jitterentropy: init at 2.1.2

3 files changed, 37 insertions, 1 deletions

diff --git a/pkgs/development/libraries/jitterentropy/default.nix b/pkgs/development/libraries/jitterentropy/default.nix
new file mode 100644
index 00000000000..175097ef785
--- /dev/null
+++ b/pkgs/development/libraries/jitterentropy/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub }:
+stdenv.mkDerivation rec {
+  name = "jitterentropy-${version}";
+  version = "2.1.2";
+
+  src = fetchFromGitHub {
+    owner = "smuellerDD";
+    repo = "jitterentropy-library";
+    rev = "v${version}";
+    sha256 = "10yl1hi0hysr53wzy2i8brs0qqnxh46mz3dcjh5mk0ad03wvbfsl";
+  };
+
+  enableParallelBuilding = true;
+
+  preInstall = ''
+    mkdir -p $out/include
+  '';
+
+  installFlags = [
+    "PREFIX=$(out)"
+  ];
+
+  meta = {
+    description = "Provides a noise source using the CPU execution timing jitter";
+    homepage = https://github.com/smuellerDD/jitterentropy-library;
+    license = with stdenv.lib.licenses; [ gpl2 bsd3 ];
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ johnazoidberg ];
+  };
+}
diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index 3a6c1cecdf1..86a5a1b7c39 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -5,6 +5,9 @@
 , curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
   # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
 , libgcrypt ? null, withGcrypt ? true
+  # Not sure if jitterentropy is safe to use for cryptography
+  # and thus a default entropy source
+, jitterentropy ? null, withJitterEntropy ? false
 }:
 with stdenv.lib;
 stdenv.mkDerivation rec {
@@ -23,11 +26,12 @@ stdenv.mkDerivation rec {
   preConfigure = "./autogen.sh";
 
   configureFlags =
-       [ "--disable-jitterentropy" ]
+       optional (!withJitterEntropy) "--disable-jitterentropy"
     ++ optional (!withNistBeacon) "--without-nistbeacon"
     ++ optional (!withGcrypt) "--without-libgcrypt";
 
   buildInputs = [ sysfsutils ]
+    ++ optional withJitterEntropy [ jitterentropy ]
     ++ optional withGcrypt [ libgcrypt.dev ]
     ++ optional withNistBeacon [ openssl.dev curl.dev libxml2.dev ];
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5d3fa9f5aa5..2864eec394d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3459,6 +3459,8 @@ with pkgs;
 
   jira-cli = callPackage ../development/tools/jira_cli { };
 
+  jitterentropy = callPackage ../development/libraries/jitterentropy { };
+
   jl = haskellPackages.callPackage ../development/tools/jl { };
 
   jmespath = callPackage ../development/tools/jmespath { };