pkgs/by-name/tp/tpm2-pkcs11/package.nix

   1 {
   2   stdenv,
   3   lib,
   4   fetchFromGitHub,
   5   pkg-config,
   6   autoreconfHook,
   7   autoconf-archive,
   8   makeWrapper,
   9   patchelf,
  10   tpm2-tss,
  11   tpm2-tools,
  12   opensc,
  13   openssl,
  14   sqlite,
  15   python3,
  16   glibc,
  17   libyaml,
  18   abrmdSupport ? true,
  19   tpm2-abrmd ? null,
  20   fapiSupport ? true,
  21 }:
  22
  23 stdenv.mkDerivation rec {
  24   pname = "tpm2-pkcs11";
  25   version = "1.9.0";
  26
  27   src = fetchFromGitHub {
  28     owner = "tpm2-software";
  29     repo = pname;
  30     rev = version;
  31     sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk=";
  32   };
  33
  34   patches = [
  35     ./version.patch
  36     ./graceful-fapi-fail.patch
  37   ];
  38
  39   # The preConfigure phase doesn't seem to be working here
  40   # ./bootstrap MUST be executed as the first step, before all
  41   # of the autoreconfHook stuff
  42   postPatch = ''
  43     echo ${version} > VERSION
  44     ./bootstrap
  45   '';
  46
  47   configureFlags = lib.optionals (!fapiSupport) [
  48     # Note: this will be renamed to with-fapi in next release.
  49     "--enable-fapi=no"
  50   ];
  51
  52   nativeBuildInputs = [
  53     pkg-config
  54     autoreconfHook
  55     autoconf-archive
  56     makeWrapper
  57     patchelf
  58   ];
  59   buildInputs = [
  60     tpm2-tss
  61     tpm2-tools
  62     opensc
  63     openssl
  64     sqlite
  65     libyaml
  66     (python3.withPackages (
  67       ps: with ps; [
  68         packaging
  69         pyyaml
  70         cryptography
  71         pyasn1-modules
  72         tpm2-pytss
  73       ]
  74     ))
  75   ];
  76
  77   outputs = [
  78     "out"
  79     "bin"
  80     "dev"
  81   ];
  82
  83   dontStrip = true;
  84   dontPatchELF = true;
  85
  86   # To be able to use the userspace resource manager, the RUNPATH must
  87   # explicitly include the tpm2-abrmd shared libraries.
  88   preFixup =
  89     let
  90       rpath = lib.makeLibraryPath (
  91         (lib.optional abrmdSupport tpm2-abrmd)
  92         ++ [
  93           tpm2-tss
  94           sqlite
  95           openssl
  96           glibc
  97           libyaml
  98         ]
  99       );
 100     in
 101     ''
 102       patchelf \
 103         --set-rpath ${rpath} \
 104         ${lib.optionalString abrmdSupport "--add-needed ${lib.makeLibraryPath [ tpm2-abrmd ]}/libtss2-tcti-tabrmd.so"} \
 105         --add-needed ${lib.makeLibraryPath [ tpm2-tss ]}/libtss2-tcti-device.so \
 106         $out/lib/libtpm2_pkcs11.so.0.0.0
 107     '';
 108
 109   postInstall = ''
 110     mkdir -p $bin/bin/ $bin/share/tpm2_pkcs11/
 111     mv ./tools/* $bin/share/tpm2_pkcs11/
 112     makeWrapper $bin/share/tpm2_pkcs11/tpm2_ptool.py $bin/bin/tpm2_ptool \
 113       --prefix PATH : ${lib.makeBinPath [ tpm2-tools ]}
 114   '';
 115
 116   meta = with lib; {
 117     description = "PKCS#11 interface for TPM2 hardware";
 118     homepage = "https://github.com/tpm2-software/tpm2-pkcs11";
 119     license = licenses.bsd2;
 120     platforms = platforms.linux;
 121     maintainers = [ ];
 122     mainProgram = "tpm2_ptool";
 123   };
 124 }