diff options
3 files changed, 31 insertions, 4 deletions
diff --git a/var/spack/repos/builtin/packages/ca-certificates-mozilla/package.py b/var/spack/repos/builtin/packages/ca-certificates-mozilla/package.py index b49ef03cf7..d828d4c5a8 100644 --- a/var/spack/repos/builtin/packages/ca-certificates-mozilla/package.py +++ b/var/spack/repos/builtin/packages/ca-certificates-mozilla/package.py @@ -31,9 +31,13 @@ class CaCertificatesMozilla(Package): def url_for_version(self, version): return "https://curl.se/ca/cacert-{0}.pem".format(version) + def setup_dependent_package(self, module, dep_spec): + """Returns the absolute path to the bundled certificates""" + self.spec.pem_path = join_path(self.prefix.share, 'cacert.pem') + # Install the the pem file as share/cacert.pem def install(self, spec, prefix): - share = join_path(self.prefix, 'share') + share = join_path(prefix, 'share') mkdir(share) install("cacert-{0}.pem".format(spec.version), join_path(share, "cacert.pem")) diff --git a/var/spack/repos/builtin/packages/curl/package.py b/var/spack/repos/builtin/packages/curl/package.py index 1db1b0de3e..7b04455e28 100644 --- a/var/spack/repos/builtin/packages/curl/package.py +++ b/var/spack/repos/builtin/packages/curl/package.py @@ -97,6 +97,9 @@ class Curl(AutotoolsPackage): depends_on('libssh', when='+libssh') depends_on('krb5', when='+gssapi') + # curl queries pkgconfig for openssl compilation flags + depends_on('pkgconfig', type='build') + def configure_args(self): spec = self.spec @@ -108,6 +111,9 @@ class Curl(AutotoolsPackage): '--without-libgsasl', '--without-libpsl', '--without-zstd', + '--without-ca-bundle', + '--without-ca-path', + '--with-ca-fallback', ] # https://daniel.haxx.se/blog/2021/06/07/bye-bye-metalink-in-curl/ diff --git a/var/spack/repos/builtin/packages/openssl/package.py b/var/spack/repos/builtin/packages/openssl/package.py index ef8055f453..f82c2c95b3 100644 --- a/var/spack/repos/builtin/packages/openssl/package.py +++ b/var/spack/repos/builtin/packages/openssl/package.py @@ -78,12 +78,15 @@ class Openssl(Package): # Uses Fake Autotools, should subclass Package version('1.0.1h', sha256='9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093', deprecated=True) version('1.0.1e', sha256='f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3', deprecated=True) - variant('systemcerts', default=True, description='Use system certificates') + variant('certs', default='system', + values=('mozilla', 'system', 'none'), multi=False, + description=('Use certificates from the ca-certificates-mozilla ' + 'package, symlink system certificates, or none')) variant('docs', default=False, description='Install docs and manpages') depends_on('zlib') - depends_on('perl@5.14.0:', type=('build', 'test')) + depends_on('ca-certificates-mozilla', type=('build', 'run'), when='certs=mozilla') @classmethod def determine_version(cls, exe): @@ -148,7 +151,7 @@ class Openssl(Package): # Uses Fake Autotools, should subclass Package @run_after('install') def link_system_certs(self): - if '+systemcerts' not in self.spec: + if self.spec.variants['certs'].value != 'system': return system_dirs = [ @@ -188,6 +191,20 @@ class Openssl(Package): # Uses Fake Autotools, should subclass Package os.rmdir(pkg_certs) os.symlink(sys_certs, pkg_certs) + @run_after('install') + def link_mozilla_certs(self): + if self.spec.variants['certs'].value != 'mozilla': + return + + pkg_dir = join_path(self.prefix, 'etc', 'openssl') + mkdirp(pkg_dir) + + mozilla_pem = self.spec['ca-certificates-mozilla'].pem_path + pkg_cert = join_path(pkg_dir, 'cert.pem') + + if not os.path.exists(pkg_cert): + os.symlink(mozilla_pem, pkg_cert) + def patch(self): if self.spec.satisfies('%nvhpc'): # Remove incompatible preprocessor flags |