pkgs/development/libraries/quictls/default.nix at flake-libs · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / libraries / quictls / default.nix
at flake-libs 210 lines 6.9 kB view raw
  1{
  2  buildPackages,
  3  cryptodev,
  4  enableSSL2 ? false,
  5  enableSSL3 ? false,
  6  fetchFromGitHub,
  7  lib,
  8  makeWrapper,
  9  perl,
 10  removeReferencesTo,
 11  static ? stdenv.hostPlatform.isStatic,
 12  stdenv,
 13  withCryptodev ? false,
 14}:
 15
 16stdenv.mkDerivation rec {
 17  pname = "quictls";
 18  version = "3.3.0-quic1";
 19
 20  src = fetchFromGitHub {
 21    owner = "quictls";
 22    repo = "openssl";
 23    rev = "openssl-${version}";
 24    hash = "sha256-kBPwldTJbJSuvBVylJNcLSJvF/Hbqh0mfT4Ub5Xc6dk=";
 25  };
 26
 27  patches = [
 28    ../openssl/3.0/nix-ssl-cert-file.patch
 29
 30    # openssl will only compile in KTLS if the current kernel supports it.
 31    # This patch disables build-time detection.
 32    ../openssl/3.0/openssl-disable-kernel-detection.patch
 33
 34    (
 35      if stdenv.hostPlatform.isDarwin then
 36        ../openssl/3.4/use-etc-ssl-certs-darwin.patch
 37      else
 38        ../openssl/3.4/use-etc-ssl-certs.patch
 39    )
 40  ];
 41
 42  postPatch =
 43    ''
 44      patchShebangs Configure
 45    ''
 46    # config is a configure script which is not installed.
 47    + ''
 48      substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env'
 49    ''
 50    + lib.optionalString stdenv.hostPlatform.isMusl ''
 51      substituteInPlace crypto/async/arch/async_posix.h \
 52        --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \
 53                  '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0'
 54    '';
 55
 56  nativeBuildInputs = [
 57    makeWrapper
 58    perl
 59    removeReferencesTo
 60  ];
 61
 62  buildInputs = lib.optionals withCryptodev [
 63    cryptodev
 64  ];
 65
 66  outputs = [
 67    "bin"
 68    "dev"
 69    "out"
 70    "man"
 71    "doc"
 72  ];
 73
 74  setOutputFlags = false;
 75
 76  separateDebugInfo =
 77    !stdenv.hostPlatform.isDarwin && !(stdenv.hostPlatform.useLLVM or false) && stdenv.cc.isGNU;
 78
 79  # TODO(@Ericson2314): Improve with mass rebuild
 80  configurePlatforms = [ ];
 81  configureScript =
 82    {
 83      armv5tel-linux = "./Configure linux-armv4 -march=armv5te";
 84      armv6l-linux = "./Configure linux-armv4 -march=armv6";
 85      armv7l-linux = "./Configure linux-armv4 -march=armv7-a";
 86      x86_64-darwin = "./Configure darwin64-x86_64-cc";
 87      aarch64-darwin = "./Configure darwin64-arm64-cc";
 88      x86_64-linux = "./Configure linux-x86_64";
 89      x86_64-solaris = "./Configure solaris64-x86_64-gcc";
 90      riscv64-linux = "./Configure linux64-riscv64";
 91      mips64el-linux =
 92        if stdenv.hostPlatform.isMips64n64 then
 93          "./Configure linux64-mips64"
 94        else if stdenv.hostPlatform.isMips64n32 then
 95          "./Configure linux-mips64"
 96        else
 97          throw "unsupported ABI for ${stdenv.hostPlatform.system}";
 98    }
 99    .${stdenv.hostPlatform.system} or (
100      if stdenv.hostPlatform == stdenv.buildPlatform then
101        "./config"
102      else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_64 then
103        "./Configure BSD-x86_64"
104      else if stdenv.hostPlatform.isBSD && stdenv.hostPlatform.isx86_32 then
105        "./Configure BSD-x86" + lib.optionalString stdenv.hostPlatform.isElf "-elf"
106      else if stdenv.hostPlatform.isBSD then
107        "./Configure BSD-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
108      else if stdenv.hostPlatform.isMinGW then
109        "./Configure mingw${
110          lib.optionalString (stdenv.hostPlatform.parsed.cpu.bits != 32) (
111            toString stdenv.hostPlatform.parsed.cpu.bits
112          )
113        }"
114      else if stdenv.hostPlatform.isLinux then
115        "./Configure linux-generic${toString stdenv.hostPlatform.parsed.cpu.bits}"
116      else if stdenv.hostPlatform.isiOS then
117        "./Configure ios${toString stdenv.hostPlatform.parsed.cpu.bits}-cross"
118      else
119        throw "Not sure what configuration to use for ${stdenv.hostPlatform.config}"
120    );
121
122  # OpenSSL doesn't like the `--enable-static` / `--disable-shared` flags.
123  dontAddStaticConfigureFlags = true;
124
125  configureFlags =
126    [
127      "shared" # "shared" builds both shared and static libraries
128      "--libdir=lib"
129      "--openssldir=etc/ssl"
130    ]
131    ++ lib.optionals withCryptodev [
132      "-DHAVE_CRYPTODEV"
133      "-DUSE_CRYPTODEV_DIGESTS"
134    ]
135    ++ lib.optional enableSSL2 "enable-ssl2"
136    ++ lib.optional enableSSL3 "enable-ssl3"
137    # We select KTLS here instead of the configure-time detection (which we patch out).
138    # KTLS should work on FreeBSD 13+ as well, so we could enable it if someone tests it.
139    ++ lib.optional (stdenv.hostPlatform.isLinux && lib.versionAtLeast version "3.0.0") "enable-ktls"
140    ++ lib.optional stdenv.hostPlatform.isAarch64 "no-afalgeng"
141    # OpenSSL needs a specific `no-shared` configure flag.
142    # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
143    # for a comprehensive list of configuration options.
144    ++ lib.optional static "no-shared"
145    # This introduces a reference to the CTLOG_FILE which is undesired when
146    # trying to build binaries statically.
147    ++ lib.optional static "no-ct";
148
149  makeFlags = [
150    "MANDIR=$(man)/share/man"
151    # This avoids conflicts between man pages of openssl subcommands (for
152    # example 'ts' and 'err') man pages and their equivalent top-level
153    # command in other packages (respectively man-pages and moreutils).
154    # This is done in ubuntu and archlinux, and possibly many other distros.
155    "MANSUFFIX=ssl"
156  ];
157
158  enableParallelBuilding = true;
159
160  postInstall =
161    (
162      if static then
163        ''
164          # OPENSSLDIR has a reference to self
165          ${removeReferencesTo}/bin/remove-references-to -t $out $out/lib/*.a
166        ''
167      else
168        ''
169          # If we're building dynamic libraries, then don't install static
170          # libraries.
171          if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
172              rm "$out/lib/"*.a
173          fi
174        ''
175    )
176    + ''
177      mkdir -p $bin
178      mv $out/bin $bin/bin
179
180      # c_rehash is a legacy perl script with the same functionality
181      # as `openssl rehash`
182      # this wrapper script is created to maintain backwards compatibility without
183      # depending on perl
184      makeWrapper $bin/bin/openssl $bin/bin/c_rehash \
185        --add-flags "rehash"
186
187      mkdir $dev
188      mv $out/include $dev/
189      # remove dependency on Perl at runtime
190      rm -r $out/etc/ssl/misc
191      rmdir $out/etc/ssl/{certs,private}
192    '';
193
194  postFixup = lib.optionalString (!stdenv.hostPlatform.isWindows) ''
195    # Check to make sure the main output doesn't depend on perl
196    if grep -r '${buildPackages.perl}' $out; then
197      echo "Found an erroneous dependency on perl ^^^" >&2
198      exit 1
199    fi
200  '';
201
202  meta = {
203    changelog = "https://github.com/quictls/openssl/blob/openssl-${version}/CHANGES.md";
204    description = "TLS/SSL and crypto library with QUIC APIs";
205    homepage = "https://quictls.github.io";
206    license = lib.licenses.openssl;
207    maintainers = with lib.maintainers; [ izorkin ];
208    platforms = lib.platforms.all;
209  };
210}