diff options
-rw-r--r-- | gnu-system.am | 1 | ||||
-rw-r--r-- | gnu/packages/certs.scm | 4 | ||||
-rw-r--r-- | gnu/packages/patches/openssl-c-rehash.patch | 17 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 15 |
4 files changed, 34 insertions, 3 deletions
diff --git a/gnu-system.am b/gnu-system.am index e98ae208a4..749d744621 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -567,6 +567,7 @@ dist_patch_DATA = \ gnu/packages/patches/nvi-db4.patch \ gnu/packages/patches/openexr-missing-samples.patch \ gnu/packages/patches/openssl-runpath.patch \ + gnu/packages/patches/openssl-c-rehash.patch \ gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ gnu/packages/patches/ots-no-include-missing-file.patch \ gnu/packages/patches/patchelf-page-size.patch \ diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 0f5a105755..dd7d339794 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -26,6 +26,7 @@ #:use-module (gnu packages) #:use-module (gnu packages gnuzilla) #:use-module (gnu packages python) + #:use-module (gnu packages perl) #:use-module (gnu packages tls)) (define certdata2pem @@ -76,7 +77,8 @@ (outputs '("out")) (native-inputs `(("certdata2pem" ,certdata2pem) - ("openssl" ,openssl))) + ("openssl" ,openssl) + ("perl" ,perl))) ;for OpenSSL's 'c_rehash' (inputs '()) (propagated-inputs '()) (arguments diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch new file mode 100644 index 0000000000..f873a9af23 --- /dev/null +++ b/gnu/packages/patches/openssl-c-rehash.patch @@ -0,0 +1,17 @@ +This patch removes the explicit reference to the 'perl' binary, +such that OpenSSL does not retain a reference to Perl. + +The 'c_rehash' program is seldom used, but it is used nonetheless +to create symbolic links to certificates, for instance in the 'nss-certs' +package. + +--- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200 ++++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200 +@@ -1,4 +1,6 @@ +-#!/usr/bin/perl ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; + + # Perl c_rehash script, scan all files in a directory + # and add symbolic links to their hash values. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e7baa52ec5..8b607dff33 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -195,7 +195,9 @@ required structures.") (sha256 (base32 "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737")) - (patches (list (search-patch "openssl-runpath.patch"))))) + (patches (map search-patch + '("openssl-runpath.patch" + "openssl-c-rehash.patch"))))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -255,7 +257,16 @@ required structures.") (("/bin/sh") (string-append bash "/bin/bash")) (("/bin/rm") - "rm")))))))) + "rm"))))) + (add-after + 'install 'remove-miscellany + (lambda* (#:key outputs #:allow-other-keys) + ;; The 'misc' directory contains random undocumented shell and Perl + ;; scripts. Remove them to avoid retaining a reference on Perl. + (let ((out (assoc-ref outputs "out"))) + (delete-file-recursively (string-append out "/share/openssl-" + ,version "/misc")) + #t)))))) (native-search-paths ;; FIXME: These two variables must designate a single file or directory ;; and are not actually "search paths." In practice it works OK in user |