nixpkgs/pkgs/os-specific/linux/fsverity-utils/default.nix
Alyssa Ross fb4a93a913 treewide: fetchgit -> fetchzip (git.kernel.org)
fetchzip is more efficient, because it doesn't do a full git clone, so
it should be preferred where possible.

Where hashes have not been changed, I have verified that they don't
need to be.  Where hashes have changed, in all cases this is because
of .gitattributes files that exclude certain files from the tarball,
and in these cases I have verified that the packages still build.

sbsigntool still uses fetchgit because it has a submodule, and ell and
iwd still use fetchgit because git.kernel.org does not provide
snapshot links for them.  Apparently this is intentional.
2023-12-05 21:19:01 +01:00

51 lines
1.3 KiB
Nix

{ stdenv
, lib
, fetchzip
, openssl
, enableShared ? !stdenv.hostPlatform.isStatic
, enableManpages ? false
, pandoc
}:
stdenv.mkDerivation rec {
pname = "fsverity-utils";
version = "1.5";
outputs = [ "out" "lib" "dev" ] ++ lib.optional enableManpages "man";
src = fetchzip {
url = "https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git/snapshot/fsverity-utils-v${version}.tar.gz";
sha256 = "sha256-ygBOkp2PBe8Z2ak6SXEJ6HHuT4NRKmIsbJDHcY+h8PQ=";
};
patches = lib.optionals (!enableShared) [
./remove-dynamic-libs.patch
];
enableParallelBuilding = true;
strictDeps = true;
nativeBuildInputs = lib.optional enableManpages pandoc;
buildInputs = [ openssl ];
makeFlags = [ "DESTDIR=$(out)" "PREFIX=" ] ++ lib.optional enableShared "USE_SHARED_LIB=1";
doCheck = true;
installTargets = [ "install" ] ++ lib.optional enableManpages "install-man";
postInstall = ''
mkdir -p $lib
mv $out/lib $lib/lib
'';
meta = with lib; {
homepage = "https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#userspace-utility";
changelog = "https://git.kernel.org/pub/scm/fs/fsverity/fsverity-utils.git/tree/NEWS.md";
description = "A set of userspace utilities for fs-verity";
license = licenses.mit;
maintainers = with maintainers; [ jk ];
platforms = platforms.linux;
};
}