From 2932c421a3921ccf7dd045cdbd54b23843882d8e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 30 Jan 2022 16:27:48 +0100 Subject: gnu: OpenSSL: Add 3.0. * gnu/packages/tls.scm (openssl-3.0): New variable. * gnu/packages/patches/openssl-3.0-c-rehash-in.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 1 + gnu/packages/patches/openssl-3.0-c-rehash-in.patch | 18 +++++++++++++ gnu/packages/tls.scm | 30 +++++++++++++++++++++- 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openssl-3.0-c-rehash-in.patch diff --git a/gnu/local.mk b/gnu/local.mk index 898e8e92e3..4822e8e250 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1579,6 +1579,7 @@ dist_patch_DATA = \ %D%/packages/patches/opensles-add-license-file.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1-c-rehash-in.patch \ + %D%/packages/patches/openssl-3.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/openssl-CVE-2019-1559.patch \ %D%/packages/patches/open-zwave-hidapi.patch \ diff --git a/gnu/packages/patches/openssl-3.0-c-rehash-in.patch b/gnu/packages/patches/openssl-3.0-c-rehash-in.patch new file mode 100644 index 0000000000..6871e9348c --- /dev/null +++ b/gnu/packages/patches/openssl-3.0-c-rehash-in.patch @@ -0,0 +1,18 @@ +This patch removes the explicit reference to the 'perl' binary, +such that OpenSSL does not retain a reference to Perl. + +The 'c_rehash' program is seldom used, but it is used nonetheless +to create symbolic links to certificates, for instance in the 'nss-certs' +package. + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -1,4 +1,6 @@ +-#!{- $config{HASHBANGPERL} -} ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; + {- use OpenSSL::Util; -} + # {- join("\n# ", @autowarntext) -} + # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index d5b42c58a0..cf3663ae7d 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 Nikita ;;; Copyright © 2016 Hartmut Goebel ;;; Copyright © 2017 Ricardo Wurmus -;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke +;;; Copyright © 2017-2022 Marius Bakke ;;; Copyright © 2017–2021 Tobias Geerinckx-Rice ;;; Copyright © 2017 Rutger Helling ;;; Copyright © 2018 Clément Lassieur @@ -528,6 +528,34 @@ OpenSSL for TARGET." (base32 "15kcvdi69jka67sk1l3a50c26cb7xv9xiwdrgky4bji3ifz9k4gq")))))) +(define-public openssl-3.0 + (package + (inherit openssl) + (version "3.0.1") + (source (origin + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) + (patches (search-patches "openssl-3.0-c-rehash-in.patch")) + (sha256 + (base32 + "1l86kgn57av5yh711qp7c9zmi2haqmiah0ddxnbfgg2k6f2ss4f3")))) + (arguments + (substitute-keyword-arguments (package-arguments openssl) + ((#:phases phases '%standard-phases) + #~(modify-phases #$phases + (add-before 'configure 'configure-perl + (lambda* (#:key native-inputs inputs #:allow-other-keys) + (setenv "HASHBANGPERL" + (search-input-file (or native-inputs inputs) + "/bin/perl")))))))) + (license license:asl2.0))) + ;; We will not add any new uses of this package. If you add new code that uses ;; this package, your change will be reverted! ;; -- cgit v1.2.3