From 52d6c7b90dfb6bb65c8c914d204e334a6bc06ffc Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Wed, 17 Sep 2025 17:59:20 +0100
Subject: [PATCH] canokey-qemu: mark broken
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Uses a four‐year‐old patched vendored version of Mbed TLS for
cryptography that doesn’t build with CMake 4. Doesn’t build with
current versions of `canokey-core`, either. No upstream development
since 2023.

This was only used in‐tree by the `systemd-initrd-luks-fido2`
NixOS test, which is not a channel blocker and that I couldn’t
find a historical failure for that wasn’t related to issues with
the test driver.
---
 nixos/tests/systemd-initrd-luks-fido2.nix              | 5 +++++
 pkgs/applications/virtualization/qemu/canokey-qemu.nix | 5 +++++
 pkgs/applications/virtualization/qemu/default.nix      | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/nixos/tests/systemd-initrd-luks-fido2.nix b/nixos/tests/systemd-initrd-luks-fido2.nix
index e822c811cec5..002281585064 100644
--- a/nixos/tests/systemd-initrd-luks-fido2.nix
+++ b/nixos/tests/systemd-initrd-luks-fido2.nix
@@ -2,6 +2,11 @@
 {
   name = "systemd-initrd-luks-fido2";
 
+  meta = {
+    # `canokey-qemu` is marked broken.
+    broken = true;
+  };
+
   nodes.machine =
     { pkgs, config, ... }:
     {
diff --git a/pkgs/applications/virtualization/qemu/canokey-qemu.nix b/pkgs/applications/virtualization/qemu/canokey-qemu.nix
index 0ad27dd55cfb..34a9bccbeeb5 100644
--- a/pkgs/applications/virtualization/qemu/canokey-qemu.nix
+++ b/pkgs/applications/virtualization/qemu/canokey-qemu.nix
@@ -57,5 +57,10 @@ stdenv.mkDerivation rec {
     description = "CanoKey QEMU Virt Card";
     license = licenses.asl20;
     maintainers = with maintainers; [ oxalica ];
+    # Uses a four‐year‐old patched vendored version of Mbed TLS for
+    # cryptography that doesn’t build with CMake 4. Doesn’t build with
+    # gurrent versions of `canokey-core`, either. No upstream
+    # development since 2023.
+    broken = true;
   };
 }
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 7c78704ef8c6..00521e0feb27 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -90,7 +90,7 @@
   tpmSupport ? !minimal,
   uringSupport ? stdenv.hostPlatform.isLinux && !userOnly,
   liburing,
-  canokeySupport ? !minimal,
+  canokeySupport ? false,
   canokey-qemu,
   capstoneSupport ? !minimal,
   capstone,