mbedtls: cmake&ninja, threading, clean-up; hiawatha: options, Nix mbedtls (#41722)

* mbedtls: build with cmake&ninja, clean-up

* mbedtls: cmake ninja Darwin build clean-up

* hiawatha: add build options, use system mbedTLS, platforms -> unix

pkgs/development/libraries/mbedtls/default.nix

@@ -1,7 +1,16 @@
-{ stdenv, fetchFromGitHub, perl }:
+{ stdenv
+, fetchFromGitHub
+
+, cmake
+, ninja
+, perl # Project uses Perl for scripting and testing
+
+, enableThreading ? true # Threading can be disabled to increase security https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
+}:
 
 stdenv.mkDerivation rec {
-  name = "mbedtls-2.11.0";
+  name = "mbedtls-${version}";
+  version = "2.11.0";
 
   src = fetchFromGitHub {
     owner = "ARMmbed";
@@ -10,47 +19,19 @@ stdenv.mkDerivation rec {
     sha256 = "1d4a0jc08q3h051amv8hhh3hmqp4f1rk5z7ffyfs2g8dassm78ir";
   };
 
-  nativeBuildInputs = [ perl ];
+  nativeBuildInputs = [ cmake ninja perl ];
 
-  postPatch = ''
+  postConfigure = stdenv.lib.optionals enableThreading ''
-    patchShebangs .
+    perl scripts/config.pl set MBEDTLS_THREADING_C    # Threading abstraction layer
-  '' + stdenv.lib.optionalString stdenv.isDarwin ''
+    perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD    # POSIX thread wrapper layer for the threading layer.
-    substituteInPlace library/Makefile --replace "-soname" "-install_name"
-    substituteInPlace tests/scripts/run-test-suites.pl --replace "LD_LIBRARY_PATH" "DYLD_LIBRARY_PATH"
-    # Necessary for install_name_tool below
-    echo "LOCAL_LDFLAGS += -headerpad_max_install_names" >> programs/Makefile
   '';
 
-  makeFlags = [
+  cmakeFlags = [ "-DUSE_SHARED_MBEDTLS_LIBRARY=on" ];
-    "SHARED=1"
-  ] ++ stdenv.lib.optionals stdenv.isDarwin [
-    "DLEXT=dylib"
-  ];
-
-  installFlags = [
-    "DESTDIR=\${out}"
-  ];
-
-  postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
-    install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $out/lib/libmbedtls.dylib
-    install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $out/lib/libmbedx509.dylib
-    install_name_tool -change libmbedx509.dylib $out/lib/libmbedx509.dylib $out/lib/libmbedtls.dylib
-
-    for exe in $out/bin/*; do
-      if [[ $exe != *.sh ]]; then
-        install_name_tool -change libmbedtls.dylib $out/lib/libmbedtls.dylib $exe
-        install_name_tool -change libmbedx509.dylib $out/lib/libmbedx509.dylib $exe
-        install_name_tool -change libmbedcrypto.dylib $out/lib/libmbedcrypto.dylib $exe
-      fi
-    done
-  '';
-
-  doCheck = true;
 
   meta = with stdenv.lib; {
     homepage = https://tls.mbed.org/;
-    description = "Portable cryptographic and SSL/TLS library, aka polarssl";
+    description = "Portable cryptographic and TLS library, formerly known as PolarSSL";
-    license = licenses.gpl3;
+    license = licenses.asl20;
     platforms = platforms.all;
     maintainers = with maintainers; [ wkennington fpletz ];
   };

pkgs/servers/http/hiawatha/default.nix

@@ -3,16 +3,16 @@
 
 , cmake
 , ninja
+, mbedtls
 
-, libxslt
+, enableCache     ? true     # Internal cache support.
-, libxml2
+, enableIpV6      ? true
-
+, enableTls       ? true
-, enableSSL ? true
+, enableMonitor   ? false    # Support for the Hiawatha Monitor.
-, enableMonitor ? false
+, enableRproxy    ? true     # Reverse proxy support.
-, enableRproxy ? true
+, enableTomahawk  ? false    # Tomahawk, the Hiawatha command shell.
-, enableTomahawk ? false
+, enableXslt      ? true, libxml2 ? null, libxslt ? null
-, enableXSLT ? true
+, enableToolkit   ? true     # The URL Toolkit.
-, enableToolkit ? true
 }:
 
 stdenv.mkDerivation rec {
@@ -27,28 +27,29 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ cmake ninja ];
-  buildInputs = [ libxslt libxml2 ];
+  buildInputs = [ mbedtls ] ++ stdenv.lib.optionals enableXslt [ libxslt libxml2 ];
 
   prePatch = ''
     substituteInPlace CMakeLists.txt --replace SETUID ""
   '';
 
   cmakeFlags = [
-    (
+    "-DUSE_SYSTEM_MBEDTLS=on" # Policy to use Nix deps, and Nix uses up to date deps
-      # FIXME: 2018-06-08: Uses bundled library, with external ("-DUSE_SYSTEM_MBEDTLS=on") asks:
+    ( if enableCache     then "-DENABLE_CACHE=on"       else "-DENABLE_CACHE=off"       )
-      # ../src/tls.c:46:2: error: #error "The mbed TLS library must be compiled with MBEDTLS_THREADING_PTHREAD and MBEDTLS_THREADING_C enabled."
+    ( if enableIpV6      then "-DENABLE_IPV6=on"        else "-DENABLE_IPV6=off"        )
-      if enableSSL then "-DENABLE_TLS=on" else "-DENABLE_TLS=off" )
+    ( if enableTls       then "-DENABLE_TLS=on"         else "-DENABLE_TLS=off"         )
-    ( if enableMonitor then "-DENABLE_MONITOR=on" else "-DENABLE_MONITOR=off" )
+    ( if enableMonitor   then "-DENABLE_MONITOR=on"     else "-DENABLE_MONITOR=off"     )
-    ( if enableRproxy then "-DENABLE_RPROXY=on" else "-DENABLE_RPROXY=off" )
+    ( if enableRproxy    then "-DENABLE_RPROXY=on"      else "-DENABLE_RPROXY=off"      )
-    ( if enableTomahawk then "-DENABLE_TOMAHAWK=on" else "-DENABLE_TOMAHAWK=off" )
+    ( if enableTomahawk  then "-DENABLE_TOMAHAWK=on"    else "-DENABLE_TOMAHAWK=off"    )
-    ( if enableXSLT then "-DENABLE_XSLT=on" else "-DENABLE_XSLT=off" )
+    ( if enableXslt      then "-DENABLE_XSLT=on"        else "-DENABLE_XSLT=off"        )
-    ( if enableToolkit then "-DENABLE_TOOLKIT=on" else "-DENABLE_TOOLKIT=off" )
+    ( if enableToolkit   then "-DENABLE_TOOLKIT=on"     else "-DENABLE_TOOLKIT=off"     )
   ];
 
   meta = with stdenv.lib; {
+    homepage = https://www.hiawatha-webserver.org;
     description = "An advanced and secure webserver";
     license = licenses.gpl2;
-    homepage = https://www.hiawatha-webserver.org;
+    platforms = platforms.unix;    # "Hiawatha runs perfectly on Linux, BSD and MacOS X"
     maintainers = [ maintainers.ndowens ];
   };