remove gnutls

2021-12-23 18:22:55 +01:00 · 2021-12-23 18:22:55 +01:00 · 8bb9fd1f3f
parent 347a0f1a82
commit 8bb9fd1f3f
5 changed files with 0 additions and 315 deletions
--- a/default.nix
+++ b/default.nix
@ -9,12 +9,6 @@ self: super:

  gintro = super.callPackage ./pkgs/nim-packages/gintro/default.nix { };

-  gnutls-latest = super.callPackage ./pkgs/gnutls/default.nix {
-    inherit (super.darwin.apple_sdk.frameworks) Security;
-    util-linux = super.util-linuxMinimal; # break the cyclic dependency
-    autoconf = super.buildPackages.autoconf269;
-  };
-
  gnutls-latest-debug = super.enableDebugging self.gnutls-latest;

  groupchat = super.callPackage ./pkgs/nim-packages/groupchat.nix { };
--- a/pkgs/gnutls/default.nix
+++ b/pkgs/gnutls/default.nix
@ -1,119 +0,0 @@
-{ config, lib, stdenv, fetchurl, zlib, lzo, libtasn1, nettle, pkg-config, lzip
-, perl, gmp, autoconf, automake, libidn, p11-kit, libiconv
-, unbound, dns-root-data, gettext, cacert, util-linux
-, guileBindings ? config.gnutls.guile or false, guile
-, tpmSupport ? false, trousers, which, nettools, libunistring
-, withSecurity ? false, Security  # darwin Security.framework
-}:
-
-assert guileBindings -> guile != null;
-let
-
-  # XXX: Gnulib's `test-select' fails on FreeBSD:
-  # https://hydra.nixos.org/build/2962084/nixlog/1/raw .
-  doCheck = !stdenv.isFreeBSD && !stdenv.isDarwin
-      && stdenv.buildPlatform == stdenv.hostPlatform;
-
-  inherit (stdenv.hostPlatform) isDarwin;
-in
-
-stdenv.mkDerivation rec {
-  pname = "gnutls";
-  version = "3.7.2";
-
-  src = fetchurl {
-    url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
-    sha256 = "646e6c5a9a185faa4cea796d378a1ba8e1148dbb197ca6605f95986a25af2752";
-  };
-
-  outputs = [ "bin" "dev" "out" "man" "devdoc" ];
-  # Not normally useful docs.
-  outputInfo = "devdoc";
-  outputDoc  = "devdoc";
-
-  patches = [ ./nix-ssl-cert-file.patch ]
-    # Disable native add_system_trust.
-    ++ lib.optional (isDarwin && !withSecurity) ./no-security-framework.patch;
-
-  # Skip some tests:
-  #  - pkg-config: building against the result won't work before installing (3.5.11)
-  #  - fastopen: no idea; it broke between 3.6.2 and 3.6.3 (3437fdde6 in particular)
-  #  - trust-store: default trust store path (/etc/ssl/...) is missing in sandbox (3.5.11)
-  #  - psk-file: no idea; it broke between 3.6.3 and 3.6.4
-  # Change p11-kit test to use pkg-config to find p11-kit
-  postPatch = ''
-    sed '2iexit 77' -i tests/{pkgconfig,fastopen}.sh
-    sed '/^void doit(void)/,/^{/ s/{/{ exit(77);/' -i tests/{trust-store,psk-file}.c
-    sed 's:/usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/:`pkg-config --variable=p11_module_path p11-kit-1`:' -i tests/p11-kit-trust.sh
-  '' + lib.optionalString stdenv.hostPlatform.isMusl '' # See https://gitlab.com/gnutls/gnutls/-/issues/945
-    sed '2iecho "certtool tests skipped in musl build"\nexit 0' -i tests/cert-tests/certtool.sh
-  '';
-
-  preConfigure = "patchShebangs .";
-  configureFlags =
-    lib.optional stdenv.isLinux "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt"
-  ++ [
-    "--disable-dependency-tracking"
-    "--enable-fast-install"
-    "--with-unbound-root-key-file=${dns-root-data}/root.key"
-  ] ++ lib.optional guileBindings [
-    "--enable-guile"
-    "--with-guile-site-dir=\${out}/share/guile/site"
-    "--with-guile-site-ccache-dir=\${out}/share/guile/site"
-    "--with-guile-extension-dir=\${out}/share/guile/site"
-  ];
-
-  enableParallelBuilding = true;
-
-  buildInputs = [ lzo lzip libtasn1 libidn p11-kit zlib gmp libunistring unbound gettext libiconv ]
-    ++ lib.optional (isDarwin && withSecurity) Security
-    ++ lib.optional (tpmSupport && stdenv.isLinux) trousers
-    ++ lib.optional guileBindings guile;
-
-  nativeBuildInputs = [ perl pkg-config ]
-    ++ lib.optionals (isDarwin && !withSecurity) [ autoconf automake ]
-    ++ lib.optionals doCheck [ which nettools util-linux ];
-
-  propagatedBuildInputs = [ nettle ];
-
-  inherit doCheck;
-  # stdenv's `NIX_SSL_CERT_FILE=/no-cert-file.crt` broke tests with:
-  #   Error setting the x509 trust file: Error while reading file.
-  checkInputs = [ cacert ];
-
-  # Fixup broken libtool and pkg-config files
-  preFixup = lib.optionalString (!isDarwin) ''
-    sed ${lib.optionalString tpmSupport "-e 's,-ltspi,-L${trousers}/lib -ltspi,'"} \
-        -e 's,-lz,-L${zlib.out}/lib -lz,' \
-        -e 's,-L${gmp.dev}/lib,-L${gmp.out}/lib,' \
-        -e 's,-lgmp,-L${gmp.out}/lib -lgmp,' \
-        -i $out/lib/*.la "$dev/lib/pkgconfig/gnutls.pc"
-  '' + ''
-    # It seems only useful for static linking but basically noone does that.
-    substituteInPlace "$out/lib/libgnutls.la" \
-      --replace "-lunistring" ""
-  '';
-
-  meta = with lib; {
-    description = "The GNU Transport Layer Security Library";
-
-    longDescription = ''
-       GnuTLS is a project that aims to develop a library which
-       provides a secure layer, over a reliable transport
-       layer. Currently the GnuTLS library implements the proposed standards by
-       the IETF's TLS working group.
-
-       Quoting from the TLS protocol specification:
-
-       "The TLS protocol provides communications privacy over the
-       Internet. The protocol allows client/server applications to
-       communicate in a way that is designed to prevent eavesdropping,
-       tampering, or message forgery."
-    '';
-
-    homepage = "https://gnutls.org/";
-    license = licenses.lgpl21Plus;
-    maintainers = with maintainers; [ eelco fpletz ];
-    platforms = platforms.all;
-  };
-}
--- a/pkgs/gnutls/fix-gnulib-tests-arm.patch
+++ b/pkgs/gnutls/fix-gnulib-tests-arm.patch
@ -1,45 +0,0 @@
->From 175e0bc72808d564074c4adcc72aeadb74adfcc6 Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Thu, 27 Aug 2020 17:52:58 -0700
-Subject: [PATCH] perror, strerror_r: remove unportable tests
-
-Problem reported by Florian Weimer in:
-https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
-* tests/test-perror2.c (main):
-* tests/test-strerror_r.c (main): Omit unportable tests.
---
- tests/test-perror2.c    | 3 ---
- tests/test-strerror_r.c | 3 ---
- 2 files changed, 6 deletions(-)
-
-diff --git a/gl/tests/test-perror2.c b/gl/tests/test-perror2.c
-index 1d14eda7b..c6214dd25 100644
--- a/gl/tests/test-perror2.c
-+++ b/gl/tests/test-perror2.c
-@@ -79,9 +79,6 @@ main (void)
-     errno = -5;
-     perror ("");
-     ASSERT (!ferror (stderr));
-    ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
-    ASSERT (msg2 == msg4 || STREQ (msg2, str2));
-    ASSERT (msg3 == msg4 || STREQ (msg3, str3));
-     ASSERT (STREQ (msg4, str4));
- 
-     free (str1);
-diff --git a/gl/tests/test-strerror_r.c b/gl/tests/test-strerror_r.c
-index b11d6fd9f..c1dbcf837 100644
--- a/gl/tests/test-strerror_r.c
-+++ b/gl/tests/test-strerror_r.c
-@@ -165,9 +165,6 @@ main (void)
- 
-     strerror_r (EACCES, buf, sizeof buf);
-     strerror_r (-5, buf, sizeof buf);
-    ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
-    ASSERT (msg2 == msg4 || STREQ (msg2, str2));
-    ASSERT (msg3 == msg4 || STREQ (msg3, str3));
-     ASSERT (STREQ (msg4, str4));
- 
-     free (str1);
-- 
-2.17.1
-
--- a/pkgs/gnutls/nix-ssl-cert-file.patch
+++ b/pkgs/gnutls/nix-ssl-cert-file.patch
@ -1,19 +0,0 @@
-allow overriding system trust store location via $NIX_SSL_CERT_FILE
-
-diff --git a/lib/system/certs.c b/lib/system/certs.c
-index 611c645..6ef6edb 100644
--- a/lib/system/certs.c
-+++ b/lib/system/certs.c
-@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
- 					unsigned int tl_flags,
- 					unsigned int tl_vflags)
- {
-	return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags);
-+	tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES;
-+	const char *file = secure_getenv("NIX_SSL_CERT_FILE");
-+	return file
-+		? gnutls_x509_trust_list_add_trust_file(
-+			list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags)
-+		: add_system_trust(list, tl_flags, tl_vflags);
- }
- 
--- a/pkgs/gnutls/no-security-framework.patch
+++ b/pkgs/gnutls/no-security-framework.patch
@ -1,126 +0,0 @@
-commit 9bcdde1ab9cdff6a4471f9a926dd488ab70c7247
-Author: Daiderd Jordan <daiderd@gmail.com>
-Date:   Mon Apr 22 16:38:27 2019 +0200
-
-    Revert "gnutls_x509_trust_list_add_system_trust: Add macOS keychain support"
-    
-    This reverts commit c0eb46d3463cd21b3f822ac377ff37f067f66b8d.
-
-diff --git a/configure.ac b/configure.ac
-index 8ad597bfd..8d14f26cd 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -781,7 +781,7 @@ dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.
- AC_ARG_WITH([default-trust-store-file],
-   [AS_HELP_STRING([--with-default-trust-store-file=FILE],
-     [use the given file default trust store])], with_default_trust_store_file="$withval",
-  [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then
-+  [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then
-   for i in \
-     /etc/ssl/ca-bundle.pem \
-     /etc/ssl/certs/ca-certificates.crt \
-diff --git a/lib/Makefile.am b/lib/Makefile.am
-index fe9cf63a2..745695f7e 100644
--- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -203,10 +203,6 @@ if WINDOWS
- thirdparty_libadd += -lcrypt32
- endif
- 
-if MACOSX
-libgnutls_la_LDFLAGS += -framework Security -framework CoreFoundation
-endif
-
- libgnutls_la_LIBADD += $(thirdparty_libadd)
- 
- # C++ library
-diff --git a/lib/system/certs.c b/lib/system/certs.c
-index 611c645e0..912b0aa5e 100644
--- a/lib/system/certs.c
-+++ b/lib/system/certs.c
-@@ -44,12 +44,6 @@
- # endif
- #endif
- 
-#ifdef __APPLE__
-# include <CoreFoundation/CoreFoundation.h>
-# include <Security/Security.h>
-# include <Availability.h>
-#endif
-
- /* System specific function wrappers for certificate stores.
-  */
- 
-@@ -276,72 +270,6 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
- 
- 	return r;
- }
-#elif defined(__APPLE__) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
-static
-int osstatus_error(status)
-{
-	CFStringRef err_str = SecCopyErrorMessageString(status, NULL);
-	_gnutls_debug_log("Error loading system root certificates: %s\n",
-			  CFStringGetCStringPtr(err_str, kCFStringEncodingUTF8));
-	CFRelease(err_str);
-	return GNUTLS_E_FILE_ERROR;
-}
-
-static
-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
-		     unsigned int tl_vflags)
-{
-	int r=0;
-
-	SecTrustSettingsDomain domain[] = { kSecTrustSettingsDomainUser,
-					    kSecTrustSettingsDomainAdmin,
-					    kSecTrustSettingsDomainSystem };
-	for (size_t d=0; d<sizeof(domain)/sizeof(*domain); d++) {
-		CFArrayRef certs = NULL;
-		OSStatus status = SecTrustSettingsCopyCertificates(domain[d],
-								   &certs);
-		if (status == errSecNoTrustSettings)
-			continue;
-		if (status != errSecSuccess)
-			return osstatus_error(status);
-
-		int cert_count = CFArrayGetCount(certs);
-		for (int i=0; i<cert_count; i++) {
-			SecCertificateRef cert =
-				(void*)CFArrayGetValueAtIndex(certs, i);
-			CFDataRef der;
-			status = SecItemExport(cert, kSecFormatX509Cert, 0,
-					       NULL, &der);
-			if (status != errSecSuccess) {
-				CFRelease(der);
-				CFRelease(certs);
-				return osstatus_error(status);
-			}
-
-			if (gnutls_x509_trust_list_add_trust_mem(list,
-								 &(gnutls_datum_t) {
-									.data = (void*)CFDataGetBytePtr(der),
-									.size = CFDataGetLength(der),
-								 },
-								 NULL,
-			                                         GNUTLS_X509_FMT_DER,
-								 tl_flags,
-								 tl_vflags) > 0)
-				r++;
-			CFRelease(der);
-		}
-		CFRelease(certs);
-	}
-
-#ifdef DEFAULT_BLACKLIST_FILE
-	ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
-	if (ret < 0) {
-		_gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
-	}
-#endif
-
-	return r;
-}
- #else
- 
- #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE