tjh.dev
1{
2 lib,
3 fetchFromGitHub,
4 nixosTests,
5 rustPlatform,
6 stdenv,
7 installShellFiles,
8 cmake,
9 libsodium,
10 pkg-config,
11 nix-update-script,
12}:
13rustPlatform.buildRustPackage (finalAttrs: {
14 pname = "rosenpass";
15 version = "0.2.2";
16
17 src = fetchFromGitHub {
18 owner = "rosenpass";
19 repo = "rosenpass";
20 tag = "v${finalAttrs.version}";
21 hash = "sha256-fQIeKGyTkFWUV9M1o256G4U1Os5OlVsRZu+5olEkbD4=";
22 };
23
24 cargoHash = "sha256-vx6kSdDOXiIp2626yKVieDuS9DD5/wKyXutMiKMKn24=";
25
26 nativeBuildInputs = [
27 cmake # for oqs build in the oqs-sys crate
28 pkg-config
29 rustPlatform.bindgenHook # for C-bindings in the crypto libs
30 installShellFiles
31 ];
32
33 buildInputs = [ libsodium ];
34
35 # nix defaults to building for aarch64 _without_ the armv8-a
36 # crypto extensions, but liboqs depends on these
37 preBuild = lib.optionalString stdenv.hostPlatform.isAarch64 ''
38 NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -march=armv8-a+crypto"
39 '';
40
41 postInstall = ''
42 installManPage doc/rosenpass.1
43 '';
44
45 passthru = {
46 tests = { inherit (nixosTests) rosenpass; };
47 updateScript = nix-update-script { };
48 };
49
50 meta = {
51 description = "Build post-quantum-secure VPNs with WireGuard";
52 homepage = "https://rosenpass.eu/";
53 license = with lib.licenses; [
54 mit # or
55 asl20
56 ];
57 maintainers = with lib.maintainers; [ wucke13 ];
58 teams = with lib.teams; [ ngi ];
59 platforms = [
60 "aarch64-darwin"
61 "aarch64-linux"
62 "x86_64-darwin"
63 "x86_64-linux"
64 ];
65 mainProgram = "rosenpass";
66 };
67})