diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-03-25 15:33:21 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-30 15:10:00 +0000 |
commit | fd78240ac82ada2b598d4491dbf6ff8622bd3dff (patch) | |
tree | 25ee4206fd350704ed50786112b5095bf45eebc4 /pkgs/development | |
parent | 30d3d79b7d3607d56546dd2a6b49e156ba0ec634 (diff) |
treewide: use lib.getLib for OpenSSL libraries
At some point, I'd like to make another attempt at 71f1f4884b5 ("openssl: stop static binaries referencing libs"), which was reverted in 195c7da07df. One problem with my previous attempt is that I moved OpenSSL's libraries to a lib output, but many dependent packages were hardcoding the out output as the location of the libraries. This patch fixes every such case I could find in the tree. It won't have any effect immediately, but will mean these packages will automatically use an OpenSSL lib output if it is reintroduced in future. This patch should cause very few rebuilds, because it shouldn't make any change at all to most packages I'm touching. The few rebuilds that are introduced come from when I've changed a package builder not to use variable names like openssl.out in scripts / substitution patterns, which would be confusing since they don't hardcode the output any more. I started by making the following global replacements: ${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib ${openssl.out}/lib -> ${lib.getLib openssl}/lib Then I removed the ".out" suffix when part of the argument to lib.makeLibraryPath, since that function uses lib.getLib internally. Then I fixed up cases where openssl was part of the -L flag to the compiler/linker, since that unambigously is referring to libraries. Then I manually investigated and fixed the following packages: - pycurl - citrix-workspace - ppp - wraith - unbound - gambit - acl2 I'm reasonably confindent in my fixes for all of them. For acl2, since the openssl library paths are manually provided above anyway, I don't think openssl is required separately as a build input at all. Removing it doesn't make a difference to the output size, the file list, or the closure. I've tested evaluation with the OfBorg meta checks, to protect against introducing evaluation failures.
Diffstat (limited to 'pkgs/development')
19 files changed, 26 insertions, 26 deletions
diff --git a/pkgs/development/compilers/gambit/build.nix b/pkgs/development/compilers/gambit/build.nix index e592107adeca7..9f2907057183e 100644 --- a/pkgs/development/compilers/gambit/build.nix +++ b/pkgs/development/compilers/gambit/build.nix @@ -86,8 +86,8 @@ gccStdenv.mkDerivation rec { # OS-specific paths are hardcoded in ./configure substituteInPlace config.status \ - --replace "/usr/local/opt/openssl@1.1" "${openssl.out}" \ - --replace "/usr/local/opt/openssl" "${openssl.out}" + --replace "/usr/local/opt/openssl@1.1" "${lib.getLib openssl}" \ + --replace "/usr/local/opt/openssl" "${lib.getLib openssl}" ./config.status ''; diff --git a/pkgs/development/compilers/urweb/default.nix b/pkgs/development/compilers/urweb/default.nix index e2d9d1f226e73..67ebaa04699e3 100644 --- a/pkgs/development/compilers/urweb/default.nix +++ b/pkgs/development/compilers/urweb/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { export CC="${gcc}/bin/gcc"; export CCARGS="-I$out/include \ - -L${openssl.out}/lib \ + -L${lib.getLib openssl}/lib \ -L${libmysqlclient}/lib \ -L${postgresql.lib}/lib \ -L${sqlite.out}/lib"; diff --git a/pkgs/development/interpreters/acl2/default.nix b/pkgs/development/interpreters/acl2/default.nix index 51b1cfa11414a..422d999cad754 100644 --- a/pkgs/development/interpreters/acl2/default.nix +++ b/pkgs/development/interpreters/acl2/default.nix @@ -36,8 +36,8 @@ in stdenv.mkDerivation rec { patches = [(substituteAll { src = ./0001-Fix-some-paths-for-Nix-build.patch; libipasir = "${libipasir}/lib/${libipasir.libname}"; - libssl = "${openssl.out}/lib/libssl${stdenv.hostPlatform.extensions.sharedLibrary}"; - libcrypto = "${openssl.out}/lib/libcrypto${stdenv.hostPlatform.extensions.sharedLibrary}"; + libssl = "${lib.getLib openssl}/lib/libssl${stdenv.hostPlatform.extensions.sharedLibrary}"; + libcrypto = "${lib.getLib openssl}/lib/libcrypto${stdenv.hostPlatform.extensions.sharedLibrary}"; })]; buildInputs = [ @@ -47,7 +47,7 @@ in stdenv.mkDerivation rec { # To build community books, we need Perl and a couple of utilities: which perl hostname makeWrapper # Some of the books require one or more of these external tools: - openssl.out glucose minisat abc-verifier libipasir + glucose minisat abc-verifier libipasir z3 (python2.withPackages (ps: [ ps.z3 ])) ]; diff --git a/pkgs/development/libraries/apr-util/default.nix b/pkgs/development/libraries/apr-util/default.nix index 57bf47f3abf17..b9756e0e1a1ad 100644 --- a/pkgs/development/libraries/apr-util/default.nix +++ b/pkgs/development/libraries/apr-util/default.nix @@ -58,7 +58,7 @@ stdenv.mkDerivation rec { substituteInPlace $f \ --replace "${expat.dev}/lib" "${expat.out}/lib" \ --replace "${db.dev}/lib" "${db.out}/lib" \ - --replace "${openssl.dev}/lib" "${openssl.out}/lib" + --replace "${openssl.dev}/lib" "${lib.getLib openssl}/lib" done # Give apr1 access to sed for runtime invocations. diff --git a/pkgs/development/libraries/aqbanking/gwenhywfar.nix b/pkgs/development/libraries/aqbanking/gwenhywfar.nix index 527db0e2c1e62..2eb67a022b824 100644 --- a/pkgs/development/libraries/aqbanking/gwenhywfar.nix +++ b/pkgs/development/libraries/aqbanking/gwenhywfar.nix @@ -23,7 +23,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--with-openssl-includes=${openssl.dev}/include" - "--with-openssl-libs=${openssl.out}/lib" + "--with-openssl-libs=${lib.getLib openssl}/lib" ]; preConfigure = '' diff --git a/pkgs/development/libraries/ggz_base_libs/default.nix b/pkgs/development/libraries/ggz_base_libs/default.nix index 025423ecd8a44..cafb869354906 100644 --- a/pkgs/development/libraries/ggz_base_libs/default.nix +++ b/pkgs/development/libraries/ggz_base_libs/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { patchPhase = '' substituteInPlace configure \ --replace "/usr/local/ssl/include" "${openssl.dev}/include" \ - --replace "/usr/local/ssl/lib" "${openssl.out}/lib" + --replace "/usr/local/ssl/lib" "${lib.getLib openssl}/lib" ''; configureFlags = [ diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix index 1cc6fe6f521e9..dbeceaaf5581a 100644 --- a/pkgs/development/libraries/libarchive/default.nix +++ b/pkgs/development/libraries/libarchive/default.nix @@ -43,7 +43,7 @@ stdenv.mkDerivation rec { preFixup = '' sed -i $lib/lib/libarchive.la \ - -e 's|-lcrypto|-L${openssl.out}/lib -lcrypto|' \ + -e 's|-lcrypto|-L${lib.getLib openssl}/lib -lcrypto|' \ -e 's|-llzo2|-L${lzo}/lib -llzo2|' ''; diff --git a/pkgs/development/libraries/live555/default.nix b/pkgs/development/libraries/live555/default.nix index 1c1b57f39cb18..217ea7408d228 100644 --- a/pkgs/development/libraries/live555/default.nix +++ b/pkgs/development/libraries/live555/default.nix @@ -27,8 +27,8 @@ stdenv.mkDerivation rec { postPatch = '' substituteInPlace config.macosx-catalina \ - --replace '/usr/lib/libssl.46.dylib' "${openssl.out}/lib/libssl.dylib" \ - --replace '/usr/lib/libcrypto.44.dylib' "${openssl.out}/lib/libcrypto.dylib" + --replace '/usr/lib/libssl.46.dylib' "${lib.getLib openssl}/lib/libssl.dylib" \ + --replace '/usr/lib/libcrypto.44.dylib' "${lib.getLib openssl}/lib/libcrypto.dylib" sed -i -e 's|/bin/rm|rm|g' genMakefiles sed -i \ -e 's/$(INCLUDES) -I. -O2 -DSOCKLEN_T/$(INCLUDES) -I. -O2 -I. -fPIC -DRTSPCLIENT_SYNCHRONOUS_INTERFACE=1 -DSOCKLEN_T/g' \ diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index f9e2b3c0b3fc7..4ecfc569ae16a 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -74,7 +74,7 @@ stdenv.mkDerivation rec { rm -r libraries/*/.libs rm -r contrib/slapd-modules/passwd/*/.libs for f in $out/lib/libldap.la $out/lib/libldap_r.la; do - substituteInPlace "$f" --replace '-lssl' '-L${openssl.out}/lib -lssl' + substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl' '' + lib.optionalString withCyrusSasl '' substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2' '' + '' diff --git a/pkgs/development/libraries/qt-5/modules/qtbase.nix b/pkgs/development/libraries/qt-5/modules/qtbase.nix index 5e2bb41c40f1d..0222a708bb87d 100644 --- a/pkgs/development/libraries/qt-5/modules/qtbase.nix +++ b/pkgs/development/libraries/qt-5/modules/qtbase.nix @@ -261,7 +261,7 @@ stdenv.mkDerivation { "-I" "${harfbuzz.dev}/include" "-system-pcre" "-openssl-linked" - "-L" "${openssl.out}/lib" + "-L" "${lib.getLib openssl}/lib" "-I" "${openssl.dev}/include" "-system-sqlite" ''-${if libmysqlclient != null then "plugin" else "no"}-sql-mysql'' diff --git a/pkgs/development/libraries/unixODBCDrivers/default.nix b/pkgs/development/libraries/unixODBCDrivers/default.nix index 958e417ca17ce..9b4173a6da139 100644 --- a/pkgs/development/libraries/unixODBCDrivers/default.nix +++ b/pkgs/development/libraries/unixODBCDrivers/default.nix @@ -157,7 +157,7 @@ ''; postFixup = '' - patchelf --set-rpath ${lib.makeLibraryPath [ unixODBC openssl.out libkrb5 libuuid stdenv.cc.cc ]} \ + patchelf --set-rpath ${lib.makeLibraryPath [ unixODBC openssl libkrb5 libuuid stdenv.cc.cc ]} \ $out/lib/libmsodbcsql-${versionMajor}.${versionMinor}.so.${versionAdditional} ''; diff --git a/pkgs/development/lisp-modules/quicklisp-to-nix-overrides.nix b/pkgs/development/lisp-modules/quicklisp-to-nix-overrides.nix index b68a2b2c2fb70..6b0e72032126b 100644 --- a/pkgs/development/lisp-modules/quicklisp-to-nix-overrides.nix +++ b/pkgs/development/lisp-modules/quicklisp-to-nix-overrides.nix @@ -64,7 +64,7 @@ in propagatedBuildInputs = [pkgs.openssl]; overrides = y: (x.overrides y) // { prePatch = '' - sed 's|libssl.so|${pkgs.openssl.out}/lib/libssl.so|' -i src/reload.lisp + sed 's|libssl.so|${pkgs.lib.getLib pkgs.openssl}/lib/libssl.so|' -i src/reload.lisp ''; }; }; diff --git a/pkgs/development/python-modules/bitcoinlib/default.nix b/pkgs/development/python-modules/bitcoinlib/default.nix index 71b032a34e49a..f3eb86c7bbb11 100644 --- a/pkgs/development/python-modules/bitcoinlib/default.nix +++ b/pkgs/development/python-modules/bitcoinlib/default.nix @@ -17,7 +17,7 @@ in buildPythonPackage rec { postPatch = '' substituteInPlace bitcoin/core/key.py --replace \ "ctypes.util.find_library('ssl') or 'libeay32'" \ - "'${openssl.out}/lib/libssl.${ext}'" + "'${lib.getLib openssl}/lib/libssl.${ext}'" ''; meta = { diff --git a/pkgs/development/python-modules/proton-client/default.nix b/pkgs/development/python-modules/proton-client/default.nix index 0f84f324dcf9d..01ebed36c72b7 100644 --- a/pkgs/development/python-modules/proton-client/default.nix +++ b/pkgs/development/python-modules/proton-client/default.nix @@ -34,7 +34,7 @@ buildPythonPackage rec { # but it is not working as intended. #patchPhase = '' # substituteInPlace proton/srp/_ctsrp.py --replace \ - # "ctypes.cdll.LoadLibrary('libssl.so.10')" "'${openssl.out}/lib/libssl.so'" + # "ctypes.cdll.LoadLibrary('libssl.so.10')" "'${lib.getLib openssl}/lib/libssl.so'" #''; # Regarding the issue above, I'm disabling tests for now doCheck = false; diff --git a/pkgs/development/python-modules/pycurl/default.nix b/pkgs/development/python-modules/pycurl/default.nix index 3585148b31c02..5b62b3bb016b9 100644 --- a/pkgs/development/python-modules/pycurl/default.nix +++ b/pkgs/development/python-modules/pycurl/default.nix @@ -27,7 +27,7 @@ buildPythonPackage rec { buildInputs = [ curl - openssl.out + openssl ]; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/telethon/default.nix b/pkgs/development/python-modules/telethon/default.nix index a7ee01105a674..137f6b136a78a 100644 --- a/pkgs/development/python-modules/telethon/default.nix +++ b/pkgs/development/python-modules/telethon/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { patchPhase = '' substituteInPlace telethon/crypto/libssl.py --replace \ - "ctypes.util.find_library('ssl')" "'${openssl.out}/lib/libssl.so'" + "ctypes.util.find_library('ssl')" "'${lib.getLib openssl}/lib/libssl.so'" ''; propagatedBuildInputs = [ diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix index ffe277582392d..fce57c0893e8e 100644 --- a/pkgs/development/r-modules/default.nix +++ b/pkgs/development/r-modules/default.nix @@ -1083,12 +1083,12 @@ let patchShebangs configure ''; PKGCONFIG_CFLAGS = "-I${pkgs.openssl.dev}/include"; - PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -lssl -lcrypto"; + PKGCONFIG_LIBS = "-Wl,-rpath,${lib.getLib pkgs.openssl}/lib -L${lib.getLib pkgs.openssl}/lib -lssl -lcrypto"; }); websocket = old.websocket.overrideDerivation (attrs: { PKGCONFIG_CFLAGS = "-I${pkgs.openssl.dev}/include"; - PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -lssl -lcrypto"; + PKGCONFIG_LIBS = "-Wl,-rpath,${lib.getLib pkgs.openssl}/lib -L${lib.getLib pkgs.openssl}/lib -lssl -lcrypto"; }); Rserve = old.Rserve.overrideDerivation (attrs: { @@ -1193,7 +1193,7 @@ let patchShebangs configure ''; PKGCONFIG_CFLAGS = "-I${pkgs.openssl.dev}/include -I${pkgs.cyrus_sasl.dev}/include -I${pkgs.zlib.dev}/include"; - PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz"; + PKGCONFIG_LIBS = "-Wl,-rpath,${lib.getLib pkgs.openssl}/lib -L${lib.getLib pkgs.openssl}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz"; }); ps = old.ps.overrideDerivation (attrs: { diff --git a/pkgs/development/tools/clpm/default.nix b/pkgs/development/tools/clpm/default.nix index 53fc548df53c6..c58079d0e876e 100644 --- a/pkgs/development/tools/clpm/default.nix +++ b/pkgs/development/tools/clpm/default.nix @@ -27,8 +27,8 @@ stdenv.mkDerivation rec { postPatch = '' # patch cl-plus-ssl to ensure that it finds libssl and libcrypto - sed 's|libssl.so|${openssl.out}/lib/libssl.so|' -i ext/cl-plus-ssl/src/reload.lisp - sed 's|libcrypto.so|${openssl.out}/lib/libcrypto.so|' -i ext/cl-plus-ssl/src/reload.lisp + sed 's|libssl.so|${lib.getLib openssl}/lib/libssl.so|' -i ext/cl-plus-ssl/src/reload.lisp + sed 's|libcrypto.so|${lib.getLib openssl}/lib/libcrypto.so|' -i ext/cl-plus-ssl/src/reload.lisp # patch dexador to avoid error due to dexador being loaded multiple times sed -i 's/defpackage/uiop:define-package/g' ext/dexador/src/dexador.lisp ''; diff --git a/pkgs/development/tools/database/prisma-engines/default.nix b/pkgs/development/tools/database/prisma-engines/default.nix index 18614291d587a..1ee35b515f629 100644 --- a/pkgs/development/tools/database/prisma-engines/default.nix +++ b/pkgs/development/tools/database/prisma-engines/default.nix @@ -33,7 +33,7 @@ rustPlatform.buildRustPackage rec { preBuild = '' export OPENSSL_DIR=${lib.getDev openssl} - export OPENSSL_LIB_DIR=${openssl.out}/lib + export OPENSSL_LIB_DIR=${lib.getLib openssl}/lib export PROTOC=${protobuf}/bin/protoc export PROTOC_INCLUDE="${protobuf}/include"; |