amtterm: enable SSL support

Current versions of Intel AMT/vPro only support connecting over SSL, but
our current amtterm version isn't built with SSL support.

Set the `USE_OPENSSL=1` makeFlag and add openssl and pkg-config.

It adds an additional `-C cacert` parameter, which needs to point to
a previously downloaded server certificate.

The server certificate can be retrieved with
`openssl s_client -showcerts -connect $host:16995`.

However, due to the use of `UnsafeLegacyRenegotiation`, `OPENSSL_CONF`
needs to point to a text file explicitly allowing this:

```
openssl_conf = default_conf

[ default_conf ]
ssl_conf = ssl_sect

[ssl_sect]
system_default = ssl_default_sect

[ssl_default_sect]
Options = UnsafeLegacyRenegotiation
```

With this, I'm able to connect to `/dev/ttyS2` inside the host:

```
❯ AMT_PASSWORD='supersecret' amtterm $host 16995 -C cert.pem
amtterm: NONE -> CONNECT (connection to host)
ipv4 $ip [$ip] 16995 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> AUTH (session authentication)
amtterm: AUTH -> INIT_SOL (serial-over-lan initialization)
amtterm: INIT_SOL -> RUN_SOL (serial-over-lan active)
serial-over-lan redirection ok
connected now, use ^] to escape
Hello World
```

1 files changed, 16 insertions, 14 deletions

diff --git a/pkgs/tools/system/amtterm/default.nix b/pkgs/tools/system/amtterm/default.nix
index 1dd26e5b3c1b..caa030b8c65f 100644
--- a/pkgs/tools/system/amtterm/default.nix
+++ b/pkgs/tools/system/amtterm/default.nix
@@ -1,27 +1,29 @@
-{ fetchurl, lib, stdenv, makeWrapper, perl, perlPackages }:
+{ fetchFromGitHub, lib, stdenv, makeWrapper, openssl, perl, perlPackages, pkg-config }:
 
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "amtterm";
-  version = "1.7-1";
+  version = "1.7-1-unstable-2023-10-27";
 
-  buildInputs = with perlPackages; [ perl SOAPLite ];
-  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = (with perlPackages; [ perl SOAPLite ]) ++ [ openssl ];
+  nativeBuildInputs = [ makeWrapper pkg-config ];
 
-  src = fetchurl {
-    url = "https://www.kraxel.org/cgit/amtterm/snapshot/amtterm-${finalAttrs.version}.tar.gz";
-    sha256 = "sha256-WrYWAXLW74hb/DfSiPyiFIGAUfDQFdNEPx+XevZYcyk=";
+  src = fetchFromGitHub {
+    owner = "kraxel";
+    repo = "amtterm";
+    rev = "ed5da502cbb150982ad982211ad9475414b8689a";
+    hash = "sha256-JwS2agmJJ6VcGLkNbkFRb5bzKV8el1DMDjalmLnOdE8=";
   };
 
-  makeFlags = [ "prefix=$(out)" "STRIP=" ];
+  makeFlags = [ "prefix=$(out)" "STRIP=" "USE_OPENSSL=1" ];
 
   postInstall =
     "wrapProgram $out/bin/amttool --prefix PERL5LIB : $PERL5LIB";
 
-  meta = with lib;
-    { description = "Intel AMT® SoL client + tools";
-      homepage = "https://www.kraxel.org/cgit/amtterm/";
-      license = licenses.gpl2Plus;
-      platforms = platforms.linux;
-    };
+  meta = {
+    description = "Intel AMT® SoL client + tools";
+    homepage = "https://www.kraxel.org/cgit/amtterm/";
+    license = lib.licenses.gpl2Plus;
+    platforms = lib.platforms.linux;
+  };
 })