aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/certs.scm4
-rw-r--r--gnu/packages/patches/openssl-c-rehash.patch17
-rw-r--r--gnu/packages/tls.scm15
4 files changed, 34 insertions, 3 deletions
diff --git a/gnu-system.am b/gnu-system.am
index e98ae208a4..749d744621 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -567,6 +567,7 @@ dist_patch_DATA = \
gnu/packages/patches/nvi-db4.patch \
gnu/packages/patches/openexr-missing-samples.patch \
gnu/packages/patches/openssl-runpath.patch \
+ gnu/packages/patches/openssl-c-rehash.patch \
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
gnu/packages/patches/ots-no-include-missing-file.patch \
gnu/packages/patches/patchelf-page-size.patch \
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 0f5a105755..dd7d339794 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -26,6 +26,7 @@
#:use-module (gnu packages)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages python)
+ #:use-module (gnu packages perl)
#:use-module (gnu packages tls))
(define certdata2pem
@@ -76,7 +77,8 @@
(outputs '("out"))
(native-inputs
`(("certdata2pem" ,certdata2pem)
- ("openssl" ,openssl)))
+ ("openssl" ,openssl)
+ ("perl" ,perl))) ;for OpenSSL's 'c_rehash'
(inputs '())
(propagated-inputs '())
(arguments
diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch
new file mode 100644
index 0000000000..f873a9af23
--- /dev/null
+++ b/gnu/packages/patches/openssl-c-rehash.patch
@@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200
++++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++ & eval 'exec perl -wS "$0" $argv:q'
++ if 0;
+
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index e7baa52ec5..8b607dff33 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -195,7 +195,9 @@ required structures.")
(sha256
(base32
"1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
- (patches (list (search-patch "openssl-runpath.patch")))))
+ (patches (map search-patch
+ '("openssl-runpath.patch"
+ "openssl-c-rehash.patch")))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
@@ -255,7 +257,16 @@ required structures.")
(("/bin/sh")
(string-append bash "/bin/bash"))
(("/bin/rm")
- "rm"))))))))
+ "rm")))))
+ (add-after
+ 'install 'remove-miscellany
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; The 'misc' directory contains random undocumented shell and Perl
+ ;; scripts. Remove them to avoid retaining a reference on Perl.
+ (let ((out (assoc-ref outputs "out")))
+ (delete-file-recursively (string-append out "/share/openssl-"
+ ,version "/misc"))
+ #t))))))
(native-search-paths
;; FIXME: These two variables must designate a single file or directory
;; and are not actually "search paths." In practice it works OK in user