diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/networking/rosenpass/default.nix')
| -rw-r--r-- | nixpkgs/pkgs/tools/networking/rosenpass/default.nix | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/networking/rosenpass/default.nix b/nixpkgs/pkgs/tools/networking/rosenpass/default.nix new file mode 100644 index 000000000000..07669cfeb01e --- /dev/null +++ b/nixpkgs/pkgs/tools/networking/rosenpass/default.nix @@ -0,0 +1,85 @@ +{ lib +, targetPlatform +, fetchFromGitHub +, rustPlatform +, cmake +, makeWrapper +, pkg-config +, removeReferencesTo +, coreutils +, findutils +, gawk +, wireguard-tools +, bash +, libsodium +}: + +let + rpBinPath = lib.makeBinPath [ + coreutils + findutils + gawk + wireguard-tools + ]; +in +rustPlatform.buildRustPackage rec { + pname = "rosenpass"; + version = "0.2.0"; + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-r7/3C5DzXP+9w4rp9XwbP+/NK1axIP6s3Iiio1xRMbk="; + }; + + cargoHash = "sha256-g2w3lZXQ3Kg3ydKdFs8P2lOPfIkfTbAF0MhxsJoX/E4="; + + nativeBuildInputs = [ + cmake # for oqs build in the oqs-sys crate + makeWrapper # for the rp shellscript + pkg-config # let libsodium-sys-stable find libsodium + removeReferencesTo + rustPlatform.bindgenHook # for C-bindings in the crypto libs + ]; + + buildInputs = [ + bash # for patchShebangs to find it + libsodium + ]; + + # otherwise pkg-config tries to link non-existent dynamic libs during the build of liboqs + PKG_CONFIG_ALL_STATIC = true; + + # liboqs requires quite a lot of stack memory, thus we adjust the default stack size picked for + # new threads (which is used by `cargo test`) to be _big enough_ + RUST_MIN_STACK = 8 * 1024 * 1024; # 8 MiB + + # nix defaults to building for aarch64 _without_ the armv8-a + # crypto extensions, but liboqs depends on these + preBuild = lib.optionalString targetPlatform.isAarch + ''NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -march=armv8-a+crypto"''; + + preInstall = '' + install -D rp $out/bin/rp + wrapProgram $out/bin/rp --prefix PATH : "${ rpBinPath }" + for file in doc/*.1 + do + install -D $file $out/share/man/man1/''${file##*/} + done + ''; + + # nix propagates the *.dev outputs of buildInputs for static builds, but that is non-sense for an + # executables only package + postFixup = '' + find -type f -exec remove-references-to -t ${bash.dev} \ + -t ${libsodium.dev} {} \; + ''; + + meta = with lib; { + description = "Build post-quantum-secure VPNs with WireGuard!"; + homepage = "https://rosenpass.eu/"; + license = with licenses; [ mit /* or */ asl20 ]; + maintainers = with maintainers; [ wucke13 ]; + platforms = platforms.all; + }; +} |