03d69128b2
> Include multiple versions of certain functions in the library, > and select the ones to use at run-time, depending on available > processor features. Supported for ARM and x86_64. The current version seems to accelerate AES and SHA families. Size increase on x86_64 is <10k in our case. It can make quite some performance difference; I tried $ time ./result-dev/bin/nettle-hash -a sha256 /some/file/around/2G And the total CPU time went down from 8.5s to 2s (single thread). Now it matches the time of openssl $ time openssl sha256 /some/file/around/2G Of course, in real life it will be much harder to notice a difference... Platforms without support for this (e.g. i686) seem to still build fine, and ARMv7 cross-build also succeeds for me, so hopefully all is OK.
70 lines
2.3 KiB
Nix
70 lines
2.3 KiB
Nix
{ stdenv, buildPackages, gmp, gnum4
|
|
|
|
# Version specific args
|
|
, version, src
|
|
, ...}:
|
|
|
|
stdenv.mkDerivation ({
|
|
name = "nettle-${version}";
|
|
|
|
inherit src;
|
|
|
|
outputs = [ "out" "dev" ];
|
|
outputBin = "dev";
|
|
|
|
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
|
nativeBuildInputs = [ gnum4 ];
|
|
propagatedBuildInputs = [ gmp ];
|
|
|
|
configureFlags = [ "--enable-fat" ]; # runtime selection of HW-accelerated code
|
|
|
|
doCheck = (stdenv.hostPlatform.system != "i686-cygwin" && !stdenv.isDarwin);
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
patches = stdenv.lib.optional (stdenv.hostPlatform.system == "i686-cygwin")
|
|
./cygwin.patch;
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "Cryptographic library";
|
|
|
|
longDescription = ''
|
|
Nettle is a cryptographic library that is designed to fit
|
|
easily in more or less any context: In crypto toolkits for
|
|
object-oriented languages (C++, Python, Pike, ...), in
|
|
applications like LSH or GNUPG, or even in kernel space. In
|
|
most contexts, you need more than the basic cryptographic
|
|
algorithms, you also need some way to keep track of available
|
|
algorithms, their properties and variants. You often have
|
|
some algorithm selection process, often dictated by a protocol
|
|
you want to implement.
|
|
|
|
And as the requirements of applications differ in subtle and
|
|
not so subtle ways, an API that fits one application well can
|
|
be a pain to use in a different context. And that is why
|
|
there are so many different cryptographic libraries around.
|
|
|
|
Nettle tries to avoid this problem by doing one thing, the
|
|
low-level crypto stuff, and providing a simple but general
|
|
interface to it. In particular, Nettle doesn't do algorithm
|
|
selection. It doesn't do memory allocation. It doesn't do any
|
|
I/O.
|
|
'';
|
|
|
|
license = licenses.gpl2Plus;
|
|
|
|
homepage = http://www.lysator.liu.se/~nisse/nettle/;
|
|
|
|
platforms = platforms.all;
|
|
};
|
|
}
|
|
|
|
//
|
|
|
|
stdenv.lib.optionalAttrs stdenv.isSunOS {
|
|
# Make sure the right <gmp.h> is found, and not the incompatible
|
|
# /usr/include/mp.h from OpenSolaris. See
|
|
# <https://lists.gnu.org/archive/html/hydra-users/2012-08/msg00000.html>
|
|
# for details.
|
|
configureFlags = [ "--with-include-path=${gmp.dev}/include" ];
|
|
})
|