GNU bug report logs - #34748
[PATCH core-updates] gnu: Use OpenSSL 1.1 as the default OpenSSL package.

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Mon, 4 Mar 2019 16:07:02 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34748 in the body.
You can then email your comments to 34748 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#34748; Package guix-patches. (Mon, 04 Mar 2019 16:07:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Marius Bakke <mbakke <at> fastmail.com>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 04 Mar 2019 16:07:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: guix-patches <at> gnu.org
Subject: [PATCH core-updates] gnu: Use OpenSSL 1.1 as the default OpenSSL
 package.
Date: Mon,  4 Mar 2019 17:06:07 +0100
* gnu/packages/tls.scm (openssl-next): Delete variable.  Move related code ...
(openssl) ... here.
(openssl-1.0): New public variable.  Retain old arguments.
* gnu/packages/crypto.scm (asignify)[inputs]: Change OPENSSL-NEXT to OPENSSL.
* gnu/packages/databases.scm (mariadb)[inputs]: Likewise.
* gnu/packages/node.scm (node)[inputs]: Likewise.
* gnu/packages/rust.scm (rust-1.19)[inputs]: Likewise.
---
 gnu/packages/crypto.scm    |   2 +-
 gnu/packages/databases.scm |   2 +-
 gnu/packages/node.scm      |   2 +-
 gnu/packages/rust.scm      |   2 +-
 gnu/packages/tls.scm       | 211 ++++++++++++++++++-------------------
 5 files changed, 106 insertions(+), 113 deletions(-)

diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index cc09f4abe1..cfd1df123d 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -817,7 +817,7 @@ security.")
          ("automake" ,automake)
          ("libtool" ,libtool)))
       (inputs
-       `(("openssl" ,openssl-next)))
+       `(("openssl" ,openssl)))
       (home-page "https://github.com/vstakhov/asignify")
       (synopsis "Cryptographic authentication and encryption tool and library")
       (description "Asignify offers public cryptographic signatures and
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index c1b6a329ee..db0a7b41a1 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -671,7 +671,7 @@ Language.")
        ("zlib" ,zlib)))
     (propagated-inputs
      ;; mariadb.pc says -lssl -lcrypto, so propagate it.
-     `(("openssl" ,openssl)))
+     `(("openssl" ,openssl-1.0)))
     ;; The test suite is very resource intensive and can take more than three
     ;; hours on a x86_64 system.  Give slow and busy machines some leeway.
     (properties '((timeout . 64800)))        ;18 hours
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index a0221601dd..2772f56d9f 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -186,7 +186,7 @@
        ("icu4c" ,icu4c)
        ("libuv" ,libuv-1.19)
        ("nghttp2" ,nghttp2 "lib")
-       ("openssl" ,openssl)
+       ("openssl" ,openssl-1.0)
        ("zlib" ,zlib)))
     (synopsis "Evented I/O for V8 JavaScript")
     (description "Node.js is a platform built on Chrome's JavaScript runtime
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 2dc01e9d2a..8780a99209 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -400,7 +400,7 @@ test = { path = \"../libtest\" }
     (inputs
      `(("jemalloc" ,jemalloc-4.5.0)
        ("llvm" ,llvm-3.9.1)
-       ("openssl" ,openssl)
+       ("openssl" ,openssl-1.0)
        ("libssh2" ,libssh2) ; For "cargo"
        ("libcurl" ,curl)))  ; For "cargo"
 
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 7cc70fe0d6..d1f4e891c6 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2016, 2017, 2018 Nils Gillmann <ng0 <at> n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel <at> crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado <at> elephly.net>
-;;; Copyright © 2017, 2018 Marius Bakke <mbakke <at> fastmail.com>
+;;; Copyright © 2017, 2018, 2019 Marius Bakke <mbakke <at> fastmail.com>
 ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me <at> tobias.gr>
 ;;; Copyright © 2017 Rutger Helling <rhelling <at> mykolab.com>
 ;;; Copyright © 2018 Clément Lassieur <clement <at> lassieur.org>
@@ -262,7 +262,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
-   (version "1.0.2r")
+   (version "1.1.1b")
    (source (origin
              (method url-fetch)
              (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -274,13 +274,12 @@ required structures.")
                                        "/openssl-" version ".tar.gz")))
              (sha256
               (base32
-               "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf"))
-             (patches (search-patches "openssl-runpath.patch"
-                                      "openssl-c-rehash-in.patch"))))
+               "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw"))
+             (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
-              "doc"                               ;1.5MiB of man3 pages
-              "static"))                          ;6MiB of .a files
+              "doc"         ;6.8 MiB of man3 pages and full HTML documentation
+              "static"))    ;6.4 MiB of .a files
    (native-inputs `(("perl" ,perl)))
    (arguments
     `(#:disallowed-references (,perl)
@@ -293,31 +292,27 @@ required structures.")
       #:disallowed-references ,(list (canonical-package perl))
       #:phases
       (modify-phases %standard-phases
-        (add-before
-         'configure 'patch-Makefile.org
-         (lambda* (#:key outputs #:allow-other-keys)
-           ;; The default MANDIR is some unusual place.  Fix that.
-           (let ((out (assoc-ref outputs "out")))
-             (patch-makefile-SHELL "Makefile.org")
-             (substitute* "Makefile.org"
-               (("^MANDIR[[:blank:]]*=.*$")
-                (string-append "MANDIR = " out "/share/man\n")))
-             #t)))
-        (replace
-         'configure
-         (lambda* (#:key outputs #:allow-other-keys)
-           (let ((out (assoc-ref outputs "out")))
-             (invoke "./config"
-                     "shared"                 ;build shared libraries
-                     "--libdir=lib"
-
-                     ;; The default for this catch-all directory is
-                     ;; PREFIX/ssl.  Change that to something more
-                     ;; conventional.
-                     (string-append "--openssldir=" out
-                                    "/share/openssl-" ,version)
-
-                     (string-append "--prefix=" out)))))
+        (replace 'configure
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (lib (string-append out "/lib")))
+              ;; It's not a shebang so patch-source-shebangs misses it.
+              (substitute* "config"
+                (("/usr/bin/env")
+                 (string-append (assoc-ref %build-inputs "coreutils")
+                                "/bin/env")))
+              (invoke "./config"
+                      "shared"       ;build shared libraries
+                      "--libdir=lib"
+
+                      ;; The default for this catch-all directory is
+                      ;; PREFIX/ssl.  Change that to something more
+                      ;; conventional.
+                      (string-append "--openssldir=" out
+                                     "/share/openssl-" ,version)
+
+                      (string-append "--prefix=" out)
+                      (string-append "-Wl,-rpath," lib)))))
         (add-after 'install 'move-static-libraries
           (lambda* (#:key outputs #:allow-other-keys)
             ;; Move static libraries to the "static" output.
@@ -330,31 +325,20 @@ required structures.")
                           (delete-file file))
                         (find-files lib "\\.a$"))
               #t)))
-        (add-after 'install 'move-man3-pages
+        (add-after 'install 'move-extra-documentation
           (lambda* (#:key outputs #:allow-other-keys)
-            ;; Move section 3 man pages to "doc".
-            (let* ((out    (assoc-ref outputs "out"))
-                   (man3   (string-append out "/share/man/man3"))
-                   (doc    (assoc-ref outputs "doc"))
-                   (target (string-append doc "/share/man/man3")))
-              (mkdir-p target)
-              (for-each (lambda (file)
-                          (rename-file file
-                                       (string-append target "/"
-                                                      (basename file))))
-                        (find-files man3))
-              (delete-file-recursively man3)
-              #t)))
-        (add-before
-         'patch-source-shebangs 'patch-tests
-         (lambda* (#:key inputs native-inputs #:allow-other-keys)
-           (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
-             (substitute* (find-files "test" ".*")
-               (("/bin/sh")
-                (string-append bash "/bin/sh"))
-               (("/bin/rm")
-                "rm"))
-             #t)))
+               ;; Move man3 pages and full HTML documentation to "doc".
+               (let* ((out    (assoc-ref outputs "out"))
+                      (man3   (string-append out "/share/man/man3"))
+                      (html (string-append out "/share/doc/openssl"))
+                      (doc    (assoc-ref outputs "doc"))
+                      (man-target (string-append doc "/share/man/man3"))
+                      (html-target (string-append doc "/share/doc/openssl")))
+                 (copy-recursively man3 man-target)
+                 (delete-file-recursively man3)
+                 (copy-recursively html html-target)
+                 (delete-file-recursively html)
+                 #t)))
         (add-after
          'install 'remove-miscellany
          (lambda* (#:key outputs #:allow-other-keys)
@@ -380,72 +364,81 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
-(define-public openssl-next
+(define-public openssl-1.0
   (package
     (inherit openssl)
     (name "openssl")
-    (version "1.1.1b")
+    (version "1.0.2r")
     (source (origin
-             (method url-fetch)
-             (uri (list (string-append "https://www.openssl.org/source/openssl-"
-                                       version ".tar.gz")
-                        (string-append "ftp://ftp.openssl.org/source/"
-                                       "openssl-" version ".tar.gz")
-                        (string-append "ftp://ftp.openssl.org/source/old/"
-                                       (string-trim-right version char-set:letter)
-                                       "/openssl-" version ".tar.gz")))
-              (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+              (method url-fetch)
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/"
+                                        "openssl-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
               (sha256
                (base32
-                "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw"))))
+                "1mnh27zf6r1bhm5d9fxqq9slv2gz0d9z2ij9i679b0wapa5x0ldf"))
+              (patches (search-patches "openssl-runpath.patch"
+                                       "openssl-c-rehash-in.patch"))))
     (outputs '("out"
-               "doc"        ; 6.8 MiB of man3 pages and full HTML documentation
-               "static"))   ; 6.4 MiB of .a files
+               "doc"                    ;1.5MiB of man3 pages
+               "static"))               ;6MiB of .a files
     (arguments
      (substitute-keyword-arguments (package-arguments openssl)
        ((#:phases phases)
         `(modify-phases ,phases
-           (delete 'patch-tests)          ; These two phases are not needed by
-           (delete 'patch-Makefile.org)   ; OpenSSL 1.1.
-
-           ;; Override configure phase since -rpath is now a configure option.
-           (replace 'configure
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let* ((out (assoc-ref outputs "out"))
-                      (lib (string-append out "/lib")))
-                 ;; It's not a shebang so patch-source-shebangs misses it.
-                 (substitute* "config"
-                   (("/usr/bin/env")
-                    (string-append (assoc-ref %build-inputs "coreutils")
-                                   "/bin/env")))
-                 (invoke "./config"
-                         "shared"       ;build shared libraries
-                         "--libdir=lib"
-
-                         ;; The default for this catch-all directory is
-                         ;; PREFIX/ssl.  Change that to something more
-                         ;; conventional.
-                         (string-append "--openssldir=" out
-                                        "/share/openssl-" ,version)
-
-                         (string-append "--prefix=" out)
-                         (string-append "-Wl,-rpath," lib)))))
-
-           (delete 'move-man3-pages)
-           (add-after 'install 'move-extra-documentation
+           (add-before 'patch-source-shebangs 'patch-tests
+             (lambda* (#:key inputs native-inputs #:allow-other-keys)
+               (let ((bash (assoc-ref (or native-inputs inputs) "bash")))
+                 (substitute* (find-files "test" ".*")
+                   (("/bin/sh")
+                    (string-append bash "/bin/sh"))
+                   (("/bin/rm")
+                    "rm"))
+                 #t)))
+           (add-before 'configure 'patch-Makefile.org
              (lambda* (#:key outputs #:allow-other-keys)
-               ;; Move man3 pages and full HTML documentation to "doc".
-               (let* ((out    (assoc-ref outputs "out"))
-                      (man3   (string-append out "/share/man/man3"))
-                      (html (string-append out "/share/doc/openssl"))
-                      (doc    (assoc-ref outputs "doc"))
-                      (man-target (string-append doc "/share/man/man3"))
-                      (html-target (string-append doc "/share/doc/openssl")))
-                 (copy-recursively man3 man-target)
-                 (delete-file-recursively man3)
-                 (copy-recursively html html-target)
-                 (delete-file-recursively html)
+               ;; The default MANDIR is some unusual place.  Fix that.
+               (let ((out (assoc-ref outputs "out")))
+                 (patch-makefile-SHELL "Makefile.org")
+                 (substitute* "Makefile.org"
+                   (("^MANDIR[[:blank:]]*=.*$")
+                    (string-append "MANDIR = " out "/share/man\n")))
                  #t)))
+        (replace 'configure
+          ;; Override this phase because OpenSSL 1.0 does not understand -rpath.
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (invoke "./config"
+                      "shared"                 ;build shared libraries
+                      "--libdir=lib"
+
+                      ;; The default for this catch-all directory is
+                      ;; PREFIX/ssl.  Change that to something more
+                      ;; conventional.
+                      (string-append "--openssldir=" out
+                                     "/share/openssl-" ,version)
+
+                      (string-append "--prefix=" out)))))
+        (delete 'move-extra-documentation)
+        (add-after 'install 'move-man3-pages
+          (lambda* (#:key outputs #:allow-other-keys)
+            ;; Move section 3 man pages to "doc".
+            (let* ((out    (assoc-ref outputs "out"))
+                   (man3   (string-append out "/share/man/man3"))
+                   (doc    (assoc-ref outputs "doc"))
+                   (target (string-append doc "/share/man/man3")))
+              (mkdir-p target)
+              (for-each (lambda (file)
+                          (rename-file file
+                                       (string-append target "/"
+                                                      (basename file))))
+                        (find-files man3))
+              (delete-file-recursively man3)
+              #t)))
            ;; XXX: Duplicate this phase to make sure 'version' evaluates
            ;; in the current scope and not the inherited one.
            (replace 'remove-miscellany
-- 
2.21.0





Reply sent to Marius Bakke <mbakke <at> fastmail.com>:
You have taken responsibility. (Sun, 10 Mar 2019 17:55:02 GMT) Full text and rfc822 format available.

Notification sent to Marius Bakke <mbakke <at> fastmail.com>:
bug acknowledged by developer. (Sun, 10 Mar 2019 17:55:02 GMT) Full text and rfc822 format available.

Message #10 received at 34748-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: 34748-done <at> debbugs.gnu.org
Subject: Re: [bug#34748] [PATCH core-updates] gnu: Use OpenSSL 1.1 as the
 default OpenSSL package.
Date: Sun, 10 Mar 2019 18:54:37 +0100
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes:

> * gnu/packages/tls.scm (openssl-next): Delete variable.  Move related code ...
> (openssl) ... here.
> (openssl-1.0): New public variable.  Retain old arguments.
> * gnu/packages/crypto.scm (asignify)[inputs]: Change OPENSSL-NEXT to OPENSSL.
> * gnu/packages/databases.scm (mariadb)[inputs]: Likewise.
> * gnu/packages/node.scm (node)[inputs]: Likewise.
> * gnu/packages/rust.scm (rust-1.19)[inputs]: Likewise.

Pushed in e74f153a10ca387a50c3acaf685981048c1bdb70.
[signature.asc (application/pgp-signature, inline)]

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 08 Apr 2019 11:24:06 GMT) Full text and rfc822 format available.

This bug report was last modified 4 years and 357 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.