search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.59k stars 13.74k forks source link

Package request: aws-lc #306992

Open juliusrickert opened 5 months ago

juliusrickert commented 5 months ago

Project description

AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project. AWS-LC contains portable C implementations of algorithms needed for TLS and common applications. For performance critical algorithms, optimized assembly versions are included for x86 and ARM.

The library seems to be part of awscli2's dependencies. This may help with packaging.

HAProxy supports AWS-LC as an SSL library.

Metadata

Add a :+1: reaction to issues you find important.

marsam commented 4 months ago

I think you can use the following:

# pkgs/by-name/aw/aws-lc/package.nix
{ lib, stdenv, buildGoModule, cmake, fetchFromGitHub, ninja, testers, aws-lc }:

buildGoModule rec {
  pname = "aws-lc";
  version = "1.27.0";

  src = fetchFromGitHub {
    owner = "aws";
    repo = "aws-lc";
    rev = "v${version}";
    hash = "sha256-B5Rt1J2vTqTaI6JyYWmfxGbsNJJHql8rg0b/ysVbHng=";
  };

  vendorHash = "sha256-hHWsEXOOxJttX+k0gy/QXvR+yhQLBjE40QIOpwCNpFU=";

  proxyVendor = true;

  outputs = [ "out" "bin" "dev" ];

  nativeBuildInputs = [
    cmake
    ninja
  ];

  preBuild = ''
    # hack to get both go and cmake configure phase
    # (if we use postConfigure then cmake will loop runHook postConfigure)
    cmakeConfigurePhase
  '';

  cmakeFlags = [
    "-DBUILD_SHARED_LIBS=ON"
    "-GNinja"
  ];

  env.NIX_CFLAGS_COMPILE = toString (lib.optionals stdenv.cc.isGNU [
    # Needed with GCC 12 but breaks on darwin (with clang)
    "-Wno-error=stringop-overflow"
  ]);

  buildPhase = "ninjaBuildPhase";

  installPhase = "ninjaInstallPhase";

  postFixup = ''
    for f in $out/lib/crypto/cmake/*/crypto-targets.cmake; do
      substituteInPlace "$f" \
        --replace-fail 'INTERFACE_INCLUDE_DIRECTORIES "''${_IMPORT_PREFIX}/include"' 'INTERFACE_INCLUDE_DIRECTORIES ""'
    done
  '';

  passthru.tests = {
    version = testers.testVersion {
      package = aws-lc;
      command = "bssl version";
    };
    pkg-config = testers.hasPkgConfigModules {
      package = aws-lc;
      moduleNames = [ "libcrypto" "libssl" "openssl" ];
    };
  };

  meta = with lib; {
    description = "General-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers";
    homepage = "https://github.com/aws/aws-lc";
    license = [ licenses.asl20 /* or */ licenses.isc ];
    maintainers = [ ];
    platforms = platforms.all;
    mainProgram = "bssl";
  };
}

The library seems to be part of awscli2's dependencies. This may help with packaging.

Yes, but s2n-tls propagates OpenSSL, so awscrt will still link OpenSSL's libcrypto regardless.