me/guix
Archived
1
0
Fork 0
Code Activity

gnu: OpenSSL 1.0.2: Hide this package.

Browse source 
* gnu/packages/tls.scm (openssl-1.0): Wrap in 'hidden-package'.
This commit is contained in:
Leo Famulari 2021-08-11 14:23:29 -04:00
parent 05effbbfc2
commit 12099eac1b
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
1 changed files with 104 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

193
gnu/packages/tls.scm
View file

@ -509,98 +509,113 @@ required structures.")
(base32 (base32
"1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9")))))) "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
;; We will not add any new uses of this package. If you add new code that uses
;; this package, your change will be reverted!
;;
;; The only acceptable use for this package is to bootstrap Rust, in
;; ((gnu packages rust) rust-1.19).
;;
;; OpenSSL 1.0 is no longer suppported upstream [0] and has several security
;; vulnerabilities that will not be fixed [1].
;;
;; For more information from the Guix point of view, see
;; <https://bugs.gnu.org/46602>.
;;
;; [0] https://www.openssl.org/policies/releasestrat.html
;; [1] https://www.openssl.org/news/vulnerabilities.html
(define-public openssl-1.0 (define-public openssl-1.0
(package (hidden-package
(inherit openssl) (package
(name "openssl") (inherit openssl)
(version "1.0.2u") (name "openssl")
(source (origin (version "1.0.2u")
(method url-fetch) (source (origin
(uri (list (string-append "https://www.openssl.org/source/openssl-" (method url-fetch)
version ".tar.gz") (uri (list (string-append "https://www.openssl.org/source/openssl-"
(string-append "ftp://ftp.openssl.org/source/" version ".tar.gz")
"openssl-" version ".tar.gz") (string-append "ftp://ftp.openssl.org/source/"
(string-append "ftp://ftp.openssl.org/source/old/" "openssl-" version ".tar.gz")
(string-trim-right version char-set:letter) (string-append "ftp://ftp.openssl.org/source/old/"
"/openssl-" version ".tar.gz"))) (string-trim-right version char-set:letter)
(sha256 "/openssl-" version ".tar.gz")))
(base32 (sha256
"05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c")) (base32
(patches (search-patches "openssl-runpath.patch" "05lxcs4hzyfqd5jn0d9p0fvqna62v2s4pc9qgmq0dpcknkzwdl7c"))
"openssl-c-rehash-in.patch")))) (patches (search-patches "openssl-runpath.patch"
(outputs '("out" "openssl-c-rehash-in.patch"))))
"doc" ;1.5MiB of man3 pages (outputs '("out"
"static")) ;6MiB of .a files "doc" ;1.5MiB of man3 pages
(arguments "static")) ;6MiB of .a files
(substitute-keyword-arguments (package-arguments openssl) (arguments
;; Parallel build is not supported in 1.0.x. (substitute-keyword-arguments (package-arguments openssl)
((#:parallel-build? _ #f) #f) ;; Parallel build is not supported in 1.0.x.
((#:phases phases) ((#:parallel-build? _ #f) #f)
`(modify-phases ,phases ((#:phases phases)
(add-before 'patch-source-shebangs 'patch-tests `(modify-phases ,phases
(lambda* (#:key inputs native-inputs #:allow-other-keys) (add-before 'patch-source-shebangs 'patch-tests
(let ((bash (assoc-ref (or native-inputs inputs) "bash"))) (lambda* (#:key inputs native-inputs #:allow-other-keys)
(substitute* (find-files "test" ".*") (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
(("/bin/sh") (substitute* (find-files "test" ".*")
(string-append bash "/bin/sh")) (("/bin/sh")
(("/bin/rm") (string-append bash "/bin/sh"))
"rm")) (("/bin/rm")
#t))) "rm"))
(add-before 'configure 'patch-Makefile.org #t)))
(lambda* (#:key outputs #:allow-other-keys) (add-before 'configure 'patch-Makefile.org
;; The default MANDIR is some unusual place. Fix that. (lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))) ;; The default MANDIR is some unusual place. Fix that.
(patch-makefile-SHELL "Makefile.org") (let ((out (assoc-ref outputs "out")))
(substitute* "Makefile.org" (patch-makefile-SHELL "Makefile.org")
(("^MANDIR[[:blank:]]*=.*$") (substitute* "Makefile.org"
(string-append "MANDIR = " out "/share/man\n"))) (("^MANDIR[[:blank:]]*=.*$")
#t))) (string-append "MANDIR = " out "/share/man\n")))
(replace 'configure #t)))
;; Override this phase because OpenSSL 1.0 does not understand -rpath. (replace 'configure
(lambda* (#:key outputs #:allow-other-keys) ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
(let ((out (assoc-ref outputs "out"))) (lambda* (#:key outputs #:allow-other-keys)
(invoke ,@(if (%current-target-system) (let ((out (assoc-ref outputs "out")))
'("./Configure") (invoke ,@(if (%current-target-system)
'("./config")) '("./Configure")
"shared" ;build shared libraries '("./config"))
"--libdir=lib" "shared" ;build shared libraries
"--libdir=lib"
;; The default for this catch-all directory is ;; The default for this catch-all directory is
;; PREFIX/ssl. Change that to something more ;; PREFIX/ssl. Change that to something more
;; conventional. ;; conventional.
(string-append "--openssldir=" out (string-append "--openssldir=" out
"/share/openssl-" ,version) "/share/openssl-" ,version)
(string-append "--prefix=" out) (string-append "--prefix=" out)
,@(if (%current-target-system) ,@(if (%current-target-system)
'((getenv "CONFIGURE_TARGET_ARCH")) '((getenv "CONFIGURE_TARGET_ARCH"))
'()))))) '())))))
(delete 'move-extra-documentation) (delete 'move-extra-documentation)
(add-after 'install 'move-man3-pages (add-after 'install 'move-man3-pages
(lambda* (#:key outputs #:allow-other-keys) (lambda* (#:key outputs #:allow-other-keys)
;; Move section 3 man pages to "doc". ;; Move section 3 man pages to "doc".
(let* ((out (assoc-ref outputs "out")) (let* ((out (assoc-ref outputs "out"))
(man3 (string-append out "/share/man/man3")) (man3 (string-append out "/share/man/man3"))
(doc (assoc-ref outputs "doc")) (doc (assoc-ref outputs "doc"))
(target (string-append doc "/share/man/man3"))) (target (string-append doc "/share/man/man3")))
(mkdir-p target) (mkdir-p target)
(for-each (lambda (file) (for-each (lambda (file)
(rename-file file (rename-file file
(string-append target "/" (string-append target "/"
(basename file)))) (basename file))))
(find-files man3)) (find-files man3))
(delete-file-recursively man3) (delete-file-recursively man3)
#t))) #t)))
;; XXX: Duplicate this phase to make sure 'version' evaluates ;; XXX: Duplicate this phase to make sure 'version' evaluates
;; in the current scope and not the inherited one. ;; in the current scope and not the inherited one.
(replace 'remove-miscellany (replace 'remove-miscellany
(lambda* (#:key outputs #:allow-other-keys) (lambda* (#:key outputs #:allow-other-keys)
;; The 'misc' directory contains random undocumented shell and Perl ;; The 'misc' directory contains random undocumented shell and Perl
;; scripts. Remove them to avoid retaining a reference on Perl. ;; scripts. Remove them to avoid retaining a reference on Perl.
(let ((out (assoc-ref outputs "out"))) (let ((out (assoc-ref outputs "out")))
(delete-file-recursively (string-append out "/share/openssl-" (delete-file-recursively (string-append out "/share/openssl-"
,version "/misc")) ,version "/misc"))
#t))))))))) #t))))))))))
(define-public libressl (define-public libressl
(package (package