pkgs/development/libraries/quictls/default.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / libraries / quictls / default.nix
at devShellTools-shell 6.8 kB view raw
  1{
  2  buildPackages,
  3  cryptodev,
  4  enableSSL2 ? false,
  5  enableSSL3 ? false,
  6  fetchFromGitHub,
  7  lib,
  8  makeWrapper,
  9  perl,
 10  removeReferencesTo,
 11  static ? stdenv.hostPlatform.isStatic,
 12  stdenv,
 13  withCryptodev ? false,
 14}:
 15
 16stdenv.mkDerivation rec {
 17  pname = "quictls";
 18  version = "3.3.0-quic1";
 19
 20  src = fetchFromGitHub {
 21    owner = "quictls";
 22    repo = "openssl";
 23    rev = "openssl-${version}";
 24    hash = "sha256-kBPwldTJbJSuvBVylJNcLSJvF/Hbqh0mfT4Ub5Xc6dk=";
 25  };
 26
 27  patches = [
 28    ../openssl/3.0/nix-ssl-cert-file.patch
 29
 30    # openssl will only compile in KTLS if the current kernel supports it.
 31    # This patch disables build-time detection.
 32    ../openssl/3.0/openssl-disable-kernel-detection.patch
 33
 34    (
 35      if stdenv.hostPlatform.isDarwin then
 36        ../openssl/3.5/use-etc-ssl-certs-darwin.patch
 37      else
 38        ../openssl/3.5/use-etc-ssl-certs.patch
 39    )
 40  ];
 41
 42  postPatch = ''
 43    patchShebangs Configure
 44  ''
 45  # config is a configure script which is not installed.
 46  + ''
 47    substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env'
 48  ''
 49  + lib.optionalString stdenv.hostPlatform.isMusl ''
 50    substituteInPlace crypto/async/arch/async_posix.h \
 51      --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \
 52                '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0'
 53  '';
 54
 55  nativeBuildInputs = [
 56    makeWrapper
 57    perl
 58    removeReferencesTo
 59  ];
 60
 61  buildInputs = lib.optionals withCryptodev [
 62    cryptodev
 63  ];
 64
 65  outputs = [
 66    "bin"
 67    "dev"
 68    "out"
 69    "man"
 70    "doc"
 71  ];
 72
 73  setOutputFlags = false;
 74
 75  separateDebugInfo =
 76    !stdenv.hostPlatform.isDarwin && !(stdenv.hostPlatform.useLLVM or false) && stdenv.cc.isGNU;
 77
 78  # TODO(@Ericson2314): Improve with mass rebuild
 79  configurePlatforms = [ ];
 80  configureScript =
 81    {
 82      armv5tel-linux = "./Configure linux-armv4 -march=armv5te";
 83      armv6l-linux = "./Configure linux-armv4 -march=armv6";
 84      armv7l-linux = "./Configure linux-armv4 -march=armv7-a";
 85      x86_64-darwin = "./Configure darwin64-x86_64-cc";
 86      aarch64-darwin = "./Configure darwin64-arm64-cc";
 87      x86_64-linux = "./Configure linux-x86_64";
 88      x86_64-solaris = "./Configure solaris64-x86_64-gcc";
 89      riscv64-linux = "./Configure linux64-riscv64";
 90      mips64el-linux =
 91        if stdenv.hostPlatform.isMips64n64 then
 92          "./Configure linux64-mips64"
 93        else if stdenv.hostPlatform.isMips64n32 then
 94          "./Configure linux-mips64"
 95        else
 96          throw "unsupported ABI for ${stdenv.hostPlatform.system}";
 97    }
 98    .${stdenv.hostPlatform.system} or (
 99      if stdenv.hostPlatform == stdenv.buildPlatform then
100        "./config"
101      else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_64 then
102        "./Configure BSD-x86_64"
103      else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_32 then
104        "./Configure BSD-x86" + lib.optionalString stdenv.hostPlatform.isElf "-elf"
105      else if stdenv.hostPlatform.isBSD then
106        "./Configure BSD-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
107      else if stdenv.hostPlatform.isMinGW then
108        "./Configure mingw${
109          lib.optionalString (stdenv.hostPlatform.parsed.cpu.bits != 32) (
110            toString stdenv.hostPlatform.parsed.cpu.bits
111          )
112        }"
113      else if stdenv.hostPlatform.isLinux then
114        "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
115      else if stdenv.hostPlatform.isiOS then
116        "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross"
117      else
118        throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}"
119    );
120
121  # OpenSSL doesn't like the `--enable-static` / `--disable-shared` flags.
122  dontAddStaticConfigureFlags = true;
123
124  configureFlags = [
125    "shared" # "shared" builds both shared and static libraries
126    "--libdir=lib"
127    "--openssldir=etc/ssl"
128  ]
129  ++ lib.optionals withCryptodev [
130    "-DHAVE_CRYPTODEV"
131    "-DUSE_CRYPTODEV_DIGESTS"
132  ]
133  ++ lib.optional enableSSL2 "enable-ssl2"
134  ++ lib.optional enableSSL3 "enable-ssl3"
135  # We select KTLS here instead of the configure-time detection (which we patch out).
136  # KTLS should work on FreeBSD 13+ as well, so we could enable it if someone tests it.
137  ++ lib.optional (stdenv.hostPlatform.isLinux && lib.versionAtLeast version "3.0.0") "enable-ktls"
138  ++ lib.optional stdenv.hostPlatform.isAarch64 "no-afalgeng"
139  # OpenSSL needs a specific `no-shared` configure flag.
140  # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
141  # for a comprehensive list of configuration options.
142  ++ lib.optional static "no-shared"
143  # This introduces a reference to the CTLOG_FILE which is undesired when
144  # trying to build binaries statically.
145  ++ lib.optional static "no-ct";
146
147  makeFlags = [
148    "MANDIR=$(man)/share/man"
149    # This avoids conflicts between man pages of openssl subcommands (for
150    # example 'ts' and 'err') man pages and their equivalent top-level
151    # command in other packages (respectively man-pages and moreutils).
152    # This is done in ubuntu and archlinux, and possibly many other distros.
153    "MANSUFFIX=ssl"
154  ];
155
156  enableParallelBuilding = true;
157
158  postInstall =
159    (
160      if static then
161        ''
162          # OPENSSLDIR has a reference to self
163          ${removeReferencesTo}/bin/remove-references-to -t $out $out/lib/*.a
164        ''
165      else
166        ''
167          # If we're building dynamic libraries, then don't install static
168          # libraries.
169          if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
170              rm "$out/lib/"*.a
171          fi
172        ''
173    )
174    + ''
175      mkdir -p $bin
176      mv $out/bin $bin/bin
177
178      # c_rehash is a legacy perl script with the same functionality
179      # as `openssl rehash`
180      # this wrapper script is created to maintain backwards compatibility without
181      # depending on perl
182      makeWrapper $bin/bin/openssl $bin/bin/c_rehash \
183        --add-flags "rehash"
184
185      mkdir $dev
186      mv $out/include $dev/
187      # remove dependency on Perl at runtime
188      rm -r $out/etc/ssl/misc
189      rmdir $out/etc/ssl/{certs,private}
190    '';
191
192  postFixup = lib.optionalString (!stdenv.hostPlatform.isWindows) ''
193    # Check to make sure the main output doesn't depend on perl
194    if grep -r '${buildPackages.perl}' $out; then
195      echo "Found an erroneous dependency on perl ^^^" >&2
196      exit 1
197    fi
198  '';
199
200  meta = {
201    changelog = "https://github.com/quictls/openssl/blob/openssl-${version}/CHANGES.md";
202    description = "TLS/SSL and crypto library with QUIC APIs";
203    homepage = "https://quictls.github.io";
204    license = lib.licenses.openssl;
205    maintainers = with lib.maintainers; [ izorkin ];
206    platforms = lib.platforms.all;
207  };
208}