diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libgcrypt')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/libgcrypt/1.8.nix | 75 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/libgcrypt/default.nix | 85 |
2 files changed, 160 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libgcrypt/1.8.nix b/nixpkgs/pkgs/development/libraries/libgcrypt/1.8.nix new file mode 100644 index 000000000000..2f0f3b4fd019 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libgcrypt/1.8.nix @@ -0,0 +1,75 @@ +{ lib +, stdenv +, fetchurl +, libgpg-error +, enableCapabilities ? false, libcap +, buildPackages +# for passthru.tests +, gnupg +, libotr +, rsyslog +}: + +assert enableCapabilities -> stdenv.isLinux; + +stdenv.mkDerivation rec { + pname = "libgcrypt"; + version = "1.8.10"; + + src = fetchurl { + url = "mirror://gnupg/libgcrypt/libgcrypt-${version}.tar.bz2"; + sha256 = "sha256-aJaRVQH5UeI9AtywRTRpwswiqk13oAH/c6JkfC0p590="; + }; + + outputs = [ "out" "dev" "info" ]; + outputBin = "dev"; + + # The CPU Jitter random number generator must not be compiled with + # optimizations and the optimize -O0 pragma only works for gcc. + # The build enables -O2 by default for everything else. + hardeningDisable = lib.optional stdenv.cc.isClang "fortify"; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + buildInputs = [ libgpg-error ] + ++ lib.optional enableCapabilities libcap; + + strictDeps = true; + + configureFlags = [ "--with-libgpg-error-prefix=${libgpg-error.dev}" ] + ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157 + + # Necessary to generate correct assembly when compiling for aarch32 on + # aarch64 + configurePlatforms = [ "host" "build" ]; + + postConfigure = '' + sed -i configure \ + -e 's/NOEXECSTACK_FLAGS=$/NOEXECSTACK_FLAGS="-Wa,--noexecstack"/' + ''; + + # Make sure libraries are correct for .pc and .la files + # Also make sure includes are fixed for callers who don't use libgpgcrypt-config + postFixup = '' + sed -i 's,#include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' "$dev/include/gcrypt.h" + '' + lib.optionalString enableCapabilities '' + sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la + ''; + + doCheck = true; + + passthru.tests = { + inherit gnupg libotr rsyslog; + }; + + meta = with lib; { + homepage = "https://www.gnu.org/software/libgcrypt/"; + changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=${pname}.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}"; + description = "General-purpose cryptographic library"; + license = licenses.lgpl2Plus; + platforms = platforms.all; + knownVulnerabilities = [ + "CVE-2021-40528" + ]; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/libgcrypt/default.nix b/nixpkgs/pkgs/development/libraries/libgcrypt/default.nix new file mode 100644 index 000000000000..3605d48a2fd1 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libgcrypt/default.nix @@ -0,0 +1,85 @@ +{ lib +, stdenv +, fetchurl +, gettext +, libgpg-error +, enableCapabilities ? false, libcap +, buildPackages +# for passthru.tests +, gnupg +, libotr +, rsyslog +}: + +assert enableCapabilities -> stdenv.isLinux; + +stdenv.mkDerivation rec { + pname = "libgcrypt"; + version = "1.10.3"; + + src = fetchurl { + url = "mirror://gnupg/libgcrypt/${pname}-${version}.tar.bz2"; + hash = "sha256-iwhwiXrFrGfe1Wjc+t9Flpz6imvrD9YK8qnq3Coycqo="; + }; + + outputs = [ "out" "dev" "info" ]; + outputBin = "dev"; + + # The CPU Jitter random number generator must not be compiled with + # optimizations and the optimize -O0 pragma only works for gcc. + # The build enables -O2 by default for everything else. + hardeningDisable = lib.optional stdenv.cc.isClang "fortify"; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + buildInputs = [ libgpg-error ] + ++ lib.optional stdenv.isDarwin gettext + ++ lib.optional enableCapabilities libcap; + + strictDeps = true; + + configureFlags = [ "--with-libgpg-error-prefix=${libgpg-error.dev}" ] + ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157 + + # Necessary to generate correct assembly when compiling for aarch32 on + # aarch64 + configurePlatforms = [ "host" "build" ]; + + postConfigure = '' + sed -i configure \ + -e 's/NOEXECSTACK_FLAGS=$/NOEXECSTACK_FLAGS="-Wa,--noexecstack"/' + ''; + + enableParallelBuilding = true; + + # Make sure libraries are correct for .pc and .la files + # Also make sure includes are fixed for callers who don't use libgpgcrypt-config + postFixup = '' + sed -i 's,#include <gpg-error.h>,#include "${libgpg-error.dev}/include/gpg-error.h",g' "$dev/include/gcrypt.h" + '' + lib.optionalString enableCapabilities '' + sed -i 's,\(-lcap\),-L${libcap.lib}/lib \1,' $out/lib/libgcrypt.la + ''; + + # TODO: figure out why this is even necessary and why the missing dylib only crashes + # random instead of every test + preCheck = lib.optionalString stdenv.isDarwin '' + mkdir -p $out/lib + cp src/.libs/libgcrypt.20.dylib $out/lib + ''; + + doCheck = true; + enableParallelChecking = true; + + passthru.tests = { + inherit gnupg libotr rsyslog; + }; + + meta = with lib; { + homepage = "https://www.gnu.org/software/libgcrypt/"; + changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=${pname}.git;a=blob;f=NEWS;hb=refs/tags/${pname}-${version}"; + description = "General-purpose cryptographic library"; + license = licenses.lgpl2Plus; + platforms = platforms.all; + maintainers = with maintainers; [ vrthra ]; + }; +} |