commit 2580440389de71ae590fbb3b9cfeee8a8743eebb · pyrox.dev/nixpkgs

+17

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

···

       631
       631
        
             </listitem>

     

       632
       632
        
             <listitem>

     

       633
       633
        
               <para>

     

       634
       634
       +
                 The <literal>openssl</literal>-extension for the PHP

     

       635
       635
       +
                 interpreter used by Nextcloud is built against OpenSSL 1.1 if

     

       636
       636
       +
                 <xref linkend="opt-system.stateVersion" /> is below

     

       637
       637
       +
                 <literal>22.11</literal>. This is to make sure that people

     

       638
       638
       +
                 using

     

       639
       639
       +
                 <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side

     

       640
       640
       +
                 encryption</link> don’t loose access to their files.

     

       641
       641
       +
               </para>

     

       642
       642
       +
               <para>

     

       643
       643
       +
                 In any other case it’s safe to use OpenSSL 3 for PHP’s openssl

     

       644
       644
       +
                 extension. This can be done by setting

     

       645
       645
       +
                 <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />

     

       646
       646
       +
                 to <literal>false</literal>.

     

       647
       647
       +
               </para>

     

       648
       648
       +
             </listitem>

     

       649
       649
       +
             <listitem>

     

       650
       650
       +
               <para>

     

       634
       651
        
                 The <literal>coq</literal> package and versioned variants

     

       635
       652
        
                 starting at <literal>coq_8_14</literal> no longer include

     

       636
       653
        
                 CoqIDE, which is now available through

nixos/doc/manual/release-notes/rl-2211.section.md

···

       204
       204
        
       

     

       205
       205
        
       - The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.

     

       206
       206
        
       

     

       207
       207
       +
       - The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if

     

       208
       208
       +
         [](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)

     

       209
       209
       +
         don't loose access to their files.

     

       210
       210
       +
       

     

       211
       211
       +
         In any other case it's safe to use OpenSSL 3 for PHP's openssl extension. This can be done by setting

     

       212
       212
       +
         [](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`.

     

       213
       213
       +
       

     

       207
       214
        
       - The `coq` package and versioned variants starting at `coq_8_14` no

     

       208
       215
        
         longer include CoqIDE, which is now available through

     

       209
       216
        
         `coqPackages.coqide`. It is still possible to get CoqIDE as part of

+57 -1

nixos/modules/services/web-apps/nextcloud.nix

···

       13
       13
        
         phpPackage = cfg.phpPackage.buildEnv {

     

       14
       14
        
           extensions = { enabled, all }:

     

       15
       15
        
             (with all;

     

       16
       16
       -
               enabled

     

       16
       16
       +
               # disable default openssl extension

     

       17
       17
       +
               (lib.filter (e: e.pname != "php-openssl") enabled)

     

       18
       18
       +
               # use OpenSSL 1.1 for RC4 Nextcloud encryption if user

     

       19
       19
       +
               # has acknowledged the brokeness of the ciphers (RC4).

     

       20
       20
       +
               # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.

     

       21
       21
       +
               ++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ])

     

       17
       22
        
               ++ optional cfg.enableImagemagick imagick

     

       18
       23
        
               # Optionally enabled depending on caching settings

     

       19
       24
        
               ++ optional cfg.caching.apcu apcu

     
···

       80
       85
        
       

     

       81
       86
        
         options.services.nextcloud = {

     

       82
       87
        
           enable = mkEnableOption (lib.mdDoc "nextcloud");

     

       88
       88
       +
       

     

       89
       89
       +
           enableBrokenCiphersForSSE = mkOption {

     

       90
       90
       +
             type = types.bool;

     

       91
       91
       +
             default = versionOlder stateVersion "22.11";

     

       92
       92
       +
             defaultText = literalExpression "versionOlder system.stateVersion \"22.11\"";

     

       93
       93
       +
             description = lib.mdDoc ''

     

       94
       94
       +
               This option enables using the OpenSSL PHP extension linked against OpenSSL 1.1

     

       95
       95
       +
               rather than latest OpenSSL (≥ 3), this is not recommended unless you need

     

       96
       96
       +
               it for server-side encryption (SSE). SSE uses the legacy RC4 cipher which is

     

       97
       97
       +
               considered broken for several years now. See also [RFC7465](https://datatracker.ietf.org/doc/html/rfc7465).

     

       98
       98
       +
       

     

       99
       99
       +
               This cipher has been disabled in OpenSSL ≥ 3 and requires

     

       100
       100
       +
               a specific legacy profile to re-enable it.

     

       101
       101
       +
       

     

       102
       102
       +
               If you deploy Nextcloud using OpenSSL ≥ 3 for PHP and have

     

       103
       103
       +
               server-side encryption configured, you will not be able to access

     

       104
       104
       +
               your files anymore. Enabling this option can restore access to your files.

     

       105
       105
       +
               Upon testing we didn't encounter any data corruption when turning

     

       106
       106
       +
               this on and off again, but this cannot be guaranteed for

     

       107
       107
       +
               each Nextcloud installation.

     

       108
       108
       +
       

     

       109
       109
       +
               It is `true` by default for systems with a [](#opt-system.stateVersion) below

     

       110
       110
       +
               `22.11` to make sure that existing installations won't break on update. On newer

     

       111
       111
       +
               NixOS systems you have to explicitly enable it on your own.

     

       112
       112
       +
       

     

       113
       113
       +
               Please note that this only provides additional value when using

     

       114
       114
       +
               external storage such as S3 since it's not an end-to-end encryption.

     

       115
       115
       +
               If this is not the case,

     

       116
       116
       +
               it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) and set this to `false`.

     

       117
       117
       +
       

     

       118
       118
       +
               In the future, Nextcloud may move to AES-256-GCM, by then,

     

       119
       119
       +
               this option will be removed.

     

       120
       120
       +
             '';

     

       121
       121
       +
           };

     

       83
       122
        
           hostName = mkOption {

     

       84
       123
        
             type = types.str;

     

       85
       124
        
             description = lib.mdDoc "FQDN for the nextcloud instance.";

     
···

       649
       688
        
               ++ (optional (versionOlder cfg.package.version "23") (upgradeWarning 22 "22.05"))

     

       650
       689
        
               ++ (optional (versionOlder cfg.package.version "24") (upgradeWarning 23 "22.05"))

     

       651
       690
        
               ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11"))

     

       691
       691
       +
               ++ (optional cfg.enableBrokenCiphersForSSE ''

     

       692
       692
       +
                 You're using PHP's openssl extension built against OpenSSL 1.1 for Nextcloud.

     

       693
       693
       +
                 This is only necessary if you're using Nextcloud's server-side encryption.

     

       694
       694
       +
                 Please keep in mind that it's using the broken RC4 cipher.

     

       695
       695
       +
       

     

       696
       696
       +
                 If you don't use that feature, you can switch to OpenSSL 3 and get

     

       697
       697
       +
                 rid of this warning by declaring

     

       698
       698
       +
       

     

       699
       699
       +
                   services.nextcloud.enableBrokenCiphersForSSE = false;

     

       700
       700
       +
       

     

       701
       701
       +
                 If you need to use server-side encryption you can ignore this waring.

     

       702
       702
       +
                 Otherwise you'd have to disable server-side encryption first in order

     

       703
       703
       +
                 to be able to safely disable this option and get rid of this warning.

     

       704
       704
       +
                 See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.

     

       705
       705
       +
       

     

       706
       706
       +
                 For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470

     

       707
       707
       +
               '')

     

       652
       708
        
               ++ (optional isUnsupportedMariadb ''

     

       653
       709
        
                   You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)!

     

       654
       710
        
                   Please note that this isn't supported officially by Nextcloud. You can either

+14

nixos/modules/services/web-apps/nextcloud.xml

···

       170
       170
        
            </listitem>

     

       171
       171
        
           </itemizedlist>

     

       172
       172
        
          </listitem>

     

       173
       173
       +
          <listitem>

     

       174
       174
       +
           <formalpara>

     

       175
       175
       +
            <title>Server-side encryption</title>

     

       176
       176
       +
            <para>

     

       177
       177
       +
             Nextcloud supports <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side encryption (SSE)</link>.

     

       178
       178
       +
             This is not an end-to-end encryption, but can be used to encrypt files that will be persisted

     

       179
       179
       +
             to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3

     

       180
       180
       +
             for PHP's openssl extension because this is implemented using the legacy cipher RC4.

     

       181
       181
       +
             If <xref linkend="opt-system.stateVersion" /> is <emphasis>above</emphasis> <literal>22.05</literal>,

     

       182
       182
       +
             this is disabled by default. To turn it on again and for further information please refer to

     

       183
       183
       +
             <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />.

     

       184
       184
       +
            </para>

     

       185
       185
       +
           </formalpara>

     

       186
       186
       +
          </listitem>

     

       173
       187
        
         </itemizedlist>

     

       174
       188
        
        </section>

     

       175
       189

nixos/tests/nextcloud/basic.nix

···

       37
       37
        
               "d /var/lib/nextcloud-data 0750 nextcloud nginx - -"

     

       38
       38
        
             ];

     

       39
       39
        
       

     

       40
       40
       +
             system.stateVersion = "22.11"; # stateVersion >=21.11 to make sure that we use OpenSSL3

     

       41
       41
       +
       

     

       40
       42
        
             services.nextcloud = {

     

       41
       43
        
               enable = true;

     

       42
       44
        
               datadir = "/var/lib/nextcloud-data";

     
···

       99
       101
        
           # This is just to ensure the nextcloud-occ program is working

     

       100
       102
        
           nextcloud.succeed("nextcloud-occ status")

     

       101
       103
        
           nextcloud.succeed("curl -sSf http://nextcloud/login")

     

       104
       104
       +
           # Ensure that no OpenSSL 1.1 is used.

     

       105
       105
       +
           nextcloud.succeed(

     

       106
       106
       +
               "${nodes.nextcloud.services.phpfpm.pools.nextcloud.phpPackage}/bin/php -i | grep 'OpenSSL Library Version' | awk -F'=>' '{ print $2 }' | awk '{ print $2 }' | grep -v 1.1"

     

       107
       107
       +
           )

     

       102
       108
        
           nextcloud.succeed(

     

       103
       109
        
               "${withRcloneEnv} ${copySharedFile}"

     

       104
       110
        
           )

     
···

       108
       114
        
               "${withRcloneEnv} ${diffSharedFile}"

     

       109
       115
        
           )

     

       110
       116
        
           assert "hi" in client.succeed("cat /mnt/dav/test-shared-file")

     

       117
       117
       +
           nextcloud.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud-data/data/root/files/test-shared-file")

     

       111
       118
        
         '';

     

       112
       119
        
       })) args

nixos/tests/nextcloud/default.nix

···

       8
       8
        
       foldl

     

       9
       9
        
         (matrix: ver: matrix // {

     

       10
       10
        
           "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; };

     

       11
       11
       +
           "openssl-sse${toString ver}" = import ./openssl-sse.nix {

     

       12
       12
       +
             inherit system pkgs;

     

       13
       13
       +
             nextcloudVersion = ver;

     

       14
       14
       +
           };

     

       11
       15
        
           "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix {

     

       12
       16
        
             inherit system pkgs;

     

       13
       17
        
             nextcloudVersion = ver;

+105

nixos/tests/nextcloud/openssl-sse.nix

···

       1
       1
       +
       args@{ pkgs, nextcloudVersion ? 25, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       (import ../make-test-python.nix ({ pkgs, ...}: let

     

       4
       4
       +
         adminuser = "root";

     

       5
       5
       +
         adminpass = "notproduction";

     

       6
       6
       +
         nextcloudBase = {

     

       7
       7
       +
           networking.firewall.allowedTCPPorts = [ 80 ];

     

       8
       8
       +
           system.stateVersion = "22.05"; # stateVersions <22.11 use openssl 1.1 by default

     

       9
       9
       +
           services.nextcloud = {

     

       10
       10
       +
             enable = true;

     

       11
       11
       +
             config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}";

     

       12
       12
       +
             package = pkgs.${"nextcloud" + (toString nextcloudVersion)};

     

       13
       13
       +
           };

     

       14
       14
       +
         };

     

       15
       15
       +
       in {

     

       16
       16
       +
         name = "nextcloud-openssl";

     

       17
       17
       +
         meta = with pkgs.lib.maintainers; {

     

       18
       18
       +
           maintainers = [ ma27 ];

     

       19
       19
       +
         };

     

       20
       20
       +
         nodes.nextcloudwithopenssl1 = {

     

       21
       21
       +
           imports = [ nextcloudBase ];

     

       22
       22
       +
           services.nextcloud.hostName = "nextcloudwithopenssl1";

     

       23
       23
       +
         };

     

       24
       24
       +
         nodes.nextcloudwithopenssl3 = {

     

       25
       25
       +
           imports = [ nextcloudBase ];

     

       26
       26
       +
           services.nextcloud = {

     

       27
       27
       +
             hostName = "nextcloudwithopenssl3";

     

       28
       28
       +
             enableBrokenCiphersForSSE = false;

     

       29
       29
       +
           };

     

       30
       30
       +
         };

     

       31
       31
       +
         testScript = { nodes, ... }: let

     

       32
       32
       +
           withRcloneEnv = host: pkgs.writeScript "with-rclone-env" ''

     

       33
       33
       +
             #!${pkgs.runtimeShell}

     

       34
       34
       +
             export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav

     

       35
       35
       +
             export RCLONE_CONFIG_NEXTCLOUD_URL="http://${host}/remote.php/webdav/"

     

       36
       36
       +
             export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"

     

       37
       37
       +
             export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"

     

       38
       38
       +
             export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"

     

       39
       39
       +
             "''${@}"

     

       40
       40
       +
           '';

     

       41
       41
       +
           withRcloneEnv1 = withRcloneEnv "nextcloudwithopenssl1";

     

       42
       42
       +
           withRcloneEnv3 = withRcloneEnv "nextcloudwithopenssl3";

     

       43
       43
       +
           copySharedFile1 = pkgs.writeScript "copy-shared-file" ''

     

       44
       44
       +
             #!${pkgs.runtimeShell}

     

       45
       45
       +
             echo 'hi' | ${withRcloneEnv1} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file

     

       46
       46
       +
           '';

     

       47
       47
       +
           copySharedFile3 = pkgs.writeScript "copy-shared-file" ''

     

       48
       48
       +
             #!${pkgs.runtimeShell}

     

       49
       49
       +
             echo 'bye' | ${withRcloneEnv3} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file2

     

       50
       50
       +
           '';

     

       51
       51
       +
           openssl1-node = nodes.nextcloudwithopenssl1.config.system.build.toplevel;

     

       52
       52
       +
           openssl3-node = nodes.nextcloudwithopenssl3.config.system.build.toplevel;

     

       53
       53
       +
         in ''

     

       54
       54
       +
           nextcloudwithopenssl1.start()

     

       55
       55
       +
           nextcloudwithopenssl1.wait_for_unit("multi-user.target")

     

       56
       56
       +
           nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       57
       57
       +
           nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login")

     

       58
       58
       +
       

     

       59
       59
       +
           with subtest("With OpenSSL 1 SSE can be enabled and used"):

     

       60
       60
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption")

     

       61
       61
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")

     

       62
       62
       +
       

     

       63
       63
       +
           with subtest("Upload file and ensure it's encrypted"):

     

       64
       64
       +
               nextcloudwithopenssl1.succeed("${copySharedFile1}")

     

       65
       65
       +
               nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")

     

       66
       66
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       67
       67
       +
       

     

       68
       68
       +
           with subtest("Switch to OpenSSL 3"):

     

       69
       69
       +
               nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")

     

       70
       70
       +
               nextcloudwithopenssl1.wait_for_open_port(80)

     

       71
       71
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       72
       72
       +
       

     

       73
       73
       +
           with subtest("Existing encrypted files cannot be read, but new files can be added"):

     

       74
       74
       +
               nextcloudwithopenssl1.fail("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2")

     

       75
       75
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable")

     

       76
       76
       +
               nextcloudwithopenssl1.succeed("${copySharedFile3}")

     

       77
       77
       +
               nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")

     

       78
       78
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       79
       79
       +
       

     

       80
       80
       +
           with subtest("Switch back to OpenSSL 1.1 and ensure that encrypted files are readable again"):

     

       81
       81
       +
               nextcloudwithopenssl1.succeed("${openssl1-node}/bin/switch-to-configuration test")

     

       82
       82
       +
               nextcloudwithopenssl1.wait_for_open_port(80)

     

       83
       83
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       84
       84
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")

     

       85
       85
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       86
       86
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       87
       87
       +
               nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")

     

       88
       88
       +
               nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")

     

       89
       89
       +
       

     

       90
       90
       +
           with subtest("Ensure that everything can be decrypted"):

     

       91
       91
       +
               nextcloudwithopenssl1.succeed("echo y | nextcloud-occ encryption:decrypt-all >&2")

     

       92
       92
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       93
       93
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       94
       94
       +
               nextcloudwithopenssl1.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")

     

       95
       95
       +
       

     

       96
       96
       +
           with subtest("Switch to OpenSSL 3 ensure that all files are usable now"):

     

       97
       97
       +
               nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")

     

       98
       98
       +
               nextcloudwithopenssl1.wait_for_open_port(80)

     

       99
       99
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       100
       100
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       101
       101
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       102
       102
       +
       

     

       103
       103
       +
           nextcloudwithopenssl1.shutdown()

     

       104
       104
       +
         '';

     

       105
       105
       +
       })) args

+1 -1

pkgs/development/interpreters/php/generic.nix

···

       91
       91
        
                     [ ]

     

       92
       92
        
                     allExtensionFunctions;

     

       93
       93
        
       

     

       94
       94
       -
                 getExtName = ext: lib.removePrefix "php-" (builtins.parseDrvName ext.name).name;

     

       94
       94
       +
                 getExtName = ext: ext.extensionName;

     

       95
       95
        
       

     

       96
       96
        
                 # Recursively get a list of all internal dependencies

     

       97
       97
        
                 # for a list of extensions.

+15 -4

pkgs/top-level/php-packages.nix

···

       73
       73
        
         # will mark the extension as a zend extension or not.

     

       74
       74
        
         mkExtension = lib.makeOverridable

     

       75
       75
        
           ({ name

     

       76
       76
       -
           , configureFlags ? [ "--enable-${name}" ]

     

       76
       76
       +
           , configureFlags ? [ "--enable-${extName}" ]

     

       77
       77
        
           , internalDeps ? [ ]

     

       78
       78
        
           , postPhpize ? ""

     

       79
       79
        
           , buildInputs ? [ ]

     

       80
       80
        
           , zendExtension ? false

     

       81
       81
        
           , doCheck ? true

     

       82
       82
       +
           , extName ? name

     

       82
       83
        
           , ...

     

       83
       84
        
           }@args: stdenv.mkDerivation ((builtins.removeAttrs args [ "name" ]) // {

     

       84
       85
        
             pname = "php-${name}";

     

       85
       85
       -
             extensionName = name;

     

       86
       86
       +
             extensionName = extName;

     

       86
       87
        
       

     

       87
       88
        
             outputs = [ "out" "dev" ];

     

       88
       89
        
       

     
···

       105
       106
        
       

     

       106
       107
        
             cdToExtensionRootPhase = ''

     

       107
       108
        
               # Go to extension source root.

     

       108
       108
       -
               cd "ext/${name}"

     

       109
       109
       +
               cd "ext/${extName}"

     

       109
       110
        
             '';

     

       110
       111
        
       

     

       111
       112
        
             preConfigure = ''

     
···

       141
       142
        
               runHook preInstall

     

       142
       143
        
       

     

       143
       144
        
               mkdir -p $out/lib/php/extensions

     

       144
       144
       -
               cp modules/${name}.so $out/lib/php/extensions/${name}.so

     

       145
       145
       +
               cp modules/${extName}.so $out/lib/php/extensions/${extName}.so

     

       145
       146
        
               mkdir -p $dev/include

     

       146
       147
        
               ${rsync}/bin/rsync -r --filter="+ */" \

     

       147
       148
        
                                     --filter="+ *.h" \

     
···

       413
       414
        
               {

     

       414
       415
        
                 name = "openssl";

     

       415
       416
        
                 buildInputs = if (lib.versionAtLeast php.version "8.1") then [ openssl ] else [ openssl_1_1 ];

     

       417
       417
       +
                 configureFlags = [ "--with-openssl" ];

     

       418
       418
       +
                 doCheck = false;

     

       419
       419
       +
               }

     

       420
       420
       +
               # This provides a legacy OpenSSL PHP extension

     

       421
       421
       +
               # For situations where OpenSSL 3 do not support a set of features

     

       422
       422
       +
               # without a specific openssl.cnf file

     

       423
       423
       +
               {

     

       424
       424
       +
                 name = "openssl-legacy";

     

       425
       425
       +
                 extName = "openssl";

     

       426
       426
       +
                 buildInputs = [ openssl_1_1 ];

     

       416
       427
        
                 configureFlags = [ "--with-openssl" ];

     

       417
       428
        
                 doCheck = false;

     

       418
       429
        
               }