rng-tools: 6.11 -> 6.14

libsysfs and libgcrypt deps were drop upstream ;
openssl is now always required ;
add support for SDR devices through librtlsdr ;
add a basic install check ;
add meta.changelog

pkgs/tools/security/rng-tools/default.nix

@@ -1,44 +1,53 @@
-{ lib, stdenv, fetchFromGitHub, libtool, autoreconfHook, pkg-config
+{ lib
-, sysfsutils
+, stdenv
-, argp-standalone
+, fetchFromGitHub
+, autoreconfHook
+, libtool
+, pkg-config
+, argp-standalone ? null
+, openssl
+, jitterentropy ? null, withJitterEntropy ? true
   # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS
   # https://www.nist.gov/programs-projects/nist-randomness-beacon
-, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
+, curl ? null, jansson ? null, libxml2 ? null, withNistBeacon ? false
-  # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
-, libgcrypt ? null, withGcrypt ? true
-, jitterentropy ? null, withJitterEntropy ? true
 , libp11 ? null, opensc ? null, withPkcs11 ? true
+, librtlsdr ? null, withRtlsdr ? true
 }:
 
+assert (stdenv.hostPlatform.isMusl) -> argp-standalone != null;
+assert (withJitterEntropy) -> jitterentropy != null;
+assert (withNistBeacon) -> curl != null && jansson != null && libxml2 != null;
+assert (withPkcs11) -> libp11 != null && opensc != null;
+assert (withRtlsdr) -> librtlsdr != null;
+
 with lib;
 
 stdenv.mkDerivation rec {
   pname = "rng-tools";
-  version = "6.11";
+  version = "6.14";
 
   src = fetchFromGitHub {
     owner = "nhorman";
-    repo = "rng-tools";
+    repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-qheJaeVX2zuv0mvKEd6wcbSHFjiJE0t5hVCJiRSKm3M=";
+    hash = "sha256-NTXp2l5gVxKhO4Gqcy4VzomYU5B3HydkefMvdzypK8M=";
   };
 
   nativeBuildInputs = [ autoreconfHook libtool pkg-config ];
 
   configureFlags = [
-    (withFeature   withGcrypt        "libgcrypt")
+    (enableFeature (withJitterEntropy) "jitterentropy")
-    (enableFeature withJitterEntropy "jitterentropy")
+    (withFeature   (withNistBeacon)    "nistbeacon")
-    (withFeature   withNistBeacon    "nistbeacon")
+    (withFeature   (withPkcs11)        "pkcs11")
-    (withFeature   withPkcs11        "pkcs11")
+    (withFeature   (withRtlsdr)        "rtlsdr")
   ];
 
-  # argp-standalone is only used when libc lacks argp parsing (musl)
+  buildInputs = [ openssl ]
-  buildInputs = [ sysfsutils ]
+    ++ optionals (stdenv.hostPlatform.isMusl) [ argp-standalone ]
-    ++ optionals stdenv.hostPlatform.isx86_64 [ argp-standalone ]
+    ++ optionals (withJitterEntropy) [ jitterentropy ]
-    ++ optionals withGcrypt        [ libgcrypt ]
+    ++ optionals (withNistBeacon)    [ curl jansson libxml2 ]
-    ++ optionals withJitterEntropy [ jitterentropy ]
+    ++ optionals (withPkcs11)        [ libp11 openssl ]
-    ++ optionals withNistBeacon    [ curl libxml2 openssl ]
+    ++ optionals (withRtlsdr)        [ librtlsdr ];
-    ++ optionals withPkcs11        [ libp11 openssl ];
 
   enableParallelBuilding = true;
 
@@ -51,9 +60,18 @@ stdenv.mkDerivation rec {
   doCheck = true;
   preCheck = "patchShebangs tests/*.sh";
 
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    set -o pipefail
+    $out/bin/rngtest --version | grep $version
+    runHook postInstallCheck
+  '';
+
   meta = {
     description = "A random number generator daemon";
     homepage = "https://github.com/nhorman/rng-tools";
+    changelog = "https://github.com/nhorman/rng-tools/releases/tag/v${version}";
     license = licenses.gpl2Plus;
     platforms = platforms.linux;
     maintainers = with maintainers; [ johnazoidberg c0bw3b ];