From 01eb385346b09f12994c187af835ee72254640d6 Mon Sep 17 00:00:00 2001 From: Philip Potter Date: Tue, 10 Nov 2015 07:20:20 +0000 Subject: [PATCH] certificate-transparency: init at 2015-11-27 libevhtp: 1.2.10 -> 1.2.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Package for certificate-transparency This adds openssl support to libevent. Libevent can be compiled without openssl, in which case it just doesn't build the libevent_openssl library. However it seems simpler just to default to including openssl support. This bumps evhtp's version because 1.2.11 provides pkg-config information which makes building certificate-transparency easier. This has been tested with `doCheck = true;`. Signed-off-by: Edward Tjörnhammar --- .../libraries/libevent/default.nix | 4 +- .../libraries/libevhtp/default.nix | 4 +- .../certificate-transparency/default.nix | 57 +++++++++++++++++++ .../protobuf-include-from-env.patch | 14 +++++ pkgs/top-level/all-packages.nix | 2 + 5 files changed, 77 insertions(+), 4 deletions(-) create mode 100644 pkgs/servers/certificate-transparency/default.nix create mode 100644 pkgs/servers/certificate-transparency/protobuf-include-from-env.patch diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix index 284a09bc9275..bddda9f3eadd 100644 --- a/pkgs/development/libraries/libevent/default.nix +++ b/pkgs/development/libraries/libevent/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, autoreconfHook, python, findutils }: +{ stdenv, fetchurl, autoreconfHook, openssl, python, findutils }: let version = "2.0.22"; in stdenv.mkDerivation { @@ -10,7 +10,7 @@ stdenv.mkDerivation { }; nativeBuildInputs = [ autoreconfHook ]; - buildInputs = [ python ] ++ stdenv.lib.optional stdenv.isCygwin findutils; + buildInputs = [ openssl python ] ++ stdenv.lib.optional stdenv.isCygwin findutils; patchPhase = '' patchShebangs event_rpcgen.py diff --git a/pkgs/development/libraries/libevhtp/default.nix b/pkgs/development/libraries/libevhtp/default.nix index f909d6d8ff2f..4765f0b7d9af 100644 --- a/pkgs/development/libraries/libevhtp/default.nix +++ b/pkgs/development/libraries/libevhtp/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libevhtp-${version}"; - version = "1.2.10"; + version = "1.2.11"; src = fetchFromGitHub { owner = "ellzey"; repo = "libevhtp"; rev = version; - sha256 = "0z5cxa65zp89vkaj286gp6fpmc5fylr8bmd17g3j1rgc42nysm6a"; + sha256 = "1rlxdp8w4alcy5ryr7pmw5wi6hv7d64885wwbk1zxhvi64s4x4rg"; }; buildInputs = [ cmake openssl libevent ]; diff --git a/pkgs/servers/certificate-transparency/default.nix b/pkgs/servers/certificate-transparency/default.nix new file mode 100644 index 000000000000..ebfa7427fc00 --- /dev/null +++ b/pkgs/servers/certificate-transparency/default.nix @@ -0,0 +1,57 @@ +{ stdenv, pkgs, ...}: + +stdenv.mkDerivation rec { + name = "certificate-transparency-${version}"; + + version = "2015-11-27"; + rev = "dc5a51e55af989ff5871a6647166d00d0de478ab"; + + meta = with stdenv.lib; { + homepage = https://www.certificate-transparency.org/; + description = "Auditing for TLS certificates."; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ philandstuff ]; + }; + + src = pkgs.fetchFromGitHub { + owner = "google"; + repo = "certificate-transparency"; + rev = rev; + sha256 = "14sgc2kcjjsnrykwcjin21h1f3v4kg83w6jqiq9qdm1ha165yhvx"; + }; + + # need to disable regex support in evhtp or building will fail + libevhtp_without_regex = stdenv.lib.overrideDerivation pkgs.libevhtp + (oldAttrs: { + cmakeFlags="-DEVHTP_DISABLE_REGEX:STRING=ON -DCMAKE_C_FLAGS:STRING=-fPIC"; + }); + + buildInputs = with pkgs; [ + autoconf automake clang_34 pkgconfig + glog gmock google-gflags gperftools gtest json_c leveldb + libevent libevhtp_without_regex openssl protobuf sqlite + ]; + + patches = [ + ./protobuf-include-from-env.patch + ]; + + doCheck = false; + + preConfigure = '' + ./autogen.sh + configureFlagsArray=( + CC=clang + CXX=clang++ + GMOCK_DIR=${pkgs.gmock} + GTEST_DIR=${pkgs.gtest} + ) + ''; + + # the default Makefile constructs BUILD_VERSION from `git describe` + # which isn't available in the nix build environment + makeFlags = "BUILD_VERSION=${version}-${rev}"; + + protocFlags = "-I ${pkgs.protobuf}/include"; +} diff --git a/pkgs/servers/certificate-transparency/protobuf-include-from-env.patch b/pkgs/servers/certificate-transparency/protobuf-include-from-env.patch new file mode 100644 index 000000000000..a1f9a1849b63 --- /dev/null +++ b/pkgs/servers/certificate-transparency/protobuf-include-from-env.patch @@ -0,0 +1,14 @@ +Get protobuf include path from environment + +--- a/python/Makefile ++++ b/python/Makefile +@@ -5,7 +5,7 @@ all: ct/proto/client_pb2.py ct/proto/ct_pb2.py ct/proto/tls_options_pb2.py \ + ct/proto/test_message_pb2.py ct/proto/certificate_pb2.py + + ct/proto/%_pb2.py: ct/proto/%.proto +- $(PROTOC) $^ -I/usr/include/ -I/usr/local/include -I$(INSTALL_DIR)/include -I. --python_out=. ++ $(PROTOC) $^ $(protocFlags) -I. --python_out=. + + ct/proto/ct_pb2.py: ../proto/ct.proto + $(PROTOC) --python_out=ct/proto -I../proto ../proto/ct.proto + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f372eaad368e..8164085003b3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -760,6 +760,8 @@ let gcdemu = callPackage ../misc/emulators/cdemu/gui.nix { }; + certificate-transparency = callPackage ../servers/certificate-transparency { }; + image-analyzer = callPackage ../misc/emulators/cdemu/analyzer.nix { }; ccnet = callPackage ../tools/networking/ccnet { };