libfido2: use upstreamed patches

2020-03-10 15:40:37 +01:00 · 2020-03-10 15:40:37 +01:00 · c1d66a5588
parent 82d7ccfded
commit c1d66a5588
1 changed files with 31 additions and 4 deletions
--- a/pkgs/development/libraries/libfido2/default.nix
+++ b/pkgs/development/libraries/libfido2/default.nix
@ -1,4 +1,12 @@
-{ stdenv, fetchurl, cmake, pkgconfig, libcbor, openssl, udev, IOKit }:
+{ stdenv
+, fetchurl
+, fetchpatch
+, cmake
+, pkgconfig
+, libcbor
+, openssl
+, udev
+, IOKit }:

 stdenv.mkDerivation rec {
  pname = "libfido2";
@ -9,14 +17,33 @@ stdenv.mkDerivation rec {
  };

  nativeBuildInputs = [ cmake pkgconfig ];
+
  buildInputs = [ libcbor openssl ]
    ++ stdenv.lib.optionals stdenv.isLinux [ udev ]
    ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ];

-  patches = [ ./detect_apple_ld.patch ];
+  patches = [
+    # fix build on darwin
+    (fetchpatch {
+      url = "https://github.com/Yubico/libfido2/commit/916ebd18a89e4028de203d603726805339be7a5b.patch";
+      sha256 = "07f0xpxnq02cccmqcric87b6pms7k7ssvdw722zr970a6qs8p6i7";
+    })
+    # allow attestation using any supported algorithm
+    (fetchpatch {
+      url = "https://github.com/Yubico/libfido2/commit/f7a9471fa0588cb91cbefffb13c1e4d06c2179b7.patch";
+      sha256 = "02qbw9bqy3sixvwig6az7v3vimgznxnfikn9p1jczm3d7mn8asw2";
+    })
+    # fix EdDSA attestation signature verification bug
+    (fetchpatch {
+      url = "https://github.com/Yubico/libfido2/commit/95126eea52294419515e6540dfd7220f35664c48.patch";
+      sha256 = "076mwpl9xndjhy359jdv2drrwyq7wd3pampkn28mn1rlwxfgf0d0";
+    })
+  ];

-  cmakeFlags = [ "-DUDEV_RULES_DIR=${placeholder "out"}/etc/udev/rules.d"
-                 "-DCMAKE_INSTALL_LIBDIR=lib" ];
+  cmakeFlags = [
+    "-DUDEV_RULES_DIR=${placeholder "out"}/etc/udev/rules.d"
+    "-DCMAKE_INSTALL_LIBDIR=lib"
+  ];

  meta = with stdenv.lib; {
    description = ''