1 files changed, 28 insertions, 20 deletions
diff --git a/pkgs/by-name/li/libcamera/package.nix b/pkgs/by-name/li/libcamera/package.nix
index a6a0fe8fa7c35..c122f840df32e 100644
--- a/pkgs/by-name/li/libcamera/package.nix
+++ b/pkgs/by-name/li/libcamera/package.nix
@@ -1,7 +1,6 @@
 { stdenv
 , fetchgit
 , lib
-, fetchpatch
 , meson
 , ninja
 , pkg-config
@@ -10,7 +9,6 @@
 , libdrm
 , libevent
 , libyaml
-, lttng-ust
 , gst_all_1
 , gtest
 , graphviz
@@ -18,6 +16,8 @@
 , python3
 , python3Packages
 , systemd # for libudev
+, withTracing ? lib.meta.availableOn stdenv.hostPlatform lttng-ust
+, lttng-ust # withTracing
 , withQcam ? false
 , qt5 # withQcam
 , libtiff # withQcam
@@ -33,12 +33,24 @@ stdenv.mkDerivation rec {
     hash = "sha256-x0Im9m9MoACJhQKorMI34YQ+/bd62NdAPc2nWwaJAvM=";
   };
 
-  outputs = [ "out" "dev" "doc" ];
+  outputs = [ "out" "dev" ];
 
   postPatch = ''
     patchShebangs utils/
   '';
 
+  # libcamera signs the IPA module libraries at install time, but they are then
+  # modified by stripping and RPATH fixup. Therefore, we need to generate the
+  # signatures again ourselves. For reproducibility, we use a static private key.
+  #
+  # If this is not done, libcamera will still try to load them, but it will
+  # isolate them in separate processes, which can cause crashes for IPA modules
+  # that are not designed for this (notably ipa_rpi.so).
+  preBuild = ''
+    ninja src/ipa-priv-key.pem
+    install -D ${./ipa-priv-key.pem} src/ipa-priv-key.pem
+  '';
+
   strictDeps = true;
 
   buildInputs = [
@@ -56,14 +68,12 @@ stdenv.mkDerivation rec {
     # hotplugging
     systemd
 
-    # lttng tracing
-    lttng-ust
-
     # yamlparser
     libyaml
 
     gtest
-  ] ++ lib.optionals withQcam [ libtiff qt5.qtbase qt5.qttools ];
+  ] ++ lib.optionals withTracing [ lttng-ust ]
+    ++ lib.optionals withQcam [ libtiff qt5.qtbase qt5.qttools ];
 
   nativeBuildInputs = [
     meson
@@ -81,11 +91,16 @@ stdenv.mkDerivation rec {
 
   mesonFlags = [
     "-Dv4l2=true"
-    "-Dqcam=${if withQcam then "enabled" else "disabled"}"
+    (lib.mesonEnable "tracing" withTracing)
+    (lib.mesonEnable "qcam" withQcam)
     "-Dlc-compliance=disabled" # tries unconditionally to download gtest when enabled
     # Avoid blanket -Werror to evade build failures on less
     # tested compilers.
     "-Dwerror=false"
+    # Documentation breaks binary compatibility.
+    # Given that upstream also provides public documentation,
+    # we can disable it here.
+    "-Ddocumentation=disabled"
   ];
 
   # Fixes error on a deprecated declaration
@@ -94,21 +109,14 @@ stdenv.mkDerivation rec {
   # Silence fontconfig warnings about missing config
   FONTCONFIG_FILE = makeFontsConf { fontDirectories = [ ]; };
 
-  # libcamera signs the IPA module libraries at install time, but they are then
-  # modified by stripping and RPATH fixup. Therefore, we need to generate the
-  # signatures again ourselves.
-  #
-  # If this is not done, libcamera will still try to load them, but it will
-  # isolate them in separate processes, which can cause crashes for IPA modules
-  # that are not designed for this (notably ipa_rpi.so).
-  postFixup = ''
-    ../src/ipa/ipa-sign-install.sh src/ipa-priv-key.pem $out/lib/libcamera/ipa_*.so
-  '';
-
   meta = with lib; {
-    description = "An open source camera stack and framework for Linux, Android, and ChromeOS";
+    description = "Open source camera stack and framework for Linux, Android, and ChromeOS";
     homepage = "https://libcamera.org";
     license = licenses.lgpl2Plus;
     maintainers = with maintainers; [ citadelcore ];
+    badPlatforms = [
+      # Mandatory shared libraries.
+      lib.systems.inspect.platformPatterns.isStatic
+    ];
   };
 }