blob: f30ead30b3bb2f6d52d115e4e5353413944a542b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
{ stdenv, fetchurl, lib, cmake }:
let
generic = { version, sha256 }: stdenv.mkDerivation rec {
name = "libressl-${version}";
inherit version;
src = fetchurl {
url = "mirror://openbsd/LibreSSL/${name}.tar.gz";
inherit sha256;
};
nativeBuildInputs = [ cmake ];
cmakeFlags = [ "-DENABLE_NC=ON" "-DBUILD_SHARED_LIBS=ON" ];
# The autoconf build is broken as of 2.9.1, resulting in the following error:
# libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'.
# Fortunately LibreSSL provides a CMake build as well, so opt for CMake by
# removing ./configure pre-config.
preConfigure = ''
rm configure
'';
# Ensure that the output libraries do not require an executable stack.
# Without this, libcrypto would be built with the executable stack flag set.
# For GCC the flag is '-z noexecstack'. Clang, which is used on Darwin,
# expects '--noexecstack'. Execstack is an ELF thing, so it is not needed
# on Darwin.
NIX_LDFLAGS = if stdenv.isDarwin
then []
else ["-z" "noexecstack"];
enableParallelBuilding = true;
outputs = [ "bin" "dev" "out" "man" "nc" ];
postFixup = ''
moveToOutput "bin/nc" "$nc"
moveToOutput "bin/openssl" "$bin"
moveToOutput "bin/ocspcheck" "$bin"
moveToOutput "share/man/man1/nc.1${lib.optionalString (dontGzipMan==null) ".gz"}" "$nc"
'';
dontGzipMan = if stdenv.isDarwin then true else null; # not sure what's wrong
meta = with lib; {
description = "Free TLS/SSL implementation";
homepage = "https://www.libressl.org";
license = with licenses; [ publicDomain bsdOriginal bsd0 bsd3 gpl3 isc openssl ];
platforms = platforms.all;
maintainers = with maintainers; [ thoughtpolice fpletz globin ];
};
};
in {
libressl_2_8 = generic {
version = "2.8.3";
sha256 = "0xw4z4z6m7lyf1r4m2w2w1k7as791c04ygnfk4d7d0ki0h9hnr4v";
};
libressl_2_9 = generic {
version = "2.9.2";
sha256 = "1m6mz515dcbrbnyz8hrpdfjzdmj1c15vbgnqxdxb89g3z9kq3iy4";
};
}
|