From 2fd6e6e264d033fa32582c32c717590f8f614541 Mon Sep 17 00:00:00 2001
From: Matthias Treydte <mt@waldheinz.de>
Date: Fri, 20 May 2022 09:23:31 +0200
Subject: [PATCH] nginx: take care not to pull in module sources as runtime
 deps

Nginx likes to print the "configured with ..." stuff on startup,
containing the full configure command line. When built with
modules (which it seems to be by default), this causes the
module sources to appear as runtime dependencies. So just use
the remove-references-to script to patch those out.

For a default installation, the rtmp, dav and moreheaders
module sources are gone, for special cases potentially more.
---
 pkgs/servers/http/nginx/generic.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix
index e189a7d2fdff..039139e9083c 100644
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@@ -2,7 +2,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
 , nginx-doc
 
 , nixosTests
-, substituteAll, gd, geoip, perl
+, substituteAll, removeReferencesTo, gd, geoip, perl
 , withDebug ? false
 , withKTLS ? false
 , withStream ? true
@@ -158,9 +158,16 @@ stdenv.mkDerivation {
     cp -r ${nginx-doc}/* $doc
   '';
 
-  postInstall = if postInstall != null then postInstall else ''
-    mv $out/sbin $out/bin
-  '';
+  nativeBuildInputs = [ removeReferencesTo ];
+
+  disallowedReferences = map (m: m.src) modules;
+
+  postInstall =
+    let
+      noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules;
+    in noSourceRefs + (if postInstall != null then postInstall else ''
+      mv $out/sbin $out/bin
+    '');
 
   passthru = {
     modules = modules;