openssl_oqs, openssl_legacy: migrate to mkPackageVariants

qweered · qweered · commit cbd10b6d4917 · 2026-03-23T18:19:15.000+02:00
diff --git a/pkgs/by-name/op/openssl/variants.nix b/pkgs/by-name/op/openssl/variants.nix
@@ -1,8 +1,30 @@
 {
   lib,
   stdenv,
+  oqs-provider,
 }:
 
+let
+  v3_6 = {
+    version = "3.6.1";
+    hash = "sha256-sb/tzVson/Iq7ofJ1gD1FXZ+v0X3cWjLbWTyMfUYqC4=";
+    patches = [
+      ./3.0/nix-ssl-cert-file.patch
+      ./3.0/openssl-disable-kernel-detection.patch
+
+      (
+        if stdenv.hostPlatform.isDarwin then
+          ./3.5/use-etc-ssl-certs-darwin.patch
+        else
+          ./3.5/use-etc-ssl-certs.patch
+      )
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isMinGW [
+      ./3.5/fix-mingw-linking.patch
+    ]
+    ++ lib.optional stdenv.hostPlatform.isCygwin ./openssl-3.0.18-skip-dllmain-detach.patch;
+  };
+in
 {
   v1_1 = {
     version = "1.1.1w";
@@ -53,25 +75,28 @@
     ++ lib.optional stdenv.hostPlatform.isCygwin ./openssl-3.0.18-skip-dllmain-detach.patch;
   };
 
-  v3_6 = {
-    version = "3.6.1";
-    hash = "sha256-sb/tzVson/Iq7ofJ1gD1FXZ+v0X3cWjLbWTyMfUYqC4=";
-    patches =
-      [
-        ./3.0/nix-ssl-cert-file.patch
-        ./3.0/openssl-disable-kernel-detection.patch
+  inherit v3_6;
+
+  oqs = v3_6 // {
+    overrideArgs = {
+      providers = [
+        {
+          name = "oqsprovider";
+          package = oqs-provider;
+        }
+      ];
+      autoloadProviders = true;
+      extraINIConfig = {
+        tls_system_default = {
+          Groups = "X25519MLKEM768:X25519:P-256:X448:P-521:ffdhe2048:ffdhe3072";
+        };
+      };
+    };
+  };
 
-        (
-          if stdenv.hostPlatform.isDarwin then
-            ./3.5/use-etc-ssl-certs-darwin.patch
-          else
-            ./3.5/use-etc-ssl-certs.patch
-        )
-      ]
-      ++ lib.optionals stdenv.hostPlatform.isMinGW [
-        ./3.5/fix-mingw-linking.patch
-      ]
-      ++
-        lib.optional stdenv.hostPlatform.isCygwin ./openssl-3.0.18-skip-dllmain-detach.patch;
+  legacy = v3_6 // {
+    overrideArgs = {
+      conf = ./3.0/legacy.cnf;
+    };
   };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -7168,31 +7168,13 @@ with pkgs;
     libressl_4_2
     ;
 
-  openssl_oqs = openssl.override {
-    providers = [
-      {
-        name = "oqsprovider";
-        package = pkgs.oqs-provider;
-      }
-    ];
-    autoloadProviders = true;
-
-    extraINIConfig = {
-      tls_system_default = {
-        Groups = "X25519MLKEM768:X25519:P-256:X448:P-521:ffdhe2048:ffdhe3072";
-      };
-    };
-  };
-
-  openssl_legacy = openssl.override {
-    conf = ../by-name/op/openssl/3.0/legacy.cnf;
-  };
-
-  # Backward-compat aliases — prefer openssl.v1_1, openssl.v3, openssl.v3_5, openssl.v3_6
+  # Backward-compat aliases — prefer openssl.v1_1, openssl.v3, openssl.v3_5, openssl.v3_6, etc.
   openssl_1_1 = openssl.v1_1;
   openssl_3 = openssl.v3;
   openssl_3_5 = openssl.v3_5;
   openssl_3_6 = openssl.v3_6;
+  openssl_oqs = openssl.oqs;
+  openssl_legacy = openssl.legacy;
 
   pcre = callPackage ../development/libraries/pcre { };
   # pcre32 seems unused
