From 5a287e71022341abdd91f327d091348ab25ad390 Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Tue, 19 May 2020 21:44:04 +0200 Subject: [PATCH 1/6] libressl_3_1: init at 3.1.1 --- pkgs/development/libraries/libressl/default.nix | 5 +++++ pkgs/top-level/all-packages.nix | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 285d7b607e7..6a93ecb8e89 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -79,4 +79,9 @@ in { version = "3.0.2"; sha256 = "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"; }; + + libressl_3_1 = generic { + version = "3.1.1"; + sha256 = "006vnr14499fdsvyy0ddpvcn13habymfxxvmqk2aybispdgcximx"; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b92c8e91b5b..404beb50228 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14000,7 +14000,8 @@ in inherit (callPackages ../development/libraries/libressl { }) libressl_2_9 - libressl_3_0; + libressl_3_0 + libressl_3_1; libressl = libressl_3_0; From 79865f4d88c7ce7989de24ddc814326835538bf8 Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Tue, 19 May 2020 21:46:08 +0200 Subject: [PATCH 2/6] libressl_2_9: remove, not maintained anymore Stable LibreSSL releases are supported one year after their OpenBSD release. OpenBSD 6.5 with the 2.9 branch was released on 2019-05-01. --- pkgs/development/libraries/libressl/default.nix | 12 ------------ pkgs/top-level/all-packages.nix | 1 - 2 files changed, 13 deletions(-) diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 6a93ecb8e89..fa710f48275 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -63,18 +63,6 @@ let }; in { - - libressl_2_9 = generic { - version = "2.9.2"; - sha256 = "1m6mz515dcbrbnyz8hrpdfjzdmj1c15vbgnqxdxb89g3z9kq3iy4"; - patches = stdenv.lib.optional stdenv.hostPlatform.isMusl [ - (fetchpatch { - url = "https://github.com/libressl-portable/portable/pull/529/commits/a747aacc23607c993cc481378782b2c7dd5bc53b.patch"; - sha256 = "0wbrcscdkjpk4mhh7f3saghi4smia4lhf7fl6la3ahhgx1krn5zm"; - }) - ]; - }; - libressl_3_0 = generic { version = "3.0.2"; sha256 = "13ir2lpxz8y1m151k7lrx306498nzfhwlvgkgv97v5cvywmifyyz"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 404beb50228..1ac1dd81812 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13999,7 +13999,6 @@ in openvdb = callPackage ../development/libraries/openvdb {}; inherit (callPackages ../development/libraries/libressl { }) - libressl_2_9 libressl_3_0 libressl_3_1; From e0cc9f323615abb79f797d424d20aa5635532ee2 Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Tue, 19 May 2020 21:48:38 +0200 Subject: [PATCH 3/6] libressl: switch to 3.1 branch It is the latest now, let's default to it. 3.0 will still be supported until October, when OpenBSD 6.6 turns one year old. Also add reminder to use the latest version, as suggested by doronbehar. --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1ac1dd81812..701e329a9df 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14002,7 +14002,9 @@ in libressl_3_0 libressl_3_1; - libressl = libressl_3_0; + # Please keep this pointed to the latest version. See also + # https://discourse.nixos.org/t/nixpkgs-policy-regarding-libraries-available-in-multiple-versions/7026/2 + libressl = libressl_3_1; boringssl = callPackage ../development/libraries/boringssl { }; From fd3f22f35d214c99c21e0f15f37ad79d93a6643c Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Mon, 25 May 2020 23:55:43 +0200 Subject: [PATCH 4/6] libressl_3_1: 3.1.1 -> 3.1.2 --- pkgs/development/libraries/libressl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index fa710f48275..fc797cf3288 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -69,7 +69,7 @@ in { }; libressl_3_1 = generic { - version = "3.1.1"; - sha256 = "006vnr14499fdsvyy0ddpvcn13habymfxxvmqk2aybispdgcximx"; + version = "3.1.2"; + sha256 = "14nqg34yc9bm64hz96hhlvm00gwn2acjs0hcwhs9l50plrz2z2pq"; }; } From 92f080181b98c1da20f8603889460af3ffa0bc6c Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Tue, 26 May 2020 19:19:16 +0200 Subject: [PATCH 5/6] wasm-pack: depend on libressl_3_0 explicitly The application is incompatible with LibreSSL 3.1 because rust-openssl has a compile-time check for supported LibreSSL versions, and the version of rust-openssl that wasm-pack depends on does not yet support LibreSSL 3.1. --- pkgs/top-level/all-packages.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 701e329a9df..0faed60f5c7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26254,6 +26254,9 @@ in wasmer = callPackage ../development/interpreters/wasmer { }; wasm-pack = callPackage ../development/tools/wasm-pack { + # Wasm-pack depends on a version of rust-openssl which is incompatible with + # LibreSSL 3.1, so we explicitly opt for the older version. + libressl = libressl_3_0; inherit (darwin.apple_sdk.frameworks) Security; }; From 7903e4b4e04258eb224d1c3b78e5ae0d8e971354 Mon Sep 17 00:00:00 2001 From: Ruud van Asseldonk Date: Tue, 16 Jun 2020 21:01:49 +0200 Subject: [PATCH 6/6] libressl_3_1: 3.1.2 -> 3.1.3 --- pkgs/development/libraries/libressl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index fc797cf3288..bb9fb777289 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -69,7 +69,7 @@ in { }; libressl_3_1 = generic { - version = "3.1.2"; - sha256 = "14nqg34yc9bm64hz96hhlvm00gwn2acjs0hcwhs9l50plrz2z2pq"; + version = "3.1.3"; + sha256 = "184znscbkww65aavy2p4v4xncalp1ni19c2w5yvfq4pnmhb06sy7"; }; }