112 lines
4 KiB
Nix
112 lines
4 KiB
Nix
|
{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, fetchurl, cmake, zlib, perl, libevent }:
|
|||
|
let
|
|||
|
versions = builtins.fromJSON (builtins.readFile ./versions.json);
|
|||
|
|
|||
|
fetchGitilesPatch = { name, url, sha256 }:
|
|||
|
fetchurl {
|
|||
|
url = "${url}%5E%21?format=TEXT";
|
|||
|
inherit name sha256;
|
|||
|
downloadToTemp = true;
|
|||
|
postFetch = ''
|
|||
|
base64 -d < $downloadedFile > $out
|
|||
|
'';
|
|||
|
};
|
|||
|
|
|||
|
# lsquic requires a specific boringssl version (noted in its README)
|
|||
|
boringssl' = boringssl.overrideAttrs ({ preBuild, ... }: {
|
|||
|
version = versions.boringssl.rev;
|
|||
|
src = fetchgit {
|
|||
|
url = "https://boringssl.googlesource.com/boringssl";
|
|||
|
inherit (versions.boringssl) rev sha256;
|
|||
|
};
|
|||
|
|
|||
|
patches = [
|
|||
|
# Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem
|
|||
|
./use-etc-ssl-certs.patch
|
|||
|
|
|||
|
# because lsquic requires that specific boringssl version and that
|
|||
|
# version does not yet include fixes for gcc11 build errors, they
|
|||
|
# must be backported
|
|||
|
(fetchGitilesPatch {
|
|||
|
name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch";
|
|||
|
url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920";
|
|||
|
sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj";
|
|||
|
})
|
|||
|
(fetchGitilesPatch {
|
|||
|
name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch";
|
|||
|
url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2";
|
|||
|
sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm";
|
|||
|
})
|
|||
|
/*
|
|||
|
# the following patch is too complex, so we will modify the build flags
|
|||
|
# of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild
|
|||
|
# and turn off -Werror=stringop-overflow
|
|||
|
(fetchGitilesPatch {
|
|||
|
name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch";
|
|||
|
url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc";
|
|||
|
sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr";
|
|||
|
})
|
|||
|
*/
|
|||
|
(fetchGitilesPatch {
|
|||
|
name = "fix-array-parameter-warnings.patch";
|
|||
|
url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804";
|
|||
|
sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv";
|
|||
|
})
|
|||
|
];
|
|||
|
|
|||
|
preBuild = ''
|
|||
|
${preBuild}
|
|||
|
sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \
|
|||
|
-i build.ninja
|
|||
|
'';
|
|||
|
});
|
|||
|
in
|
|||
|
stdenv.mkDerivation rec {
|
|||
|
pname = "lsquic";
|
|||
|
version = versions.lsquic.version;
|
|||
|
|
|||
|
src = fetchFromGitHub {
|
|||
|
owner = "litespeedtech";
|
|||
|
repo = pname;
|
|||
|
rev = "v${version}";
|
|||
|
inherit (versions.lsquic) sha256;
|
|||
|
fetchSubmodules = true;
|
|||
|
};
|
|||
|
|
|||
|
nativeBuildInputs = [ cmake perl ];
|
|||
|
buildInputs = [ boringssl' libevent zlib ];
|
|||
|
|
|||
|
cmakeFlags = [
|
|||
|
"-DBORINGSSL_DIR=${lib.getDev boringssl'}"
|
|||
|
"-DBORINGSSL_LIB_crypto=${lib.getLib boringssl'}/lib/libcrypto.a"
|
|||
|
"-DBORINGSSL_LIB_ssl=${lib.getLib boringssl'}/lib/libssl.a"
|
|||
|
"-DZLIB_LIB=${zlib}/lib/libz.so"
|
|||
|
];
|
|||
|
|
|||
|
# adapted from lsquic.cr’s Dockerfile
|
|||
|
# (https://github.com/iv-org/lsquic.cr/blob/master/docker/Dockerfile)
|
|||
|
installPhase = ''
|
|||
|
runHook preInstall
|
|||
|
|
|||
|
mkdir combinedlib
|
|||
|
cd combinedlib
|
|||
|
ar -x ${lib.getLib boringssl'}/lib/libssl.a
|
|||
|
ar -x ${lib.getLib boringssl'}/lib/libcrypto.a
|
|||
|
ar -x ../src/liblsquic/liblsquic.a
|
|||
|
ar rc liblsquic.a *.o
|
|||
|
ranlib liblsquic.a
|
|||
|
install -D liblsquic.a $out/lib/liblsquic.a
|
|||
|
|
|||
|
runHook postInstall
|
|||
|
'';
|
|||
|
|
|||
|
passthru.boringssl = boringssl';
|
|||
|
|
|||
|
meta = with lib; {
|
|||
|
description = "A library for QUIC and HTTP/3 (version for Invidious)";
|
|||
|
homepage = "https://github.com/litespeedtech/lsquic";
|
|||
|
maintainers = with maintainers; [ infinisil sbruder ];
|
|||
|
license = with licenses; [ openssl isc mit bsd3 ]; # statically links against boringssl, so has to include its licenses
|
|||
|
};
|
|||
|
}
|