-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Nix packages are expected to honor NIX_SSL_CERT_FILE and this removes the dependency on the framework while bootstrapping the stdenv. (+ nitpick changes from vcunat) The patch is based on https://gitlab.com/gnutls/gnutls/commit/c0eb46d3463cd21b3f822ac377ff37f067f66b8d
- Loading branch information
Showing
5 changed files
with
164 additions
and
55 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
126 changes: 126 additions & 0 deletions
126
pkgs/development/libraries/gnutls/no-security-framework.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
commit 9bcdde1ab9cdff6a4471f9a926dd488ab70c7247 | ||
Author: Daiderd Jordan <daiderd@gmail.com> | ||
Date: Mon Apr 22 16:38:27 2019 +0200 | ||
|
||
Revert "gnutls_x509_trust_list_add_system_trust: Add macOS keychain support" | ||
|
||
This reverts commit c0eb46d3463cd21b3f822ac377ff37f067f66b8d. | ||
|
||
diff --git a/configure.ac b/configure.ac | ||
index 8ad597bfd..8d14f26cd 100644 | ||
--- a/configure.ac | ||
+++ b/configure.ac | ||
@@ -781,7 +781,7 @@ dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004. | ||
AC_ARG_WITH([default-trust-store-file], | ||
[AS_HELP_STRING([--with-default-trust-store-file=FILE], | ||
[use the given file default trust store])], with_default_trust_store_file="$withval", | ||
- [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then | ||
+ [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then | ||
for i in \ | ||
/etc/ssl/ca-bundle.pem \ | ||
/etc/ssl/certs/ca-certificates.crt \ | ||
diff --git a/lib/Makefile.am b/lib/Makefile.am | ||
index fe9cf63a2..745695f7e 100644 | ||
--- a/lib/Makefile.am | ||
+++ b/lib/Makefile.am | ||
@@ -203,10 +203,6 @@ if WINDOWS | ||
thirdparty_libadd += -lcrypt32 | ||
endif | ||
|
||
-if MACOSX | ||
-libgnutls_la_LDFLAGS += -framework Security -framework CoreFoundation | ||
-endif | ||
- | ||
libgnutls_la_LIBADD += $(thirdparty_libadd) | ||
|
||
# C++ library | ||
diff --git a/lib/system/certs.c b/lib/system/certs.c | ||
index 611c645e0..912b0aa5e 100644 | ||
--- a/lib/system/certs.c | ||
+++ b/lib/system/certs.c | ||
@@ -44,12 +44,6 @@ | ||
# endif | ||
#endif | ||
|
||
-#ifdef __APPLE__ | ||
-# include <CoreFoundation/CoreFoundation.h> | ||
-# include <Security/Security.h> | ||
-# include <Availability.h> | ||
-#endif | ||
- | ||
/* System specific function wrappers for certificate stores. | ||
*/ | ||
|
||
@@ -276,72 +270,6 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, | ||
|
||
return r; | ||
} | ||
-#elif defined(__APPLE__) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 | ||
-static | ||
-int osstatus_error(status) | ||
-{ | ||
- CFStringRef err_str = SecCopyErrorMessageString(status, NULL); | ||
- _gnutls_debug_log("Error loading system root certificates: %s\n", | ||
- CFStringGetCStringPtr(err_str, kCFStringEncodingUTF8)); | ||
- CFRelease(err_str); | ||
- return GNUTLS_E_FILE_ERROR; | ||
-} | ||
- | ||
-static | ||
-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, | ||
- unsigned int tl_vflags) | ||
-{ | ||
- int r=0; | ||
- | ||
- SecTrustSettingsDomain domain[] = { kSecTrustSettingsDomainUser, | ||
- kSecTrustSettingsDomainAdmin, | ||
- kSecTrustSettingsDomainSystem }; | ||
- for (size_t d=0; d<sizeof(domain)/sizeof(*domain); d++) { | ||
- CFArrayRef certs = NULL; | ||
- OSStatus status = SecTrustSettingsCopyCertificates(domain[d], | ||
- &certs); | ||
- if (status == errSecNoTrustSettings) | ||
- continue; | ||
- if (status != errSecSuccess) | ||
- return osstatus_error(status); | ||
- | ||
- int cert_count = CFArrayGetCount(certs); | ||
- for (int i=0; i<cert_count; i++) { | ||
- SecCertificateRef cert = | ||
- (void*)CFArrayGetValueAtIndex(certs, i); | ||
- CFDataRef der; | ||
- status = SecItemExport(cert, kSecFormatX509Cert, 0, | ||
- NULL, &der); | ||
- if (status != errSecSuccess) { | ||
- CFRelease(der); | ||
- CFRelease(certs); | ||
- return osstatus_error(status); | ||
- } | ||
- | ||
- if (gnutls_x509_trust_list_add_trust_mem(list, | ||
- &(gnutls_datum_t) { | ||
- .data = (void*)CFDataGetBytePtr(der), | ||
- .size = CFDataGetLength(der), | ||
- }, | ||
- NULL, | ||
- GNUTLS_X509_FMT_DER, | ||
- tl_flags, | ||
- tl_vflags) > 0) | ||
- r++; | ||
- CFRelease(der); | ||
- } | ||
- CFRelease(certs); | ||
- } | ||
- | ||
-#ifdef DEFAULT_BLACKLIST_FILE | ||
- ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); | ||
- if (ret < 0) { | ||
- _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE); | ||
- } | ||
-#endif | ||
- | ||
- return r; | ||
-} | ||
#else | ||
|
||
#define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters