From 35b85158f48a56ab5a94d1dd1ef09c1e8cd42ac4 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 25 Mar 2021 13:58:27 -0400
Subject: [PATCH] Try to upgrade OpenSSL to 1.1.1k with an overlay

not yet built locally because slow networks and computers and such
let's see what CI does with it
---
 nixos/openssl-111k.nix | 7 +++++++
 shell.nix              | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 nixos/openssl-111k.nix

diff --git a/nixos/openssl-111k.nix b/nixos/openssl-111k.nix
new file mode 100644
index 00000000..9ee881cb
--- /dev/null
+++ b/nixos/openssl-111k.nix
@@ -0,0 +1,7 @@
+self: super: {
+  openssl_1_1 = super.openssl_1_1.overrideAttrs (old: {
+    version = "1.1.1k";
+    sha256 = "1whinyw402z3b9xlb3qaxv4b9sk4w1bgh9k0y8df1z4x3yy92fhz";
+    withDocs = false;
+  });
+}
diff --git a/shell.nix b/shell.nix
index 0c9c12f9..e2e54ee0 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,7 +1,9 @@
 let
   nixpkgs-pin = builtins.fromJSON (builtins.readFile ./nixpkgs.json);
   nixpkgs-src = builtins.fetchTarball nixpkgs-pin;
-  nixpkgs = import nixpkgs-src { };
+  nixpkgs = import nixpkgs-src {
+    overlays = [ (import ./nixos/openssl-111k.nix) ];
+  };
 in
 { pkgs ? nixpkgs }:
 let
-- 
GitLab