about summary refs log tree commit diff
path: root/third_party/overlays/patches/tpm2-pkcs11.nix
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/overlays/patches/tpm2-pkcs11.nix')
-rw-r--r--third_party/overlays/patches/tpm2-pkcs11.nix105
1 files changed, 105 insertions, 0 deletions
diff --git a/third_party/overlays/patches/tpm2-pkcs11.nix b/third_party/overlays/patches/tpm2-pkcs11.nix
new file mode 100644
index 000000000000..2e7db7aca3bb
--- /dev/null
+++ b/third_party/overlays/patches/tpm2-pkcs11.nix
@@ -0,0 +1,105 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, substituteAll
+, pkg-config
+, autoreconfHook
+, autoconf-archive
+, makeWrapper
+, patchelf
+, tpm2-tss
+, tpm2-tools
+, opensc
+, openssl
+, sqlite
+, python3
+, glibc
+, libyaml
+, abrmdSupport ? true
+, tpm2-abrmd ? null
+}:
+
+stdenv.mkDerivation rec {
+  pname = "tpm2-pkcs11";
+  version = "1.8.0";
+
+  src = fetchFromGitHub {
+    owner = "tpm2-software";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-f5wi0nIM071yaQCwPkY1agKc7OEQa/IxHJc4V2i0Q9I=";
+  };
+
+  patches = lib.singleton (
+    substituteAll {
+      src = ./0001-configure-ac-version.patch;
+      VERSION = version;
+    });
+
+  # The preConfigure phase doesn't seem to be working here
+  # ./bootstrap MUST be executed as the first step, before all
+  # of the autoreconfHook stuff
+  postPatch = ''
+    ./bootstrap
+  '';
+
+  nativeBuildInputs = [
+    pkg-config
+    autoreconfHook
+    autoconf-archive
+    makeWrapper
+    patchelf
+  ];
+  buildInputs = [
+    tpm2-tss
+    tpm2-tools
+    opensc
+    openssl
+    sqlite
+    libyaml
+    (python3.withPackages (ps: with ps; [ packaging pyyaml cryptography pyasn1-modules tpm2-pytss ]))
+  ];
+
+  outputs = [ "out" "bin" "dev" ];
+
+  dontStrip = true;
+  dontPatchELF = true;
+
+  # To be able to use the userspace resource manager, the RUNPATH must
+  # explicitly include the tpm2-abrmd shared libraries.
+  preFixup =
+    let
+      rpath = lib.makeLibraryPath (
+        (lib.optional abrmdSupport tpm2-abrmd)
+        ++ [
+          tpm2-tss
+          sqlite
+          openssl
+          glibc
+          libyaml
+        ]
+      );
+    in
+    ''
+      patchelf \
+        --set-rpath ${rpath} \
+        ${lib.optionalString abrmdSupport "--add-needed ${lib.makeLibraryPath [tpm2-abrmd]}/libtss2-tcti-tabrmd.so"} \
+        --add-needed ${lib.makeLibraryPath [tpm2-tss]}/libtss2-tcti-device.so \
+        $out/lib/libtpm2_pkcs11.so.0.0.0
+    '';
+
+  postInstall = ''
+    mkdir -p $bin/bin/ $bin/share/tpm2_pkcs11/
+    mv ./tools/* $bin/share/tpm2_pkcs11/
+    makeWrapper $bin/share/tpm2_pkcs11/tpm2_ptool.py $bin/bin/tpm2_ptool \
+      --prefix PATH : ${lib.makeBinPath [ tpm2-tools ]}
+  '';
+
+  meta = with lib; {
+    description = "A PKCS#11 interface for TPM2 hardware";
+    homepage = "https://github.com/tpm2-software/tpm2-pkcs11";
+    license = licenses.bsd2;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ matthiasbeyer ];
+  };
+}