From 044f771d593bacc97c56cdfe046f527cd3a30184 Mon Sep 17 00:00:00 2001 From: Dima Date: Tue, 10 Sep 2019 00:01:59 +0200 Subject: [PATCH] libressl: fixing nc for version>=2.9 This addresses https://github.com/NixOS/nixpkgs/issues/68286 When `-R` (CA file location) is not specified, nc tries to fall back to a default location. In 2.8 this was still configurable at compile time, but was changed somewhere after. This replaces `/etc/ssl/cert.pem` with `${cacert}/etc/ssl/cert.pem` in the code directly. For a discussion of this, see https://github.com/NixOS/nixpkgs/pull/68456 --- pkgs/development/libraries/libressl/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 71b8d2bb20e..4bfa6cd0b8e 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, lib, cmake }: +{ stdenv, fetchurl, lib, cmake, cacert }: let @@ -31,6 +31,12 @@ let rm configure ''; + # Since 2.9.x the default location can't be configured from the build using + # DEFAULT_CA_FILE anymore, instead we have to patch the default value. + postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") '' + substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"' + ''; + enableParallelBuilding = true; outputs = [ "bin" "dev" "out" "man" "nc" ];