then "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
 59        else if stdenv.hostPlatform.isiOS
 60          then "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross"
 61        else
 62          throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}"
 63      );
 64
 65    configureFlags = [
 66      "shared" # "shared" builds both shared and static libraries
 67      "--libdir=lib"
 68      "--openssldir=etc/ssl"
 69    ] ++ stdenv.lib.optionals withCryptodev [
 70      "-DHAVE_CRYPTODEV"
 71      "-DUSE_CRYPTODEV_DIGESTS"
 72    ] ++ stdenv.lib.optional enableSSL2 "enable-ssl2"
 73      ++ stdenv.lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng";
 74
 75    makeFlags = [ "MANDIR=$(man)/share/man" ];
 76
 77    enableParallelBuilding = true;
 78
 79    postInstall =
 80    stdenv.lib.optionalString (!static) ''
 81      # If we're building dynamic libraries, then don't install static
 82      # libraries.
 83      if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
 84          rm "$out/lib/"*.a
 85      fi
 86
 87    '' +
 88    ''
 89      mkdir -p $bin
 90      substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl} ${perl}
 91      mv $out/bin $bin/
 92
 93      mkdir $dev
 94      mv $out/include $dev/
 95
 96      # remove dependency on Perl at runtime
 97      rm -r $out/etc/ssl/misc
 98
 99      rmdir $out/etc/ssl/{certs,private}
100    '';
101
102    postFixup = ''
103      # Check to make sure the main output doesn't depend on perl
104      if grep -r '${buildPackages.perl}' $out; then
105        echo "Found an erroneous dependency on perl ^^^" >&2
106        exit 1
107      fi
108    '';
109
110    meta = with stdenv.lib; {
111      homepage = https://www.openssl.org/;
112      description = "A cryptographic library that implements the SSL and TLS protocols";
113      license = licenses.openssl;
114      platforms = platforms.all;
115      maintainers = [ maintainers.peti ];
116      priority = 10; # resolves collision with ‘man-pages’
117    };
118  };
119
120in {
121
122  openssl_1_0_2 = common {
123    version = "1.0.2r";
124    sha256 = "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf";
125    patches = [
126      ./1.0.2/nix-ssl-cert-file.patch
127
128      (if stdenv.hostPlatform.isDarwin
129       then ./1.0.2/use-etc-ssl-certs-darwin.patch
130       else ./1.0.2/use-etc-ssl-certs.patch)
131    ];
132  };
133
134  openssl_1_1 = common {
135    version = "1.1.1b";
136    sha256 = "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw";
137    patches = [
138      ./1.1/nix-ssl-cert-file.patch
139
140      (if stdenv.hostPlatform.isDarwin
141       then ./1.1/use-etc-ssl-certs-darwin.patch
142       else ./1.1/use-etc-ssl-certs.patch)
143    ];
144    withDocs = true;
145  };
146
147}