From 18f1be707120b0bb5e2ddfb5058bc8d3c16f18cb Mon Sep 17 00:00:00 2001 From: Adrian Gierakowski Date: Fri, 3 Mar 2023 09:00:16 +0000 Subject: [PATCH 1/2] openssl: remove run-time dependency of perl due to c_rehash Replaces perl based c_rehash script with shell script wrapping `openssl rehash` with the same functionality. Fixes: #19965 Supersedes: #156776, #83446 Possibly related to: #157093, #82924 --- .../development/libraries/openssl/default.nix | 34 ++++++------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 30124d10e7984..c36219245a4b4 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,14 +1,11 @@ -{ lib, stdenv, fetchurl, buildPackages, perl, coreutils +{ lib, stdenv, fetchurl, buildPackages, perl, coreutils, writeShellScript +, makeWrapper , withCryptodev ? false, cryptodev , withZlib ? false, zlib , enableSSL2 ? false , enableSSL3 ? false , enableKTLS ? stdenv.isLinux , static ? stdenv.hostPlatform.isStatic -# Used to avoid cross compiling perl, for example, in darwin bootstrap tools. -# This will cause c_rehash to refer to perl via the environment, but otherwise -# will produce a perfectly functional openssl binary and library. -, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform # path to openssl.cnf file. will be placed in $etc/etc/ssl/openssl.cnf to replace the default , conf ? null , removeReferencesTo @@ -72,12 +69,9 @@ let !(stdenv.hostPlatform.useLLVM or false) && stdenv.cc.isGNU; - nativeBuildInputs = [ perl ] + nativeBuildInputs = [ makeWrapper perl ] ++ lib.optionals static [ removeReferencesTo ]; buildInputs = lib.optional withCryptodev cryptodev - # perl is included to allow the interpreter path fixup hook to set the - # correct interpreter in c_rehash. - ++ lib.optional withPerl perl ++ lib.optional withZlib zlib; # TODO(@Ericson2314): Improve with mass rebuild @@ -172,23 +166,17 @@ let # 'etc' is a separate output on static builds only. etc=$out - '') + lib.optionalString (!stdenv.hostPlatform.isWindows) - # Fix bin/c_rehash's perl interpreter line - # - # - openssl 1_0_2: embeds a reference to buildPackages.perl - # - openssl 1_1: emits "#!/usr/bin/env perl" - # - # In the case of openssl_1_0_2, reset the invalid reference and let the - # interpreter hook take care of it. - # - # In both cases, if withPerl = false, the intepreter line is expected be - # "#!/usr/bin/env perl" - '' - substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl}/bin/perl "/usr/bin/env perl" - '' + '' + '') + '' mkdir -p $bin mv $out/bin $bin/bin + # c_rehash is a legacy perl script with the same functionality + # as `openssl rehash` + # this wrapper script is created to maintain backwards compatibility without + # depending on perl + makeWrapper $bin/bin/openssl $bin/bin/c_rehash \ + --add-flags "rehash" + mkdir $dev mv $out/include $dev/ From 7b45dfa9415fdcec6ba72ccafc6705caaad9d238 Mon Sep 17 00:00:00 2001 From: Adrian Gierakowski Date: Fri, 10 Mar 2023 15:38:40 +0000 Subject: [PATCH 2/2] quictls: remove run-time dependency of perl due to c_rehash same as changes applied to openssl --- .../development/libraries/quictls/default.nix | 35 +++++++------------ 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/pkgs/development/libraries/quictls/default.nix b/pkgs/development/libraries/quictls/default.nix index a9c07232035f9..052417f311744 100644 --- a/pkgs/development/libraries/quictls/default.nix +++ b/pkgs/development/libraries/quictls/default.nix @@ -1,12 +1,9 @@ { lib, stdenv, fetchurl, buildPackages, perl, coreutils, fetchFromGitHub +, makeWrapper , withCryptodev ? false, cryptodev , enableSSL2 ? false , enableSSL3 ? false , static ? stdenv.hostPlatform.isStatic -# Used to avoid cross compiling perl, for example, in darwin bootstrap tools. -# This will cause c_rehash to refer to perl via the environment, but otherwise -# will produce a perfectly functional openssl binary and library. -, withPerl ? stdenv.hostPlatform == stdenv.buildPlatform , removeReferencesTo }: @@ -52,11 +49,8 @@ stdenv.mkDerivation rec { !(stdenv.hostPlatform.useLLVM or false) && stdenv.cc.isGNU; - nativeBuildInputs = [ perl removeReferencesTo ]; - buildInputs = lib.optional withCryptodev cryptodev - # perl is included to allow the interpreter path fixup hook to set the - # correct interpreter in c_rehash. - ++ lib.optional withPerl perl; + nativeBuildInputs = [ makeWrapper perl removeReferencesTo ]; + buildInputs = lib.optional withCryptodev cryptodev; # TODO(@Ericson2314): Improve with mass rebuild configurePlatforms = []; @@ -140,22 +134,17 @@ stdenv.mkDerivation rec { if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then rm "$out/lib/"*.a fi - '') + lib.optionalString (!stdenv.hostPlatform.isWindows) - # Fix bin/c_rehash's perl interpreter line - # - # - openssl 1_0_2: embeds a reference to buildPackages.perl - # - openssl 1_1: emits "#!/usr/bin/env perl" - # - # In the case of openssl_1_0_2, reset the invalid reference and let the - # interpreter hook take care of it. - # - # In both cases, if withPerl = false, the intepreter line is expected be - # "#!/usr/bin/env perl" - '' - substituteInPlace $out/bin/c_rehash --replace ${buildPackages.perl}/bin/perl "/usr/bin/env perl" - '' + '' + '') + '' mkdir -p $bin mv $out/bin $bin/bin + + # c_rehash is a legacy perl script with the same functionality + # as `openssl rehash` + # this wrapper script is created to maintain backwards compatibility without + # depending on perl + makeWrapper $bin/bin/openssl $bin/bin/c_rehash \ + --add-flags "rehash" + mkdir $dev mv $out/include $dev/ # remove dependency on Perl at runtime