From f4450fa5a7e935ea71a78c52f408ac4e509e4fa5 Mon Sep 17 00:00:00 2001 From: George Macon Date: Tue, 27 Aug 2024 20:15:47 -0400 Subject: [PATCH] mautrix-{meta,signal,whatsapp}: Optionally build against goolm After olm gained knownVulnerabilities in #334638, allow building these bridges using the pure-Go goolm library instead of libolm bindings. (cherry picked from commit 8b17835309a5e963de495595c3666602c8d2f019) --- pkgs/by-name/ma/mautrix-meta/package.nix | 9 ++++++++- pkgs/servers/mautrix-signal/default.nix | 18 +++++++++++++++--- pkgs/servers/mautrix-whatsapp/default.nix | 16 ++++++++++++++-- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/pkgs/by-name/ma/mautrix-meta/package.nix b/pkgs/by-name/ma/mautrix-meta/package.nix index 8a82adf188fdfcc..a698fb6698b9d05 100644 --- a/pkgs/by-name/ma/mautrix-meta/package.nix +++ b/pkgs/by-name/ma/mautrix-meta/package.nix @@ -4,6 +4,12 @@ , lib , nixosTests , olm +# This option enables the use of an experimental pure-Go implementation of the +# Olm protocol instead of libolm for end-to-end encryption. Using goolm is not +# recommended by the mautrix developers, but they are interested in people +# trying it out in non-production-critical environments and reporting any +# issues they run into. +, withGoolm ? false }: buildGoModule rec { @@ -19,7 +25,8 @@ buildGoModule rec { hash = "sha256-whBqhdB2FSFfrbtGtq8v3pjXW7QMt+I0baHTXVGPWVg="; }; - buildInputs = [ olm ]; + buildInputs = lib.optional (!withGoolm) olm; + tags = lib.optional withGoolm "goolm"; vendorHash = "sha256-rP9wvF6yYW0TdQ+vQV6ZcVMxnCtqz8xRcd9v+4pYYio="; diff --git a/pkgs/servers/mautrix-signal/default.nix b/pkgs/servers/mautrix-signal/default.nix index 7f9641a74ca9b5e..9fd22d387aa64de 100644 --- a/pkgs/servers/mautrix-signal/default.nix +++ b/pkgs/servers/mautrix-signal/default.nix @@ -1,4 +1,16 @@ -{ lib, buildGoModule, fetchFromGitHub, olm, libsignal-ffi }: +{ + lib, + buildGoModule, + fetchFromGitHub, + olm, + libsignal-ffi, + # This option enables the use of an experimental pure-Go implementation of + # the Olm protocol instead of libolm for end-to-end encryption. Using goolm + # is not recommended by the mautrix developers, but they are interested in + # people trying it out in non-production-critical environments and reporting + # any issues they run into. + withGoolm ? false, +}: buildGoModule rec { pname = "mautrix-signal"; @@ -11,12 +23,12 @@ buildGoModule rec { hash = "sha256-KBb/rLYM2ne4VD/bPy/lcXD0avCx3J74e3zDcmg+Dzs="; }; - buildInputs = [ - olm + buildInputs = (lib.optional (!withGoolm) olm) ++ [ # must match the version used in https://github.com/mautrix/signal/tree/main/pkg/libsignalgo # see https://github.com/mautrix/signal/issues/401 libsignal-ffi ]; + tags = lib.optional withGoolm "goolm"; vendorHash = "sha256-DDcz4O3RhV6OVI+qC/LkDW/UsE5jOAn5t/gmILxHx1s="; diff --git a/pkgs/servers/mautrix-whatsapp/default.nix b/pkgs/servers/mautrix-whatsapp/default.nix index d7bad1c9c79b816..b66dad00dad55a1 100644 --- a/pkgs/servers/mautrix-whatsapp/default.nix +++ b/pkgs/servers/mautrix-whatsapp/default.nix @@ -1,4 +1,15 @@ -{ lib, buildGoModule, fetchFromGitHub, olm }: +{ + lib, + buildGoModule, + fetchFromGitHub, + olm, + # This option enables the use of an experimental pure-Go implementation of + # the Olm protocol instead of libolm for end-to-end encryption. Using goolm + # is not recommended by the mautrix developers, but they are interested in + # people trying it out in non-production-critical environments and reporting + # any issues they run into. + withGoolm ? false, +}: buildGoModule rec { pname = "mautrix-whatsapp"; @@ -11,7 +22,8 @@ buildGoModule rec { hash = "sha256-iVILI6OGndnxIVmgNcIwHA64tkv9V3OTH3YtrCyeYx4="; }; - buildInputs = [ olm ]; + buildInputs = lib.optional (!withGoolm) olm; + tags = lib.optional withGoolm "goolm"; vendorHash = "sha256-DpgkSXSLF+U6zIzJ4AF2uTcFWQQYsRgkaUTG9F+bnVk=";