openssl : special treatment for @external (fixes #647)

var/spack/repos/builtin/packages/openssl/package.py

@@ -30,26 +30,14 @@ def url_for_version(self, version):
         # Same idea, but just to avoid issuing the same message multiple times
         warnings_given_to_user = getattr(Openssl, '_warnings_given', {})
         if openssl_url is None:
-            latest = 'http://www.openssl.org/source/openssl-{version}.tar.gz'
+            if self.spec.satisfies('@external'):
-            older = 'http://www.openssl.org/source/old/{version_number}/openssl-{version_full}.tar.gz'
+                # The version @external is reserved to system openssl. In that case return a fake url and exit
-            # Try to use the url where the latest tarballs are stored. If the url does not exist (404), then
+                openssl_url = '@external (reserved version for system openssl)'
-            # return the url for older format
-            version_number = '.'.join([str(x) for x in version[:-1]])
-            older_url = older.format(version_number=version_number, version_full=version)
-            latest_url = latest.format(version=version)
-            response = urllib.urlopen(latest.format(version=version))
-            if response.getcode() == 404:
-                openssl_url = older_url
-                # Checks if we already warned the user for this particular version of OpenSSL.
-                # If not we display a warning message and mark this version
                 if not warnings_given_to_user.get(version, False):
-                    tty.warn('This installation depends on an old version of OpenSSL, which may have known security issues. ')
+                    tty.msg('Using openssl@external : the version @external is reserved for system openssl')
-                    tty.warn('Consider updating to the latest version of this package.')
-                    tty.warn('More details at {homepage}'.format(homepage=Openssl.homepage))
                     warnings_given_to_user[version] = True
             else:
-                openssl_url = latest_url
+                openssl_url = self.check_for_outdated_release(version, warnings_given_to_user)  # Store the computed URL
-            # Store the computed URL
             openssl_urls[version] = openssl_url
             # Store the updated dictionary of URLS
             Openssl._openssl_url = openssl_urls
@@ -58,6 +46,29 @@ def url_for_version(self, version):
 
         return openssl_url
 
+    def check_for_outdated_release(self, version, warnings_given_to_user):
+        latest = 'http://www.openssl.org/source/openssl-{version}.tar.gz'
+        older = 'http://www.openssl.org/source/old/{version_number}/openssl-{version_full}.tar.gz'
+        # Try to use the url where the latest tarballs are stored. If the url does not exist (404), then
+        # return the url for older format
+        version_number = '.'.join([str(x) for x in version[:-1]])
+        older_url = older.format(version_number=version_number, version_full=version)
+        latest_url = latest.format(version=version)
+        response = urllib.urlopen(latest.format(version=version))
+        if response.getcode() == 404:
+            openssl_url = older_url
+            # Checks if we already warned the user for this particular version of OpenSSL.
+            # If not we display a warning message and mark this version
+            if not warnings_given_to_user.get(version, False):
+                tty.warn(
+                    'This installation depends on an old version of OpenSSL, which may have known security issues. ')
+                tty.warn('Consider updating to the latest version of this package.')
+                tty.warn('More details at {homepage}'.format(homepage=Openssl.homepage))
+                warnings_given_to_user[version] = True
+        else:
+            openssl_url = latest_url
+        return openssl_url
+
     def install(self, spec, prefix):
         # OpenSSL uses a variable APPS in its Makefile. If it happens to be set
         # in the environment, then this will override what is set in the