gnu: openssl: Remove run-time dependency on Perl.

This shrinks the closure of OpenSSL from 154 MiB to 73 MiB. * gnu/packages/patches/openssl-c-rehash.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/tls.scm (openssl)[source]: Use it. [arguments]: Add 'remove-miscellany' phase. * gnu/packages/certs.scm (nss-certs)[native-inputs]: Add PERL.
2015-09-09 19:01:48 +02:00 · 2015-09-09 19:01:48 +02:00 · 784d6e9115
commit 784d6e9115
parent fe8199a80c
4 changed files with 34 additions and 3 deletions
--- a/gnu-system.am
+++ b/gnu-system.am
@ -567,6 +567,7 @@ dist_patch_DATA =						\
  gnu/packages/patches/nvi-db4.patch				\
  gnu/packages/patches/openexr-missing-samples.patch		\
  gnu/packages/patches/openssl-runpath.patch			\
+  gnu/packages/patches/openssl-c-rehash.patch			\
  gnu/packages/patches/orpheus-cast-errors-and-includes.patch	\
  gnu/packages/patches/ots-no-include-missing-file.patch	\
  gnu/packages/patches/patchelf-page-size.patch			\
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@ -26,6 +26,7 @@
  #:use-module (gnu packages)
  #:use-module (gnu packages gnuzilla)
  #:use-module (gnu packages python)
+  #:use-module (gnu packages perl)
  #:use-module (gnu packages tls))

 (define certdata2pem
@ -76,7 +77,8 @@
    (outputs '("out"))
    (native-inputs
     `(("certdata2pem" ,certdata2pem)
-       ("openssl" ,openssl)))
+       ("openssl" ,openssl)
+       ("perl" ,perl)))                           ;for OpenSSL's 'c_rehash'
    (inputs '())
    (propagated-inputs '())
    (arguments
--- a/gnu/packages/patches/openssl-c-rehash.patch
+++ b/gnu/packages/patches/openssl-c-rehash.patch
@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:07.313316482 +0200
+++ openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/bin/perl
+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
+  & eval 'exec perl -wS "$0" $argv:q'
+    if 0;
+ 
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -195,7 +195,9 @@ required structures.")
            (sha256
             (base32
              "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
-            (patches (list (search-patch "openssl-runpath.patch")))))
+            (patches (map search-patch
+                          '("openssl-runpath.patch"
+                            "openssl-c-rehash.patch")))))
   (build-system gnu-build-system)
   (native-inputs `(("perl" ,perl)))
   (arguments
@ -255,7 +257,16 @@ required structures.")
               (("/bin/sh")
                (string-append bash "/bin/bash"))
               (("/bin/rm")
-                "rm"))))))))
+                "rm")))))
+        (add-after
+         'install 'remove-miscellany
+         (lambda* (#:key outputs #:allow-other-keys)
+           ;; The 'misc' directory contains random undocumented shell and Perl
+           ;; scripts.  Remove them to avoid retaining a reference on Perl.
+           (let ((out (assoc-ref outputs "out")))
+             (delete-file-recursively (string-append out "/share/openssl-"
+                                                     ,version "/misc"))
+             #t))))))
   (native-search-paths
    ;; FIXME: These two variables must designate a single file or directory
    ;; and are not actually "search paths."  In practice it works OK in user