From 4c0ae9086ba93aec9985c85df9d689c2350270b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 12 Mar 2025 13:37:59 +0100
Subject: [PATCH] chore(openssl): remove dist files from ssldir

---
 lib/make-sysext.nix      | 6 +++++-
 pkgs/openssl/default.nix | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/make-sysext.nix b/lib/make-sysext.nix
index 2541e3d..c94227b 100644
--- a/lib/make-sysext.nix
+++ b/lib/make-sysext.nix
@@ -81,7 +81,11 @@ runCommand name
     find tree -type d -exec chmod 0755 {} \;
     mkfs.erofs --all-root $name.raw tree/
     veritysetup format --root-hash-file $name.roothash $name.raw $name.verity
-    #TODO: pcks7 signature?
+    # TODO: pcks7 signature
+    # openssl smime -sign -nocerts -noattr -binary -in ${name}.roothash \
+    #   -inkey key.pem -signer cert.pem -outform der -out ${name}.roothash.p7s
     rm -rf tree
+    sha256sum * > SHA256SUMS
+    # TODO: add gpg signature
     popd
   ''
diff --git a/pkgs/openssl/default.nix b/pkgs/openssl/default.nix
index 137176d..0e1f742 100644
--- a/pkgs/openssl/default.nix
+++ b/pkgs/openssl/default.nix
@@ -145,6 +145,7 @@ stdenv.mkDerivation rec {
 
     installPhase = ''
       make DESTDIR=$out install
+      rm -rf $out/etc/ssl/*.dist $out/etc/ssl/misc
     '';
 
     enableParallelBuilding = true;