Merge pull request #300411 from numinit/pkcs11-provider

pkcs11-provider: init at 0.3
2024-04-10 22:02:07 +08:00 · 2024-04-10 22:02:07 +08:00 · 5583a60c2c
commit 5583a60c2c
parent c1f239faf2 473fd691a9
1 changed files with 47 additions and 0 deletions
--- a/pkgs/by-name/pk/pkcs11-provider/package.nix
+++ b/pkgs/by-name/pk/pkcs11-provider/package.nix
@ -0,0 +1,47 @@
+{ lib, stdenv, fetchFromGitHub
+, openssl, nss, p11-kit
+, opensc, gnutls, expect
+, autoreconfHook, autoconf-archive, pkg-config
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pkcs11-provider";
+  version = "0.3";
+
+  src = fetchFromGitHub {
+    owner = "latchset";
+    repo = "pkcs11-provider";
+    rev = "v${version}";
+    hash = "sha256-jEQYsINRZ7bi2UqOXUUmGpm+1h+1qBNe18KvfAw2JzU=";
+  };
+
+  buildInputs = [ openssl nss p11-kit ];
+  nativeBuildInputs = [ autoreconfHook pkg-config autoconf-archive ];
+
+  # don't add SoftHSM to here: https://github.com/openssl/openssl/issues/22508
+  nativeCheckInputs = [ p11-kit.bin opensc nss.tools gnutls openssl.bin expect ];
+
+  postPatch = ''
+    patchShebangs --build .
+
+    # Makefile redirects to logfiles; make sure we can catch them.
+    for name in softokn softhsm; do
+      ln -s /dev/stderr tests/setup-$name.log
+    done
+  '';
+
+  enableParallelBuilding = true;
+
+  # Frequently fails due to a race condition.
+  enableParallelInstalling = false;
+
+  doCheck = true;
+
+  meta = with lib; {
+    homepage = "https://github.com/latchset/pkcs11-provider";
+    description = "An OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface";
+    maintainers = with maintainers; [ numinit ];
+    license = licenses.asl20;
+    platforms = platforms.unix;
+  };
+}