pkcs11-provider: 1.1 -> 1.2.0; kryoptic: 1.4.0 -> 1.5.0 (#498152) (c5101bf8) · Commits · nix / nixpkgs

pkgs/by-name/kr/kryoptic/0001-Add-Cargo.lock.patch

+347 −165

File changed.

Preview size limit exceeded, changes collapsed.

pkgs/by-name/kr/kryoptic/package.nix

+5 −14

Original line number	Diff line number	Diff line
		{
		lib,
		stdenv,
		fetchpatch,
		rustPlatform,
		fetchFromGitHub,
		nix-update-script,
		@@ -15,27 +14,19 @@

		rustPlatform.buildRustPackage (finalAttrs: {
		pname = "kryoptic";
		version = "1.4.0";
		version = "1.5.0";

		src = fetchFromGitHub {
		owner = "latchset";
		repo = "kryoptic";
		tag = "v${finalAttrs.version}";
		hash = "sha256-tP2BZkGCZqfLNLZ/mYAVkICWKTM1EbL7lbw+Mnx4VTk=";
		hash = "sha256-WOihUHFNqjQGObd+pfiNnjBq5GL/9NDeBiC7VzF/ZwE=";
		};

		patches = [
		# Support additional arguments for bindgen so it can find our glibc.
		# https://github.com/latchset/kryoptic/pull/386
		(fetchpatch {
		url = "https://github.com/latchset/kryoptic/commit/54b3deeb4eb84ebd7c5b52ccb9401e319fb00294.patch";
		hash = "sha256-QChVS/MnsGp6To4OWYA8Se6kgRCGABchLLnSHfrEj1E=";
		})
		];

		env = {
		# Pass these include paths for bindgen in via the environment.
		OSSL_BINDGEN_CLANG_ARGS = "-I${lib.getInclude glibc}/include";
		${if !stdenv.hostPlatform.isDarwin then "OSSL_BINDGEN_CLANG_ARGS" else null} =
		"-I${lib.getInclude glibc}/include";
		LIBCLANG_PATH = "${lib.getLib clang.cc}/lib";
		};

		@@ -50,7 +41,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
		./0001-Add-Cargo.lock.patch
		];

		cargoHash = "sha256-eekiW9HCKwx7/y2WSqQH6adgAeAnQojM3QcNTc3kx2I=";
		cargoHash = "sha256-Kr2tvxPIcWS47ljH9l0qQTacX9BIV9vMmQyE8EG6qVE=";

		cargoBuildFlags = [
		"--no-default-features"

pkgs/by-name/pk/pkcs11-provider/package.nix

+12 −8

Original line number	Diff line number	Diff line
		@@ -24,14 +24,14 @@ let
		in
		stdenv.mkDerivation (finalAttrs: {
		pname = "pkcs11-provider";
		version = "1.1";
		version = "1.2.0";

		src = fetchFromGitHub {
		owner = "latchset";
		owner = "openssl-projects";
		repo = "pkcs11-provider";
		tag = "v${finalAttrs.version}";
		fetchSubmodules = true;
		hash = "sha256-QXEwDl6pk8G5ba8lD4uYw2QuD3qS/sgd1od8crHct2s=";
		hash = "sha256-rymH/0otZ553lKqfdTRR5ttNsom9A3ObNNxptqB/eno=";
		};

		buildInputs = [
		@@ -54,9 +54,11 @@ stdenv.mkDerivation (finalAttrs: {
		gnutls
		openssl.bin
		expect
		valgrind
		pkcs11ProviderPython3
		]
		++ lib.optionals stdenv.hostPlatform.isLinux [
		valgrind
		]
		++ lib.optionals stdenv.hostPlatform.isx86_64 [
		# softokn and kryoptic are OK; softhsm is pretty flaky.
		# This fails with a `pkcs11-provider:softhsm / tls - FAIL - exit status 1`.
		@@ -69,12 +71,11 @@ stdenv.mkDerivation (finalAttrs: {
		KRYOPTIC = "${lib.getLib kryoptic}/lib";
		};

		# Fix a typo in the Kryoptic test (remove this in v1.2).
		# Need to search $KRYOPTIC for the path to the actual Kryoptic library.
		postPatch = ''
		patchShebangs --build .
		substituteInPlace tests/kryoptic-init.sh \
		--replace-fail /usr/local/lib/kryoptic "\\''${KRYOPTIC}" \
		--replace-fail "libkryoptic_pkcs11so" libkryoptic_pkcs11.so
		--replace-fail /usr/local/lib/kryoptic "\\''${KRYOPTIC}"
		'';

		preInstall = ''
		@@ -92,12 +93,15 @@ stdenv.mkDerivation (finalAttrs: {
		# Frequently fails due to a race condition.
		enableParallelInstalling = false;

		# Tests bind to localhost.
		__darwinAllowLocalNetworking = true;

		doCheck = true;

		passthru.updateScript = nix-update-script {
		extraArgs = [
		"--version-regex"
		"v(\\d\\.\\d)"
		"v(\\d+\\.\\d+\\.\\d+)"
		];
		};