diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix new file mode 100644 index 000000000000..2bd0326d4d92 --- /dev/null +++ b/pkgs/tools/security/swtpm/default.nix @@ -0,0 +1,76 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, libtasn1, openssl, fuse, glib, libseccomp +, libtpms +, unixtools, expect, socat +, gnutls +, perl +, python3, python3Packages +}: + +stdenv.mkDerivation rec { + pname = "swtpm"; + version = "0.5.2"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "swtpm"; + rev = "v${version}"; + sha256 = "sha256-KY5V4z/8I15ePjorgZueNahlD/xvFa3tDarA0tuRxFk="; + }; + + pythonPath = with python3Packages; requiredPythonModules [ + setuptools + cryptography + ]; + + patches = [ + # upstream looks for /usr directory in $prefix to check + # whether or not to proceed with installation of python + # tools (swtpm_setup utility). + ./python-installation.patch + ]; + + prePatch = '' + patchShebangs src/swtpm_setup/setup.py + patchShebangs samples/setup.py + ''; + + nativeBuildInputs = [ + pkg-config unixtools.netstat expect socat + perl # for pod2man + autoreconfHook + python3 + ]; + buildInputs = [ + libtpms + openssl libtasn1 libseccomp + fuse glib + gnutls + python3.pkgs.wrapPython + ]; + propagatedBuildInputs = pythonPath; + + configureFlags = [ + "--with-cuse" + ]; + + postInstall = '' + wrapPythonProgramsIn $out/bin "$out $pythonPath" + wrapPythonProgramsIn $out/share/swtpm "$out $pythonPath" + ''; + + enableParallelBuilding = true; + + outputs = [ "out" "man" ]; + + meta = with lib; { + description = "Libtpms-based TPM emulator"; + homepage = "https://github.com/stefanberger/swtpm"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/pkgs/tools/security/swtpm/python-installation.patch b/pkgs/tools/security/swtpm/python-installation.patch new file mode 100644 index 000000000000..d2689f051c5b --- /dev/null +++ b/pkgs/tools/security/swtpm/python-installation.patch @@ -0,0 +1,60 @@ +commit 353794feb596d95e3f8893e39b174c5a89d1013e +Author: Arthur Gautier +Date: Wed Feb 17 02:27:40 2021 +0000 + + python-install + + Signed-off-by: Arthur Gautier + +diff --git a/samples/Makefile.am b/samples/Makefile.am +index 7d69bf8..1803bb9 100644 +--- a/samples/Makefile.am ++++ b/samples/Makefile.am +@@ -39,19 +39,9 @@ python-uninstall: + $(PIP3) uninstall -y $(PY_PACKAGE_NAME) + + if PYTHON_INSTALLATION +-install-exec-local: $(PY_PACKAGE) +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Warning: Not installing python package to $(DESTDIR)$(bindir)"; \ +- else \ +- $(MAKE) python-install; \ +- fi ++install-exec-local: python-install + +-uninstall-local: +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Cleanup for distcheck build not implemented" ; \ +- else \ +- $(MAKE) python-uninstall; \ +- fi ++uninstall-local: python-uninstall + endif + + +diff --git a/src/swtpm_setup/Makefile.am b/src/swtpm_setup/Makefile.am +index 529eefe..533b1b3 100644 +--- a/src/swtpm_setup/Makefile.am ++++ b/src/swtpm_setup/Makefile.am +@@ -29,19 +29,9 @@ python-uninstall: + $(PIP3) uninstall -y $(PY_PACKAGE_NAME) + + if PYTHON_INSTALLATION +-install-exec-local: $(PY_PACKAGE) +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Warning: Not installing python package to $(DESTDIR)$(bindir)"; \ +- else \ +- $(MAKE) python-install; \ +- fi ++install-exec-local: python-install + +-uninstall-local: +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Cleanup for distcheck build not implemented" ; \ +- else \ +- $(MAKE) python-uninstall; \ +- fi ++uninstall-local: python-uninstall + endif + + # for out-of-tree builds we need to clean up diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 501e133984b8..cf5836fef407 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8221,6 +8221,8 @@ in swec = callPackage ../tools/networking/swec { }; + swtpm = callPackage ../tools/security/swtpm { }; + svn2git = callPackage ../applications/version-management/git-and-tools/svn2git { git = gitSVN; };