Commit 18f1be70 authored by Adrian Gierakowski's avatar Adrian Gierakowski Committed by Artturin
Browse files

openssl: remove run-time dependency of perl due to c_rehash 

Replaces perl based c_rehash script with shell script wrapping `openssl rehash`
with the same functionality.

Fixes: #19965
Supersedes: #156776, #83446
Possibly related to: #157093, #82924
parent 731f1a0f

pkgs/development/libraries/openssl/default.nix

+11 −23
Original line number Diff line number Diff line 
{ lib, stdenv, fetchurl, buildPackages, perl, coreutils

{ lib, stdenv, fetchurl, buildPackages, perl, coreutils, writeShellScript

, makeWrapper

, withCryptodev ? false, cryptodev

, withZlib ? false, zlib

, enableSSL2 ? false

, enableSSL3 ? false

, enableKTLS ? stdenv.isLinux

, static ? stdenv.hostPlatform.isStatic

# Used to avoid cross compiling perl, for example, in darwin bootstrap tools.

# This will cause c_rehash to refer to perl via the environment, but otherwise

# will produce a perfectly functional openssl binary and library.

, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform

# path to openssl.cnf file. will be placed in $etc/etc/ssl/openssl.cnf to replace the default

, conf ? null

, removeReferencesTo
@@ -72,12 +69,9 @@ let 
      !(stdenv.hostPlatform.useLLVM or false) &&

      stdenv.cc.isGNU;



    nativeBuildInputs = [ perl ]

    nativeBuildInputs = [ makeWrapper perl ]

      ++ lib.optionals static [ removeReferencesTo ];

    buildInputs = lib.optional withCryptodev cryptodev

      # perl is included to allow the interpreter path fixup hook to set the

      # correct interpreter in c_rehash.

      ++ lib.optional withPerl perl

      ++ lib.optional withZlib zlib;



    # TODO(@Ericson2314): Improve with mass rebuild
@@ -172,23 +166,17 @@ let 


      # 'etc' is a separate output on static builds only.

      etc=$out

    '') + lib.optionalString (!stdenv.hostPlatform.isWindows)

      # Fix bin/c_rehash's perl interpreter line

      #

      # - openssl 1_0_2: embeds a reference to buildPackages.perl

      # - openssl 1_1:   emits "#!/usr/bin/env perl"

      #

      # In the case of openssl_1_0_2, reset the invalid reference and let the

      # interpreter hook take care of it.

      #

      # In both cases, if withPerl = false, the intepreter line is expected be

      # "#!/usr/bin/env perl"

    ''

      substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl}/bin/perl "/usr/bin/env perl"

    '' + ''

    '') + ''

      mkdir -p $bin

      mv $out/bin $bin/bin



      # c_rehash is a legacy perl script with the same functionality

      # as `openssl rehash`

      # this wrapper script is created to maintain backwards compatibility without

      # depending on perl

      makeWrapper $bin/bin/openssl $bin/bin/c_rehash \

        --add-flags "rehash"



      mkdir $dev

      mv $out/include $dev/