pyrox.dev
1{
2 fetchFromGitHub,
3 git,
4 gnupg,
5 makeWrapper,
6 openssl,
7 lib,
8 stdenv,
9 libxslt,
10 docbook_xsl,
11}:
12
13stdenv.mkDerivation rec {
14 pname = "git-crypt";
15 version = "0.8.0";
16
17 src = fetchFromGitHub {
18 owner = "AGWA";
19 repo = "git-crypt";
20 rev = version;
21 sha256 = "sha256-d5nMDFQkJY+obYkhvr8yT9mjlGEBWFLN5xGizJ9kwHw=";
22 };
23
24 strictDeps = true;
25
26 nativeBuildInputs = [
27 libxslt
28 makeWrapper
29 ];
30
31 buildInputs = [ openssl ];
32
33 postPatch = ''
34 substituteInPlace commands.cpp \
35 --replace '(escape_shell_arg(our_exe_path()))' '= "git-crypt"'
36 '';
37
38 makeFlags = [
39 "PREFIX=${placeholder "out"}"
40 "ENABLE_MAN=yes"
41 "DOCBOOK_XSL=${docbook_xsl}/share/xml/docbook-xsl-nons/manpages/docbook.xsl"
42 ];
43
44 # https://github.com/AGWA/git-crypt/issues/232
45 CXXFLAGS = [
46 "-DOPENSSL_API_COMPAT=0x30000000L"
47 ];
48
49 postFixup = ''
50 wrapProgram $out/bin/git-crypt \
51 --suffix PATH : ${
52 lib.makeBinPath [
53 git
54 gnupg
55 ]
56 }
57 '';
58
59 meta = with lib; {
60 homepage = "https://www.agwa.name/projects/git-crypt";
61 description = "Transparent file encryption in git";
62 longDescription = ''
63 git-crypt enables transparent encryption and decryption of files in a git
64 repository. Files which you choose to protect are encrypted when
65 committed, and decrypted when checked out. git-crypt lets you freely
66 share a repository containing a mix of public and private
67 content. git-crypt gracefully degrades, so developers without the secret
68 key can still clone and commit to a repository with encrypted files. This
69 lets you store your secret material (such as keys or passwords) in the
70 same repository as your code, without requiring you to lock down your
71 entire repository.
72 '';
73 downloadPage = "https://github.com/AGWA/git-crypt/releases";
74 license = licenses.gpl3;
75 maintainers = with maintainers; [ dochang ];
76 platforms = platforms.unix;
77 mainProgram = "git-crypt";
78 };
79
80}