|
|
|
@ -1,11 +1,19 @@ |
|
|
|
|
{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, cmake, zlib, perl, libevent, gcc10Stdenv, buildGoModule }: |
|
|
|
|
{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, fetchurl, cmake, zlib, perl, libevent }: |
|
|
|
|
let |
|
|
|
|
versions = builtins.fromJSON (builtins.readFile ./versions.json); |
|
|
|
|
|
|
|
|
|
buildGoModuleGcc10 = buildGoModule.override { stdenv = gcc10Stdenv; }; |
|
|
|
|
fetchGitilesPatch = { name, url, sha256 }: |
|
|
|
|
fetchurl { |
|
|
|
|
url = "${url}%5E%21?format=TEXT"; |
|
|
|
|
inherit name sha256; |
|
|
|
|
downloadToTemp = true; |
|
|
|
|
postFetch = '' |
|
|
|
|
base64 -d < $downloadedFile > $out |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
# lsquic requires a specific boringssl version (noted in its README) |
|
|
|
|
boringssl' = (boringssl.overrideAttrs (old: { |
|
|
|
|
boringssl' = boringssl.overrideAttrs ({ preBuild, ... }: { |
|
|
|
|
version = versions.boringssl.rev; |
|
|
|
|
src = fetchgit { |
|
|
|
|
url = "https://boringssl.googlesource.com/boringssl"; |
|
|
|
@ -15,10 +23,43 @@ let |
|
|
|
|
patches = [ |
|
|
|
|
# Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem |
|
|
|
|
./use-etc-ssl-certs.patch |
|
|
|
|
|
|
|
|
|
# because lsquic requires that specific boringssl version and that |
|
|
|
|
# version does not yet include fixes for gcc11 build errors, they |
|
|
|
|
# must be backported |
|
|
|
|
(fetchGitilesPatch { |
|
|
|
|
name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch"; |
|
|
|
|
url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920"; |
|
|
|
|
sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj"; |
|
|
|
|
}) |
|
|
|
|
(fetchGitilesPatch { |
|
|
|
|
name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch"; |
|
|
|
|
url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2"; |
|
|
|
|
sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm"; |
|
|
|
|
}) |
|
|
|
|
/* |
|
|
|
|
# the following patch is too complex, so we will modify the build flags |
|
|
|
|
# of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild |
|
|
|
|
# and turn off -Werror=stringop-overflow |
|
|
|
|
(fetchGitilesPatch { |
|
|
|
|
name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch"; |
|
|
|
|
url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc"; |
|
|
|
|
sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr"; |
|
|
|
|
}) |
|
|
|
|
*/ |
|
|
|
|
(fetchGitilesPatch { |
|
|
|
|
name = "fix-array-parameter-warnings.patch"; |
|
|
|
|
url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804"; |
|
|
|
|
sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv"; |
|
|
|
|
}) |
|
|
|
|
]; |
|
|
|
|
})).override { |
|
|
|
|
buildGoModule = buildGoModuleGcc10; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
preBuild = '' |
|
|
|
|
${preBuild} |
|
|
|
|
sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \ |
|
|
|
|
-i build.ninja |
|
|
|
|
''; |
|
|
|
|
}); |
|
|
|
|
in |
|
|
|
|
stdenv.mkDerivation rec { |
|
|
|
|
pname = "lsquic"; |
|
|
|
|