pkgs/tools/security/cie-middleware-linux/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / cie-middleware-linux / default.nix
at netboot-syslinux-multiplatform 4.5 kB view raw
  1{ stdenv
  2, lib
  3, fetchFromGitHub
  4, makeWrapper
  5, strip-nondeterminism
  6, meson
  7, ninja
  8, pkg-config
  9, gradle_7
 10, curl
 11, cryptopp
 12, fontconfig
 13, jre
 14, libxml2
 15, openssl
 16, pcsclite
 17, podofo
 18, ghostscript
 19}:
 20
 21let
 22  pname = "cie-middleware-linux";
 23  version = "1.4.4.0";
 24
 25  src = fetchFromGitHub {
 26    owner = "M0rf30";
 27    repo = pname;
 28    rev = "${version}-podofo";
 29    sha256 = "sha256-Kyr9OTiY6roJ/wVJS/1aWfrrzDNQbuRTJQqo0akbMUU=";
 30  };
 31
 32  gradle = gradle_7;
 33
 34  # Shared libraries needed by the Java application
 35  libraries = lib.makeLibraryPath [ ghostscript ];
 36
 37  # Fixed-output derivation that fetches the Java dependencies
 38  javaDeps = stdenv.mkDerivation {
 39    pname = "cie-java-deps";
 40    inherit src version;
 41
 42    nativeBuildInputs = [ gradle ];
 43
 44    buildPhase = ''
 45      # Run the fetchDeps task
 46      export GRADLE_USER_HOME=$(mktemp -d)
 47      gradle --no-daemon -b cie-java/build.gradle fetchDeps
 48    '';
 49
 50    installPhase = ''
 51      # Build a tree compatible with the maven repository format
 52      pushd "$GRADLE_USER_HOME/caches/modules-2/files-2.1"
 53      find -type f | awk -F/ -v OFS=/ -v out="$out" '{
 54        infile = $0
 55        gsub(/\./, "/", $2)
 56        system("install -m644 -D "infile" "out"/"$2"/"$3"/"$4"/"$6)
 57      }'
 58      popd
 59    '';
 60
 61    outputHashAlgo = "sha256";
 62    outputHashMode = "recursive";
 63    outputHash = "sha256-WzT5vYF9yCMU2A7EkLZyjgWrN3gD7pnkPXc3hDFqpD8=";
 64  };
 65
 66in
 67
 68stdenv.mkDerivation {
 69  inherit pname src version;
 70
 71  hardeningDisable = [ "format" ];
 72
 73  outputs = [ "out" "dev" ];
 74
 75  nativeBuildInputs = [
 76    makeWrapper
 77    meson
 78    ninja
 79    pkg-config
 80    gradle
 81    strip-nondeterminism
 82  ];
 83
 84  buildInputs = [
 85    cryptopp
 86    fontconfig
 87    podofo
 88    openssl
 89    pcsclite
 90    curl
 91    libxml2
 92  ];
 93
 94  postPatch = ''
 95    # substitute the cieid command with this $out/bin/cieid
 96    substituteInPlace libs/pkcs11/src/CSP/AbilitaCIE.cpp \
 97      --replace 'file = "cieid"' 'file = "'$out'/bin/cieid"'
 98  '';
 99
100  # Note: we use pushd/popd to juggle between the
101  # libraries and the Java application builds.
102  preConfigure = "pushd libs";
103
104  postBuild = ''
105    popd
106
107    # Use the packages in javaDeps for both plugins and dependencies
108    localRepo="maven { url uri('${javaDeps}') }"
109    sed -i cie-java/settings.gradle -e "1i \
110      pluginManagement { repositories { $localRepo } }"
111    substituteInPlace cie-java/build.gradle \
112      --replace 'mavenCentral()' "$localRepo"
113
114    # Build the Java application
115    export GRADLE_USER_HOME=$(mktemp -d)
116    gradle standalone \
117      --no-daemon \
118      --offline \
119      --parallel \
120      --info -Dorg.gradle.java.home=${jre} \
121      --build-file cie-java/build.gradle
122
123    pushd libs/build
124  '';
125
126  postInstall = ''
127    popd
128
129    # Install the Java application
130    install -Dm755 cie-java/build/libs/CIEID-standalone.jar \
131                   "$out/share/cieid/cieid.jar"
132
133    # Create a wrapper
134    mkdir -p "$out/bin"
135    makeWrapper "${jre}/bin/java" "$out/bin/cieid" \
136      --add-flags "-Djna.library.path='$out/lib:${libraries}'" \
137      --add-flags '-Dawt.useSystemAAFontSettings=on' \
138      --add-flags "-cp $out/share/cieid/cieid.jar" \
139      --add-flags "it.ipzs.cieid.MainApplication"
140
141    # Install other files
142    install -Dm644 data/cieid.desktop "$out/share/applications/cieid.desktop"
143    install -Dm755 data/logo.png "$out/share/pixmaps/cieid.png"
144    install -Dm644 LICENSE "$out/share/licenses/cieid/LICENSE"
145  '';
146
147  postFixup = ''
148    # Move static libraries to the dev output
149    mv -t "$dev/lib" "$out/lib/"*.a
150
151    # Make the jar deterministic (mainly, sorting its files)
152    strip-nondeterminism "$out/share/cieid/cieid.jar"
153  '';
154
155  passthru = { inherit javaDeps; };
156
157  meta = with lib; {
158    homepage = "https://github.com/M0Rf30/cie-middleware-linux";
159    description = "Middleware for the Italian Electronic Identity Card (CIE)";
160    longDescription = ''
161      Software for the usage of the Italian Electronic Identity Card (CIE).
162      Access to PA services, signing and verification of documents
163
164      Warning: this is an unofficial fork because the original software, as
165      distributed by the Italian government, is essentially lacking a build
166      system and is in violation of the license of the PoDoFo library.
167    '';
168    license = licenses.bsd3;
169    platforms = platforms.unix;
170    # Note: fails due to a lot of broken type conversions
171    badPlatforms = platforms.darwin;
172    maintainers = with maintainers; [ rnhmjoj ];
173  };
174}