about summary refs log tree commit diff
path: root/pkgs/development/libraries/gpgme/default.nix
blob: 45df332bc0caf492b103c6c288f7cb8214b8b96d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{
  lib,
  stdenv,
  fetchurl,
  autoreconfHook,
  libgpg-error,
  gnupg,
  pkg-config,
  glib,
  pth,
  libassuan,
  which,
  ncurses,
  texinfo,
  buildPackages,
  qtbase ? null,
  pythonSupport ? false,
  swig ? null,
  # only for passthru.tests
  libsForQt5,
  qt6Packages,
  python3,
}:

stdenv.mkDerivation rec {
  pname = "gpgme";
  version = "1.23.2";
  pyproject = true;

  outputs = [
    "out"
    "dev"
    "info"
  ];

  outputBin = "dev"; # gpgme-config; not so sure about gpgme-tool

  src = fetchurl {
    url = "mirror://gnupg/gpgme/gpgme-${version}.tar.bz2";
    hash = "sha256-lJnosfM8zLaBVSehvBYEnTWmGYpsX64BhfK9VhvOUiQ=";
  };

  patches = [
    # Support Python 3.10-3.12, remove distutils, https://dev.gnupg.org/D545
    ./python-310-312-remove-distutils.patch
    # Fix a test after disallowing compressed signatures in gpg (PR #180336)
    ./test_t-verify_double-plaintext.patch
    # Don't use deprecated LFS64 APIs (removed in musl 1.2.4)
    # https://dev.gnupg.org/D600
    ./LFS64.patch
  ];

  postPatch = ''
    # autoconf's beta detection requires a git repo to work
    # and otherwise appends -unknown to the version number used in the python package which pip stumbles upon
    substituteInPlace autogen.sh \
      --replace-fail 'tmp="-unknown"' 'tmp=""'
  '';

  nativeBuildInputs =
    [
      autoreconfHook
      gnupg
      pkg-config
      texinfo
    ]
    ++ lib.optionals pythonSupport [
      python3.pythonOnBuildForHost
      python3.pkgs.pip
      python3.pkgs.setuptools
      python3.pkgs.wheel
      ncurses
      swig
      which
    ];

  buildInputs = lib.optionals pythonSupport [ python3 ];

  propagatedBuildInputs = [
    glib
    libassuan
    libgpg-error
    pth
  ] ++ lib.optionals (qtbase != null) [ qtbase ];

  nativeCheckInputs = [ which ];

  depsBuildBuild = [ buildPackages.stdenv.cc ];

  dontWrapQtApps = true;

  configureFlags =
    [
      "--enable-fixed-path=${gnupg}/bin"
      "--with-libgpg-error-prefix=${libgpg-error.dev}"
      "--with-libassuan-prefix=${libassuan.dev}"
    ]
    ++ lib.optional pythonSupport "--enable-languages=python"
    # Tests will try to communicate with gpg-agent instance via a UNIX socket
    # which has a path length limit. Nix on darwin is using a build directory
    # that already has quite a long path and the resulting socket path doesn't
    # fit in the limit. https://github.com/NixOS/nix/pull/1085
    ++ lib.optionals stdenv.hostPlatform.isDarwin [ "--disable-gpg-test" ];

  env.NIX_CFLAGS_COMPILE = toString (
    # qgpgme uses Q_ASSERT which retains build inputs at runtime unless
    # debugging is disabled
    lib.optional (qtbase != null) "-DQT_NO_DEBUG"
    # https://www.gnupg.org/documentation/manuals/gpgme/Largefile-Support-_0028LFS_0029.html
    ++ lib.optional stdenv.hostPlatform.is32bit "-D_FILE_OFFSET_BITS=64"
  );

  enableParallelBuilding = true;

  # prevent tests from being run during the buildPhase
  makeFlags = [ "tests=" ];

  doCheck = true;

  checkFlags = [
    "-C"
    "tests"
  ];

  passthru.tests = {
    python = python3.pkgs.gpgme;
    qt5 = libsForQt5.qgpgme;
    qt6 = qt6Packages.qgpgme;
  };

  meta = with lib; {
    homepage = "https://gnupg.org/software/gpgme/index.html";
    changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;f=NEWS;hb=gpgme-${version}";
    description = "Library for making GnuPG easier to use";
    longDescription = ''
      GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
      easier for applications. It provides a High-Level Crypto API for
      encryption, decryption, signing, signature verification and key
      management.
    '';
    license = with licenses; [
      lgpl21Plus
      gpl3Plus
    ];
    platforms = platforms.unix;
    maintainers = with maintainers; [ dotlambda ];
  };
}