2023-04-29 16:46:19 +00:00
{ lib
, stdenv
, fetchurl
, libgpg-error
, enableCapabilities ? false , libcap
, buildPackages
# for passthru.tests
, gnupg
, libotr
, rsyslog
} :
assert enableCapabilities -> stdenv . isLinux ;
stdenv . mkDerivation rec {
pname = " l i b g c r y p t " ;
version = " 1 . 8 . 1 0 " ;
src = fetchurl {
url = " m i r r o r : / / g n u p g / l i b g c r y p t / l i b g c r y p t - ${ version } . t a r . b z 2 " ;
sha256 = " s h a 2 5 6 - a J a R V Q H 5 U e I 9 A t y w R T R p w s w i q k 1 3 o A H / c 6 J k f C 0 p 5 9 0 = " ;
} ;
outputs = [ " o u t " " d e v " " i n f o " ] ;
outputBin = " d e v " ;
# The CPU Jitter random number generator must not be compiled with
# optimizations and the optimize -O0 pragma only works for gcc.
# The build enables -O2 by default for everything else.
hardeningDisable = lib . optional stdenv . cc . isClang " f o r t i f y " ;
depsBuildBuild = [ buildPackages . stdenv . cc ] ;
buildInputs = [ libgpg-error ]
++ lib . optional enableCapabilities libcap ;
strictDeps = true ;
configureFlags = [ " - - w i t h - l i b g p g - e r r o r - p r e f i x = ${ libgpg-error . dev } " ]
++ lib . optional ( stdenv . hostPlatform . isMusl || ( stdenv . hostPlatform . isDarwin && stdenv . hostPlatform . isAarch64 ) ) " - - d i s a b l e - a s m " ; # for darwin see https://dev.gnupg.org/T5157
# Necessary to generate correct assembly when compiling for aarch32 on
# aarch64
configurePlatforms = [ " h o s t " " b u i l d " ] ;
postConfigure = ''
sed - i configure \
- e ' s/NOEXECSTACK_FLAGS = $ /NOEXECSTACK_FLAGS = " - W a , - - n o e x e c s t a c k " / '
'' ;
# Make sure libraries are correct for .pc and .la files
# Also make sure includes are fixed for callers who don't use libgpgcrypt-config
postFixup = ''
sed - i ' s , #include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' "$dev/include/gcrypt.h"
'' + l i b . o p t i o n a l S t r i n g e n a b l e C a p a b i l i t i e s ''
sed - i ' s , \ ( - lcap \ ) , - L $ { libcap . lib } /lib \ 1 , ' $ out/lib/libgcrypt.la
'' ;
doCheck = true ;
passthru . tests = {
inherit gnupg libotr rsyslog ;
} ;
meta = with lib ; {
homepage = " h t t p s : / / w w w . g n u . o r g / s o f t w a r e / l i b g c r y p t / " ;
2023-05-24 13:37:59 +00:00
changelog = " h t t p s : / / g i t . g n u p g . o r g / c g i - b i n / g i t w e b . c g i ? p = ${ pname } . g i t ; a = b l o b ; f = N E W S ; h b = r e f s / t a g s / ${ pname } - ${ version } " ;
2023-04-29 16:46:19 +00:00
description = " G e n e r a l - p u r p o s e c r y p t o g r a p h i c l i b r a r y " ;
license = licenses . lgpl2Plus ;
platforms = platforms . all ;
knownVulnerabilities = [
" C V E - 2 0 1 8 - 1 2 4 3 7 " # CVE is about LibTomCrypt
] ;
} ;
}
