diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/rng-tools/default.nix')
| -rw-r--r-- | nixpkgs/pkgs/tools/security/rng-tools/default.nix | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/nixpkgs/pkgs/tools/security/rng-tools/default.nix b/nixpkgs/pkgs/tools/security/rng-tools/default.nix index 41faa375f83d..bd289200fe80 100644 --- a/nixpkgs/pkgs/tools/security/rng-tools/default.nix +++ b/nixpkgs/pkgs/tools/security/rng-tools/default.nix @@ -1,13 +1,12 @@ { stdenv, fetchFromGitHub, libtool, autoreconfHook, pkgconfig , sysfsutils +, argp-standalone # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS # https://www.nist.gov/programs-projects/nist-randomness-beacon , curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source , libgcrypt ? null, withGcrypt ? true - # Not sure if jitterentropy is safe to use for cryptography - # and thus a default entropy source -, jitterentropy ? null, withJitterEntropy ? false +, jitterentropy ? null, withJitterEntropy ? true , libp11 ? null, opensc ? null, withPkcs11 ? true }: @@ -15,18 +14,16 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "rng-tools"; - version = "6.7"; + version = "6.9"; src = fetchFromGitHub { owner = "nhorman"; repo = "rng-tools"; rev = "v${version}"; - sha256 = "19f75m6mzg8h7b4snzg7d6ypvkz6nq32lrpi9ja95gqz4wsd18a5"; + sha256 = "065jf26s8zkicb95zc9ilksjdq9gqrh5vcx3mhi6mypbnamn6w98"; }; postPatch = '' - cp README.md README - ${optionalString withPkcs11 '' substituteInPlace rngd.c \ --replace /usr/lib64/opensc-pkcs11.so ${opensc}/lib/opensc-pkcs11.so @@ -42,25 +39,27 @@ stdenv.mkDerivation rec { (withFeature withPkcs11 "pkcs11") ]; + # argp-standalone is only used when libc lacks argp parsing (musl) buildInputs = [ sysfsutils ] + ++ optionals stdenv.hostPlatform.isx86_64 [ argp-standalone ] ++ optionals withGcrypt [ libgcrypt ] ++ optionals withJitterEntropy [ jitterentropy ] ++ optionals withNistBeacon [ curl libxml2 openssl ] ++ optionals withPkcs11 [ libp11 openssl ]; - # This shouldn't be necessary but is as of 6.7 - NIX_LDFLAGS = optionalString withPkcs11 "-lcrypto"; - enableParallelBuilding = true; # For cross-compilation makeFlags = [ "AR:=$(AR)" ]; + doCheck = true; + preCheck = "patchShebangs tests/*.sh"; + meta = { description = "A random number generator daemon"; homepage = https://github.com/nhorman/rng-tools; license = licenses.gpl2Plus; platforms = platforms.linux; - maintainers = with maintainers; [ johnazoidberg ]; + maintainers = with maintainers; [ johnazoidberg c0bw3b ]; }; } |