certificate-transparency: init at 2015-11-27

libevhtp: 1.2.10 -> 1.2.11

Package for certificate-transparency

This adds openssl support to libevent.  Libevent can be compiled without
openssl, in which case it just doesn't build the libevent_openssl
library.  However it seems simpler just to default to including openssl
support.

This bumps evhtp's version because 1.2.11 provides pkg-config
information which makes building certificate-transparency easier.

This has been tested with `doCheck = true;`.

Signed-off-by: Edward Tjörnhammar <ed@cflags.cc>

5 files changed, 77 insertions, 4 deletions

diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix
index 284a09bc9275..bddda9f3eadd 100644
--- a/pkgs/development/libraries/libevent/default.nix
+++ b/pkgs/development/libraries/libevent/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoreconfHook, python, findutils }:
+{ stdenv, fetchurl, autoreconfHook, openssl, python, findutils }:
 
 let version = "2.0.22"; in
 stdenv.mkDerivation {
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
   };
 
   nativeBuildInputs = [ autoreconfHook ];
-  buildInputs = [ python ] ++ stdenv.lib.optional stdenv.isCygwin findutils;
+  buildInputs = [ openssl python ] ++ stdenv.lib.optional stdenv.isCygwin findutils;
 
   patchPhase = ''
     patchShebangs event_rpcgen.py
diff --git a/pkgs/development/libraries/libevhtp/default.nix b/pkgs/development/libraries/libevhtp/default.nix
index f909d6d8ff2f..4765f0b7d9af 100644
--- a/pkgs/development/libraries/libevhtp/default.nix
+++ b/pkgs/development/libraries/libevhtp/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "libevhtp-${version}";
-  version = "1.2.10";
+  version = "1.2.11";
 
   src = fetchFromGitHub {
     owner = "ellzey";
     repo = "libevhtp";
     rev = version;
-    sha256 = "0z5cxa65zp89vkaj286gp6fpmc5fylr8bmd17g3j1rgc42nysm6a";
+    sha256 = "1rlxdp8w4alcy5ryr7pmw5wi6hv7d64885wwbk1zxhvi64s4x4rg";
   };
 
   buildInputs = [ cmake openssl libevent ];
diff --git a/pkgs/servers/certificate-transparency/default.nix b/pkgs/servers/certificate-transparency/default.nix
new file mode 100644
index 000000000000..ebfa7427fc00
--- /dev/null
+++ b/pkgs/servers/certificate-transparency/default.nix
@@ -0,0 +1,57 @@
+{ stdenv, pkgs, ...}:
+
+stdenv.mkDerivation rec {
+  name = "certificate-transparency-${version}";
+
+  version = "2015-11-27";
+  rev = "dc5a51e55af989ff5871a6647166d00d0de478ab";
+
+  meta = with stdenv.lib; {
+    homepage = https://www.certificate-transparency.org/;
+    description = "Auditing for TLS certificates.";
+    license = licenses.asl20;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ philandstuff ];
+  };
+
+  src = pkgs.fetchFromGitHub {
+    owner = "google";
+    repo  = "certificate-transparency";
+    rev   = rev;
+    sha256 = "14sgc2kcjjsnrykwcjin21h1f3v4kg83w6jqiq9qdm1ha165yhvx";
+  };
+
+  # need to disable regex support in evhtp or building will fail
+  libevhtp_without_regex = stdenv.lib.overrideDerivation pkgs.libevhtp
+    (oldAttrs: {
+      cmakeFlags="-DEVHTP_DISABLE_REGEX:STRING=ON -DCMAKE_C_FLAGS:STRING=-fPIC";
+    });
+
+  buildInputs = with pkgs; [
+    autoconf automake clang_34 pkgconfig
+    glog gmock google-gflags gperftools gtest json_c leveldb
+    libevent libevhtp_without_regex openssl protobuf sqlite
+  ];
+
+  patches = [
+    ./protobuf-include-from-env.patch
+  ];
+
+  doCheck = false;
+
+  preConfigure = ''
+    ./autogen.sh
+    configureFlagsArray=(
+      CC=clang
+      CXX=clang++
+      GMOCK_DIR=${pkgs.gmock}
+      GTEST_DIR=${pkgs.gtest}
+    )
+  '';
+
+  # the default Makefile constructs BUILD_VERSION from `git describe`
+  # which isn't available in the nix build environment
+  makeFlags = "BUILD_VERSION=${version}-${rev}";
+
+  protocFlags = "-I ${pkgs.protobuf}/include";
+}
diff --git a/pkgs/servers/certificate-transparency/protobuf-include-from-env.patch b/pkgs/servers/certificate-transparency/protobuf-include-from-env.patch
new file mode 100644
index 000000000000..a1f9a1849b63
--- /dev/null
+++ b/pkgs/servers/certificate-transparency/protobuf-include-from-env.patch
@@ -0,0 +1,14 @@
+Get protobuf include path from environment
+
+--- a/python/Makefile
++++ b/python/Makefile
+@@ -5,7 +5,7 @@ all: ct/proto/client_pb2.py ct/proto/ct_pb2.py ct/proto/tls_options_pb2.py \
+ 	ct/proto/test_message_pb2.py ct/proto/certificate_pb2.py
+ 
+ ct/proto/%_pb2.py: ct/proto/%.proto
+-	$(PROTOC) $^ -I/usr/include/ -I/usr/local/include -I$(INSTALL_DIR)/include -I. --python_out=.
++	$(PROTOC) $^ $(protocFlags) -I. --python_out=.
+ 
+ ct/proto/ct_pb2.py: ../proto/ct.proto
+ 	$(PROTOC) --python_out=ct/proto -I../proto ../proto/ct.proto
+
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f372eaad368e..8164085003b3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -760,6 +760,8 @@ let
 
   gcdemu = callPackage ../misc/emulators/cdemu/gui.nix { };
 
+  certificate-transparency = callPackage ../servers/certificate-transparency { };
+
   image-analyzer = callPackage ../misc/emulators/cdemu/analyzer.nix { };
 
   ccnet = callPackage ../tools/networking/ccnet { };