summary refs log tree commit diff
path: root/pkgs/development/libraries/mbedtls/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/mbedtls/default.nix')
-rw-r--r--pkgs/development/libraries/mbedtls/default.nix55
1 files changed, 18 insertions, 37 deletions
diff --git a/pkgs/development/libraries/mbedtls/default.nix b/pkgs/development/libraries/mbedtls/default.nix
index 152d7bdc37b..a1a096b096d 100644
--- a/pkgs/development/libraries/mbedtls/default.nix
+++ b/pkgs/development/libraries/mbedtls/default.nix
@@ -1,7 +1,16 @@
-{ stdenv, fetchFromGitHub, perl }:
+{ stdenv
+, fetchFromGitHub
+
+, cmake
+, ninja
+, perl # Project uses Perl for scripting and testing
+
+, enableThreading ? true # Threading can be disabled to increase security https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+}:
 
 stdenv.mkDerivation rec {
-  name = "mbedtls-2.11.0";
+  name = "mbedtls-${version}";
+  version = "2.11.0";
 
   src = fetchFromGitHub {
     owner = "ARMmbed";
@@ -10,47 +19,19 @@ stdenv.mkDerivation rec {
     sha256 = "1d4a0jc08q3h051amv8hhh3hmqp4f1rk5z7ffyfs2g8dassm78ir";
   };
 
-  nativeBuildInputs = [ perl ];
-
-  postPatch = ''
-    patchShebangs .
-  '' + stdenv.lib.optionalString stdenv.isDarwin ''
-    substituteInPlace library/Makefile --replace "-soname" "-install_name"
-    substituteInPlace tests/scripts/run-test-suites.pl --replace "LD_LIBRARY_PATH" "DYLD_LIBRARY_PATH"
-    # Necessary for install_name_tool below
-    echo "LOCAL_LDFLAGS += -headerpad_max_install_names" >> programs/Makefile
-  '';
+  nativeBuildInputs = [ cmake ninja perl ];
 
-  makeFlags = [
-    "SHARED=1"
-  ] ++ stdenv.lib.optionals stdenv.isDarwin [
-    "DLEXT=dylib"
-  ];
-
-  installFlags = [
-    "DESTDIR=\${out}"
-  ];
-
-  postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
-    install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $out/lib/libmbedtls.dylib
-    install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $out/lib/libmbedx509.dylib
-    install_name_tool -change libmbedx509.dylib $out/lib/libmbedx509.dylib $out/lib/libmbedtls.dylib
-
-    for exe in $out/bin/*; do
-      if [[ $exe != *.sh ]]; then
-        install_name_tool -change libmbedtls.dylib $out/lib/libmbedtls.dylib $exe
-        install_name_tool -change libmbedx509.dylib $out/lib/libmbedx509.dylib $exe
-        install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $exe
-      fi
-    done
+  postConfigure = stdenv.lib.optionals enableThreading ''
+    perl scripts/config.pl set MBEDTLS_THREADING_C    # Threading abstraction layer
+    perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD    # POSIX thread wrapper layer for the threading layer.
   '';
 
-  doCheck = true;
+  cmakeFlags = [ "-DUSE_SHARED_MBEDTLS_LIBRARY=on" ];
 
   meta = with stdenv.lib; {
     homepage = https://tls.mbed.org/;
-    description = "Portable cryptographic and SSL/TLS library, aka polarssl";
-    license = licenses.gpl3;
+    description = "Portable cryptographic and TLS library, formerly known as PolarSSL";
+    license = licenses.asl20;
     platforms = platforms.all;
     maintainers = with maintainers; [ wkennington fpletz ];
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-29 10:05:27 +0000