diff options
author | Luflosi <luflosi@luflosi.de> | 2021-10-15 15:37:12 +0200 |
---|---|---|
committer | Luflosi <luflosi@luflosi.de> | 2021-10-15 15:47:09 +0200 |
commit | 960ae854b587bc81cf5e6e9638779f908ac81a58 (patch) | |
tree | 6692e0bf67566c031685d2bd628d2d953edd2a33 /pkgs/tools/security/swtpm | |
parent | dcfa5952754e5cc6cbbf7df40b62aabb3792bdc9 (diff) |
swtpm: improvements for use with libvirt
Before, the state directory was set to a path in the Nix store, which isn't writable and so makes for a terrible directory for storing state. See https://github.com/NixOS/nixpkgs/issues/141224 for a more detailed explanation. Also, swtpm-localca tried to use certtool from the environment. Change the path so it refers directly to certtool in the Nix store.
Diffstat (limited to 'pkgs/tools/security/swtpm')
-rw-r--r-- | pkgs/tools/security/swtpm/default.nix | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix index daceff1486e3c..fa2d774e1174b 100644 --- a/pkgs/tools/security/swtpm/default.nix +++ b/pkgs/tools/security/swtpm/default.nix @@ -42,8 +42,21 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-cuse" + "--localstatedir=/var" ]; + prePatch = '' + # Makefile tries to create the directory /var/lib/swtpm-localcafor, which fails + substituteInPlace samples/Makefile.am \ + --replace 'install-data-local:' 'do-not-execute:' + + # Use the correct path to the certtool binary + # instead of relying on it being in the environment + substituteInPlace samples/swtpm_localca.c --replace \ + '# define CERTTOOL_NAME "certtool"' \ + '# define CERTTOOL_NAME "${gnutls}/bin/certtool"' + ''; + enableParallelBuilding = true; outputs = [ "out" "man" ]; |