qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mautrix-{meta,signal,whatsapp}: Optionally build against goolm

Browse Source 
After olm gained knownVulnerabilities in #334638, allow building these
bridges using the pure-Go goolm library instead of libolm bindings.
This commit is contained in:
George Macon 2024-08-27 20:15:47 -04:00
parent d0e1602ddd
commit 8b17835309
3 changed files with 37 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/by-name/ma/mautrix-meta/package.nix
View File

@ -3,6 +3,12 @@
, lib , lib
, nixosTests , nixosTests
, olm , olm
# This option enables the use of an experimental pure-Go implementation of the
# Olm protocol instead of libolm for end-to-end encryption. Using goolm is not
# recommended by the mautrix developers, but they are interested in people
# trying it out in non-production-critical environments and reporting any
# issues they run into.
, withGoolm ? false
}: }:
buildGoModule rec { buildGoModule rec {
@ -18,7 +24,8 @@ buildGoModule rec {
hash = "sha256-whBqhdB2FSFfrbtGtq8v3pjXW7QMt+I0baHTXVGPWVg="; hash = "sha256-whBqhdB2FSFfrbtGtq8v3pjXW7QMt+I0baHTXVGPWVg=";
}; };
buildInputs = [ olm ]; buildInputs = lib.optional (!withGoolm) olm;
tags = lib.optional withGoolm "goolm";
vendorHash = "sha256-rP9wvF6yYW0TdQ+vQV6ZcVMxnCtqz8xRcd9v+4pYYio="; vendorHash = "sha256-rP9wvF6yYW0TdQ+vQV6ZcVMxnCtqz8xRcd9v+4pYYio=";

18
pkgs/servers/mautrix-signal/default.nix
View File

@ -1,4 +1,16 @@
{ lib, buildGoModule, fetchFromGitHub, olm, libsignal-ffi }: {
lib,
buildGoModule,
fetchFromGitHub,
olm,
libsignal-ffi,
# This option enables the use of an experimental pure-Go implementation of
# the Olm protocol instead of libolm for end-to-end encryption. Using goolm
# is not recommended by the mautrix developers, but they are interested in
# people trying it out in non-production-critical environments and reporting
# any issues they run into.
withGoolm ? false,
}:
buildGoModule rec { buildGoModule rec {
pname = "mautrix-signal"; pname = "mautrix-signal";
@ -11,12 +23,12 @@ buildGoModule rec {
hash = "sha256-KBb/rLYM2ne4VD/bPy/lcXD0avCx3J74e3zDcmg+Dzs="; hash = "sha256-KBb/rLYM2ne4VD/bPy/lcXD0avCx3J74e3zDcmg+Dzs=";
}; };
buildInputs = [ buildInputs = (lib.optional (!withGoolm) olm) ++ [
olm
# must match the version used in https://github.com/mautrix/signal/tree/main/pkg/libsignalgo # must match the version used in https://github.com/mautrix/signal/tree/main/pkg/libsignalgo
# see https://github.com/mautrix/signal/issues/401 # see https://github.com/mautrix/signal/issues/401
libsignal-ffi libsignal-ffi
]; ];
tags = lib.optional withGoolm "goolm";
vendorHash = "sha256-DDcz4O3RhV6OVI+qC/LkDW/UsE5jOAn5t/gmILxHx1s="; vendorHash = "sha256-DDcz4O3RhV6OVI+qC/LkDW/UsE5jOAn5t/gmILxHx1s=";

16
pkgs/servers/mautrix-whatsapp/default.nix
View File

@ -1,4 +1,15 @@
{ lib, buildGoModule, fetchFromGitHub, olm }: {
lib,
buildGoModule,
fetchFromGitHub,
olm,
# This option enables the use of an experimental pure-Go implementation of
# the Olm protocol instead of libolm for end-to-end encryption. Using goolm
# is not recommended by the mautrix developers, but they are interested in
# people trying it out in non-production-critical environments and reporting
# any issues they run into.
withGoolm ? false,
}:
buildGoModule rec { buildGoModule rec {
pname = "mautrix-whatsapp"; pname = "mautrix-whatsapp";
@ -11,7 +22,8 @@ buildGoModule rec {
hash = "sha256-iVILI6OGndnxIVmgNcIwHA64tkv9V3OTH3YtrCyeYx4="; hash = "sha256-iVILI6OGndnxIVmgNcIwHA64tkv9V3OTH3YtrCyeYx4=";
}; };
buildInputs = [ olm ]; buildInputs = lib.optional (!withGoolm) olm;
tags = lib.optional withGoolm "goolm";
vendorHash = "sha256-DpgkSXSLF+U6zIzJ4AF2uTcFWQQYsRgkaUTG9F+bnVk="; vendorHash = "sha256-DpgkSXSLF+U6zIzJ4AF2uTcFWQQYsRgkaUTG9F+bnVk=";