gnu: Add openssl-next.

* gnu/packages/tls.scm (openssl-next): New variable. * gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
2016-09-02 16:07:29 -04:00 · 2016-09-02 16:07:29 -04:00 · 763899f0db
parent 83457fe00e
commit 763899f0db
3 changed files with 55 additions and 0 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -702,6 +702,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/openjpeg-CVE-2015-6581.patch		\
  %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
  %D%/packages/patches/openssl-runpath.patch			\
+  %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
  %D%/packages/patches/openssl-c-rehash-in.patch		\
  %D%/packages/patches/openssl-CVE-2016-2177.patch		\
  %D%/packages/patches/openssl-CVE-2016-2178.patch		\
--- a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
+++ b/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
@ -0,0 +1,19 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index 2fef627..9d40eae 100644
+--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
+@@ -1,4 +1,6 @@
+-#!{- $config{hashbangperl} -}
+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
+  & eval 'exec perl -wS "$0" $argv:q'
+    if 0;
+ 
+ # {- join("\n# ", @autowarntext) -}
+ # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -323,6 +323,41 @@ required structures.")
   (license license:openssl)
   (home-page "http://www.openssl.org/")))

+(define-public openssl-next
+  (package
+    (inherit openssl)
+    (name "openssl")
+    (version "1.1.0")
+    (source (origin
+             (method url-fetch)
+             (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                       name "-" version ".tar.gz")
+                        (string-append "ftp://ftp.openssl.org/source/old/"
+                                       (string-trim-right version char-set:letter)
+                                       "/" name "-" version ".tar.gz")))
+              (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+              (sha256
+               (base32
+                "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm"))))
+    (outputs '("out"
+               "doc"        ;1.3MiB of man3 pages
+               "static"))   ; 5.5MiB of .a files
+    (arguments
+     (substitute-keyword-arguments (package-arguments openssl)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (delete 'patch-tests)          ; These two phases are not needed by
+           (delete 'patch-Makefile.org)   ; OpenSSL 1.1.0.
+
+           (add-after 'configure 'patch-runpath
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
+                 (substitute* "Makefile.shared"
+                   (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
+                    (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
+                                   " -Wl,-rpath," lib)))
+                 #t)))))))))
+
 (define-public libressl
  (package
    (name "libressl")