{ lib, fetchFromGitHub, nixosTests, rustPlatform, stdenv, installShellFiles, cmake, libsodium, pkg-config, }: rustPlatform.buildRustPackage rec { pname = "rosenpass"; version = "0.2.2"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; hash = "sha256-fQIeKGyTkFWUV9M1o256G4U1Os5OlVsRZu+5olEkbD4="; }; cargoHash = "sha256-GyeJCIE60JuZa/NuixDc3gTj9WAOpSReIyVxQqM4tDQ="; nativeBuildInputs = [ cmake # for oqs build in the oqs-sys crate pkg-config rustPlatform.bindgenHook # for C-bindings in the crypto libs installShellFiles ]; buildInputs = [ libsodium ]; # nix defaults to building for aarch64 _without_ the armv8-a # crypto extensions, but liboqs depends on these preBuild = lib.optionalString stdenv.hostPlatform.isAarch64 '' NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -march=armv8-a+crypto" ''; postInstall = '' installManPage doc/rosenpass.1 ''; passthru.tests.rosenpass = nixosTests.rosenpass; meta = with lib; { description = "Build post-quantum-secure VPNs with WireGuard"; homepage = "https://rosenpass.eu/"; license = with licenses; [ mit # or asl20 ]; maintainers = with maintainers; [ wucke13 ]; platforms = [ "aarch64-darwin" "aarch64-linux" "x86_64-darwin" "x86_64-linux" ]; mainProgram = "rosenpass"; }; }