monit: cross-compile, and make openssl optional
Upstream Monit optionally uses OpenSSL to provide TLS support in its builtin admin web server. Being able to turn off SSL in Nixpkgs' monit derivation makes it much easier to build Monit on embedded systems. Security implication: if you choose not to build in openssl then you should probably configure Monit to allow access only from localhost.
This commit is contained in:
parent
e27ad00f85
commit
9cdb7fe722
|
@ -1,5 +1,7 @@
|
|||
{stdenv, fetchurl, openssl, bison, flex, pam, zlib, usePAM ? stdenv.isLinux }:
|
||||
|
||||
{stdenv, fetchurl, openssl, bison, flex, pam, zlib, usePAM ? stdenv.isLinux
|
||||
, buildPlatform, hostPlatform }:
|
||||
let useSSL = (openssl != null);
|
||||
isCross = ( buildPlatform != hostPlatform ) ; in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "monit-5.23.0";
|
||||
|
||||
|
@ -9,12 +11,19 @@ stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
nativeBuildInputs = [ bison flex ];
|
||||
buildInputs = [ openssl zlib.dev ] ++ stdenv.lib.optionals usePAM [ pam ];
|
||||
buildInputs = [ zlib.dev ] ++
|
||||
stdenv.lib.optionals useSSL [ openssl ] ++
|
||||
stdenv.lib.optionals usePAM [ pam ];
|
||||
|
||||
configureFlags = [
|
||||
"--with-ssl-incl-dir=${openssl.dev}/include"
|
||||
"--with-ssl-lib-dir=${openssl.out}/lib"
|
||||
] ++ stdenv.lib.optionals (! usePAM) [ "--without-pam" ];
|
||||
configureFlags =
|
||||
if useSSL then [
|
||||
"--with-ssl-incl-dir=${openssl.dev}/include"
|
||||
"--with-ssl-lib-dir=${openssl.out}/lib"
|
||||
] else [ "--without-ssl" ] ++
|
||||
stdenv.lib.optionals (! usePAM) [ "--without-pam" ] ++
|
||||
# will need to check both these are true for musl
|
||||
stdenv.lib.optionals isCross [ "libmonit_cv_setjmp_available=yes"
|
||||
"libmonit_cv_vsnprintf_c99_conformant=yes"];
|
||||
|
||||
meta = {
|
||||
homepage = http://mmonit.com/monit/;
|
||||
|
|
Loading…
Reference in New Issue