perlPackages.NetSNMP: add patch to support newer SHA algorithms

The aged perlPackages.NetSNMP library does not support modern SHA algorithms for authentication. It's possible to enable support for these newer protocols with a patch. The patch is taken from the OpenBSD ports tree: https://github.com/openbsd/ports/blob/master/net/p5-Net-SNMP/patches/patch-lib_Net_SNMP_Security_USM_pm It enables support for SHA 224, 256, 384, and 512.
NixOS · Oct 23, 2024 · a63d554 · a63d554
1 parent fe7f792
commit a63d554
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/pkgs/development/perl-modules/net-snmp-fix-dependencies.patch b/pkgs/development/perl-modules/net-snmp-fix-dependencies.patch
@@ -0,0 +1,65 @@
+diff --git a/Build.PL b/Build.PL
+index 71d216e..7667ac0 100644
+--- a/Build.PL
++++ b/Build.PL
+@@ -37,10 +37,10 @@ Module::Build->new(
+    recommends         => {
+       Crypt::DES      => '2.03',  # SNMPv3
+       Digest::MD5     => '2.11',  # SNMPv3
+-      Digest::SHA1    => '1.02',  # SNMPv3
+-      Digest::HMAC    => '1.00',  # SNMPv3
+-      Crypt::Rijndael => '1.02',  # SNMPv3 - AES Cipher Algorithm 
+-      Socket6         => '0.23',  # UDP/IPv6 or TCP/IPv6 Transport Domain 
++      Digest::SHA    => 0,  # SNMPv3
++      Digest::HMAC_MD5    => '1.01',  # SNMPv3
++      Crypt::Rijndael => '1.02',  # SNMPv3 - AES Cipher Algorithm
++      Socket6         => '0.23',  # UDP/IPv6 or TCP/IPv6 Transport Domain
+    },
+    meta_merge         => {
+       resources       => {
+diff --git a/META.yml b/META.yml
+index f260431..aaf6d4e 100644
+--- a/META.yml
++++ b/META.yml
+@@ -61,9 +61,9 @@ provides:
+ recommends:
+   Crypt::DES: 2.03
+   Crypt::Rijndael: 1.02
+-  Digest::HMAC: 1.00
++  Digest::HMAC_MD5: 1.01
+   Digest::MD5: 2.11
+-  Digest::SHA1: 1.02
++  Digest::SHA: 0
+   Socket6: 0.23
+ requires:
+   Carp: 0
+diff --git a/Makefile.PL b/Makefile.PL
+index 4678c32..8322589 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -40,8 +40,8 @@ WriteMakefile(
+       Math::BigInt => 0,
+       Crypt::DES   => '2.03',  # SNMPv3
+       Digest::MD5  => '2.11',  # SNMPv3
+-      Digest::SHA1 => '1.02',  # SNMPv3
+-      Digest::HMAC => '1.00',  # SNMPv3
++      Digest::SHA => 0,  # SNMPv3
++      Digest::HMAC_MD5 => '1.01',  # SNMPv3
+    },
+    dist          => {
+       CI           => 'ci -u -sRel -m\"Changes for $(VERSION)\"',
+diff --git a/lib/Net/SNMP.pm b/lib/Net/SNMP.pm
+index b0dfe22..0db78b1 100644
+--- a/lib/Net/SNMP.pm
++++ b/lib/Net/SNMP.pm
+@@ -3550,8 +3550,8 @@ earlier than v5.6.0.
+
+ =item *
+
+-The non-core modules F<Crypt::DES>, F<Digest::MD5>, F<Digest::SHA1>, and 
+-F<Digest::HMAC> are required to support SNMPv3. 
++The non-core modules F<Crypt::DES>, F<Digest::MD5>, and
++F<Digest::HMAC> are required to support SNMPv3.
+
+ =item *
+
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
@@ -19213,6 +19213,19 @@ with self; {
       url = "mirror://cpan/authors/id/D/DT/DTOWN/Net-SNMP-v6.0.1.tar.gz";
       hash = "sha256-FMN7wcuz883H1sE+DyeoWfFM3P1epUoEZ6iLwlmwt0E=";
     };
+    patches = [
+      (fetchpatch {
+        name = "enable-newer-sha-algorithms.patch";
+        url = "https://raw.githubusercontent.com/openbsd/ports/ab6365da3ac861e1c56520acdf388d421b357c17/net/p5-Net-SNMP/patches/patch-lib_Net_SNMP_Security_USM_pm";
+        hash = "sha256-eDfXyYFFvMDQk8xlE6/w3ZWht4E5oupAOpING8cOyRY=";
+        postFetch = ''
+          substituteInPlace $out \
+            --replace-fail "--- lib/Net/SNMP/Security/USM.pm.orig" "--- a/lib/Net/SNMP/Security/USM.pm" \
+            --replace-fail "+++ lib/Net/SNMP/Security/USM.pm" "+++ b/lib/Net/SNMP/Security/USM.pm"
+        '';
+      })
+      ../development/perl-modules/net-snmp-fix-dependencies.patch
+    ];
     doCheck = false; # The test suite fails, see https://rt.cpan.org/Public/Bug/Display.html?id=85799
     meta = {
       description = "Object oriented interface to SNMP";