nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-06 13:03:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
2885fdbdea
nixpkgs/pkgs/tools/networking/lftp/default.nix
V 0f80873aa4 lftp: use openssl instead of gnutls 
fixes lftp failing to verify sites secured with letsencrypt.

- more specifically, lftp doesn't validate the cross-signed ISRG Root X1 correctly[1][2].
- this issue is not present when built against openssl.
- a fix for the gnutls codepath has been merged[3], but the project has not seen a release since 2020.
- given this, and the questionable quality of gnutls, it seems reasonable to build with openssl instead.

reproducing this bug yields the following:

> Fatal error: Certificate verification: Not trusted (93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF)

[1]: https://askubuntu.com/questions/1366456/lftp-certificate-suddenly-not-trusted#comment2395548_1366818
[2]: https://github.com/lavv17/lftp/issues/641
[3]: https://github.com/lavv17/lftp/pull/642

Change-Id: Ib161d8741f6d6debde8a65d94a6c1965b23f82ff
2023-07-29 02:38:12 +02:00

40 lines
1.1 KiB
Nix
Raw Blame History

{ lib, stdenv, fetchurl, openssl, pkg-config, readline, zlib, libidn2, gmp, libiconv, libunistring, gettext }:
stdenv.mkDerivation rec {
pname = "lftp";
version = "4.9.2";
src = fetchurl {
urls = [
"https://lftp.yar.ru/ftp/${pname}-${version}.tar.xz"
"https://ftp.st.ryukoku.ac.jp/pub/network/ftp/lftp/${pname}-${version}.tar.xz"
];
sha256 = "03b7y0h3mf4jfq5y8zw6hv9v44z3n6i8hc1iswax96y3z7sc85y5";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl readline zlib libidn2 gmp libiconv libunistring gettext ];
hardeningDisable = lib.optional stdenv.isDarwin "format";
configureFlags = [
"--with-openssl"
"--with-readline=${readline.dev}"
"--with-zlib=${zlib.dev}"
"--without-expat"
];
installFlags = [ "PREFIX=$(out)" ];
enableParallelBuilding = true;
meta = with lib; {
description = "A file transfer program supporting a number of network protocols";
homepage = "https://lftp.yar.ru/";
license = licenses.gpl3Plus;
platforms = platforms.unix;
maintainers = [ maintainers.bjornfor ];
};
}
Reference in New Issue View Git Blame Copy Permalink