tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / development / libraries / botan / default.nix
at devShellTools-shell 4.1 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchurl, 5 pkgsStatic, 6 python3, 7 docutils, 8 bzip2, 9 zlib, 10 jitterentropy, 11 darwin, 12 esdm, 13 tpm2-tss, 14 static ? stdenv.hostPlatform.isStatic, # generates static libraries *only* 15 16 # build ESDM RNG plugin 17 withEsdm ? false, 18 # useful, but have to disable tests for now, as /dev/tpmrm0 is not accessible 19 withTpm2 ? false, 20 policy ? null, 21}: 22 23assert lib.assertOneOf "policy" policy [ 24 # no explicit policy is given. The defaults by the library are used 25 null 26 # only allow BSI approved algorithms, FFI and SHAKE for XMSS 27 "bsi" 28 # only allow NIST approved algorithms in FIPS 140 29 "fips140" 30 # only allow "modern" algorithms 31 "modern" 32]; 33 34let 35 common = 36 { 37 version, 38 hash, 39 patches ? [ ], 40 }: 41 stdenv.mkDerivation (finalAttrs: { 42 pname = "botan"; 43 inherit version; 44 45 __structuredAttrs = true; 46 enableParallelBuilding = true; 47 strictDeps = true; 48 49 outputs = [ 50 "bin" 51 "out" 52 "dev" 53 "doc" 54 "man" 55 ]; 56 57 src = fetchurl { 58 url = "http://botan.randombit.net/releases/Botan-${finalAttrs.version}.tar.xz"; 59 inherit hash; 60 }; 61 62 inherit patches; 63 64 nativeBuildInputs = [ 65 python3 66 docutils 67 ]; 68 69 buildInputs = [ 70 bzip2 71 zlib 72 ] 73 ++ lib.optionals (stdenv.hostPlatform.isLinux && withTpm2) [ 74 tpm2-tss 75 ] 76 ++ lib.optionals (lib.versionAtLeast version "3.6.0") [ 77 jitterentropy 78 ] 79 ++ lib.optionals (lib.versionAtLeast version "3.7.0" && withEsdm) [ 80 esdm 81 ]; 82 83 buildTargets = [ 84 "cli" 85 ] 86 ++ lib.optionals finalAttrs.finalPackage.doCheck [ "tests" ] 87 ++ lib.optionals static [ "static" ] 88 ++ lib.optionals (!static) [ "shared" ]; 89 90 botanConfigureFlags = [ 91 "--prefix=${placeholder "out"}" 92 "--bindir=${placeholder "bin"}/bin" 93 "--docdir=${placeholder "doc"}/share/doc" 94 "--mandir=${placeholder "man"}/share/man" 95 "--no-install-python-module" 96 "--build-targets=${lib.concatStringsSep "," finalAttrs.buildTargets}" 97 "--with-bzip2" 98 "--with-zlib" 99 "--with-rst2man" 100 "--cpu=${stdenv.hostPlatform.parsed.cpu.name}" 101 ] 102 ++ lib.optionals stdenv.cc.isClang [ 103 "--cc=clang" 104 ] 105 ++ lib.optionals (stdenv.hostPlatform.isLinux && withTpm2) [ 106 "--with-tpm2" 107 ] 108 ++ lib.optionals (lib.versionAtLeast version "3.6.0") [ 109 "--enable-modules=jitter_rng" 110 ] 111 ++ lib.optionals (lib.versionAtLeast version "3.7.0" && withEsdm) [ 112 "--enable-modules=esdm_rng" 113 ] 114 ++ lib.optionals (lib.versionAtLeast version "3.8.0" && policy != null) [ 115 "--module-policy=${policy}" 116 ] 117 ++ lib.optionals (lib.versionAtLeast version "3.8.0" && policy == "bsi") [ 118 "--enable-module=ffi" 119 "--enable-module=shake" 120 ]; 121 122 configurePhase = '' 123 runHook preConfigure 124 python configure.py ''${botanConfigureFlags[@]} 125 runHook postConfigure 126 ''; 127 128 preInstall = '' 129 if [ -d src/scripts ]; then 130 patchShebangs src/scripts 131 fi 132 ''; 133 134 postInstall = '' 135 cd "$out"/lib/pkgconfig 136 ln -s botan-*.pc botan.pc || true 137 ''; 138 139 doCheck = true; 140 141 passthru.tests = lib.optionalAttrs (lib.versionAtLeast version "3") { 142 static = pkgsStatic.botan3; 143 }; 144 145 meta = with lib; { 146 description = "Cryptographic algorithms library"; 147 homepage = "https://botan.randombit.net"; 148 mainProgram = "botan"; 149 maintainers = with maintainers; [ 150 raskin 151 thillux 152 nikstur 153 ]; 154 platforms = platforms.unix; 155 license = licenses.bsd2; 156 }; 157 }); 158in 159{ 160 botan3 = common { 161 version = "3.8.1"; 162 hash = "sha256-sDloHUuGGi9YU3Rti6gG9VPiOGntctie2/o8Pb+hfmg="; 163 }; 164 165 botan2 = common { 166 version = "2.19.5"; 167 hash = "sha256-3+6g4KbybWckxK8B2pp7iEh62y2Bunxy/K9S21IsmtQ="; 168 }; 169}