From bf71eac7b03b5dd3043385496b13c6e8065f1555 Mon Sep 17 00:00:00 2001
From: Christian Ulrich <christian@ulrich.earth>
Date: Sat, 24 Jul 2021 15:52:40 +0200
Subject: [PATCH] update gnutls to 3.7.2; rename to gnutls-latest to avoid
 global usage

---
 default.nix             |  7 ++++---
 pkgs/gnutls/default.nix | 20 ++++++++------------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/default.nix b/default.nix
index 113ec16..37aa08a 100644
--- a/default.nix
+++ b/default.nix
@@ -9,12 +9,13 @@ self: super:
 
   gintro = super.callPackage ./pkgs/nim-packages/gintro/default.nix { };
 
-  gnutls = super.callPackage ./pkgs/gnutls/default.nix {
+  gnutls-latest = super.callPackage ./pkgs/gnutls/default.nix {
     inherit (super.darwin.apple_sdk.frameworks) Security;
-    util-linux = super.utillinuxMinimal; # break the cyclic dependency
+    util-linux = super.util-linuxMinimal; # break the cyclic dependency
+    autoconf = super.buildPackages.autoconf269;
   };
 
-  #gnutls-debug = super.enableDebugging self.gnutls;
+  gnutls-latest-debug = super.enableDebugging self.gnutls;
 
   groupchat = super.callPackage ./pkgs/nim-packages/groupchat.nix { };
 
diff --git a/pkgs/gnutls/default.nix b/pkgs/gnutls/default.nix
index d3000be..4c40949 100644
--- a/pkgs/gnutls/default.nix
+++ b/pkgs/gnutls/default.nix
@@ -8,23 +8,22 @@
 
 assert guileBindings -> guile != null;
 let
-  version = "3.7.2";
 
   # XXX: Gnulib's `test-select' fails on FreeBSD:
   # https://hydra.nixos.org/build/2962084/nixlog/1/raw .
-  doCheck = !stdenv.isFreeBSD && !stdenv.isDarwin && lib.versionAtLeast version "3.4"
+  doCheck = !stdenv.isFreeBSD && !stdenv.isDarwin
       && stdenv.buildPlatform == stdenv.hostPlatform;
 
   inherit (stdenv.hostPlatform) isDarwin;
 in
 
-stdenv.mkDerivation {
-  name = "gnutls-${version}";
-  inherit version;
+stdenv.mkDerivation rec {
+  pname = "gnutls";
+  version = "3.7.2";
 
   src = fetchurl {
-    url = "mirror://gnupg/gnutls/v3.7/gnutls-${version}.tar.xz";
-    sha256 = "0li7mwjnm64mbxhacz0rpf6i9qd83f53fvbrx96alpqqk9d6qvk4";
+    url = "mirror://gnupg/gnutls/v${lib.versions.majorMinor version}/gnutls-${version}.tar.xz";
+    sha256 = "646e6c5a9a185faa4cea796d378a1ba8e1148dbb197ca6605f95986a25af2752";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
@@ -42,7 +41,7 @@ stdenv.mkDerivation {
   #  - trust-store: default trust store path (/etc/ssl/...) is missing in sandbox (3.5.11)
   #  - psk-file: no idea; it broke between 3.6.3 and 3.6.4
   # Change p11-kit test to use pkg-config to find p11-kit
-  postPatch = lib.optionalString (lib.versionAtLeast version "3.6") ''
+  postPatch = ''
     sed '2iexit 77' -i tests/{pkgconfig,fastopen}.sh
     sed '/^void doit(void)/,/^{/ s/{/{ exit(77);/' -i tests/{trust-store,psk-file}.c
     sed 's:/usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/:`pkg-config --variable=p11_module_path p11-kit-1`:' -i tests/p11-kit-trust.sh
@@ -50,9 +49,6 @@ stdenv.mkDerivation {
     sed '2iecho "certtool tests skipped in musl build"\nexit 0' -i tests/cert-tests/certtool.sh
   '';
 
-  hardeningDisable = [ "fortify" ];
-  dontStrip = true;
-
   preConfigure = "patchShebangs .";
   configureFlags =
     lib.optional stdenv.isLinux "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt"
@@ -115,7 +111,7 @@ stdenv.mkDerivation {
        tampering, or message forgery."
     '';
 
-    homepage = "https://www.gnu.org/software/gnutls/";
+    homepage = "https://gnutls.org/";
     license = licenses.lgpl21Plus;
     maintainers = with maintainers; [ eelco fpletz ];
     platforms = platforms.all;