tjh.dev
1{ lib
2, stdenv
3, fetchFromGitHub
4, fetchpatch
5, cmake
6, pkg-config
7, mongoc
8, openssl
9, darwin
10}:
11
12stdenv.mkDerivation rec {
13 pname = "libmongocrypt";
14 version = "1.7.4";
15
16 src = fetchFromGitHub {
17 owner = "mongodb";
18 repo = pname;
19 rev = version;
20 hash = "sha256-I4KG2BHAovin9EaF8lNzJzucARvi0Qptz5Y9gTt3WkE=";
21 };
22
23 patches = [
24 # fix pkg-config files
25 # submitted upstream: https://github.com/mongodb/libmongocrypt/pull/634
26 (fetchpatch {
27 url = "https://github.com/mongodb/libmongocrypt/commit/5514cf0a366c4d0dc1b0f2a62201f0f1161054da.diff";
28 hash = "sha256-eMSn6MRnc3yKfU2u/Bg3juWiupDzY1DUGi1/HSRftIs=";
29 })
30 ];
31
32 nativeBuildInputs = [ cmake pkg-config ];
33 buildInputs = [
34 mongoc
35 openssl
36 ] ++ lib.optionals stdenv.isDarwin [
37 darwin.apple_sdk.frameworks.Security
38 ];
39
40 cmakeFlags = [
41 # all three of these are required to use system libbson
42 "-DUSE_SHARED_LIBBSON=ON"
43 "-DMONGOCRYPT_MONGOC_DIR=USE-SYSTEM"
44 "-DENABLE_ONLINE_TESTS=OFF"
45
46 # this pulls in a library we don't have
47 "-DMONGOCRYPT_ENABLE_DECIMAL128=OFF"
48
49 # this avoids a dependency on Python
50 "-DBUILD_VERSION=${version}"
51 ];
52
53 meta = with lib; {
54 description = "Required C library for client-side and queryable encryption in MongoDB";
55 homepage = "https://github.com/mongodb/libmongocrypt";
56 license = licenses.asl20;
57 platforms = platforms.unix;
58 };
59}