From 39695f5aec62edfbd75eebb3fabcd4a1ac83ee9d Mon Sep 17 00:00:00 2001
From: Adam Joseph <adam@westernsemico.com>
Date: Tue, 1 Aug 2023 13:55:33 -0700
Subject: [PATCH] p11-kit: mark broken if !stdenv.buildPlatform.canExecute
 stdenv.hostPlatform

p11-kit does not cross-compile.  This prevents the NixOS installer
from cross-compiling.  Therefore, we mark it broken in this case and
omit it.
---
 pkgs/development/libraries/gnutls/default.nix  | 2 +-
 pkgs/development/libraries/p11-kit/default.nix | 3 +++
 pkgs/os-specific/linux/systemd/default.nix     | 5 +++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix
index 2a6d0d1088ba3..2c318174c1bad 100644
--- a/pkgs/development/libraries/gnutls/default.nix
+++ b/pkgs/development/libraries/gnutls/default.nix
@@ -3,7 +3,7 @@
 , unbound, dns-root-data, gettext, util-linux
 , cxxBindings ? !stdenv.hostPlatform.isStatic # tries to link libstdc++.so
 , tpmSupport ? false, trousers, which, nettools, libunistring
-, withP11-kit ? !stdenv.hostPlatform.isStatic, p11-kit
+, withP11-kit ? !stdenv.hostPlatform.isStatic && !p11-kit.meta.broken, p11-kit
 , Security  # darwin Security.framework
 # certificate compression - only zlib now, more possible: zstd, brotli
 
diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix
index 7f545958e71bb..7e5b26d24f5b4 100644
--- a/pkgs/development/libraries/p11-kit/default.nix
+++ b/pkgs/development/libraries/p11-kit/default.nix
@@ -100,5 +100,8 @@ stdenv.mkDerivation rec {
     ];
     platforms = platforms.all;
     license = licenses.bsd3;
+
+    # configure: error: cannot run test program while cross compiling
+    broken = !(stdenv.buildPlatform.canExecute stdenv.hostPlatform);
   };
 }
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index ed4204b9d11a7..1d66b84bd8441 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -67,6 +67,7 @@
 , bash
 , libmicrohttpd
 , libfido2
+, withP11kit ? !p11-kit.meta.broken
 , p11-kit
 
   # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time.
@@ -322,7 +323,7 @@ stdenv.mkDerivation (finalAttrs: {
           { name = "libdw.so.1"; pkg = opt withCoredump elfutils; }
 
           # Support for PKCS#11 in systemd-cryptsetup, systemd-cryptenroll and systemd-homed
-          { name = "libp11-kit.so.0"; pkg = opt (withHomed || withCryptsetup) p11-kit; }
+          { name = "libp11-kit.so.0"; pkg = opt ((withHomed || withCryptsetup) && withP11kit) p11-kit; }
         ];
 
       patchDlOpen = dl:
@@ -430,7 +431,7 @@ stdenv.mkDerivation (finalAttrs: {
     ++ lib.optional withPCRE2 pcre2
     ++ lib.optional withSelinux libselinux
     ++ lib.optional withRemote libmicrohttpd
-    ++ lib.optionals (withHomed || withCryptsetup) [ p11-kit ]
+    ++ lib.optionals ((withHomed || withCryptsetup) && withP11kit) [ p11-kit ]
     ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ]
     ++ lib.optionals withLibBPF [ libbpf ]
     ++ lib.optional withTpm2Tss tpm2-tss