pkgs/development/libraries/mbedtls/generic.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / development / libraries / mbedtls / generic.nix
at master 2.1 kB view raw
 1{
 2  lib,
 3  stdenv,
 4  version,
 5  hash,
 6  patches ? [ ],
 7  fetchFromGitHub,
 8
 9  cmake,
10  ninja,
11  perl, # Project uses Perl for scripting and testing
12  python3,
13
14  enableThreading ? true, # Threading can be disabled to increase security https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
15}:
16
17stdenv.mkDerivation rec {
18  pname = "mbedtls";
19  inherit version;
20
21  src = fetchFromGitHub {
22    owner = "Mbed-TLS";
23    repo = "mbedtls";
24    rev = "${pname}-${version}";
25    inherit hash;
26    # mbedtls >= 3.6.0 uses git submodules
27    fetchSubmodules = true;
28  };
29
30  inherit patches;
31
32  nativeBuildInputs = [
33    cmake
34    ninja
35    perl
36    python3
37  ];
38
39  strictDeps = true;
40
41  # trivialautovarinit on clang causes test failures
42  hardeningDisable = lib.optional stdenv.cc.isClang "trivialautovarinit";
43
44  postConfigure = lib.optionalString enableThreading ''
45    perl scripts/config.pl set MBEDTLS_THREADING_C    # Threading abstraction layer
46    perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD    # POSIX thread wrapper layer for the threading layer.
47  '';
48
49  cmakeFlags = [
50    "-DUSE_SHARED_MBEDTLS_LIBRARY=${if stdenv.hostPlatform.isStatic then "off" else "on"}"
51
52    # Avoid a dependency on jsonschema and jinja2 by not generating source code
53    # using python. In releases, these generated files are already present in
54    # the repository and do not need to be regenerated. See:
55    # https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 below "Requirement changes".
56    "-DGEN_FILES=off"
57  ];
58
59  doCheck = true;
60
61  # Parallel checking causes test failures
62  # https://github.com/Mbed-TLS/mbedtls/issues/4980
63  enableParallelChecking = false;
64
65  meta = with lib; {
66    homepage = "https://www.trustedfirmware.org/projects/mbed-tls/";
67    changelog = "https://github.com/Mbed-TLS/mbedtls/blob/${pname}-${version}/ChangeLog";
68    description = "Portable cryptographic and TLS library, formerly known as PolarSSL";
69    license = [
70      licenses.asl20 # or
71      licenses.gpl2Plus
72    ];
73    platforms = platforms.all;
74    maintainers = with maintainers; [ raphaelr ];
75  };
76}