tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / li / librandombytes / package.nix
at devShellTools-shell 2.9 kB view raw
1{ 2 stdenv, 3 lib, 4 python3, 5 openssl, 6 fetchzip, 7}: 8stdenv.mkDerivation (finalAttrs: { 9 pname = "librandombytes"; 10 version = "20240318"; 11 12 src = fetchzip { 13 url = "https://randombytes.cr.yp.to/librandombytes-${finalAttrs.version}.tar.gz"; 14 hash = "sha256-LE8iWw7FxckPREyqefgKtslD6CPDsL7VsfHScQ6JmLs="; 15 }; 16 17 patches = [ ./environment-variable-tools.patch ]; 18 19 postPatch = '' 20 patchShebangs configure 21 patchShebangs scripts-build 22 ''; 23 24 __structuredAttrs = true; 25 26 # NOTE: librandombytes uses a custom Python `./configure`: it does not expect standard 27 # autoconfig --build --host etc. arguments: disable 28 configurePlatforms = [ ]; 29 30 # NOTE: the librandombytes library has required specific CFLAGS defined: 31 # https://randombytes.cr.yp.to/librandombytes-20240318/compilers/default.html 32 # - `-O` (alias `-O1`) safe optimization 33 # - `-Qunused-arguments` suppress clang warning 34 # the default "fortify" hardening sets -O2, -D_FORTIFY_SOURCE=2: 35 # since librandombytes uses -O1, we disable the fortify hardening, and then manually re-enable -D_FORTIFY_SOURCE. 36 hardeningDisable = [ "fortify" ]; 37 env.NIX_CFLAGS_COMPILE = toString ( 38 lib.optionals stdenv.cc.isClang [ "-Qunused-arguments" ] 39 ++ [ 40 "-D_FORTIFY_SOURCE=2" 41 "-O1" 42 ] 43 ); 44 45 nativeBuildInputs = [ python3 ]; 46 47 buildInputs = [ openssl ]; 48 49 preFixup = lib.optionalString stdenv.hostPlatform.isDarwin '' 50 install_name_tool -id "$out/lib/librandombytes-kernel.1.dylib" "$out/lib/librandombytes-kernel.1.dylib" 51 install_name_tool -change "librandombytes-kernel.1.dylib" "$out/lib/librandombytes-kernel.1.dylib" "$out/bin/randombytes-info" 52 ''; 53 54 passthru.updateScript = ./update.sh; 55 56 meta = { 57 homepage = "https://randombytes.cr.yp.to/"; 58 description = "Simple API for applications generating fresh randomness"; 59 changelog = "https://randombytes.cr.yp.to/download.html"; 60 license = with lib.licenses; [ 61 # Upstream specifies the public domain licenses with the terms here https://cr.yp.to/spdx.html 62 publicDomain 63 cc0 64 bsd0 65 mit 66 mit0 67 ]; 68 maintainers = with lib.maintainers; [ 69 kiike 70 imadnyc 71 jleightcap 72 ]; 73 platforms = [ 74 "i686-linux" 75 "x86_64-linux" 76 "armv7a-linux" 77 "aarch64-linux" 78 # Cannot support 32 bit MIPS because options in libcpucycles only supports mips64: https://cpucycles.cr.yp.to/libcpucycles-20240318/cpucycles/options.html 79 "mips64-linux" 80 "mips64el-linux" 81 # powerpc-linux (32 bits) is supported by upstream project but not by nix 82 "powerpc64-linux" 83 "powerpc64le-linux" 84 "riscv32-linux" 85 "riscv64-linux" 86 "s390x-linux" 87 # Upstream package supports sparc, but nix does not 88 ] 89 ++ lib.platforms.darwin; # Work on MacOS X mentioned: https://randombytes.cr.yp.to/download.html 90 }; 91})