summary refs log tree commit diff
diff options
context:
space:
mode:
authorAnton Latukha <anton.latukha@gmail.com>2018-06-28 23:25:19 +0300
committerJörg Thalheim <Mic92@users.noreply.github.com>2018-06-28 21:25:19 +0100
commitc876db629d2c05acb8adcf80feabc6d8758842f5 (patch)
tree490d657441a666741a91f7907d966f84a5872d55
parent9fcc63abb566e8d7c0e86c427a740553d329f00f (diff)
downloadnixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.tar
nixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.tar.gz
nixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.tar.bz2
nixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.tar.lz
nixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.tar.xz
nixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.tar.zst
nixlib-c876db629d2c05acb8adcf80feabc6d8758842f5.zip
mbedtls: cmake&ninja, threading, clean-up; hiawatha: options, Nix mbedtls (#41722)
* mbedtls: build with cmake&ninja, clean-up

* mbedtls: cmake ninja Darwin build clean-up

* hiawatha: add build options, use system mbedTLS, platforms -> unix
Diffstat
-rw-r--r--pkgs/development/libraries/mbedtls/default.nix55
-rw-r--r--pkgs/servers/http/hiawatha/default.nix43
2 files changed, 40 insertions, 58 deletions
diff --git a/pkgs/development/libraries/mbedtls/default.nix b/pkgs/development/libraries/mbedtls/default.nix
index 152d7bdc37b3..a1a096b096d7 100644
--- a/pkgs/development/libraries/mbedtls/default.nix
+++ b/pkgs/development/libraries/mbedtls/default.nix
@@ -1,7 +1,16 @@
-{ stdenv, fetchFromGitHub, perl }:
+{ stdenv
+, fetchFromGitHub
+
+, cmake
+, ninja
+, perl # Project uses Perl for scripting and testing
+
+, enableThreading ? true # Threading can be disabled to increase security https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+}:
 
 stdenv.mkDerivation rec {
-  name = "mbedtls-2.11.0";
+  name = "mbedtls-${version}";
+  version = "2.11.0";
 
   src = fetchFromGitHub {
     owner = "ARMmbed";
@@ -10,47 +19,19 @@ stdenv.mkDerivation rec {
     sha256 = "1d4a0jc08q3h051amv8hhh3hmqp4f1rk5z7ffyfs2g8dassm78ir";
   };
 
-  nativeBuildInputs = [ perl ];
-
-  postPatch = ''
-    patchShebangs .
-  '' + stdenv.lib.optionalString stdenv.isDarwin ''
-    substituteInPlace library/Makefile --replace "-soname" "-install_name"
-    substituteInPlace tests/scripts/run-test-suites.pl --replace "LD_LIBRARY_PATH" "DYLD_LIBRARY_PATH"
-    # Necessary for install_name_tool below
-    echo "LOCAL_LDFLAGS += -headerpad_max_install_names" >> programs/Makefile
-  '';
+  nativeBuildInputs = [ cmake ninja perl ];
 
-  makeFlags = [
-    "SHARED=1"
-  ] ++ stdenv.lib.optionals stdenv.isDarwin [
-    "DLEXT=dylib"
-  ];
-
-  installFlags = [
-    "DESTDIR=\${out}"
-  ];
-
-  postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
-    install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $out/lib/libmbedtls.dylib
-    install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $out/lib/libmbedx509.dylib
-    install_name_tool -change libmbedx509.dylib $out/lib/libmbedx509.dylib $out/lib/libmbedtls.dylib
-
-    for exe in $out/bin/*; do
-      if [[ $exe != *.sh ]]; then
-        install_name_tool -change libmbedtls.dylib $out/lib/libmbedtls.dylib $exe
-        install_name_tool -change libmbedx509.dylib $out/lib/libmbedx509.dylib $exe
-        install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $exe
-      fi
-    done
+  postConfigure = stdenv.lib.optionals enableThreading ''
+    perl scripts/config.pl set MBEDTLS_THREADING_C    # Threading abstraction layer
+    perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD    # POSIX thread wrapper layer for the threading layer.
   '';
 
-  doCheck = true;
+  cmakeFlags = [ "-DUSE_SHARED_MBEDTLS_LIBRARY=on" ];
 
   meta = with stdenv.lib; {
     homepage = https://tls.mbed.org/;
-    description = "Portable cryptographic and SSL/TLS library, aka polarssl";
-    license = licenses.gpl3;
+    description = "Portable cryptographic and TLS library, formerly known as PolarSSL";
+    license = licenses.asl20;
     platforms = platforms.all;
     maintainers = with maintainers; [ wkennington fpletz ];
   };
diff --git a/pkgs/servers/http/hiawatha/default.nix b/pkgs/servers/http/hiawatha/default.nix
index 39722c6d831f..e10799e27f8a 100644
--- a/pkgs/servers/http/hiawatha/default.nix
+++ b/pkgs/servers/http/hiawatha/default.nix
@@ -3,16 +3,16 @@
 
 , cmake
 , ninja
-
-, libxslt
-, libxml2
-
-, enableSSL ? true
-, enableMonitor ? false
-, enableRproxy ? true
-, enableTomahawk ? false
-, enableXSLT ? true
-, enableToolkit ? true
+, mbedtls
+
+, enableCache     ? true     # Internal cache support.
+, enableIpV6      ? true
+, enableTls       ? true
+, enableMonitor   ? false    # Support for the Hiawatha Monitor.
+, enableRproxy    ? true     # Reverse proxy support.
+, enableTomahawk  ? false    # Tomahawk, the Hiawatha command shell.
+, enableXslt      ? true, libxml2 ? null, libxslt ? null
+, enableToolkit   ? true     # The URL Toolkit.
 }:
 
 stdenv.mkDerivation rec {
@@ -27,28 +27,29 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ cmake ninja ];
-  buildInputs = [ libxslt libxml2 ];
+  buildInputs = [ mbedtls ] ++ stdenv.lib.optionals enableXslt [ libxslt libxml2 ];
 
   prePatch = ''
     substituteInPlace CMakeLists.txt --replace SETUID ""
   '';
 
   cmakeFlags = [
-    (
-      # FIXME: 2018-06-08: Uses bundled library, with external ("-DUSE_SYSTEM_MBEDTLS=on") asks:
-      # ../src/tls.c:46:2: error: #error "The mbed TLS library must be compiled with MBEDTLS_THREADING_PTHREAD and MBEDTLS_THREADING_C enabled."
-      if enableSSL then "-DENABLE_TLS=on" else "-DENABLE_TLS=off" )
-    ( if enableMonitor then "-DENABLE_MONITOR=on" else "-DENABLE_MONITOR=off" )
-    ( if enableRproxy then "-DENABLE_RPROXY=on" else "-DENABLE_RPROXY=off" )
-    ( if enableTomahawk then "-DENABLE_TOMAHAWK=on" else "-DENABLE_TOMAHAWK=off" )
-    ( if enableXSLT then "-DENABLE_XSLT=on" else "-DENABLE_XSLT=off" )
-    ( if enableToolkit then "-DENABLE_TOOLKIT=on" else "-DENABLE_TOOLKIT=off" )
+    "-DUSE_SYSTEM_MBEDTLS=on" # Policy to use Nix deps, and Nix uses up to date deps
+    ( if enableCache     then "-DENABLE_CACHE=on"       else "-DENABLE_CACHE=off"       )
+    ( if enableIpV6      then "-DENABLE_IPV6=on"        else "-DENABLE_IPV6=off"        )
+    ( if enableTls       then "-DENABLE_TLS=on"         else "-DENABLE_TLS=off"         )
+    ( if enableMonitor   then "-DENABLE_MONITOR=on"     else "-DENABLE_MONITOR=off"     )
+    ( if enableRproxy    then "-DENABLE_RPROXY=on"      else "-DENABLE_RPROXY=off"      )
+    ( if enableTomahawk  then "-DENABLE_TOMAHAWK=on"    else "-DENABLE_TOMAHAWK=off"    )
+    ( if enableXslt      then "-DENABLE_XSLT=on"        else "-DENABLE_XSLT=off"        )
+    ( if enableToolkit   then "-DENABLE_TOOLKIT=on"     else "-DENABLE_TOOLKIT=off"     )
   ];
 
   meta = with stdenv.lib; {
+    homepage = https://www.hiawatha-webserver.org;
     description = "An advanced and secure webserver";
     license = licenses.gpl2;
-    homepage = https://www.hiawatha-webserver.org;
+    platforms = platforms.unix;    # "Hiawatha runs perfectly on Linux, BSD and MacOS X"
     maintainers = [ maintainers.ndowens ];
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-18 22:59:32 +0000