gnu: OpenSSL: Add 3.0.

* gnu/packages/tls.scm (openssl-3.0): New variable.
* gnu/packages/patches/openssl-3.0-c-rehash-in.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.

3 files changed, 48 insertions, 1 deletions

diff --git a/gnu/local.mk b/gnu/local.mk
index 898e8e92e3..4822e8e250 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1579,6 +1579,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/opensles-add-license-file.patch			\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1-c-rehash-in.patch		\
+  %D%/packages/patches/openssl-3.0-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/openssl-CVE-2019-1559.patch		\
   %D%/packages/patches/open-zwave-hidapi.patch			\
diff --git a/gnu/packages/patches/openssl-3.0-c-rehash-in.patch b/gnu/packages/patches/openssl-3.0-c-rehash-in.patch
new file mode 100644
index 0000000000..6871e9348c
--- /dev/null
+++ b/gnu/packages/patches/openssl-3.0-c-rehash-in.patch
@@ -0,0 +1,18 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,4 +1,6 @@
+-#!{- $config{HASHBANGPERL} -}
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ {- use OpenSSL::Util; -}
+ # {- join("\n# ", @autowarntext) -}
+ # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d5b42c58a0..cf3663ae7d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017, 2018, 2019, 2020, 2021 Marius Bakke <marius@gnu.org>
+;;; Copyright © 2017-2022 Marius Bakke <marius@gnu.org>
 ;;; Copyright © 2017–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
@@ -528,6 +528,34 @@ OpenSSL for TARGET."
                (base32
                 "15kcvdi69jka67sk1l3a50c26cb7xv9xiwdrgky4bji3ifz9k4gq"))))))
 
+(define-public openssl-3.0
+  (package
+    (inherit openssl)
+    (version "3.0.1")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/"
+                                        "openssl-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (patches (search-patches "openssl-3.0-c-rehash-in.patch"))
+              (sha256
+               (base32
+                "1l86kgn57av5yh711qp7c9zmi2haqmiah0ddxnbfgg2k6f2ss4f3"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments openssl)
+       ((#:phases phases '%standard-phases)
+        #~(modify-phases #$phases
+            (add-before 'configure 'configure-perl
+              (lambda* (#:key native-inputs inputs #:allow-other-keys)
+                (setenv "HASHBANGPERL"
+                        (search-input-file (or native-inputs inputs)
+                                           "/bin/perl"))))))))
+    (license license:asl2.0)))
+
 ;; We will not add any new uses of this package. If you add new code that uses
 ;; this package, your change will be reverted!
 ;;