tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / development / libraries / botan / default.nix
at flake-libs 170 lines 4.2 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchurl, 5 pkgsStatic, 6 python3, 7 docutils, 8 bzip2, 9 zlib, 10 jitterentropy, 11 darwin, 12 esdm, 13 tpm2-tss, 14 static ? stdenv.hostPlatform.isStatic, # generates static libraries *only* 15 16 # build ESDM RNG plugin 17 withEsdm ? false, 18 # useful, but have to disable tests for now, as /dev/tpmrm0 is not accessible 19 withTpm2 ? false, 20 policy ? null, 21}: 22 23assert lib.assertOneOf "policy" policy [ 24 # no explicit policy is given. The defaults by the library are used 25 null 26 # only allow BSI approved algorithms, FFI and SHAKE for XMSS 27 "bsi" 28 # only allow NIST approved algorithms in FIPS 140 29 "fips140" 30 # only allow "modern" algorithms 31 "modern" 32]; 33 34let 35 common = 36 { 37 version, 38 hash, 39 patches ? [ ], 40 }: 41 stdenv.mkDerivation (finalAttrs: { 42 pname = "botan"; 43 inherit version; 44 45 __structuredAttrs = true; 46 enableParallelBuilding = true; 47 strictDeps = true; 48 49 outputs = [ 50 "bin" 51 "out" 52 "dev" 53 "doc" 54 "man" 55 ]; 56 57 src = fetchurl { 58 url = "http://botan.randombit.net/releases/Botan-${finalAttrs.version}.tar.xz"; 59 inherit hash; 60 }; 61 62 inherit patches; 63 64 nativeBuildInputs = [ 65 python3 66 docutils 67 ]; 68 69 buildInputs = 70 [ 71 bzip2 72 zlib 73 ] 74 ++ lib.optionals (stdenv.hostPlatform.isLinux && withTpm2) [ 75 tpm2-tss 76 ] 77 ++ lib.optionals (lib.versionAtLeast version "3.6.0") [ 78 jitterentropy 79 ] 80 ++ lib.optionals (lib.versionAtLeast version "3.7.0" && withEsdm) [ 81 esdm 82 ]; 83 84 buildTargets = 85 [ "cli" ] 86 ++ lib.optionals finalAttrs.finalPackage.doCheck [ "tests" ] 87 ++ lib.optionals static [ "static" ] 88 ++ lib.optionals (!static) [ "shared" ]; 89 90 botanConfigureFlags = 91 [ 92 "--prefix=${placeholder "out"}" 93 "--bindir=${placeholder "bin"}/bin" 94 "--docdir=${placeholder "doc"}/share/doc" 95 "--mandir=${placeholder "man"}/share/man" 96 "--no-install-python-module" 97 "--build-targets=${lib.concatStringsSep "," finalAttrs.buildTargets}" 98 "--with-bzip2" 99 "--with-zlib" 100 "--with-rst2man" 101 "--cpu=${stdenv.hostPlatform.parsed.cpu.name}" 102 ] 103 ++ lib.optionals stdenv.cc.isClang [ 104 "--cc=clang" 105 ] 106 ++ lib.optionals (stdenv.hostPlatform.isLinux && withTpm2) [ 107 "--with-tpm2" 108 ] 109 ++ lib.optionals (lib.versionAtLeast version "3.6.0") [ 110 "--enable-modules=jitter_rng" 111 ] 112 ++ lib.optionals (lib.versionAtLeast version "3.7.0" && withEsdm) [ 113 "--enable-modules=esdm_rng" 114 ] 115 ++ lib.optionals (lib.versionAtLeast version "3.8.0" && policy != null) [ 116 "--module-policy=${policy}" 117 ] 118 ++ lib.optionals (lib.versionAtLeast version "3.8.0" && policy == "bsi") [ 119 "--enable-module=ffi" 120 "--enable-module=shake" 121 ]; 122 123 configurePhase = '' 124 runHook preConfigure 125 python configure.py ''${botanConfigureFlags[@]} 126 runHook postConfigure 127 ''; 128 129 preInstall = '' 130 if [ -d src/scripts ]; then 131 patchShebangs src/scripts 132 fi 133 ''; 134 135 postInstall = '' 136 cd "$out"/lib/pkgconfig 137 ln -s botan-*.pc botan.pc || true 138 ''; 139 140 doCheck = true; 141 142 passthru.tests = lib.optionalAttrs (lib.versionAtLeast version "3") { 143 static = pkgsStatic.botan3; 144 }; 145 146 meta = with lib; { 147 description = "Cryptographic algorithms library"; 148 homepage = "https://botan.randombit.net"; 149 mainProgram = "botan"; 150 maintainers = with maintainers; [ 151 raskin 152 thillux 153 nikstur 154 ]; 155 platforms = platforms.unix; 156 license = licenses.bsd2; 157 }; 158 }); 159in 160{ 161 botan3 = common { 162 version = "3.8.1"; 163 hash = "sha256-sDloHUuGGi9YU3Rti6gG9VPiOGntctie2/o8Pb+hfmg="; 164 }; 165 166 botan2 = common { 167 version = "2.19.5"; 168 hash = "sha256-3+6g4KbybWckxK8B2pp7iEh62y2Bunxy/K9S21IsmtQ="; 169 }; 170}