Merge branch 'master' into staging

* master: (80 commits)
  lkl: Supports aarch64
  wimlib: nitpicks
  gitAndTools.git-codeowners: 0.1.1 -> 0.1.2
  wimlib: init at 1.12.0
  kernel: improve modDirVersion error message
  releaseTools.sourceTarball: Clean up temporary files
  dotnetPackages.SmartIrc4net: rehash source
  migmix: make it a fixed-output derivation
  vm: Create /dev/full
  samba: 4.6.8 -> 4.6.11 to address CVEs CVE-2017-14746 & CVE-2017-15275
  microcodeIntel: 20170707 -> 20171117
  sshd: Remove ripemd160 MACs
  kernel config: Enable MEDIA_CONTROLLER
  linux: 4.4.99 -> 4.4.100
  linux: 4.9.63 -> 4.9.64
  nix-bash-completions: 0.4 -> 0.5
  linux: 4.14 -> 4.14.1
  linux: 4.13.14 -> 4.13.15
  nix-zsh-completions: 0.3.3 -> 0.3.5
  dns-root-data: use a stable URL that I maintain anyway
  ...

2 files changed, 37 insertions, 32 deletions

diff --git a/pkgs/tools/security/opencryptoki/default.nix b/pkgs/tools/security/opencryptoki/default.nix
index 9ea9c2f4892b..f2929f3e22b4 100644
--- a/pkgs/tools/security/opencryptoki/default.nix
+++ b/pkgs/tools/security/opencryptoki/default.nix
@@ -1,38 +1,41 @@
-{ stdenv, fetchurl, openssl, trousers, automake, autoconf, libtool, bison, flex }:
+{ stdenv, fetchFromGitHub, openssl, trousers, autoreconfHook, libtool, bison, flex }:
 
 stdenv.mkDerivation rec {
-  version = "3.2";
   name = "opencryptoki-${version}";
+  version = "3.8.1";
 
-  src = fetchurl {
-    url = "mirror://sourceforge/opencryptoki/opencryptoki/v${version}/opencryptoki-v${version}.tgz";
-    sha256 = "06r6zp299vxdspl6k65myzgjv0bihg7kc500v7s4jd3mcrkngd6h";
+  src = fetchFromGitHub {
+    owner = "opencryptoki";
+    repo = "opencryptoki";
+    rev = "v${version}";
+    sha256 = "1m618pjfzw18irmh6i4pfq1gvcxgyfh9ikjn33nrdj55v2l27g31";
   };
 
-  buildInputs = [ automake autoconf libtool openssl trousers bison flex ];
+  nativeBuildInputs = [ autoreconfHook libtool bison flex ];
+  buildInputs = [ openssl trousers ];
 
-  preConfigure = ''
-    substituteInPlace configure.in --replace "chown" "true"
-    substituteInPlace configure.in --replace "chgrp" "true"
-    sh bootstrap.sh --prefix=$out
+  postPatch = ''
+    substituteInPlace configure.ac \
+      --replace "usermod" "true" \
+      --replace "groupadd" "true" \
+      --replace "chmod" "true" \
+      --replace "chgrp" "true"
+    substituteInPlace usr/lib/Makefile.am --replace "DESTDIR" "out"
   '';
 
-  configureFlags = [ "--disable-ccatok" "--disable-icatok" ];
+  configureFlags = [
+    "--prefix=$(out)"
+    "--disable-ccatok"
+    "--disable-icatok"
+  ];
 
-  makeFlags = "DESTDIR=$(out)";
-
-  # work around the build script of opencryptoki
-  postInstall = ''
-    cp -r $out/$out/* $out
-    rm -r $out/nix
-    '';
+  enableParallelBuilding = true;
 
   meta = with stdenv.lib; {
     description = "PKCS#11 implementation for Linux";
-    homepage    = http://opencryptoki.sourceforge.net/;
+    homepage    = https://github.com/opencryptoki/opencryptoki;
     license     = licenses.cpl10;
     maintainers = [ maintainers.tstrobel ];
     platforms   = platforms.unix;
   };
 }
-
diff --git a/pkgs/tools/security/simple-tpm-pk11/default.nix b/pkgs/tools/security/simple-tpm-pk11/default.nix
index 75886399fdc5..96565ec84b52 100644
--- a/pkgs/tools/security/simple-tpm-pk11/default.nix
+++ b/pkgs/tools/security/simple-tpm-pk11/default.nix
@@ -1,27 +1,29 @@
-{ stdenv, fetchgit, trousers, openssl, opencryptoki, automake, autoconf, libtool }:
+{ stdenv, fetchFromGitHub, trousers, openssl, opencryptoki, autoreconfHook, libtool }:
 
 stdenv.mkDerivation rec {
-  name = "simple-tpm-pk11-2016-07-12";
+  name = "simple-tpm-pk11-${version}";
+  version = "0.06";
 
-  src = fetchgit {
-    url = "https://github.com/ThomasHabets/simple-tpm-pk11";
-    rev = "6f1f7a6b96ac82965e977cfecb88d930f1d70243";
-    sha256 = "06vf3djp29slh7hrh4hlh3npyl277fy7d77jv9mxa1sk1idjklxc";
+  src = fetchFromGitHub {
+    owner = "ThomasHabets";
+    repo = "simple-tpm-pk11";
+    rev = version;
+    sha256 = "0vpbaklr4r1a2am0pqcm6m41ph22mkcrq33y8ab5h8qkhkvhd6a6";
   };
 
-  buildInputs = [ trousers openssl opencryptoki automake autoconf libtool ];
+  nativeBuildInputs = [ autoreconfHook libtool ];
+  buildInputs = [ trousers openssl opencryptoki ];
 
-  preConfigure = "sh bootstrap.sh";
+  enableParallelBuilding = true;
 
   meta = with stdenv.lib; {
     description = "Simple PKCS11 provider for TPM chips";
     longDescription = ''
       A simple library for using the TPM chip to secure SSH keys.
-      '';
+    '';
     homepage    = https://github.com/ThomasHabets/simple-tpm-pk11;
-    license     = stdenv.lib.licenses.asl20;
-    maintainers = with stdenv.lib; [ maintainers.tstrobel ];
+    license     = licenses.asl20;
+    maintainers = with maintainers; [ tstrobel ];
     platforms   = platforms.unix;
   };
 }
-