swtpm: improvements for use with libvirt

Before, the state directory was set to a path in the Nix store, which isn't writable and so makes for a terrible directory for storing state. See https://github.com/NixOS/nixpkgs/issues/141224 for a more detailed explanation. Also, swtpm-localca tried to use certtool from the environment. Change the path so it refers directly to certtool in the Nix store.
2021-10-15 15:37:12 +02:00 · 2021-10-15 15:37:12 +02:00 · 960ae854b5
commit 960ae854b5
parent dcfa595275
1 changed files with 13 additions and 0 deletions
--- a/pkgs/tools/security/swtpm/default.nix
+++ b/pkgs/tools/security/swtpm/default.nix
@ -42,8 +42,21 @@ stdenv.mkDerivation rec {

  configureFlags = [
    "--with-cuse"
+    "--localstatedir=/var"
  ];

+  prePatch = ''
+    # Makefile tries to create the directory /var/lib/swtpm-localcafor, which fails
+    substituteInPlace samples/Makefile.am \
+        --replace 'install-data-local:' 'do-not-execute:'
+
+    # Use the correct path to the certtool binary
+    # instead of relying on it being in the environment
+    substituteInPlace samples/swtpm_localca.c --replace \
+        '# define CERTTOOL_NAME "certtool"' \
+        '# define CERTTOOL_NAME "${gnutls}/bin/certtool"'
+  '';
+
  enableParallelBuilding = true;

  outputs = [ "out" "man" ];