Skip to content

bootstrap: enable https for bootstrap curl using wolfssl #11287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mcmtroffaes wants to merge 1 commit into from
Closed

bootstrap: enable https for bootstrap curl using wolfssl #11287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions pkgs/stdenv/linux/make-bootstrap-tools.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,27 @@ rec {
aclSupport = false;
});

curlMinimal = curl.override {
# We use wolfssl rather than openssl as it is much smaller and does
# not bring in any extra dependencies, but we must enable extra
# features of wolfssl that are required by curl.
wolfsslExtra = wolfssl.overrideDerivation (oldAttrs: {
configureFlags = [
"--enable-sslv3" # wolfSSLv3_client_method
"--enable-sep" # wolfSSL_get_peer_certificate wolfSSL_X509_get_der
];
});

# Minimal version of curl, with https support via wolfssl.
curlMinimal = (curl.override {
http2Support = false;
zlibSupport = false;
sslSupport = false;
scpSupport = false;
};
}).overrideDerivation (oldAttrs: {
configureFlags = oldAttrs.configureFlags ++ [
"--with-cyassl=${wolfsslExtra}"
];
});

busyboxMinimal = busybox.override {
useMusl = true;
Expand Down Expand Up @@ -85,9 +100,10 @@ rec {
cp -d ${patch}/bin/* $out/bin
cp ${patchelf}/bin/* $out/bin
cp ${curlMinimal}/bin/curl $out/bin
cp -d ${curlMinimal}/lib/libcurl* $out/lib
cp -d ${curlMinimal}/lib/libcurl.so* $out/lib

cp -d ${gnugrep.pcre}/lib/libpcre*.so* $out/lib # needed by grep
cp -d ${wolfsslExtra}/lib/libwolfssl.so* $out/lib # needed by curl

# Copy what we need of GCC.
cp -d ${gcc.cc}/bin/gcc $out/bin
Expand Down
12 changes: 10 additions & 2 deletions pkgs/stdenv/linux/scripts/unpack-bootstrap-tools.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ fi
# use a copy of patchelf.
LD_LIBRARY_PATH=$out/lib $LD_BINARY $out/bin/cp $out/bin/patchelf .

# Patch elf executables.
for i in $out/bin/* $out/libexec/gcc/*/*/*; do
if [ -L "$i" ]; then continue; fi
if [ -z "${i##*/liblto*}" ]; then continue; fi
Expand All @@ -26,13 +27,20 @@ for i in $out/bin/* $out/libexec/gcc/*/*/*; do
$out/bin/patchelf --set-interpreter $LD_BINARY --set-rpath $out/lib --force-rpath "$i"
done

for i in $out/lib/librt-*.so $out/lib/libpcre*; do
# Patch elf shared libraries.
for i in $out/lib/librt-*.so $out/lib/libpcre* $out/lib/libcurl.so* $out/lib/libwolfssl.so*; do
# the next line ensures that the file $i actually exists
# so the script keeps working on both old and new packages
# in case the new package adds new libraries
# (the old bootstrap is used to create the new bootstrap!)
if [ ! -f "$i" ]; then continue; fi
# skip symbolic links
if [ -L "$i" ]; then continue; fi
echo patching "$i"
$out/bin/patchelf --set-rpath $out/lib --force-rpath "$i"
done

# Fix the libc linker script.
# Fix linker scripts.
export PATH=$out/bin
cat $out/lib/libc.so | sed "s|/nix/store/e*-[^/]*/|$out/|g" > $out/lib/libc.so.tmp
mv $out/lib/libc.so.tmp $out/lib/libc.so
Expand Down