33afbf39f6
checkInputs used to be added to nativeBuildInputs. Now we have nativeCheckInputs to do that instead. Doing this treewide change allows to keep hashes identical to before the introduction of nativeCheckInputs.
105 lines
2.5 KiB
Nix
105 lines
2.5 KiB
Nix
{ lib
|
|
, stdenv
|
|
, fetchFromGitHub
|
|
, autoreconfHook
|
|
, pkg-config
|
|
, libtasn1, openssl, fuse, glib, libseccomp, json-glib
|
|
, libtpms
|
|
, unixtools, expect, socat
|
|
, gnutls
|
|
, perl
|
|
|
|
# Tests
|
|
, python3, which
|
|
, nixosTests
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "swtpm";
|
|
version = "0.8.0";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "stefanberger";
|
|
repo = "swtpm";
|
|
rev = "v${version}";
|
|
sha256 = "sha256-O+sHkmQ47FbqsgWpaqAc/j2AJ5xzsvpBj/p0Zea1nSI=";
|
|
};
|
|
|
|
nativeBuildInputs = [
|
|
pkg-config unixtools.netstat expect socat
|
|
perl # for pod2man
|
|
python3
|
|
autoreconfHook
|
|
];
|
|
|
|
nativeCheckInputs = [
|
|
which
|
|
];
|
|
|
|
buildInputs = [
|
|
libtpms
|
|
openssl libtasn1
|
|
glib json-glib
|
|
gnutls
|
|
] ++ lib.optionals stdenv.isLinux [
|
|
fuse
|
|
libseccomp
|
|
];
|
|
|
|
configureFlags = [
|
|
"--localstatedir=/var"
|
|
] ++ lib.optionals stdenv.isLinux [
|
|
"--with-cuse"
|
|
];
|
|
|
|
postPatch = ''
|
|
patchShebangs tests/*
|
|
|
|
# Makefile tries to create the directory /var/lib/swtpm-localca, which fails
|
|
substituteInPlace samples/Makefile.am \
|
|
--replace 'install-data-local:' 'do-not-execute:'
|
|
|
|
# Use the correct path to the certtool binary
|
|
# instead of relying on it being in the environment
|
|
substituteInPlace src/swtpm_localca/swtpm_localca.c \
|
|
--replace \
|
|
'# define CERTTOOL_NAME "gnutls-certtool"' \
|
|
'# define CERTTOOL_NAME "${gnutls}/bin/certtool"' \
|
|
--replace \
|
|
'# define CERTTOOL_NAME "certtool"' \
|
|
'# define CERTTOOL_NAME "${gnutls}/bin/certtool"'
|
|
|
|
substituteInPlace tests/common --replace \
|
|
'CERTTOOL=gnutls-certtool;;' \
|
|
'CERTTOOL=certtool;;'
|
|
|
|
# Fix error on macOS:
|
|
# stat: invalid option -- '%'
|
|
# This is caused by the stat program not being the BSD version,
|
|
# as is expected by the test
|
|
substituteInPlace tests/common --replace \
|
|
'if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then' \
|
|
'if [[ "$(uname -s)" =~ (Linux|Darwin|CYGWIN_NT-) ]]; then'
|
|
|
|
# Otherwise certtool seems to pick up the system language on macOS,
|
|
# which might cause a test to fail
|
|
substituteInPlace tests/test_swtpm_setup_create_cert --replace \
|
|
'$CERTTOOL' \
|
|
'LC_ALL=C.UTF-8 $CERTTOOL'
|
|
'';
|
|
|
|
doCheck = true;
|
|
enableParallelBuilding = true;
|
|
|
|
outputs = [ "out" "man" ];
|
|
|
|
passthru.tests = { inherit (nixosTests) systemd-cryptenroll; };
|
|
|
|
meta = with lib; {
|
|
description = "Libtpms-based TPM emulator";
|
|
homepage = "https://github.com/stefanberger/swtpm";
|
|
license = licenses.bsd3;
|
|
maintainers = [ maintainers.baloo ];
|
|
};
|
|
}
|