+13

pkgs/tools/networking/curl-impersonate/curl-impersonate-0.5.2-fix-shebangs.patch

··· 1 1 + diff --git a/Makefile.in b/Makefile.in 2 2 + index 877c54f..3e39ed1 100644 3 3 + --- a/Makefile.in 4 4 + +++ b/Makefile.in 5 5 + @@ -209,6 +209,8 @@ $(NSS_VERSION).tar.gz: 6 6 + 7 7 + $(nss_static_libs): $(NSS_VERSION).tar.gz 8 8 + tar xf $(NSS_VERSION).tar.gz 9 9 + + sed -i -e "1s@#!/usr/bin/env bash@#!$$(type -p bash)@" $(NSS_VERSION)/nss/build.sh 10 10 + + sed -i -e "s@/usr/bin/env grep@$$(type -p grep)@" $(NSS_VERSION)/nss/coreconf/config.gypi 11 11 + 12 12 + ifeq ($(host),$(build)) 13 13 + # Native build, use NSS' build script.

+176 -20

pkgs/tools/networking/curl-impersonate/default.nix

··· 1 1 - #TODO: It should be possible to build this from source, but it's currently a lot faster to just package the binaries. 2 2 - { lib, stdenv, fetchzip, zlib, autoPatchelfHook }: 3 3 - stdenv.mkDerivation rec { 4 4 - pname = "curl-impersonate-bin"; 5 5 - version = "v0.5.3"; 1 1 + { lib 2 2 + , stdenv 3 3 + , fetchFromGitHub 4 4 + , fetchpatch 5 5 + , callPackage 6 6 + , buildGoModule 7 7 + , installShellFiles 8 8 + , symlinkJoin 9 9 + , zlib 10 10 + , sqlite 11 11 + , cmake 12 12 + , python3 13 13 + , ninja 14 14 + , perl 15 15 + , autoconf 16 16 + , automake 17 17 + , libtool 18 18 + , darwin 19 19 + , cacert 20 20 + , unzip 21 21 + , go 22 22 + , p11-kit 23 23 + }: 24 24 + 25 25 + let 26 26 + makeCurlImpersonate = { name, target }: stdenv.mkDerivation rec { 27 27 + pname = "curl-impersonate-${name}"; 28 28 + version = "0.5.4"; 6 29 7 7 - src = fetchzip { 8 8 - url = "https://github.com/lwthiker/curl-impersonate/releases/download/${version}/curl-impersonate-${version}.x86_64-linux-gnu.tar.gz"; 9 9 - sha256 = "sha256-+cH1swAIadIrWG9anzf0dcW6qyBjcKsUHFWdv75F49g="; 10 10 - stripRoot = false; 30 30 + src = fetchFromGitHub { 31 31 + owner = "lwthiker"; 32 32 + repo = "curl-impersonate"; 33 33 + rev = "v${version}"; 34 34 + hash = "sha256-LBGWFal2szqgURIBCLB84kHWpdpt5quvBBZu6buGj2A="; 35 35 + }; 36 36 + 37 37 + patches = [ 38 38 + # Fix shebangs in the NSS build script 39 39 + # (can't just patchShebangs since makefile unpacks it) 40 40 + ./curl-impersonate-0.5.2-fix-shebangs.patch 41 41 + ]; 42 42 + 43 43 + strictDeps = true; 44 44 + 45 45 + nativeBuildInputs = lib.optionals stdenv.isDarwin [ 46 46 + # Must come first so that it shadows the 'libtool' command but leaves 'libtoolize' 47 47 + darwin.cctools 48 48 + ] ++ [ 49 49 + installShellFiles 50 50 + cmake 51 51 + python3 52 52 + python3.pkgs.gyp 53 53 + ninja 54 54 + perl 55 55 + autoconf 56 56 + automake 57 57 + libtool 58 58 + unzip 59 59 + go 60 60 + ]; 61 61 + 62 62 + buildInputs = [ 63 63 + zlib 64 64 + sqlite 65 65 + ]; 66 66 + 67 67 + configureFlags = [ 68 68 + "--with-ca-bundle=${if stdenv.isDarwin then "/etc/ssl/cert.pem" else "/etc/ssl/certs/ca-certificates.crt"}" 69 69 + "--with-ca-path=${cacert}/etc/ssl/certs" 70 70 + ]; 71 71 + 72 72 + buildFlags = [ "${target}-build" ]; 73 73 + checkTarget = "${target}-checkbuild"; 74 74 + installTargets = [ "${target}-install" ]; 75 75 + 76 76 + doCheck = true; 77 77 + 78 78 + dontUseCmakeConfigure = true; 79 79 + dontUseNinjaBuild = true; 80 80 + dontUseNinjaInstall = true; 81 81 + dontUseNinjaCheck = true; 82 82 + 83 83 + postUnpack = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: dep: "ln -sT ${dep.outPath} source/${name}") (lib.filterAttrs (n: v: v ? outPath) passthru.deps)); 84 84 + 85 85 + preConfigure = '' 86 86 + export GOCACHE=$TMPDIR/go-cache 87 87 + export GOPATH=$TMPDIR/go 88 88 + export GOPROXY=file://${passthru.boringssl-go-modules} 89 89 + export GOSUMDB=off 90 90 + 91 91 + # Need to get value of $out for this flag 92 92 + configureFlagsArray+=("--with-libnssckbi=$out/lib") 93 93 + ''; 94 94 + 95 95 + postInstall = '' 96 96 + # Remove vestigial *-config script 97 97 + rm $out/bin/curl-impersonate-${name}-config 98 98 + 99 99 + # Patch all shebangs of installed scripts 100 100 + patchShebangs $out/bin 101 101 + 102 102 + # Build and install completions for each curl binary 103 103 + 104 104 + # Patch in correct binary name and alias it to all scripts 105 105 + perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell zsh >$TMPDIR/curl-impersonate-${name}.zsh 106 106 + substituteInPlace $TMPDIR/curl-impersonate-${name}.zsh \ 107 107 + --replace \ 108 108 + '#compdef curl' \ 109 109 + "#compdef curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' %f=curl-impersonate-${name}')" 110 110 + 111 111 + perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell fish >$TMPDIR/curl-impersonate-${name}.fish 112 112 + substituteInPlace $TMPDIR/curl-impersonate-${name}.fish \ 113 113 + --replace \ 114 114 + '--command curl' \ 115 115 + "--command curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' --command %f')" 116 116 + 117 117 + # Install zsh and fish completions 118 118 + installShellCompletion $TMPDIR/curl-impersonate-${name}.{zsh,fish} 119 119 + ''; 120 120 + 121 121 + preFixup = let 122 122 + libext = stdenv.hostPlatform.extensions.sharedLibrary; 123 123 + in '' 124 124 + # If libnssckbi.so is needed, link libnssckbi.so without needing nss in closure 125 125 + if grep -F nssckbi $out/lib/libcurl-impersonate-*${libext} &>/dev/null; then 126 126 + # NOTE: "p11-kit-trust" always ends in ".so" even when on darwin 127 127 + ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi${libext} 128 128 + ${lib.optionalString stdenv.isLinux "patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext}"} 129 129 + fi 130 130 + ''; 131 131 + 132 132 + disallowedReferences = [ go ]; 133 133 + 134 134 + passthru = { 135 135 + deps = callPackage ./deps.nix {}; 136 136 + 137 137 + boringssl-go-modules = (buildGoModule { 138 138 + inherit (passthru.deps."boringssl.zip") name; 139 139 + 140 140 + src = passthru.deps."boringssl.zip"; 141 141 + vendorHash = "sha256-ISmRdumckvSu7hBXrjvs5ZApShDiGLdD3T5B0fJ1x2Q="; 142 142 + 143 143 + nativeBuildInputs = [ unzip ]; 144 144 + 145 145 + proxyVendor = true; 146 146 + }).go-modules; 147 147 + }; 148 148 + 149 149 + meta = with lib; { 150 150 + description = "A special build of curl that can impersonate Chrome & Firefox"; 151 151 + homepage = "https://github.com/lwthiker/curl-impersonate"; 152 152 + license = with licenses; [ curl mit ]; 153 153 + maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ]; 154 154 + platforms = platforms.unix; 155 155 + knownVulnerabilities = [ 156 156 + "CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html 157 157 + "CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html 158 158 + "CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html 159 159 + ]; 160 160 + }; 11 161 }; 162 162 + in 12 163 13 13 - nativeBuildInputs = [ autoPatchelfHook zlib ]; 164 164 + symlinkJoin rec { 165 165 + pname = "curl-impersonate"; 166 166 + inherit (passthru.curl-impersonate-ff) version meta; 14 167 15 15 - installPhase = '' 16 16 - mkdir -p $out/bin 17 17 - cp * $out/bin 18 18 - ''; 168 168 + name = "${pname}-${version}"; 19 169 20 20 - meta = with lib; { 21 21 - description = "curl-impersonate: A special build of curl that can impersonate Chrome & Firefox "; 22 22 - homepage = "https://github.com/lwthiker/curl-impersonate"; 23 23 - license = with licenses; [ curl mit ]; 24 24 - maintainers = with maintainers; [ deliciouslytyped ]; 25 25 - platforms = platforms.linux; #TODO I'm unsure about the restrictions here, feel free to expand the platforms it if it works elsewhere. 170 170 + paths = [ 171 171 + passthru.curl-impersonate-ff 172 172 + passthru.curl-impersonate-chrome 173 173 + ]; 174 174 + 175 175 + passthru = { 176 176 + curl-impersonate-ff = makeCurlImpersonate { name = "ff"; target = "firefox"; }; 177 177 + curl-impersonate-chrome = makeCurlImpersonate { name = "chrome"; target = "chrome"; }; 178 178 + 179 179 + updateScript = ./update.sh; 180 180 + 181 181 + inherit (passthru.curl-impersonate-ff) src; 26 182 }; 27 183 }

+29

pkgs/tools/networking/curl-impersonate/deps.nix

··· 1 1 + # Generated by update.sh 2 2 + { fetchurl }: 3 3 + 4 4 + { 5 5 + "curl-7.84.0.tar.xz" = fetchurl { 6 6 + url = "https://curl.se/download/curl-7.84.0.tar.xz"; 7 7 + hash = "sha256-LRGLQ/VHv+W66AbY1HtOWW6lslpsHwgK70n7zYF8Xbg="; 8 8 + }; 9 9 + 10 10 + "brotli-1.0.9.tar.gz" = fetchurl { 11 11 + url = "https://github.com/google/brotli/archive/refs/tags/v1.0.9.tar.gz"; 12 12 + hash = "sha256-+ejYHQQFumbRgVKa9CozVPg4yTkJX/mZMNpqqc32/kY="; 13 13 + }; 14 14 + 15 15 + "nss-3.87.tar.gz" = fetchurl { 16 16 + url = "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_87_RTM/src/nss-3.87-with-nspr-4.35.tar.gz"; 17 17 + hash = "sha256-63DqC1jc5pqkkOnp/s0TKn1kTh2j1jHhYzdqDcwRoCI="; 18 18 + }; 19 19 + 20 20 + "boringssl.zip" = fetchurl { 21 21 + url = "https://github.com/google/boringssl/archive/3a667d10e94186fd503966f5638e134fe9fb4080.zip"; 22 22 + hash = "sha256-HsDIkd1x5IH49fUF07dJaabMIMsQygW+NI7GneULpA8="; 23 23 + }; 24 24 + 25 25 + "nghttp2-1.46.0.tar.bz2" = fetchurl { 26 26 + url = "https://github.com/nghttp2/nghttp2/releases/download/v1.46.0/nghttp2-1.46.0.tar.bz2"; 27 27 + hash = "sha256-moKXjIcAcbdp8n0riBkct3/clFpRwdaFx/YafhP8Ryk="; 28 28 + }; 29 29 + }

+91

pkgs/tools/networking/curl-impersonate/update.sh

··· 1 1 + #!/usr/bin/env nix-shell 2 2 + #!nix-shell -i bash -p git nix jq coreutils gnugrep gnused curl common-updater-scripts 3 3 + set -euo pipefail 4 4 + 5 5 + nixpkgs="$(git rev-parse --show-toplevel || (printf 'Could not find root of nixpkgs repo\nAre we running from within the nixpkgs git repo?\n' >&2; exit 1))" 6 6 + 7 7 + stripwhitespace() { 8 8 + sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' 9 9 + } 10 10 + 11 11 + narhash() { 12 12 + nix --extra-experimental-features nix-command store prefetch-file --json "$1" | jq -r .hash 13 13 + } 14 14 + 15 15 + nixeval() { 16 16 + nix --extra-experimental-features nix-command eval --json --impure -f "$nixpkgs" "$1" | jq -r . 17 17 + } 18 18 + 19 19 + vendorhash() { 20 20 + (nix --extra-experimental-features nix-command build --no-link -f "$nixpkgs" --no-link "$1" 2>&1 >/dev/null | tail -n3 | grep -F got: | cut -d: -f2- | stripwhitespace) 2>/dev/null || true 21 21 + } 22 22 + 23 23 + findpath() { 24 24 + path="$(nix --extra-experimental-features nix-command eval --json --impure -f "$nixpkgs" "$1.meta.position" | jq -r . | cut -d: -f1)" 25 25 + outpath="$(nix --extra-experimental-features nix-command eval --json --impure --expr "builtins.fetchGit \"$nixpkgs\"")" 26 26 + 27 27 + if [ -n "$outpath" ]; then 28 28 + path="${path/$(echo "$outpath" | jq -r .)/$nixpkgs}" 29 29 + fi 30 30 + 31 31 + echo "$path" 32 32 + } 33 33 + 34 34 + getvar() { 35 35 + echo "$2" | grep -F "$1" | sed -e 's/:=/:/g' | cut -d: -f2- | stripwhitespace 36 36 + } 37 37 + 38 38 + attr="${UPDATE_NIX_ATTR_PATH:-curl-impersonate}" 39 39 + version="$(curl -sSL "https://api.github.com/repos/lwthiker/curl-impersonate/releases/latest" | jq -r .tag_name | sed -e 's/^v//')" 40 40 + 41 41 + pkgpath="$(findpath "$attr")" 42 42 + 43 43 + updated="$(cd "$nixpkgs" && update-source-version "$attr" "$version" --file="$pkgpath" --print-changes | jq -r length)" 44 44 + 45 45 + if [ "$updated" -eq 0 ]; then 46 46 + echo 'update.sh: Package version not updated, nothing to do.' 47 47 + exit 0 48 48 + fi 49 49 + 50 50 + vars="$(curl -sSL "https://github.com/lwthiker/curl-impersonate/raw/v$version/Makefile.in" | grep '^ *[^ ]*_\(VERSION\|URL\|COMMIT\) *:=')" 51 51 + 52 52 + cat >"$(dirname "$pkgpath")"/deps.nix <<EOF 53 53 + # Generated by update.sh 54 54 + { fetchurl }: 55 55 + 56 56 + { 57 57 + "$(getvar CURL_VERSION "$vars").tar.xz" = fetchurl { 58 58 + url = "https://curl.se/download/$(getvar CURL_VERSION "$vars").tar.xz"; 59 59 + hash = "$(narhash "https://curl.se/download/$(getvar CURL_VERSION "$vars").tar.xz")"; 60 60 + }; 61 61 + 62 62 + "brotli-$(getvar BROTLI_VERSION "$vars").tar.gz" = fetchurl { 63 63 + url = "https://github.com/google/brotli/archive/refs/tags/v$(getvar BROTLI_VERSION "$vars").tar.gz"; 64 64 + hash = "$(narhash "https://github.com/google/brotli/archive/refs/tags/v$(getvar BROTLI_VERSION "$vars").tar.gz")"; 65 65 + }; 66 66 + 67 67 + "$(getvar NSS_VERSION "$vars").tar.gz" = fetchurl { 68 68 + url = "$(getvar NSS_URL "$vars")"; 69 69 + hash = "$(narhash "$(getvar NSS_URL "$vars")")"; 70 70 + }; 71 71 + 72 72 + "boringssl.zip" = fetchurl { 73 73 + url = "https://github.com/google/boringssl/archive/$(getvar BORING_SSL_COMMIT "$vars").zip"; 74 74 + hash = "$(narhash "https://github.com/google/boringssl/archive/$(getvar BORING_SSL_COMMIT "$vars").zip")"; 75 75 + }; 76 76 + 77 77 + "$(getvar NGHTTP2_VERSION "$vars").tar.bz2" = fetchurl { 78 78 + url = "$(getvar NGHTTP2_URL "$vars")"; 79 79 + hash = "$(narhash "$(getvar NGHTTP2_URL "$vars")")"; 80 80 + }; 81 81 + } 82 82 + EOF 83 83 + 84 84 + curhash="$(nixeval "$attr.curl-impersonate-chrome.boringssl-go-modules.outputHash")" 85 85 + newhash="$(vendorhash "$attr.curl-impersonate-chrome.boringssl-go-modules")" 86 86 + 87 87 + if [ -n "$newhash" ] && [ "$curhash" != "$newhash" ]; then 88 88 + sed -i -e "s|\"$curhash\"|\"$newhash\"|" "$pkgpath" 89 89 + else 90 90 + echo 'update.sh: New vendorHash same as old vendorHash, nothing to do.' 91 91 + fi

+1

pkgs/top-level/aliases.nix

··· 314 314 cups-kyodialog3 = cups-kyodialog; # Added 2022-11-12 315 315 cupsBjnp = throw "'cupsBjnp' has been renamed to/replaced by 'cups-bjnp'"; # Converted to throw 2022-02-22 316 316 cups_filters = throw "'cups_filters' has been renamed to/replaced by 'cups-filters'"; # Converted to throw 2022-02-22 317 317 + curl-impersonate-bin = throw "'curl-impersonate-bin' has been replaced by 'curl-impersonate'"; # Added 2022-10-08 317 318 curlcpp = throw "curlcpp has been removed, no active maintainers and no usage within nixpkgs"; # Added 2022-05-10 318 319 curaByDagoma = throw "curaByDagoma has been removed from nixpkgs, because it was unmaintained and dependent on python2 packages"; # Added 2022-01-12 319 320 curaLulzbot = throw "curaLulzbot has been removed due to insufficient upstream support for a modern dependency chain"; # Added 2021-10-23

+2 -1

pkgs/top-level/all-packages.nix

··· 6215 6215 6216 6216 curlWithGnuTls = curl.override { gnutlsSupport = true; opensslSupport = false; }; 6217 6217 6218 6218 - curl-impersonate-bin = callPackage ../tools/networking/curl-impersonate { }; 6218 6218 + curl-impersonate = darwin.apple_sdk_11_0.callPackage ../tools/networking/curl-impersonate { }; 6219 6219 + inherit (curl-impersonate) curl-impersonate-ff curl-impersonate-chrome; 6219 6220 6220 6221 curlie = callPackage ../tools/networking/curlie { }; 6221 6222