Commit Graph

6 Commits

Author SHA1 Message Date
Charles Duffy
8b5a5c29f7
pcsc-safenet: add comments documenting library symlink munging 2023-03-27 12:56:51 -05:00
Charles Duffy
aed907112c
pcsc-safenet: switch from fetchurl to fetchzip 2023-03-27 12:55:52 -05:00
Charles Duffy
16e4a92e0d
pcsc-safenet: 10.0.37 -> 10.8.28
Update pcsc-safenet to a version with better hardware support, clearer licensing, less-unofficial download location

- Version 10.8 explicitly supports the 5110+ CC line of SafeNet tokens.

- Version 10.8 release notes explicitly document that "from SAC 10.8 release onwards, no license is required for SAC on Linux".

It's not clear to me whether this is sufficient to allow clearing the nonfree flag, but it's certainly an improvement.

Also, we're now getting our downloads from a company that distributes SafeNet hardware rather than a website under the control of an Arch contributor, and thus have a clearer chain-of-custody for these security-critical binaries.
2023-03-03 13:55:52 -06:00
Robert Scott
61c35da607 treewide/servers,tools: add sourceType binaryNativeCode for many packages 2022-06-16 20:21:42 +01:00
Alyssa Ross
fd78240ac8
treewide: use lib.getLib for OpenSSL libraries
At some point, I'd like to make another attempt at
71f1f4884b ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07d.  One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries.  This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.

This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching.  The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.

I started by making the following global replacements:

    ${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
    ${openssl.out}/lib -> ${lib.getLib openssl}/lib

Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.

Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.

Then I manually investigated and fixed the following packages:

 - pycurl
 - citrix-workspace
 - ppp
 - wraith
 - unbound
 - gambit
 - acl2

I'm reasonably confindent in my fixes for all of them.

For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all.  Removing it doesn't make a difference to the output size, the
file list, or the closure.

I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.
2022-03-30 15:10:00 +00:00
Dmitriy Volkov
27f2f35a06 pcsc-safenet: init at 10.0.37-0 2021-01-29 12:18:52 +00:00