From 922bb56029fdee1ae004e006a59e05c32e49bd91 Mon Sep 17 00:00:00 2001
From: Tyler Langlois <tjl@byu.net>
Date: Sat, 16 Jul 2022 16:27:33 -0600
Subject: [PATCH] glusterfs: patch around SSL_CERT_PATH detection

The upstream configure.ac invokes `openssl version -d` in order to find the
system path for certificates. This is problematic for us since that resolves to
the nix store and lots of other mechanisms (including the glusterfs module)
expect /etc/ssl to be the place for certificates, so this addition patches the
file to set the value manually.
---
 pkgs/tools/filesystems/glusterfs/default.nix  | 11 +++++++++
 .../filesystems/glusterfs/ssl_cert_path.patch | 23 +++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch

diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix
index e25c50e09503..125fb01d88a1 100644
--- a/pkgs/tools/filesystems/glusterfs/default.nix
+++ b/pkgs/tools/filesystems/glusterfs/default.nix
@@ -65,6 +65,17 @@ in stdenv.mkDerivation rec {
   };
   inherit buildInputs propagatedBuildInputs;
 
+  patches = [
+    # Upstream invokes `openssl version -d` to derive the canonical system path
+    # for certificates, which resolves to a nix store path, so this patch
+    # statically sets the configure.ac value. There's probably a less-brittle
+    # way to do this! (this will likely fail on a version bump)
+    # References:
+    # - https://github.com/gluster/glusterfs/issues/3234
+    # - https://github.com/gluster/glusterfs/commit/a7dc43f533ad4b8ff68bf57704fefc614da65493
+    ./ssl_cert_path.patch
+  ];
+
   postPatch = ''
     sed -e '/chmod u+s/d' -i contrib/fuse-util/Makefile.am
     substituteInPlace libglusterfs/src/glusterfs/lvm-defaults.h \
diff --git a/pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch b/pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch
new file mode 100644
index 000000000000..5964e14787e7
--- /dev/null
+++ b/pkgs/tools/filesystems/glusterfs/ssl_cert_path.patch
@@ -0,0 +1,23 @@
+diff --git a/configure.ac b/configure.ac
+index fb8db11e9e..4c40683057 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -766,14 +766,10 @@ AS_IF([test "x$enable_fuse_notifications" != "xno"], [
+ 
+ dnl Find out OpenSSL trusted certificates path
+ AC_MSG_CHECKING([for OpenSSL trusted certificates path])
+-SSL_CERT_PATH=$(openssl version -d | sed -e 's|OPENSSLDIR: "\(.*\)".*|\1|')
+-if test -d $SSL_CERT_PATH 1>/dev/null 2>&1; then
+-   AC_MSG_RESULT([$SSL_CERT_PATH])
+-   AC_DEFINE_UNQUOTED(SSL_CERT_PATH, ["$SSL_CERT_PATH"], [Path to OpenSSL trusted certificates.])
+-   AC_SUBST(SSL_CERT_PATH)
+-else
+-   AC_MSG_ERROR([Unable to detect path to OpenSSL trusted certificates])
+-fi
++SSL_CERT_PATH=/etc/ssl
++AC_MSG_RESULT([$SSL_CERT_PATH])
++AC_DEFINE_UNQUOTED(SSL_CERT_PATH, ["$SSL_CERT_PATH"], [Path to OpenSSL trusted certificates.])
++AC_SUBST(SSL_CERT_PATH)
+ 
+ AC_CHECK_LIB([ssl], TLS_method, [HAVE_OPENSSL_1_1="yes"], [HAVE_OPENSSL_1_1="no"])
+ if test "x$HAVE_OPENSSL_1_1" = "xyes"; then