From 352749e577161a3b512f80edae981e24bbbab55f Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Sat, 25 Jul 2020 10:43:31 +0200
Subject: [PATCH] ostree: enable ed25519 support

This was omitted in the latest update.

Only adds ~400 KB.

It required adding openssl to tests so I tacked on some cleanups.
In particular, the GI_TYPELIB_PATH was already being set in the wrapper
so we can remove it from the module (not sure why Gtk was even there).

Also switched away from using pkgconfig and docbook_xsl aliases
and reordered the expression a bit.
---
 nixos/tests/installed-tests/ostree.nix      | 11 --------
 pkgs/tools/misc/ostree/default.nix          | 21 +++++++++------
 pkgs/tools/misc/ostree/fix-test-paths.patch | 29 +++++++++++++++++++++
 3 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/nixos/tests/installed-tests/ostree.nix b/nixos/tests/installed-tests/ostree.nix
index eef7cace54c..90e09ad4ddf 100644
--- a/nixos/tests/installed-tests/ostree.nix
+++ b/nixos/tests/installed-tests/ostree.nix
@@ -3,21 +3,10 @@
 makeInstalledTest {
   tested = pkgs.ostree;
 
-  # TODO: Wrap/patch the tests directly in the package
   testConfig = {
     environment.systemPackages = with pkgs; [
-      (python3.withPackages (p: with p; [ pyyaml ]))
       gnupg
       ostree
     ];
-
-    # for GJS tests
-    environment.variables.GI_TYPELIB_PATH = lib.makeSearchPath "lib/girepository-1.0" (with pkgs; [
-      gtk3
-      pango.out
-      ostree
-      gdk-pixbuf
-      atk
-    ]);
   };
 }
diff --git a/pkgs/tools/misc/ostree/default.nix b/pkgs/tools/misc/ostree/default.nix
index e7dc48ecf74..568afb50403 100644
--- a/pkgs/tools/misc/ostree/default.nix
+++ b/pkgs/tools/misc/ostree/default.nix
@@ -2,7 +2,7 @@
 , fetchurl
 , fetchpatch
 , substituteAll
-, pkgconfig
+, pkg-config
 , gtk-doc
 , gobject-introspection
 , gjs
@@ -21,13 +21,15 @@
 , fuse
 , utillinuxMinimal
 , libselinux
+, libsodium
 , libarchive
 , libcap
 , bzip2
 , yacc
 , libxslt
-, docbook_xsl
+, docbook-xsl-nons
 , docbook_xml_dtd_42
+, openssl
 , python3
 }:
 
@@ -59,6 +61,7 @@ in stdenv.mkDerivation rec {
     (substituteAll {
       src = ./fix-test-paths.patch;
       python3 = testPython.interpreter;
+      openssl = "${openssl}/bin/openssl";
     })
   ];
 
@@ -66,14 +69,14 @@ in stdenv.mkDerivation rec {
     autoconf
     automake
     libtool
-    pkgconfig
+    pkg-config
     gtk-doc
     gobject-introspection
     which
     makeWrapper
     yacc
     libxslt
-    docbook_xsl
+    docbook-xsl-nons
     docbook_xml_dtd_42
   ];
 
@@ -85,6 +88,7 @@ in stdenv.mkDerivation rec {
     gpgme
     fuse
     libselinux
+    libsodium
     libcap
     libarchive
     bzip2
@@ -96,16 +100,13 @@ in stdenv.mkDerivation rec {
     gjs
   ];
 
-  preConfigure = ''
-    env NOCONFIGURE=1 ./autogen.sh
-  '';
-
   enableParallelBuilding = true;
 
   configureFlags = [
     "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
     "--with-systemdsystemgeneratordir=${placeholder "out"}/lib/systemd/system-generators"
     "--enable-installed-tests"
+    "--with-ed25519-libsodium"
   ];
 
   makeFlags = [
@@ -113,6 +114,10 @@ in stdenv.mkDerivation rec {
     "installed_test_metadir=${placeholder "installedTests"}/share/installed-tests/libostree"
   ];
 
+  preConfigure = ''
+    env NOCONFIGURE=1 ./autogen.sh
+  '';
+
   postFixup = let
     typelibPath = stdenv.lib.makeSearchPath "/lib/girepository-1.0" [
       (placeholder "out")
diff --git a/pkgs/tools/misc/ostree/fix-test-paths.patch b/pkgs/tools/misc/ostree/fix-test-paths.patch
index cf94b33f31c..3e5b7e06999 100644
--- a/pkgs/tools/misc/ostree/fix-test-paths.patch
+++ b/pkgs/tools/misc/ostree/fix-test-paths.patch
@@ -1,3 +1,32 @@
+diff --git a/tests/libtest.sh b/tests/libtest.sh
+index ca457fa2..c0a529ff 100755
+--- a/tests/libtest.sh
++++ b/tests/libtest.sh
+@@ -709,12 +709,12 @@ gen_ed25519_keys ()
+ {
+   # Generate private key in PEM format
+   pemfile="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.pem)"
+-  openssl genpkey -algorithm ed25519 -outform PEM -out "${pemfile}"
++  @openssl@ genpkey -algorithm ed25519 -outform PEM -out "${pemfile}"
+ 
+   # Based on: http://openssl.6102.n7.nabble.com/ed25519-key-generation-td73907.html
+   # Extract the private and public parts from generated key.
+-  ED25519PUBLIC="$(openssl pkey -outform DER -pubout -in ${pemfile} | tail -c 32 | base64)"
+-  ED25519SEED="$(openssl pkey -outform DER -in ${pemfile} | tail -c 32 | base64)"
++  ED25519PUBLIC="$(@openssl@ pkey -outform DER -pubout -in ${pemfile} | tail -c 32 | base64)"
++  ED25519SEED="$(@openssl@ pkey -outform DER -in ${pemfile} | tail -c 32 | base64)"
+   # Secret key is concantination of SEED and PUBLIC
+   ED25519SECRET="$(echo ${ED25519SEED}${ED25519PUBLIC} | base64 -d | base64 -w 0)"
+ 
+@@ -725,7 +725,7 @@ gen_ed25519_keys ()
+ 
+ gen_ed25519_random_public()
+ {
+-  openssl genpkey -algorithm ED25519 | openssl pkey -outform DER | tail -c 32 | base64
++  @openssl@ genpkey -algorithm ED25519 | @openssl@ pkey -outform DER | tail -c 32 | base64
+ }
+ 
+ is_bare_user_only_repo () {
 diff --git a/tests/test-basic-user-only.sh b/tests/test-basic-user-only.sh
 index f65094fd..105be893 100755
 --- a/tests/test-basic-user-only.sh