2019-10-27 17:06:10 +01:00
|
|
|
{ stdenv, lib, fetchFromGitHub, substituteAll
|
2021-01-17 03:30:45 +01:00
|
|
|
, pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf
|
2022-04-21 19:03:15 +02:00
|
|
|
, tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml
|
2019-10-27 17:06:10 +01:00
|
|
|
, abrmdSupport ? true, tpm2-abrmd ? null
|
2023-11-10 03:10:43 +01:00
|
|
|
, fapiSupport ? true
|
2019-10-27 17:06:10 +01:00
|
|
|
}:
|
|
|
|
|
|
|
|
stdenv.mkDerivation rec {
|
|
|
|
pname = "tpm2-pkcs11";
|
2023-11-10 02:30:46 +01:00
|
|
|
version = "1.9.0";
|
2019-10-27 17:06:10 +01:00
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "tpm2-software";
|
|
|
|
repo = pname;
|
|
|
|
rev = version;
|
2023-11-10 02:30:46 +01:00
|
|
|
sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk=";
|
2019-10-27 17:06:10 +01:00
|
|
|
};
|
|
|
|
|
2023-11-10 03:10:43 +01:00
|
|
|
patches = [
|
|
|
|
./version.patch
|
|
|
|
./graceful-fapi-fail.patch
|
|
|
|
];
|
2019-10-27 17:06:10 +01:00
|
|
|
|
|
|
|
# The preConfigure phase doesn't seem to be working here
|
|
|
|
# ./bootstrap MUST be executed as the first step, before all
|
|
|
|
# of the autoreconfHook stuff
|
|
|
|
postPatch = ''
|
2023-11-10 02:30:46 +01:00
|
|
|
echo ${version} > VERSION
|
2019-10-27 17:06:10 +01:00
|
|
|
./bootstrap
|
|
|
|
'';
|
|
|
|
|
2023-11-10 03:10:43 +01:00
|
|
|
configureFlags = lib.optionals (!fapiSupport) [
|
|
|
|
# Note: this will be renamed to with-fapi in next release.
|
|
|
|
"--enable-fapi=no"
|
|
|
|
];
|
|
|
|
|
2019-10-27 17:06:10 +01:00
|
|
|
nativeBuildInputs = [
|
2021-01-17 03:30:45 +01:00
|
|
|
pkg-config autoreconfHook autoconf-archive makeWrapper patchelf
|
2019-10-27 17:06:10 +01:00
|
|
|
];
|
|
|
|
buildInputs = [
|
|
|
|
tpm2-tss tpm2-tools opensc openssl sqlite libyaml
|
2022-08-02 17:32:41 +02:00
|
|
|
(python3.withPackages (ps: with ps; [ packaging pyyaml cryptography pyasn1-modules tpm2-pytss ]))
|
2019-10-27 17:06:10 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
outputs = [ "out" "bin" "dev" ];
|
|
|
|
|
|
|
|
dontStrip = true;
|
|
|
|
dontPatchELF = true;
|
|
|
|
|
|
|
|
# To be able to use the userspace resource manager, the RUNPATH must
|
|
|
|
# explicitly include the tpm2-abrmd shared libraries.
|
|
|
|
preFixup = let
|
|
|
|
rpath = lib.makeLibraryPath (
|
|
|
|
(lib.optional abrmdSupport tpm2-abrmd)
|
|
|
|
++ [
|
|
|
|
tpm2-tss
|
|
|
|
sqlite
|
|
|
|
openssl
|
|
|
|
glibc
|
|
|
|
libyaml
|
|
|
|
]
|
|
|
|
);
|
|
|
|
in ''
|
|
|
|
patchelf \
|
|
|
|
--set-rpath ${rpath} \
|
|
|
|
${lib.optionalString abrmdSupport "--add-needed ${lib.makeLibraryPath [tpm2-abrmd]}/libtss2-tcti-tabrmd.so"} \
|
|
|
|
--add-needed ${lib.makeLibraryPath [tpm2-tss]}/libtss2-tcti-device.so \
|
|
|
|
$out/lib/libtpm2_pkcs11.so.0.0.0
|
|
|
|
'';
|
|
|
|
|
|
|
|
postInstall = ''
|
|
|
|
mkdir -p $bin/bin/ $bin/share/tpm2_pkcs11/
|
|
|
|
mv ./tools/* $bin/share/tpm2_pkcs11/
|
|
|
|
makeWrapper $bin/share/tpm2_pkcs11/tpm2_ptool.py $bin/bin/tpm2_ptool \
|
|
|
|
--prefix PATH : ${lib.makeBinPath [ tpm2-tools ]}
|
|
|
|
'';
|
|
|
|
|
|
|
|
meta = with lib; {
|
|
|
|
description = "A PKCS#11 interface for TPM2 hardware";
|
2020-03-10 13:27:03 +01:00
|
|
|
homepage = "https://github.com/tpm2-software/tpm2-pkcs11";
|
2019-10-27 17:06:10 +01:00
|
|
|
license = licenses.bsd2;
|
|
|
|
platforms = platforms.linux;
|
2023-10-08 09:19:18 +02:00
|
|
|
maintainers = with maintainers; [ ];
|
2023-11-23 22:09:35 +01:00
|
|
|
mainProgram = "tpm2_ptool";
|
2019-10-27 17:06:10 +01:00
|
|
|
};
|
|
|
|
}
|