gnu: openssl: Remove run-time dependency on Perl.

This shrinks the closure of OpenSSL from 154 MiB to 73 MiB.

* gnu/packages/patches/openssl-c-rehash.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (openssl)[source]: Use it.
  [arguments]: Add 'remove-miscellany' phase.
* gnu/packages/certs.scm (nss-certs)[native-inputs]: Add PERL.

3 files changed, 33 insertions, 3 deletions

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 0f5a105755..dd7d339794 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -26,6 +26,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages tls))
 
 (define certdata2pem
@@ -76,7 +77,8 @@
     (outputs '("out"))
     (native-inputs
      `(("certdata2pem" ,certdata2pem)
-       ("openssl" ,openssl)))
+       ("openssl" ,openssl)
+       ("perl" ,perl)))                           ;for OpenSSL's 'c_rehash'
     (inputs '())
     (propagated-inputs '())
     (arguments
diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch
new file mode 100644
index 0000000000..f873a9af23
--- /dev/null
+++ b/gnu/packages/patches/openssl-c-rehash.patch
@@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:07.313316482 +0200
++++ openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ 
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index e7baa52ec5..8b607dff33 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -195,7 +195,9 @@ required structures.")
             (sha256
              (base32
               "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
-            (patches (list (search-patch "openssl-runpath.patch")))))
+            (patches (map search-patch
+                          '("openssl-runpath.patch"
+                            "openssl-c-rehash.patch")))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))
    (arguments
@@ -255,7 +257,16 @@ required structures.")
                (("/bin/sh")
                 (string-append bash "/bin/bash"))
                (("/bin/rm")
-                "rm"))))))))
+                "rm")))))
+        (add-after
+         'install 'remove-miscellany
+         (lambda* (#:key outputs #:allow-other-keys)
+           ;; The 'misc' directory contains random undocumented shell and Perl
+           ;; scripts.  Remove them to avoid retaining a reference on Perl.
+           (let ((out (assoc-ref outputs "out")))
+             (delete-file-recursively (string-append out "/share/openssl-"
+                                                     ,version "/misc"))
+             #t))))))
    (native-search-paths
     ;; FIXME: These two variables must designate a single file or directory
     ;; and are not actually "search paths."  In practice it works OK in user