From bb8774d7dd53c6fc320658d5cbf50a4c7905f8b7 Mon Sep 17 00:00:00 2001 From: DougCh Date: Wed, 7 Jun 2023 20:52:34 +0000 Subject: [PATCH 1/3] Drop the -d build flag for openssl102 on nix aarch64-linux --- nix/openssl_1_0_2.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/nix/openssl_1_0_2.nix b/nix/openssl_1_0_2.nix index 1cef0155e2e..20431a0f400 100644 --- a/nix/openssl_1_0_2.nix +++ b/nix/openssl_1_0_2.nix @@ -11,9 +11,17 @@ pkgs.stdenv.mkDerivation rec { buildInputs = [ pkgs.gnumake pkgs.perl534 ]; - configurePhase = '' - ./config -d shared -g3 -fPIC no-libunbound no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace no-store no-zlib no-hw no-mdc2 no-seed no-idea enable-ec_nistp_64_gcc_128 no-camellia no-bf no-ripemd no-dsa no-ssl2 no-capieng -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS --prefix=$out - ''; + configurePhase = let + default_options = + "shared -g3 -fPIC no-libunbound no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace no-store no-zlib no-hw no-mdc2 no-seed no-idea enable-ec_nistp_64_gcc_128 no-camellia no-bf no-ripemd no-dsa no-ssl2 no-capieng -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS --prefix=$out"; + in { + x86_64-linux = '' + ./config -d ${default_options} + ''; + aarch64-linux = '' + ./config ${default_options} + ''; + }.${pkgs.stdenv.hostPlatform.system}; buildPhase = '' make depend -j $(nproc) From cf302822ec0b1a601bdfd4c7090c8413f25e8996 Mon Sep 17 00:00:00 2001 From: DougCh Date: Wed, 7 Jun 2023 21:57:29 +0000 Subject: [PATCH 2/3] add openssl102 nix compiler flags for darwin --- nix/openssl_1_0_2.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nix/openssl_1_0_2.nix b/nix/openssl_1_0_2.nix index 20431a0f400..9e5f7702f03 100644 --- a/nix/openssl_1_0_2.nix +++ b/nix/openssl_1_0_2.nix @@ -21,6 +21,14 @@ pkgs.stdenv.mkDerivation rec { aarch64-linux = '' ./config ${default_options} ''; + x86_64-darwin = '' + # TODO: validation in future PR - nix checks fail without a definition. + ./config -d ${default_options} + ''; + aarch64-darwin = '' + # TODO: validation in future PR - nix checks fail without a definition. + ./config ${default_options} + ''; }.${pkgs.stdenv.hostPlatform.system}; buildPhase = '' From 6b07252f0210ed205fe11ad595476870a1707f2f Mon Sep 17 00:00:00 2001 From: DougCh Date: Mon, 19 Jun 2023 18:51:15 +0000 Subject: [PATCH 3/3] PR feedback --- nix/openssl_1_0_2.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nix/openssl_1_0_2.nix b/nix/openssl_1_0_2.nix index 9e5f7702f03..3a40217d20e 100644 --- a/nix/openssl_1_0_2.nix +++ b/nix/openssl_1_0_2.nix @@ -18,6 +18,9 @@ pkgs.stdenv.mkDerivation rec { x86_64-linux = '' ./config -d ${default_options} ''; + # The Openssl102 Configure script appears to have a bug and won't recognize + # aarch64 as a supported platform when passed the '-d' flag. + # See the PR for more detail: https://github.com/aws/s2n-tls/pull/4045 aarch64-linux = '' ./config ${default_options} '';