swtpm: improvements for use with libvirt

Before, the state directory was set to a path in the Nix store, which isn't writable and so makes for a terrible directory for storing state. See https://github.com/NixOS/nixpkgs/issues/141224 for a more detailed explanation.
Also, swtpm-localca tried to use certtool from the environment. Change the path so it refers directly to certtool in the Nix store.

1 files changed, 13 insertions, 0 deletions

diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix
index daceff1486e..fa2d774e117 100644
--- a/pkgs/tools/security/swtpm/default.nix
+++ b/pkgs/tools/security/swtpm/default.nix
@@ -42,8 +42,21 @@ stdenv.mkDerivation rec {
 
   configureFlags = [
     "--with-cuse"
+    "--localstatedir=/var"
   ];
 
+  prePatch = ''
+    # Makefile tries to create the directory /var/lib/swtpm-localcafor, which fails
+    substituteInPlace samples/Makefile.am \
+        --replace 'install-data-local:' 'do-not-execute:'
+
+    # Use the correct path to the certtool binary
+    # instead of relying on it being in the environment
+    substituteInPlace samples/swtpm_localca.c --replace \
+        '# define CERTTOOL_NAME "certtool"' \
+        '# define CERTTOOL_NAME "${gnutls}/bin/certtool"'
+  '';
+
   enableParallelBuilding = true;
 
   outputs = [ "out" "man" ];