pyrox.dev
1{ lib
2, stdenv
3, fetchFromGitHub
4, Security
5, autoreconfHook
6, openssl
7}:
8
9stdenv.mkDerivation rec {
10 pname = "wolfssl";
11 version = "5.5.3";
12
13 src = fetchFromGitHub {
14 owner = "wolfSSL";
15 repo = "wolfssl";
16 rev = "v${version}-stable";
17 hash = "sha256-d8DDyEsK35WK7c0udZI5HxQLO+mbod8hlbSoa3IWWS0=";
18 };
19
20 postPatch = ''
21 patchShebangs ./scripts
22 # ocsp tests require network access
23 sed -i -e '/ocsp\.test/d' -e '/ocsp-stapling\.test/d' scripts/include.am
24 # ensure test detects musl-based systems too
25 substituteInPlace scripts/ocsp-stapling2.test \
26 --replace '"linux-gnu"' '"linux-"'
27 '';
28
29 # Almost same as Debian but for now using --enable-all --enable-reproducible-build instead of --enable-distro to ensure options.h gets installed
30 configureFlags = [
31 "--enable-all"
32 "--enable-base64encode"
33 "--enable-pkcs11"
34 "--enable-writedup"
35 "--enable-reproducible-build"
36 "--enable-tls13"
37 ];
38
39 outputs = [
40 "dev"
41 "doc"
42 "lib"
43 "out"
44 ];
45
46 propagatedBuildInputs = [ ] ++ lib.optionals stdenv.isDarwin [ Security ];
47 nativeBuildInputs = [
48 autoreconfHook
49 ];
50
51 doCheck = true;
52 checkInputs = [ openssl ];
53
54 postInstall = ''
55 # fix recursive cycle:
56 # wolfssl-config points to dev, dev propagates bin
57 moveToOutput bin/wolfssl-config "$dev"
58 # moveToOutput also removes "$out" so recreate it
59 mkdir -p "$out"
60 '';
61
62 meta = with lib; {
63 description = "A small, fast, portable implementation of TLS/SSL for embedded devices";
64 homepage = "https://www.wolfssl.com/";
65 platforms = platforms.all;
66 license = licenses.gpl2Plus;
67 maintainers = with maintainers; [ fab ];
68 };
69}