nixpkgs/pkgs/tools/security/softhsm/default.nix

{ lib, stdenv, fetchurl, botan2, sqlite, libobjc, Security }:

stdenv.mkDerivation rec {

  pname = "softhsm";
  version = "2.6.1";

  src = fetchurl {
    url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz";
    hash = "sha256-YSSUcwVLzRgRUZ75qYmogKe9zDbTF8nCVFf8YU30dfI=";
  };

  configureFlags = [
    "--with-crypto-backend=botan"
    "--with-botan=${lib.getDev botan2}"
    "--with-objectstore-backend-db"
    "--sysconfdir=$out/etc"
    "--localstatedir=$out/var"
  ];

  propagatedBuildInputs =
    lib.optionals stdenv.hostPlatform.isDarwin [ libobjc Security ];

  buildInputs = [ botan2 sqlite ];

  postInstall = "rm -rf $out/var";

  meta = with lib; {
    homepage = "https://www.opendnssec.org/softhsm";
    description = "Cryptographic store accessible through a PKCS #11 interface";
    longDescription = "
      SoftHSM provides a software implementation of a generic
      cryptographic device with a PKCS#11 interface, which is of
      course especially useful in environments where a dedicated hardware
      implementation of such a device - for instance a Hardware
      Security Module (HSM) or smartcard - is not available.

      SoftHSM follows the OASIS PKCS#11 standard, meaning it should be
      able to work with many cryptographic products. SoftHSM is a
      programme of The Commons Conservancy.
    ";
    license = licenses.bsd2;
    maintainers = [ maintainers.leenaars ];
    platforms = platforms.unix;
  };
}
softhsm: enable db backend This allows for using a sqlite database as softhsm's object store. 2024-01-31 17:51:38 +00:00			`{ lib, stdenv, fetchurl, botan2, sqlite, libobjc, Security }:`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00
			`stdenv.mkDerivation rec {`

treewide: name -> pname (easy cases) (#66585) treewide replacement of stdenv.mkDerivation rec { name = "-${version}"; version = ""; to pname 2019-08-15 12:41:18 +00:00			`pname = "softhsm";`
softhsm: 2.5.0 -> 2.6.1 (#95594) 2020-08-17 08:31:10 +00:00			`version = "2.6.1";`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00
			`src = fetchurl {`
treewide: name -> pname (easy cases) (#66585) treewide replacement of stdenv.mkDerivation rec { name = "-${version}"; version = ""; to pname 2019-08-15 12:41:18 +00:00			`url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz";`
softhsm: use new SRI hash format 2022-06-03 00:55:26 +00:00			`hash = "sha256-YSSUcwVLzRgRUZ75qYmogKe9zDbTF8nCVFf8YU30dfI=";`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00			`};`

			`configureFlags = [`
			`"--with-crypto-backend=botan"`
botan: split dev out size 28M -> 27M dev output 1.6M 2023-07-09 04:02:31 +00:00			`"--with-botan=${lib.getDev botan2}"`
softhsm: enable db backend This allows for using a sqlite database as softhsm's object store. 2024-01-31 17:51:38 +00:00			`"--with-objectstore-backend-db"`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00			`"--sysconfdir=$out/etc"`
			`"--localstatedir=$out/var"`
softhsm: enable db backend This allows for using a sqlite database as softhsm's object store. 2024-01-31 17:51:38 +00:00			`];`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00
softhsm: darwin support 2017-12-06 03:51:28 +00:00			`propagatedBuildInputs =`
pkgs/tools: stdenv.lib -> lib 2021-01-15 09:19:50 +00:00			`lib.optionals stdenv.hostPlatform.isDarwin [ libobjc Security ];`
softhsm: darwin support 2017-12-06 03:51:28 +00:00
softhsm: enable db backend This allows for using a sqlite database as softhsm's object store. 2024-01-31 17:51:38 +00:00			`buildInputs = [ botan2 sqlite ];`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00
			`postInstall = "rm -rf $out/var";`

treewide: with stdenv.lib; in meta -> with lib; Part of: https://github.com/NixOS/nixpkgs/issues/108938 meta = with stdenv.lib; is a widely used pattern. We want to slowly remove the `stdenv.lib` indirection and encourage people to use `lib` directly. Thus let’s start with the meta field. This used a rewriting script to mostly automatically replace all occurances of this pattern, and add the `lib` argument to the package header if it doesn’t exist yet. The script in its current form is available at https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix 2021-01-11 07:54:33 +00:00			`meta = with lib; {`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 01:11:51 +00:00			`homepage = "https://www.opendnssec.org/softhsm";`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00			`description = "Cryptographic store accessible through a PKCS #11 interface";`
softhsm: 2.5.0 -> 2.6.1 (#95594) 2020-08-17 08:31:10 +00:00			`longDescription = "`
			`SoftHSM provides a software implementation of a generic`
			`cryptographic device with a PKCS#11 interface, which is of`
			`course especially useful in environments where a dedicated hardware`
			`implementation of such a device - for instance a Hardware`
			`Security Module (HSM) or smartcard - is not available.`

			`SoftHSM follows the OASIS PKCS#11 standard, meaning it should be`
			`able to work with many cryptographic products. SoftHSM is a`
			`programme of The Commons Conservancy.`
			`";`
Make all meta.maintainers attributes lists 2016-11-20 17:05:18 +00:00			`license = licenses.bsd2;`
			`maintainers = [ maintainers.leenaars ];`
softhsm: darwin support 2017-12-06 03:51:28 +00:00			`platforms = platforms.unix;`
softhsm: init -> 2.1.0 2016-04-18 08:36:47 +00:00			`};`
			`}`