commit 5c00e92a5965b40aecb2f65ea4a3bfb5e1cfbf54 · pyrox.dev/nixpkgs

+18 -16

pkgs/by-name/bo/boringssl/package.nix

···

       8
       8
        
         buildGoModule,

     

       9
       9
        
       }:

     

       10
       10
        
       

     

       11
       11
       -
       # reference: https://boringssl.googlesource.com/boringssl/+/2661/BUILDING.md

     

       12
       12
       -
       buildGoModule {

     

       11
       11
       +
       # reference: https://boringssl.googlesource.com/boringssl/+/refs/tags/0.20250818.0/BUILDING.md

     

       12
       12
       +
       buildGoModule (finalAttrs: {

     

       13
       13
        
         pname = "boringssl";

     

       14
       14
       -
         version = "unstable-2024-09-20";

     

       14
       14
       +
         version = "0.20250818.0";

     

       15
       15
        
       

     

       16
       16
        
         src = fetchgit {

     

       17
       17
        
           url = "https://boringssl.googlesource.com/boringssl";

     

       18
       18
       -
           rev = "718900aeb84c601523e71abbd18fd70c9e2ad884";

     

       19
       19
       -
           hash = "sha256-TdSObRECiGRQcgz6N2LhKvSi9yRYOZYJdK6MyfJX2Bo=";

     

       18
       18
       +
           tag = finalAttrs.version;

     

       19
       19
       +
           hash = "sha256-lykIlC0tvjtjjS/rQTeX4vK9PgI+A8EnasEC+HYspvg=";

     

       20
       20
        
         };

     

       21
       21
       +
       

     

       22
       22
       +
         patches = [

     

       23
       23
       +
           # Add SECP224R1 for backward compatibility

     

       24
       24
       +
           ./secp224r1-compat.patch

     

       25
       25
       +
         ];

     

       21
       26
        
       

     

       22
       27
        
         nativeBuildInputs = [

     

       23
       28
        
           cmake

     
···

       25
       30
        
           perl

     

       26
       31
        
         ];

     

       27
       32
        
       

     

       28
       28
       -
         vendorHash = "sha256-GlhLsPD+yp2LdqsIsfXNEaNKKlc76p0kBCyu4rlEmMg=";

     

       33
       33
       +
         vendorHash = "sha256-IXmnoCYLoiQ/XL2wjksRFv5Kwsje0VNkcupgGxG6rSY=";

     

       29
       34
        
         proxyVendor = true;

     

       30
       35
        
       

     

       31
       36
        
         # hack to get both go and cmake configure phase

     
···

       59
       64
        
       

     

       60
       65
        
           mkdir -p $bin/bin $dev $out/lib

     

       61
       66
        
       

     

       62
       62
       -
           mv tool/bssl $bin/bin

     

       67
       67
       +
           install -Dm755 bssl -t $bin/bin

     

       68
       68
       +
           install -Dm644 {libboringssl_gtest,libcrypto,libdecrepit,libpki,libssl,libtest_support_lib}.a -t $out/lib

     

       63
       69
        
       

     

       64
       64
       -
           mv ssl/libssl.a           $out/lib

     

       65
       65
       -
           mv crypto/libcrypto.a     $out/lib

     

       66
       66
       -
           mv decrepit/libdecrepit.a $out/lib

     

       67
       67
       -
       

     

       68
       68
       -
           mv ../include $dev

     

       70
       70
       +
           cp -r ../include $dev

     

       69
       71
        
       

     

       70
       72
        
           runHook postInstall

     

       71
       73
        
         '';

     
···

       76
       78
        
           "dev"

     

       77
       79
        
         ];

     

       78
       80
        
       

     

       79
       79
       -
         meta = with lib; {

     

       81
       81
       +
         meta = {

     

       80
       82
        
           description = "Free TLS/SSL implementation";

     

       81
       83
        
           mainProgram = "bssl";

     

       82
       84
        
           homepage = "https://boringssl.googlesource.com";

     

       83
       83
       -
           maintainers = [ maintainers.thoughtpolice ];

     

       84
       84
       -
           license = with licenses; [

     

       85
       85
       +
           maintainers = [ lib.maintainers.thoughtpolice ];

     

       86
       86
       +
           license = with lib.licenses; [

     

       85
       87
        
             openssl

     

       86
       88
        
             isc

     

       87
       89
        
             mit

     

       88
       90
        
             bsd3

     

       89
       91
        
           ];

     

       90
       92
        
         };

     

       91
       91
       -
       }

     

       93
       93
       +
       })

+20

pkgs/by-name/bo/boringssl/secp224r1-compat.patch

···

       1
       1
       +
       diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

     

       2
       2
       +
       index 51417d412..a961a1093 100644

     

       3
       3
       +
       --- a/include/openssl/ssl.h

     

       4
       4
       +
       +++ b/include/openssl/ssl.h

     

       5
       5
       +
       @@ -2522,6 +2522,7 @@ OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);

     

       6
       6
       +
        // |SSL_SIGN_*|.

     

       7
       7
       +
        

     

       8
       8
       +
        // SSL_GROUP_* define TLS group IDs.

     

       9
       9
       +
       +#define SSL_GROUP_SECP224R1 22

     

       10
       10
       +
        #define SSL_GROUP_SECP256R1 23

     

       11
       11
       +
        #define SSL_GROUP_SECP384R1 24

     

       12
       12
       +
        #define SSL_GROUP_SECP521R1 25

     

       13
       13
       +
       @@ -5836,6 +5837,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);

     

       14
       14
       +
        #define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED

     

       15
       15
       +
        

     

       16
       16
       +
        // The following symbols are compatibility aliases for |SSL_GROUP_*|.

     

       17
       17
       +
       +#define SSL_CURVE_SECP224R1 SSL_GROUP_SECP224R1

     

       18
       18
       +
        #define SSL_CURVE_SECP256R1 SSL_GROUP_SECP256R1

     

       19
       19
       +
        #define SSL_CURVE_SECP384R1 SSL_GROUP_SECP384R1

     

       20
       20
       +
        #define SSL_CURVE_SECP521R1 SSL_GROUP_SECP521R1