canokey-qemu: mark broken

Uses a four‐year‐old patched vendored version of Mbed TLS for
cryptography that doesn’t build with CMake 4. Doesn’t build with
current versions of `canokey-core`, either. No upstream development
since 2023.

This was only used in‐tree by the `systemd-initrd-luks-fido2`
NixOS test, which is not a channel blocker and that I couldn’t
find a historical failure for that wasn’t related to issues with
the test driver.

nixos/tests/systemd-initrd-luks-fido2.nix

@@ -2,6 +2,11 @@
 {
   name = "systemd-initrd-luks-fido2";
 
+  meta = {
+    # `canokey-qemu` is marked broken.
+    broken = true;
+  };
+
   nodes.machine =
     { pkgs, config, ... }:
     {

pkgs/applications/virtualization/qemu/canokey-qemu.nix

@@ -57,5 +57,10 @@ stdenv.mkDerivation rec {
     description = "CanoKey QEMU Virt Card";
     license = licenses.asl20;
     maintainers = with maintainers; [ oxalica ];
+    # Uses a four‐year‐old patched vendored version of Mbed TLS for
+    # cryptography that doesn’t build with CMake 4. Doesn’t build with
+    # gurrent versions of `canokey-core`, either. No upstream
+    # development since 2023.
+    broken = true;
   };
 }

pkgs/applications/virtualization/qemu/default.nix

@@ -90,7 +90,7 @@
   tpmSupport ? !minimal,
   uringSupport ? stdenv.hostPlatform.isLinux && !userOnly,
   liburing,
-  canokeySupport ? !minimal,
+  canokeySupport ? false,
   canokey-qemu,
   capstoneSupport ? !minimal,
   capstone,