tjh.dev
1{
2 lib,
3 stdenv,
4 fetchurl,
5 botan2,
6 sqlite,
7}:
8
9stdenv.mkDerivation rec {
10
11 pname = "softhsm";
12 version = "2.6.1";
13
14 src = fetchurl {
15 url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz";
16 hash = "sha256-YSSUcwVLzRgRUZ75qYmogKe9zDbTF8nCVFf8YU30dfI=";
17 };
18
19 configureFlags = [
20 "--with-crypto-backend=botan"
21 "--with-botan=${lib.getDev botan2}"
22 "--with-objectstore-backend-db"
23 "--sysconfdir=$out/etc"
24 "--localstatedir=$out/var"
25 # The configure script checks for the sqlite3 command, but never uses it.
26 # Provide an arbitrary executable file for cross scenarios.
27 "ac_cv_path_SQLITE3=/"
28 ];
29
30 buildInputs = [
31 botan2
32 sqlite
33 ];
34
35 strictDeps = true;
36
37 postInstall = "rm -rf $out/var";
38
39 meta = with lib; {
40 homepage = "https://www.opendnssec.org/softhsm";
41 description = "Cryptographic store accessible through a PKCS #11 interface";
42 longDescription = "
43 SoftHSM provides a software implementation of a generic
44 cryptographic device with a PKCS#11 interface, which is of
45 course especially useful in environments where a dedicated hardware
46 implementation of such a device - for instance a Hardware
47 Security Module (HSM) or smartcard - is not available.
48
49 SoftHSM follows the OASIS PKCS#11 standard, meaning it should be
50 able to work with many cryptographic products. SoftHSM is a
51 programme of The Commons Conservancy.
52 ";
53 license = licenses.bsd2;
54 maintainers = [ maintainers.leenaars ];
55 platforms = platforms.unix;
56 };
57}