step-ca: Add option to disable HSM support

2021-02-18 13:01:26 +01:00 · 2021-02-18 13:01:26 +01:00 · 2d821cb5c0
parent 106b8616f7
commit 2d821cb5c0
1 changed files with 8 additions and 3 deletions
--- a/pkgs/tools/security/step-ca/default.nix
+++ b/pkgs/tools/security/step-ca/default.nix
@ -6,6 +6,7 @@
 , pcsclite
 , PCSC
 , pkg-config
+, hsmSupport ? true
 }:

 buildGoModule rec {
@ -21,16 +22,20 @@ buildGoModule rec {

  vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90=";

-  nativeBuildInputs = [ pkg-config ];
+  nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ];

  buildInputs =
-    lib.optionals (stdenv.isLinux) [ pcsclite ]
-    ++ lib.optionals (stdenv.isDarwin) [ PCSC ];
+    lib.optionals (hsmSupport && stdenv.isLinux) [ pcsclite ]
+    ++ lib.optionals (hsmSupport && stdenv.isDarwin) [ PCSC ];

  postPatch = ''
    substituteInPlace systemd/step-ca.service --replace "/bin/kill" "${coreutils}/bin/kill"
  '';

+  preBuild = ''
+    ${lib.optionalString (!hsmSupport) "export CGO_ENABLED=0"}
+  '';
+
  postInstall = ''
    install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service
  '';