pyrox.dev
lol
chaps: init at version 0.42-6812
Chaps is a PKCS #11 implementation with TPM backend.
+220
+81
pkgs/tools/security/chaps/default.nix
+81
pkgs/tools/security/chaps/default.nix
···
1
+
{ stdenv, fetchgit, fetchurl, trousers, leveldb, unzip, scons, pkgconfig
2
+
, glib, dbus_cplusplus, dbus, protobuf, openssl, snappy, pam }:
3
+
4
+
let
5
+
src_chromebase = fetchgit {
6
+
url = "https://chromium.googlesource.com/chromium/src/base.git";
7
+
rev = "2dfe404711e15e24e79799516400c61b2719d7af";
8
+
sha256 = "2bd93a3ace4b6767db2c1bd1e16f426c97b8d2133a9cb15f8372b2516cfa65c5";
9
+
};
10
+
11
+
src_gmock = fetchurl {
12
+
url = "https://googlemock.googlecode.com/files/gmock-1.7.0.zip";
13
+
sha256 = "0nq98cpnv2jsx2byp4ilam6kydcnziflkc16ikydajmp4mcvpz16";
14
+
};
15
+
16
+
src_platform2 = fetchgit {
17
+
url = "https://chromium.googlesource.com/chromiumos/platform2";
18
+
rev = "e999e989eaa71c3db7314fc7b4e20829b2b5473b";
19
+
sha256 = "bb43ef7918ec6219711cbba3ce91236413738f1341261a1845256b3d6cc9f843";
20
+
};
21
+
22
+
in
23
+
24
+
stdenv.mkDerivation rec {
25
+
name = "chaps-0.42-6812";
26
+
version = "0.42-6812";
27
+
28
+
src = fetchgit {
29
+
url = "https://github.com/google/chaps-linux";
30
+
rev = "989aadc45cdb216ca35b0c97d13fc691576fa1d7";
31
+
sha256 = "c58e08e89d36050cd831116819d555f0e24e7bf11047cb18f2a2eead45ba67be";
32
+
};
33
+
34
+
patches = [ ./fix_absolute_path.patch ./fix_environment_variables.patch ./fix_scons.patch ./insert_prefetches.patch ];
35
+
36
+
postPatch = ''
37
+
substituteInPlace makefile --replace @@NIXOS_SRC_CHROMEBASE@@ ${src_chromebase}
38
+
substituteInPlace makefile --replace @@NIXOS_SRC_GMOCK@@ ${src_gmock}
39
+
substituteInPlace makefile --replace @@NIXOS_SRC_PLATFORM2@@ ${src_platform2}
40
+
substituteInPlace makefile --replace @@NIXOS_LEVELDB@@ ${leveldb}
41
+
'';
42
+
43
+
nativeBuildInputs = [ unzip scons pkgconfig ];
44
+
45
+
buildInputs = [ trousers glib dbus_cplusplus dbus protobuf openssl snappy leveldb pam ];
46
+
47
+
buildPhase = ''
48
+
make build
49
+
'';
50
+
51
+
installPhase = ''
52
+
mkdir -p $out/bin
53
+
cp ${name}/out/chapsd $out/bin/.
54
+
cp ${name}/out/chaps_client $out/bin/.
55
+
56
+
mkdir -p $out/lib
57
+
cp ${name}/out/libchaps.so.* $out/lib/.
58
+
mkdir -p $out/lib/security
59
+
cp ${name}/out/pam_chaps.so $out/lib/security/.
60
+
61
+
mkdir -p $out/include
62
+
cp -r ${name}/out/chaps $out/include/.
63
+
64
+
mkdir -p $out/etc/dbus-1/system.d
65
+
cp ${name}/out/org.chromium.Chaps.conf $out/etc/dbus-1/system.d/.
66
+
mkdir -p $out/etc/dbus-1/system-services
67
+
cp ${name}/platform2/chaps/org.chromium.Chaps.service $out/etc/dbus-1/system-services/.
68
+
69
+
mkdir -p $out/usr/share/pam-configs/chaps
70
+
mkdir -p $out/usr/share/man/man8
71
+
cp ${name}/man/* $out/usr/share/man/man8/.
72
+
'';
73
+
74
+
meta = with stdenv.lib; {
75
+
description = "PKCS #11 implementation based on trusted platform module (TPM)";
76
+
homepage = "https://www.chromium.org/developers/design-documents/chaps-technical-design";
77
+
maintainers = [ maintainers.tstrobel ];
78
+
platforms = platforms.linux;
79
+
license = licenses.bsd3;
80
+
};
81
+
}
+18
pkgs/tools/security/chaps/fix_absolute_path.patch
+18
pkgs/tools/security/chaps/fix_absolute_path.patch
···
1
+
diff --git a/patches/platform2/fix_echo.patch b/patches/platform2/fix_echo.patch
2
+
new file mode 100644
3
+
index 0000000..d2272f6
4
+
--- /dev/null
5
+
+++ b/patches/platform2/fix_echo.patch
6
+
@@ -0,0 +1,12 @@
7
+
+diff -uNr platform2/common-mk/common.mk platform2-new/common-mk/common.mk
8
+
+--- platform2/common-mk/common.mk 2015-07-03 12:07:47.482745292 +0200
9
+
++++ platform2-new/common-mk/common.mk 2015-07-03 12:08:16.868600569 +0200
10
+
+@@ -263,7 +263,7 @@
11
+
+ $(eval $(call override_var,STRIP,strip))
12
+
+
13
+
+ RMDIR ?= rmdir
14
+
+-ECHO = /bin/echo -e
15
+
++ECHO = echo -e
16
+
+
17
+
+ ifeq ($(lastword $(subst /, ,$(CC))),clang)
18
+
+ CDRIVER = clang
+42
pkgs/tools/security/chaps/fix_environment_variables.patch
+42
pkgs/tools/security/chaps/fix_environment_variables.patch
···
1
+
diff --git a/extrasrc/Makefile b/extrasrc/Makefile
2
+
index fb95845..77125c0 100644
3
+
--- a/extrasrc/Makefile
4
+
+++ b/extrasrc/Makefile
5
+
@@ -10,11 +10,11 @@ OUTDIR=$(SRCDIR)/out
6
+
GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VER)
7
+
GTEST_DIR=$(GMOCK_DIR)/gtest
8
+
9
+
-INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include"
10
+
+INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include $(NIX_LDFLAG) $(NIX_CFLAGS_COMPILE)"
11
+
12
+
# To build Chaps, defer to platform2/chaps/Makefile
13
+
all: libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out
14
+
- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE)
15
+
+ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE)
16
+
17
+
# To build required Chromium components, defer to scons file.
18
+
libchrome-$(BASE_VER).a:
19
+
@@ -38,7 +38,7 @@ out/libgmock.a: out/gmock-all.o
20
+
ar -rv $@ $<
21
+
22
+
test: out/libgtest.a out/libgmock.a libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out
23
+
- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests
24
+
+ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests
25
+
26
+
clean: clean_chaps clean_chromeos clean_chromebase clean_gmock clean_debian
27
+
clean_gmock:
28
+
@@ -49,7 +49,7 @@ clean_chromebase:
29
+
clean_chromeos:
30
+
-BASE_VER=$(BASE_VER) scons -f Sconstruct.libchromeos -c
31
+
clean_chaps:
32
+
- -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) $(MAKE) clean
33
+
+ -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) $(MAKE) clean
34
+
rm -rf out
35
+
clean_debian:
36
+
dh_clean
37
+
@@ -64,4 +64,4 @@ install_man:
38
+
$(INSTALL) -m 0644 -D man/chapsd.8 $(MANDIR)/man8/chapsd.8
39
+
$(INSTALL) -m 0644 -D man/chaps_client.8 $(MANDIR)/man8/chaps_client.8
40
+
install: install_man
41
+
- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files
42
+
+ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files
+26
pkgs/tools/security/chaps/fix_scons.patch
+26
pkgs/tools/security/chaps/fix_scons.patch
···
1
+
diff --git a/extrasrc/Sconstruct.libchrome b/extrasrc/Sconstruct.libchrome
2
+
index 4feb76d..311fe8a 100644
3
+
--- a/extrasrc/Sconstruct.libchrome
4
+
+++ b/extrasrc/Sconstruct.libchrome
5
+
@@ -103,7 +103,7 @@ base_lib = {
6
+
'pc_libs' : 'glib-2.0',
7
+
}
8
+
9
+
-env = Environment()
10
+
+env = Environment(ENV = os.environ)
11
+
12
+
BASE_VER = os.environ.get('BASE_VER', '0')
13
+
GTEST_DIR = os.environ.get('GTEST_DIR', '0')
14
+
diff --git a/extrasrc/Sconstruct.libchromeos b/extrasrc/Sconstruct.libchromeos
15
+
index 1da6001..66f9acb 100644
16
+
--- a/extrasrc/Sconstruct.libchromeos
17
+
+++ b/extrasrc/Sconstruct.libchromeos
18
+
@@ -18,7 +18,7 @@ base_lib = {
19
+
'pc_libs' : 'dbus-c++-1',
20
+
}
21
+
22
+
-env = Environment()
23
+
+env = Environment(ENV = os.environ)
24
+
25
+
PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config')
26
+
BASE_VER = os.environ.get('BASE_VER', '0')
+51
pkgs/tools/security/chaps/insert_prefetches.patch
+51
pkgs/tools/security/chaps/insert_prefetches.patch
···
1
+
diff --git a/makefile b/makefile
2
+
index b6865f3..c14f5ec 100644
3
+
--- a/makefile
4
+
+++ b/makefile
5
+
@@ -53,8 +53,8 @@ $(SRCDIR)/include/trousers/scoped_tss_type.h: extrasrc/scoped_tss_type.h | $(SRC
6
+
cp $< $@
7
+
# Chromium includes <leveldb/memenv.h>. This requires an install of libleveldb-dev that has
8
+
# memenv support included; move this into a local leveldb/ subdirectory
9
+
-$(SRCDIR)/include/leveldb/memenv.h: /usr/include/leveldb/helpers/memenv.h | $(SRCDIR)/include/leveldb
10
+
- cp $< $@
11
+
+$(SRCDIR)/include/leveldb/memenv.h: $(SRCDIR)/include/leveldb
12
+
+ cp @@NIXOS_LEVELDB@@/include/leveldb/helpers/memenv.h $@
13
+
# Chromium includes <include/testing/gtest/include/gtest/gtest_prod.h>, so have a local copy.
14
+
$(SRCDIR)/include/testing/gtest/include/gtest/gtest_prod.h: extrasrc/gtest_prod.h | $(SRCDIR)/include/testing/gtest/include/gtest
15
+
cp $< $@
16
+
@@ -80,7 +80,7 @@ GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VERSION)
17
+
GTEST_DIR=$(GMOCK_DIR)/gtest
18
+
src_gmock: $(GMOCK_DIR)/LICENSE
19
+
$(GMOCK_DIR)/LICENSE: | $(SRCDIR)
20
+
- cd $(SRCDIR) && wget $(GMOCK_URL)
21
+
+ cd $(SRCDIR) && cp @@NIXOS_SRC_GMOCK@@ gmock-$(GMOCK_VERSION).zip && chmod +w gmock-$(GMOCK_VERSION).zip
22
+
cd $(SRCDIR) && unzip -q gmock-$(GMOCK_VERSION).zip
23
+
rm $(SRCDIR)/gmock-$(GMOCK_VERSION).zip
24
+
touch $@
25
+
@@ -107,8 +107,7 @@ src_chromebase: $(SRCDIR)/base/base64.h
26
+
$(SRCDIR)/base: | $(SRCDIR)
27
+
mkdir -p $@
28
+
$(SRCDIR)/base/base64.h: | $(SRCDIR)/base
29
+
- git clone $(CHROMEBASE_GIT) $(SRCDIR)/base
30
+
- cd $(SRCDIR)/base && git checkout $(CHROMEBASE_COMMIT)
31
+
+ cp -r @@NIXOS_SRC_CHROMEBASE@@/. $(SRCDIR)/base && chmod -R +w $(SRCDIR)/base
32
+
33
+
# We need two subdirectories from the platform2 repository from ChromiumOS:
34
+
# - chaps/ for the Chaps source code
35
+
@@ -119,14 +118,8 @@ $(SRCDIR)/platform2:
36
+
PLATFORM2_GIT=https://chromium.googlesource.com/chromiumos/platform2
37
+
PATCHES=$(wildcard $(CURDIR)/patches/platform2/*.patch)
38
+
$(SRCDIR)/platform2/chaps/Makefile: | $(SRCDIR)/platform2
39
+
- cd $(SRCDIR)/platform2 && git init . && git remote add -f origin $(PLATFORM2_GIT)
40
+
- cd $(SRCDIR)/platform2 && git config core.sparsecheckout true
41
+
- cd $(SRCDIR)/platform2 && echo "chaps" > .git/info/sparse-checkout
42
+
- cd $(SRCDIR)/platform2 && echo "libchromeos/chromeos" >> .git/info/sparse-checkout
43
+
- cd $(SRCDIR)/platform2 && echo "common-mk/common.mk" >> .git/info/sparse-checkout
44
+
- cd $(SRCDIR)/platform2 && git pull origin master
45
+
- cd $(SRCDIR)/platform2 && git checkout $(CROS_BRANCH)
46
+
- cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then git am $(PATCHES); fi
47
+
+ cd $(SRCDIR)/platform2 && cp -r @@NIXOS_SRC_PLATFORM2@@/. . && chmod -R +w $(SRCDIR)/platform2
48
+
+ cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then patch -p1 < $(PATCHES); fi
49
+
50
+
51
+
# Copy man pages
+2
pkgs/top-level/all-packages.nix
+2
pkgs/top-level/all-packages.nix
···
3105
3105
3106
3106
tpm-tools = callPackage ../tools/security/tpm-tools { };
3107
3107
3108
+
chaps = callPackage ../tools/security/chaps { };
3109
+
3108
3110
trace-cmd = callPackage ../os-specific/linux/trace-cmd { };
3109
3111
3110
3112
traceroute = callPackage ../tools/networking/traceroute { };