From patchwork Mon Mar 4 16:06:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Marius Bakke X-Patchwork-Id: 1323 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8807B16CFA; Mon, 4 Mar 2019 16:07:18 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 8489C16CF9 for ; Mon, 4 Mar 2019 16:07:14 +0000 (GMT) Received: from localhost ([127.0.0.1]:56431 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0q7V-0002ZG-Te for patchwork@mira.cbaines.net; Mon, 04 Mar 2019 11:07:13 -0500 Received: from eggs.gnu.org ([209.51.188.92]:41377) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0q7M-0002XM-TQ for guix-patches@gnu.org; Mon, 04 Mar 2019 11:07:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h0q7L-0007XH-0i for guix-patches@gnu.org; Mon, 04 Mar 2019 11:07:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:46542) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h0q7K-0007X2-QV for guix-patches@gnu.org; Mon, 04 Mar 2019 11:07:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h0q7K-0007fd-K0 for guix-patches@gnu.org; Mon, 04 Mar 2019 11:07:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#34748] [PATCH core-updates] gnu: Use OpenSSL 1.1 as the default OpenSSL package. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 04 Mar 2019 16:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 34748 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 34748@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.155171560629451 (code B ref -1); Mon, 04 Mar 2019 16:07:02 +0000 Received: (at submit) by debbugs.gnu.org; 4 Mar 2019 16:06:46 +0000 Received: from localhost ([127.0.0.1]:60086 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0q6s-0007ed-J2 for submit@debbugs.gnu.org; Mon, 04 Mar 2019 11:06:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55056) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0q6k-0007eA-2D for submit@debbugs.gnu.org; Mon, 04 Mar 2019 11:06:31 -0500 Received: from lists.gnu.org ([209.51.188.17]:47840) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h0q6e-0006lp-0s for submit@debbugs.gnu.org; Mon, 04 Mar 2019 11:06:20 -0500 Received: from eggs.gnu.org ([209.51.188.92]:41169) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0q6X-00021j-8t for guix-patches@gnu.org; Mon, 04 Mar 2019 11:06:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h0q6V-0006bm-6D for guix-patches@gnu.org; Mon, 04 Mar 2019 11:06:13 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:34675) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h0q6U-0006b6-MY for guix-patches@gnu.org; Mon, 04 Mar 2019 11:06:11 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 1A4C22260B for ; Mon, 4 Mar 2019 11:06:10 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Mon, 04 Mar 2019 11:06:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=fm2; bh=syc6sqWQOOa/J6osDaMsKIVF5P Z9OC8BmIu+/u2Qg2o=; b=QK0Lu876SRYl9nWgec3KN1bTQ6trNaXXy66fpyilnT NohjibVxXFv9lXwcpn2b7pZHAphT4uWcyQRnW87rUrKs93Kk6WQzVZRTJ/NgGD+k UYBF+XlqsJV2vTGuQtce65t0RIoyC0zf7WGje2J9QvkeD2Ysbykrbk/gXLfhFieu ZIoFyS5pMCtTxsuWNFhfqgAvCFImUsBKhP3PTnrXFfEZ5Acs8z72i4n0Dg2rhTDP MVWlWCoRdGKqbHyjXklXBDZXdjds4+sTgAvhmo42Iv77YJ5dPND/wUwTWdljReKv 0Wjx9e0lOMn6mAy1iDeKYFeMI0wVQPKx3U9j5K06hK5g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=syc6sq WQOOa/J6osDaMsKIVF5PZ9OC8BmIu+/u2Qg2o=; b=afyWqwql7MfJgoS0u9GZ1L B7wKGI6A0OMjvMig6ORWiAvFgs5qXplNuycxyRhBzBqVYnBdfVBBT1+6ft9zdN3j 4376tWO3aEcMoV3yAwnNVdPOEXYRgbyWx4lPeJD8sbnklwYeoYqRuXb6xLoCnSPd pNRP23QenZtGKa9PtcVC+/9IqFUts63yJGzXwl98gjqO0eYlDJOko0GSnBf5CABO g6xU5qM6RCuWemZ/Z+Y1NbDTtGb4jDByhvI7WV9kThn8NkMPFiOGdc3qHG5Ml00r jaWoR9FO+Q+96Y8REmT5R2SpK/QfGrXBYmDT73frJzWz03P3j07IMh4leK2BUgTg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrfedugdekfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffogggtgfesthekredtre dtjeenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhm rghilhdrtghomheqnecuffhomhgrihhnpehophgvnhhsshhlrdhorhhgpdhmrghkvghfih hlvgdrohhrghdpghhithhhuhgsrdgtohhmpdhprghttghhqdhmrghkvghfihhlvgdrohhr ghenucfkphepiedvrdduiedrvddviedrudegtdenucfrrghrrghmpehmrghilhhfrhhomh epmhgsrghkkhgvsehfrghsthhmrghilhdrtghomhenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 08044100E5 for ; Mon, 4 Mar 2019 11:06:08 -0500 (EST) From: Marius Bakke Date: Mon, 4 Mar 2019 17:06:07 +0100 Message-Id: <20190304160607.27483-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/packages/tls.scm (openssl-next): Delete variable. Move related code ... (openssl) ... here. (openssl-1.0): New public variable. Retain old arguments. * gnu/packages/crypto.scm (asignify)[inputs]: Change OPENSSL-NEXT to OPENSSL. * gnu/packages/databases.scm (mariadb)[inputs]: Likewise. * gnu/packages/node.scm (node)[inputs]: Likewise. * gnu/packages/rust.scm (rust-1.19)[inputs]: Likewise. --- gnu/packages/crypto.scm | 2 +- gnu/packages/databases.scm | 2 +- gnu/packages/node.scm | 2 +- gnu/packages/rust.scm | 2 +- gnu/packages/tls.scm | 211 ++++++++++++++++++------------------- 5 files changed, 106 insertions(+), 113 deletions(-) diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index cc09f4abe1..cfd1df123d 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -817,7 +817,7 @@ security.") ("automake" ,automake) ("libtool" ,libtool))) (inputs - `(("openssl" ,openssl-next))) + `(("openssl" ,openssl))) (home-page "https://github.com/vstakhov/asignify") (synopsis "Cryptographic authentication and encryption tool and library") (description "Asignify offers public cryptographic signatures and diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index c1b6a329ee..db0a7b41a1 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -671,7 +671,7 @@ Language.") ("zlib" ,zlib))) (propagated-inputs ;; mariadb.pc says -lssl -lcrypto, so propagate it. - `(("openssl" ,openssl))) + `(("openssl" ,openssl-1.0))) ;; The test suite is very resource intensive and can take more than three ;; hours on a x86_64 system. Give slow and busy machines some leeway. (properties '((timeout . 64800))) ;18 hours diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index a0221601dd..2772f56d9f 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -186,7 +186,7 @@ ("icu4c" ,icu4c) ("libuv" ,libuv-1.19) ("nghttp2" ,nghttp2 "lib") - ("openssl" ,openssl) + ("openssl" ,openssl-1.0) ("zlib" ,zlib))) (synopsis "Evented I/O for V8 JavaScript") (description "Node.js is a platform built on Chrome's JavaScript runtime diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm index 2dc01e9d2a..8780a99209 100644 --- a/gnu/packages/rust.scm +++ b/gnu/packages/rust.scm @@ -400,7 +400,7 @@ test = { path = \"../libtest\" } (inputs `(("jemalloc" ,jemalloc-4.5.0) ("llvm" ,llvm-3.9.1) - ("openssl" ,openssl) + ("openssl" ,openssl-1.0) ("libssh2" ,libssh2) ; For "cargo" ("libcurl" ,curl))) ; For "cargo" diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 7cc70fe0d6..d1f4e891c6 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016, 2017, 2018 Nils Gillmann ;;; Copyright © 2016 Hartmut Goebel ;;; Copyright © 2017 Ricardo Wurmus -;;; Copyright © 2017, 2018 Marius Bakke +;;; Copyright © 2017, 2018, 2019 Marius Bakke ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2017 Rutger Helling ;;; Copyright © 2018 Clément Lassieur @@ -262,7 +262,7 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.0.2r") + (version "1.1.1b") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -274,13 +274,12 @@ required structures.") "/openssl-" version ".tar.gz"))) (sha256 (base32 - "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) + "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw")) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" - "doc" ;1.5MiB of man3 pages - "static")) ;6MiB of .a files + "doc" ;6.8 MiB of man3 pages and full HTML documentation + "static")) ;6.4 MiB of .a files (native-inputs `(("perl" ,perl))) (arguments `(#:disallowed-references (,perl) @@ -293,31 +292,27 @@ required structures.") #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases - (add-before - 'configure 'patch-Makefile.org - (lambda* (#:key outputs #:allow-other-keys) - ;; The default MANDIR is some unusual place. Fix that. - (let ((out (assoc-ref outputs "out"))) - (patch-makefile-SHELL "Makefile.org") - (substitute* "Makefile.org" - (("^MANDIR[[:blank:]]*=.*$") - (string-append "MANDIR = " out "/share/man\n"))) - #t))) - (replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (invoke "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out))))) + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + ;; It's not a shebang so patch-source-shebangs misses it. + (substitute* "config" + (("/usr/bin/env") + (string-append (assoc-ref %build-inputs "coreutils") + "/bin/env"))) + (invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + (string-append "-Wl,-rpath," lib))))) (add-after 'install 'move-static-libraries (lambda* (#:key outputs #:allow-other-keys) ;; Move static libraries to the "static" output. @@ -330,31 +325,20 @@ required structures.") (delete-file file)) (find-files lib "\\.a$")) #t))) - (add-after 'install 'move-man3-pages + (add-after 'install 'move-extra-documentation (lambda* (#:key outputs #:allow-other-keys) - ;; Move section 3 man pages to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (doc (assoc-ref outputs "doc")) - (target (string-append doc "/share/man/man3"))) - (mkdir-p target) - (for-each (lambda (file) - (rename-file file - (string-append target "/" - (basename file)))) - (find-files man3)) - (delete-file-recursively man3) - #t))) - (add-before - 'patch-source-shebangs 'patch-tests - (lambda* (#:key inputs native-inputs #:allow-other-keys) - (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) - (substitute* (find-files "test" ".*") - (("/bin/sh") - (string-append bash "/bin/sh")) - (("/bin/rm") - "rm")) - #t))) + ;; Move man3 pages and full HTML documentation to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (html (string-append out "/share/doc/openssl")) + (doc (assoc-ref outputs "doc")) + (man-target (string-append doc "/share/man/man3")) + (html-target (string-append doc "/share/doc/openssl"))) + (copy-recursively man3 man-target) + (delete-file-recursively man3) + (copy-recursively html html-target) + (delete-file-recursively html) + #t))) (add-after 'install 'remove-miscellany (lambda* (#:key outputs #:allow-other-keys) @@ -380,72 +364,81 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) -(define-public openssl-next +(define-public openssl-1.0 (package (inherit openssl) (name "openssl") - (version "1.1.1b") + (version "1.0.2r") (source (origin - (method url-fetch) - (uri (list (string-append "https://www.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/" - "openssl-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/openssl-" version ".tar.gz"))) - (patches (search-patches "openssl-1.1-c-rehash-in.patch")) + (method url-fetch) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + "openssl-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/openssl-" version ".tar.gz"))) (sha256 (base32 - "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw")))) + "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch")))) (outputs '("out" - "doc" ; 6.8 MiB of man3 pages and full HTML documentation - "static")) ; 6.4 MiB of .a files + "doc" ;1.5MiB of man3 pages + "static")) ;6MiB of .a files (arguments (substitute-keyword-arguments (package-arguments openssl) ((#:phases phases) `(modify-phases ,phases - (delete 'patch-tests) ; These two phases are not needed by - (delete 'patch-Makefile.org) ; OpenSSL 1.1. - - ;; Override configure phase since -rpath is now a configure option. - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib"))) - ;; It's not a shebang so patch-source-shebangs misses it. - (substitute* "config" - (("/usr/bin/env") - (string-append (assoc-ref %build-inputs "coreutils") - "/bin/env"))) - (invoke "./config" - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,version) - - (string-append "--prefix=" out) - (string-append "-Wl,-rpath," lib))))) - - (delete 'move-man3-pages) - (add-after 'install 'move-extra-documentation + (add-before 'patch-source-shebangs 'patch-tests + (lambda* (#:key inputs native-inputs #:allow-other-keys) + (let ((bash (assoc-ref (or native-inputs inputs) "bash"))) + (substitute* (find-files "test" ".*") + (("/bin/sh") + (string-append bash "/bin/sh")) + (("/bin/rm") + "rm")) + #t))) + (add-before 'configure 'patch-Makefile.org (lambda* (#:key outputs #:allow-other-keys) - ;; Move man3 pages and full HTML documentation to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (html (string-append out "/share/doc/openssl")) - (doc (assoc-ref outputs "doc")) - (man-target (string-append doc "/share/man/man3")) - (html-target (string-append doc "/share/doc/openssl"))) - (copy-recursively man3 man-target) - (delete-file-recursively man3) - (copy-recursively html html-target) - (delete-file-recursively html) + ;; The default MANDIR is some unusual place. Fix that. + (let ((out (assoc-ref outputs "out"))) + (patch-makefile-SHELL "Makefile.org") + (substitute* "Makefile.org" + (("^MANDIR[[:blank:]]*=.*$") + (string-append "MANDIR = " out "/share/man\n"))) #t))) + (replace 'configure + ;; Override this phase because OpenSSL 1.0 does not understand -rpath. + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (invoke "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out))))) + (delete 'move-extra-documentation) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + (delete-file-recursively man3) + #t))) ;; XXX: Duplicate this phase to make sure 'version' evaluates ;; in the current scope and not the inherited one. (replace 'remove-miscellany