pkgs/by-name/ec/ecryptfs/package.nix at devShellTools-shell

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / by-name / ec / ecryptfs / package.nix
at devShellTools-shell 107 lines 2.9 kB view raw
wrap content
  1{
  2  lib,
  3  stdenv,
  4  fetchurl,
  5  pkg-config,
  6  perl,
  7  util-linux,
  8  keyutils,
  9  nss,
 10  nspr,
 11  python2,
 12  pam,
 13  enablePython ? false,
 14  intltool,
 15  makeWrapper,
 16  coreutils,
 17  bash,
 18  gettext,
 19  cryptsetup,
 20  lvm2,
 21  rsync,
 22  which,
 23  lsof,
 24  nixosTests,
 25}:
 26
 27stdenv.mkDerivation rec {
 28  pname = "ecryptfs";
 29  version = "111";
 30
 31  src = fetchurl {
 32    url = "https://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz";
 33    sha256 = "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i";
 34  };
 35
 36  # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir;
 37  wrapperDir = "/run/wrappers/bin";
 38
 39  postPatch = ''
 40    FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)"
 41    for file in $FILES; do
 42      substituteInPlace "$file" \
 43        --replace /bin/mount ${util-linux}/bin/mount \
 44        --replace /bin/umount ${util-linux}/bin/umount \
 45        --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \
 46        --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \
 47        --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \
 48        --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \
 49        --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \
 50        --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \
 51        --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \
 52        --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \
 53        --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \
 54        --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \
 55        --replace /bin/bash ${bash}/bin/bash
 56    done
 57  '';
 58
 59  configureFlags = [ " --disable-openssl" ] ++ lib.optionals (!enablePython) [ "--disable-pywrap" ];
 60
 61  nativeBuildInputs = [
 62    pkg-config
 63    makeWrapper
 64    intltool
 65  ]
 66  # if python2 support is requested, it is needed at builtime as well as runtime.
 67  ++ lib.optionals (enablePython) [ python2 ];
 68  buildInputs = [
 69    perl
 70    nss
 71    nspr
 72    pam
 73  ]
 74  ++ lib.optionals (enablePython) [ python2 ];
 75  propagatedBuildInputs = [
 76    coreutils
 77    gettext
 78    cryptsetup
 79    lvm2
 80    rsync
 81    keyutils
 82    which
 83  ];
 84
 85  postInstall = ''
 86    FILES="$(grep -r '/bin/sh' $out/bin -l)"
 87    for file in $FILES; do
 88      wrapProgram $file \
 89        --prefix PATH ":" "${coreutils}/bin" \
 90        --prefix PATH ":" "${gettext}/bin" \
 91        --prefix PATH ":" "${rsync}/bin" \
 92        --prefix PATH ":" "${keyutils}/bin" \
 93        --prefix PATH ":" "${which}/bin" \
 94        --prefix PATH ":" "${lsof}/bin" \
 95        --prefix PATH ":" "$out/bin"
 96    done
 97  '';
 98
 99  passthru.tests = { inherit (nixosTests) ecryptfs; };
100
101  meta = with lib; {
102    description = "Enterprise-class stacked cryptographic filesystem";
103    license = licenses.gpl2Plus;
104    maintainers = with maintainers; [ obadz ];
105    platforms = platforms.linux;
106  };
107}