diff options
| author | quapka | 2024-07-30 09:56:32 +0200 |
|---|---|---|
| committer | quapka | 2024-07-30 10:51:50 +0200 |
| commit | 9c6de288457a6a0036cd18378e7c6e58d3e01985 (patch) | |
| tree | 02497789eeae09c6fb5e7a1b7b3e7a67b295b3ea | |
| parent | 095a210092b536fd70c10d5dd58c2668c4ce9331 (diff) | |
| download | ECTester-9c6de288457a6a0036cd18378e7c6e58d3e01985.tar.gz ECTester-9c6de288457a6a0036cd18378e7c6e58d3e01985.tar.zst ECTester-9c6de288457a6a0036cd18378e7c6e58d3e01985.zip | |
| -rw-r--r-- | flake.nix | 166 | ||||
| -rw-r--r-- | nix/libtomcrypt-pkgconfig-for-static.patch | 16 | ||||
| -rw-r--r-- | nix/libtommath-pkgconfig-for-static-build.patch | 15 |
3 files changed, 68 insertions, 129 deletions
@@ -5,26 +5,22 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; gradle2nix.url = "github:tadfisher/gradle2nix/03c1b713ad139eb6dfc8d463b5bd348368125cf1"; - custom-nixpkgs.url = "github:quapka/nixpkgs/customPkgs"; # custom for of nixpkgs with ipp-crypto packaged - # FIXME how to add submodule declaratively? - # submodule = { - # url = ./ - # }; + custom-nixpkgs.url = "github:quapka/nixpkgs/customPkgs"; }; outputs = { self, nixpkgs, custom-nixpkgs, flake-utils, gradle2nix, ... }: flake-utils.lib.eachDefaultSystem (system: let - commonLibs = import ./nix/commonlibs.nix { pkgs = pkgs; }; - wolfcryptjni = with customPkgs; wolfcrypt-jni.overrideAttrs (final: prev: { - src = pkgs.fetchFromGitHub { - owner = "wolfSSL"; - repo = "wolfcrypt-jni"; - rev = "0497ee767c994775beda2f2091009593961e5c7e"; - hash = "sha256-mtUXUyIKJ617WzAWjlOaMscWM7zuGBISVMEAbmQNBOg="; - }; - }); - patched_boringssl = with pkgs; pkgs.boringssl.overrideAttrs (final: prev: rec { + overlays = []; + pkgs = import nixpkgs { + inherit system overlays; + }; + customPkgs = import custom-nixpkgs { + inherit system overlays; + }; + + # Altered upstream packages + boringssl = with pkgs; pkgs.boringssl.overrideAttrs (final: prev: rec { src = fetchgit { url = "https://boringssl.googlesource.com/boringssl"; rev = "67422ed4434116daa8898773692165ddd51a6ac2"; @@ -81,22 +77,7 @@ patches = ( prev.patches or [] ) ++ [ # NOTE: LibTomCrypt does not expose the lib, when built statically (using `makefile and not `makefile.shared`). # This patch copies the necessary code from `makefile.shared`. - ( pkgs.writeText "pkgconfig-for-static.patch" '' -diff --git a/makefile b/makefile -index cd94b86f..ffb65402 100644 ---- a/makefile -+++ b/makefile -@@ -79,6 +79,9 @@ $(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo)))) - #as root in order to have a high enough permission to write to the correct - #directories and to set the owner and group to root. - install: $(call print-help,install,Installs the library and headers) .common_install -+ sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' libtomcrypt.pc.in > libtomcrypt.pc -+ install -p -d $(DESTDIR)$(LIBPATH)/pkgconfig -+ install -p -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/ - - install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins - - '') + ./nix/libtomcrypt-pkgconfig-for-static.patch ]; }); libtommath = pkgs.libtommath.overrideAttrs (final: prev: rec { @@ -109,23 +90,7 @@ index cd94b86f..ffb65402 100644 patches = ( prev.patches or [] ) ++ [ # NOTE: LibTomMath does not expose the lib, when built statically (using `makefile and not `makefile.shared`). # This patch copies the necessary code from `makefile.shared`. - ( pkgs.writeText "pkgconfig-for-static.patch" '' -diff --git a/makefile b/makefile -index bee51a1..b36a13a 100644 ---- a/makefile -+++ b/makefile -@@ -90,6 +90,10 @@ install: $(LIBNAME) - install -d $(DESTDIR)$(INCPATH) - install -m 644 $(LIBNAME) $(DESTDIR)$(LIBPATH) - install -m 644 $(HEADERS_PUB) $(DESTDIR)$(INCPATH) -+ sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' -e 's,@CMAKE_INSTALL_LIBDIR@,lib,' \ -+ -e 's,@CMAKE_INSTALL_INCLUDEDIR@,include,' libtommath.pc.in > libtommath.pc -+ install -d $(DESTDIR)$(LIBPATH)/pkgconfig -+ install -m 644 libtommath.pc $(DESTDIR)$(LIBPATH)/pkgconfig/ - - uninstall: - rm $(DESTDIR)$(LIBPATH)/$(LIBNAME) - '') + ./nix/libtommath-pkgconfig-for-static-build.patch ]; }); nettle = pkgs.nettle.overrideAttrs (final: prev: { @@ -157,25 +122,32 @@ index bee51a1..b36a13a 100644 }); gmp = pkgs.gmp.override { withStatic = true; }; + + # Custom added packages + wolfcryptjni = with customPkgs; wolfcrypt-jni.overrideAttrs (final: prev: { + src = pkgs.fetchFromGitHub { + owner = "wolfSSL"; + repo = "wolfcrypt-jni"; + rev = "0497ee767c994775beda2f2091009593961e5c7e"; + hash = "sha256-mtUXUyIKJ617WzAWjlOaMscWM7zuGBISVMEAbmQNBOg="; + }; + }); + + # Shims and libs # Current list of targets: tomcrypt botan cryptopp openssl boringssl gcrypt mbedtls ippcp nettle libressl tomcryptShim = import ./nix/tomcryptshim.nix { inherit pkgs libtomcrypt libtommath; }; botanShim = import ./nix/botanshim.nix { inherit pkgs; }; cryptoppShim = import ./nix/cryptoppshim.nix { inherit pkgs cryptopp; }; opensslShimBuilder = { version, hash }: import ./nix/opensslshim.nix { inherit pkgs; openssl = (openssl { version = version; hash = hash;}); }; - boringsslShim = import ./nix/boringsslshim.nix { inherit pkgs; boringssl = patched_boringssl; }; + boringsslShim = import ./nix/boringsslshim.nix { inherit pkgs; boringssl = boringssl; }; gcryptShim = import ./nix/gcryptshim.nix { inherit pkgs libgcrypt libgpg-error; }; mbedtlsShim = import ./nix/mbedtlsshim.nix { pkgs = pkgs; }; ippcpShim = import ./nix/ippcpshim.nix { pkgs = pkgs; ipp-crypto = customPkgs.ipp-crypto; }; nettleShim = import ./nix/nettleshim.nix { inherit pkgs nettle gmp; }; libresslShim = import ./nix/libresslshim.nix { inherit pkgs libressl; }; - overlays = []; - pkgs = import nixpkgs { - inherit system overlays; - }; - customPkgs = import custom-nixpkgs { - inherit system overlays; - }; + commonLibs = import ./nix/commonlibs.nix { pkgs = pkgs; }; + buildECTesterStandalone = { opensslVersion, opensslHash }: ( let opensslShim = (opensslShimBuilder { version = opensslVersion; hash = opensslHash; }); @@ -186,7 +158,7 @@ index bee51a1..b36a13a 100644 version = "0.3.3"; lockFile = ./gradle.lock; - # NOTE: the shims are built separately, therefore no need to call libs + # NOTE: the shims are built separately, therefore no need to call build `libs` target gradleBuildFlags = [ ":standalone:uberJar"]; src = ./.; @@ -207,74 +179,12 @@ index bee51a1..b36a13a 100644 cp ${commonLibs}/lib/* ${jniLibsPath} ''; - nativeBuildInputs = [ - # libresslShim - gdb - ant - jdk17 - pkg-config - global-platform-pro - gradle - makeWrapper - - # libraries to test - # patched_boringssl - # libressl - libtomcrypt - libtommath - botan2 - cryptopp - - # libraries' dependencies - # cmake - # ninja - gawk - automake - go - gtest - libunwind - autoconf - libb64 - - clang - nasm - libtool - perl + nativeBuildInputs = [ makeWrapper ]; - wolfssl - nettle + LD_LIBRARY_PATH = lib.makeLibraryPath [ wolfcryptjni ]; - # gmp - libgpg-error - wget - libconfig - ]; - - buildInputs = [ - jdk17_headless - # libressl - commonLibs - ]; - - LD_LIBRARY_PATH = lib.makeLibraryPath [ - libtommath - libtomcrypt - botan2 - cryptopp - # libressl - # patched_boringssl - ninja - # nettle - # gmp - libconfig - wolfcryptjni - commonLibs - ]; - - # BORINGSSL_CFLAGS = "${patched_boringssl.dev.outPath}/include"; WOLFCRYPT_LIB_PATH = "${wolfcryptjni}/lib"; - # FIXME more things to copy here installPhase = '' mkdir -p $out cp -r standalone/build $out @@ -290,10 +200,8 @@ index bee51a1..b36a13a 100644 }); in { - packages = { - default = buildECTesterStandalone { - opensslVersion="3.3.1"; opensslHash="sha256-d3zVlihMiDN1oqehG/XSeG/FQTJV76sgxQ1v/m0CC34="; - }; + packages = rec { + default = openssl_331; openssl_331 = buildECTesterStandalone { opensslVersion="3.3.1"; opensslHash="sha256-d3zVlihMiDN1oqehG/XSeG/FQTJV76sgxQ1v/m0CC34="; }; @@ -314,7 +222,7 @@ index bee51a1..b36a13a 100644 ]; preConfigure = '' - cp ${patched_boringssl}/lib/lib_boringssl.a standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ + cp ${boringssl}/lib/lib_boringssl.a standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ ''; buildInputs = [ @@ -330,7 +238,7 @@ index bee51a1..b36a13a 100644 (openssl {}) libressl # glibc - patched_boringssl + boringssl libtomcrypt libtommath botan2 @@ -374,7 +282,7 @@ index bee51a1..b36a13a 100644 cryptopp # (openssl {}) (openssl {}) - patched_boringssl + boringssl libgcrypt libgpg-error nettle @@ -384,7 +292,7 @@ index bee51a1..b36a13a 100644 wolfcryptjni ]; - BORINGSSL_CFLAGS = "${patched_boringssl.dev.outPath}/include"; + BORINGSSL_CFLAGS = "${boringssl.dev.outPath}/include"; WOLFCRYPT_LIB_PATH = "${wolfcryptjni}/lib"; diff --git a/nix/libtomcrypt-pkgconfig-for-static.patch b/nix/libtomcrypt-pkgconfig-for-static.patch new file mode 100644 index 0000000..5db9dbd --- /dev/null +++ b/nix/libtomcrypt-pkgconfig-for-static.patch @@ -0,0 +1,16 @@ +# NOTE: LibTomCrypt does not expose the lib, when built statically (using `makefile and not `makefile.shared`). +# This patch copies the necessary code from `makefile.shared`. +diff --git a/makefile b/makefile +index cd94b86f..ffb65402 100644 +--- a/makefile ++++ b/makefile +@@ -79,6 +79,9 @@ $(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo)))) + #as root in order to have a high enough permission to write to the correct + #directories and to set the owner and group to root. + install: $(call print-help,install,Installs the library and headers) .common_install ++ sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' libtomcrypt.pc.in > libtomcrypt.pc ++ install -p -d $(DESTDIR)$(LIBPATH)/pkgconfig ++ install -p -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/ + + install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins + '') diff --git a/nix/libtommath-pkgconfig-for-static-build.patch b/nix/libtommath-pkgconfig-for-static-build.patch new file mode 100644 index 0000000..4a97aca --- /dev/null +++ b/nix/libtommath-pkgconfig-for-static-build.patch @@ -0,0 +1,15 @@ +diff --git a/makefile b/makefile +index bee51a1..b36a13a 100644 +--- a/makefile ++++ b/makefile +@@ -90,6 +90,10 @@ install: $(LIBNAME) + install -d $(DESTDIR)$(INCPATH) + install -m 644 $(LIBNAME) $(DESTDIR)$(LIBPATH) + install -m 644 $(HEADERS_PUB) $(DESTDIR)$(INCPATH) ++ sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' -e 's,@CMAKE_INSTALL_LIBDIR@,lib,' \ ++ -e 's,@CMAKE_INSTALL_INCLUDEDIR@,include,' libtommath.pc.in > libtommath.pc ++ install -d $(DESTDIR)$(LIBPATH)/pkgconfig ++ install -m 644 libtommath.pc $(DESTDIR)$(LIBPATH)/pkgconfig/ + + uninstall: + rm $(DESTDIR)$(LIBPATH)/$(LIBNAME) |