tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / libraries / tpm2-tss / default.nix
at python-updates 184 lines 5.4 kB view raw
1{ 2 stdenv, 3 lib, 4 fetchFromGitHub, 5 autoreconfHook, 6 autoconf-archive, 7 pkg-config, 8 doxygen, 9 perl, 10 openssl, 11 json_c, 12 curl, 13 libgcrypt, 14 cmocka, 15 uthash, 16 swtpm, 17 iproute2, 18 procps, 19 which, 20 libuuid, 21 libtpms, 22}: 23let 24 # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss, 25 # tpm2-tss tests depend on procps, procps depends on systemd by default). This 26 # needs to be conditional based on isLinux because procps for other systems 27 # might not support the withSystemd option. 28 procpsWithoutSystemd = procps.override { withSystemd = false; }; 29 procps_pkg = if stdenv.hostPlatform.isLinux then procpsWithoutSystemd else procps; 30in 31 32stdenv.mkDerivation (finalAttrs: { 33 pname = "tpm2-tss"; 34 version = "4.1.3"; 35 36 src = fetchFromGitHub { 37 owner = "tpm2-software"; 38 repo = finalAttrs.pname; 39 rev = finalAttrs.version; 40 hash = "sha256-BP28utEUI9g1VNv3lCXuiKrDtEImFQxxZfIjLiE3Wr8="; 41 }; 42 43 outputs = [ 44 "out" 45 "man" 46 "dev" 47 ]; 48 49 nativeBuildInputs = [ 50 autoreconfHook 51 autoconf-archive 52 pkg-config 53 doxygen 54 perl 55 ]; 56 57 buildInputs = [ 58 openssl 59 json_c 60 curl 61 libgcrypt 62 uthash 63 libuuid 64 libtpms 65 ] 66 # cmocka is checked in the configure script 67 # when unit and/or integration testing is enabled 68 # cmocka doesn't build with pkgsStatic, and we don't need it anyway 69 # when tests are not run 70 ++ lib.optional finalAttrs.doInstallCheck cmocka; 71 72 nativeInstallCheckInputs = lib.optionals finalAttrs.doInstallCheck [ 73 cmocka 74 which 75 openssl 76 procps_pkg 77 iproute2 78 swtpm 79 ]; 80 81 strictDeps = true; 82 preAutoreconf = "./bootstrap"; 83 84 enableParallelBuilding = true; 85 86 patches = [ 87 # Do not rely on dynamic loader path 88 # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory 89 ./no-dynamic-loader-path.patch 90 91 # Configure script expects tools from shadow (e.g. useradd) but they are 92 # actually optional (and we can’t use them in Nix sandbox anyway). Make the 93 # check in configure.ac a warning instead of an error so that we can run 94 # configure phase on platforms that don’t have shadow package (e.g. macOS). 95 # Note that *on platforms* does not mean *for platform* i.e. this is for 96 # cross-compilation, tpm2-tss does not support macOS, see upstream issue: 97 # https://github.com/tpm2-software/tpm2-tss/issues/2629 98 # See also 99 # https://github.com/tpm2-software/tpm2-tss/blob/6c46325b466f35d40c2ed1043bfdfcfb8a367a34/Makefile.am#L880-L898 100 ./no-shadow.patch 101 ]; 102 103 postPatch = '' 104 patchShebangs script 105 substituteInPlace src/tss2-tcti/tctildr-dl.c \ 106 --replace-fail '@PREFIX@' $out/lib/ 107 substituteInPlace ./test/unit/tctildr-dl.c \ 108 --replace-fail '@PREFIX@' $out/lib/ 109 substituteInPlace ./bootstrap \ 110 --replace-fail 'git describe --tags --always --dirty' 'echo "${finalAttrs.version}"' 111 for src in src/tss2-tcti/tcti-libtpms.c test/unit/tcti-libtpms.c; do 112 substituteInPlace "$src" \ 113 --replace-fail '"libtpms.so"' '"${libtpms.out}/lib/libtpms.so"' \ 114 --replace-fail '"libtpms.so.0"' '"${libtpms.out}/lib/libtpms.so.0"' 115 done 116 substituteInPlace src/tss2-fapi/ifapi_config.c \ 117 --replace-fail 'SYSCONFDIR' '"/etc"' 118 119 # https://github.com/tpm2-software/tpm2-tss/pull/3041 120 substituteInPlace test/unit/tcti-libtpms.c \ 121 --replace-fail 'check_expected_ptr(st);' 'check_expected(st);' \ 122 --replace-fail 'check_expected_ptr(buf_len);' 'check_expected(buf_len);' 123 '' 124 # tcti tests rely on mocking function calls, which appears not to be supported 125 # on clang 126 + lib.optionalString stdenv.cc.isClang '' 127 sed -i '/TESTS_UNIT / { 128 /test\/unit\/tcti-swtpm/d; 129 /test\/unit\/tcti-mssim/d; 130 /test\/unit\/tcti-device/d 131 }' Makefile-test.am 132 ''; 133 134 configureFlags = 135 lib.optionals finalAttrs.doInstallCheck [ 136 "--enable-unit" 137 "--enable-integration" 138 ] 139 ++ lib.optionals stdenv.hostPlatform.isDarwin [ 140 # sys/prctl.h required 141 "--disable-tcti-cmd" 142 # uchar.h required 143 "--disable-fapi" 144 "--disable-policy" 145 # uses fallocate 146 "--disable-tcti-libtpms" 147 ]; 148 149 postInstall = '' 150 # Do not install the upstream udev rules, they rely on specific 151 # users/groups which aren't guaranteed to exist on the system. 152 rm -R $out/lib/udev 153 154 # write fapi-config suitable for testing 155 cat > $out/etc/tpm2-tss/fapi-config-test.json <<EOF 156 { 157 "profile_dir": "${placeholder "out"}/etc/tpm2-tss/fapi-profiles/", 158 "system_pcrs" : [] 159 } 160 EOF 161 ''; 162 163 doCheck = false; 164 doInstallCheck = 165 stdenv.buildPlatform.canExecute stdenv.hostPlatform 166 && !stdenv.hostPlatform.isDarwin 167 # Tests rely on mocking, which can't work with static libs. 168 && !stdenv.hostPlatform.isStatic; 169 # Since we rewrote the load path in the dynamic loader for the TCTI 170 # The various tcti implementation should be placed in their target directory 171 # before we could run tests, so we make turn checkPhase into installCheckPhase 172 installCheckTarget = "check"; 173 174 meta = { 175 description = "OSS implementation of the TCG TPM2 Software Stack (TSS2)"; 176 homepage = "https://github.com/tpm2-software/tpm2-tss"; 177 license = lib.licenses.bsd2; 178 platforms = lib.platforms.unix; 179 maintainers = with lib.maintainers; [ 180 baloo 181 scottstephens 182 ]; 183 }; 184})