summary refs log tree commit diff
path: root/pkgs/tools/security/rng-tools/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/rng-tools/default.nix')
-rw-r--r--pkgs/tools/security/rng-tools/default.nix6
1 files changed, 5 insertions, 1 deletions
diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index 3a6c1cecdf1..86a5a1b7c39 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -5,6 +5,9 @@
 , curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
   # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
 , libgcrypt ? null, withGcrypt ? true
+  # Not sure if jitterentropy is safe to use for cryptography
+  # and thus a default entropy source
+, jitterentropy ? null, withJitterEntropy ? false
 }:
 with stdenv.lib;
 stdenv.mkDerivation rec {
@@ -23,11 +26,12 @@ stdenv.mkDerivation rec {
   preConfigure = "./autogen.sh";
 
   configureFlags =
-       [ "--disable-jitterentropy" ]
+       optional (!withJitterEntropy) "--disable-jitterentropy"
     ++ optional (!withNistBeacon) "--without-nistbeacon"
     ++ optional (!withGcrypt) "--without-libgcrypt";
 
   buildInputs = [ sysfsutils ]
+    ++ optional withJitterEntropy [ jitterentropy ]
     ++ optional withGcrypt [ libgcrypt.dev ]
     ++ optional withNistBeacon [ openssl.dev curl.dev libxml2.dev ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-30 17:41:09 +0000