nixpkgs/pkgs/development/libraries/p11-kit/default.nix
rnhmjoj cf3013b4c0
p11-kit: add Fedora/RHEL trust store path
Fedora and RHEL use a different location for the trust store, compared
to other distros. Without this, validation of the CA root certificates
fails in all nss applications.
2021-11-18 22:38:21 +01:00

68 lines
1.9 KiB
Nix

{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, which
, gettext, libffi, libiconv, libtasn1
}:
stdenv.mkDerivation rec {
pname = "p11-kit";
version = "0.24.0";
src = fetchFromGitHub {
owner = "p11-glue";
repo = pname;
rev = version;
sha256 = "sha256-jvUzOhMvbq05SxQ+kjKQHDDMzNwo4U6nFHu3JjygJHw=";
};
outputs = [ "out" "dev"];
outputBin = "dev";
# for cross platform builds of p11-kit, libtasn1 in nativeBuildInputs
# provides the asn1Parser binary on the hostPlatform needed for building.
# at the same time, libtasn1 in buildInputs provides the libasn1 library
# to link against for the target platform.
# hence, libtasn1 is required in both native and build inputs.
nativeBuildInputs = [ autoreconfHook pkg-config which libtasn1 ];
buildInputs = [ gettext libffi libiconv libtasn1 ];
autoreconfPhase = ''
NOCONFIGURE=1 ./autogen.sh
'';
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
"--with-trust-paths=${lib.concatStringsSep ":" [
"/etc/ssl/trust-source" # p11-kit trust source
"/etc/ssl/certs/ca-certificates.crt" # NixOS + Debian/Ubuntu/Arch/Gentoo...
"/etc/pki/tls/certs/ca-bundle.crt" # Fedora/CentOS
]}"
];
enableParallelBuilding = true;
# Tests run in fakeroot for non-root users
preCheck = ''
if [ "$(id -u)" != "0" ]; then
export FAKED_MODE=1
fi
'';
doCheck = !stdenv.isDarwin;
installFlags = [
"exampledir=${placeholder "out"}/etc/pkcs11"
];
meta = with lib; {
description = "Library for loading and sharing PKCS#11 modules";
longDescription = ''
Provides a way to load and enumerate PKCS#11 modules.
Provides a standard configuration setup for installing
PKCS#11 modules in such a way that they're discoverable.
'';
homepage = "https://p11-glue.github.io/p11-glue/p11-kit.html";
platforms = platforms.all;
license = licenses.bsd3;
};
}