pyrox.dev
1{ fetchFromGitHub
2, git
3, gnupg
4, makeWrapper
5, openssl
6, lib
7, stdenv
8, libxslt
9, docbook_xsl
10}:
11
12stdenv.mkDerivation rec {
13 pname = "git-crypt";
14 version = "0.7.0";
15
16 src = fetchFromGitHub {
17 owner = "AGWA";
18 repo = pname;
19 rev = version;
20 sha256 = "sha256-GcGCX6hoKL+sNLAeGEzZpaM+cdFjcNlwYExfOFEPi0I=";
21 };
22
23 strictDeps = true;
24
25 nativeBuildInputs = [ libxslt makeWrapper ];
26
27 buildInputs = [ openssl ];
28
29 postPatch = ''
30 substituteInPlace commands.cpp \
31 --replace '(escape_shell_arg(our_exe_path()))' '= "git-crypt"'
32 '';
33
34 makeFlags = [
35 "PREFIX=${placeholder "out"}"
36 "ENABLE_MAN=yes"
37 "DOCBOOK_XSL=${docbook_xsl}/share/xml/docbook-xsl-nons/manpages/docbook.xsl"
38 ];
39
40 # https://github.com/AGWA/git-crypt/issues/232
41 CXXFLAGS = [
42 "-DOPENSSL_API_COMPAT=0x30000000L"
43 ];
44
45 postFixup = ''
46 wrapProgram $out/bin/git-crypt \
47 --suffix PATH : ${lib.makeBinPath [ git gnupg ]}
48 '';
49
50 meta = with lib; {
51 homepage = "https://www.agwa.name/projects/git-crypt";
52 description = "Transparent file encryption in git";
53 longDescription = ''
54 git-crypt enables transparent encryption and decryption of files in a git
55 repository. Files which you choose to protect are encrypted when
56 committed, and decrypted when checked out. git-crypt lets you freely
57 share a repository containing a mix of public and private
58 content. git-crypt gracefully degrades, so developers without the secret
59 key can still clone and commit to a repository with encrypted files. This
60 lets you store your secret material (such as keys or passwords) in the
61 same repository as your code, without requiring you to lock down your
62 entire repository.
63 '';
64 downloadPage = "https://github.com/AGWA/git-crypt/releases";
65 license = licenses.gpl3;
66 maintainers = with maintainers; [ dochang ];
67 platforms = platforms.unix;
68 mainProgram = "git-crypt";
69 };
70
71}