tjh.dev
1{
2 lib,
3 stdenv,
4 replaceVars,
5 git,
6 fetchFromGitLab,
7 buildGoModule,
8 wrapQtAppsHook,
9 python3,
10 python3Packages,
11 pkg-config,
12 openvpn,
13 cmake,
14 qmake,
15 which,
16 iproute2,
17 iptables,
18 procps,
19 qtbase,
20 qtdeclarative,
21 qtsvg,
22 qttools,
23 qtwayland,
24 provider ? "riseup",
25}:
26let
27 version = "0.24.8";
28
29 src = fetchFromGitLab {
30 domain = "0xacab.org";
31 owner = "leap";
32 repo = "bitmask-vpn";
33 rev = "8b3ac473f64b6de0262fbf945ff25af8029134f1";
34 leaveDotGit = true;
35 sha256 = "sha256-XUgCVHnTLZXFU+r0s1yuYryWNBJRgQrFlf3g1iRrLWs=";
36 };
37
38 # bitmask-root is only used on GNU/Linux
39 # and may one day be replaced by pkg/helper
40 bitmask-root = stdenv.mkDerivation {
41 inherit src version;
42 sourceRoot = "${src.name}/helpers";
43 pname = "bitmask-root";
44 nativeBuildInputs = [ python3Packages.wrapPython ];
45 postPatch = ''
46 substituteInPlace bitmask-root \
47 --replace 'swhich("ip")' '"${iproute2}/bin/ip"' \
48 --replace 'swhich("iptables")' '"${iptables}/bin/iptables"' \
49 --replace 'swhich("ip6tables")' '"${iptables}/bin/ip6tables"' \
50 --replace 'swhich("sysctl")' '"${procps}/bin/sysctl"' \
51 --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
52 substituteInPlace se.leap.bitmask.policy \
53 --replace /usr/sbin/bitmask-root $out/bin/bitmask-root
54 '';
55 installPhase = ''
56 runHook preInstall
57
58 install -m 755 -D -t $out/bin bitmask-root
59 install -m 444 -D -t $out/share/polkit-1/actions se.leap.bitmask.policy
60 wrapPythonPrograms
61
62 runHook postInstall
63 '';
64 };
65in
66
67buildGoModule rec {
68 inherit src version;
69 pname = "${provider}-vpn";
70 vendorHash = null;
71
72 patches = [
73 # This patch fixes the paths in the build script generated by qmake
74 # to use the correct paths for qmlcachegen and lrelease
75 (replaceVars ./fix_paths.patch {
76 inherit qtbase qtdeclarative qttools;
77 })
78
79 # Don't build the debug version
80 ./build_release.patch
81 ];
82
83 postPatch = ''
84 substituteInPlace pkg/pickle/helpers.go \
85 --replace /usr/share $out/share
86
87 # Using $PROVIDER is not working,
88 # thus replacing directly into the vendor.conf
89 substituteInPlace providers/vendor.conf \
90 --replace "provider = bitmask" "provider = ${provider}"
91
92 substituteInPlace branding/templates/debian/app.desktop-template \
93 --replace "Icon=icon" "Icon=${pname}"
94
95 patchShebangs gui/build.sh
96 wrapPythonProgramsIn branding/scripts
97 ''
98 + lib.optionalString stdenv.hostPlatform.isLinux ''
99 substituteInPlace pkg/helper/linux.go \
100 --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
101 substituteInPlace pkg/launcher/launcher_linux.go \
102 --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn \
103 --replace /usr/sbin/bitmask-root ${bitmask-root}/bin/bitmask-root \
104 --replace /usr/bin/lxpolkit /run/wrappers/bin/polkit-agent-helper-1 \
105 --replace '"polkit-gnome-authentication-agent-1",' '"polkit-gnome-authentication-agent-1","polkitd",'
106 '';
107
108 nativeBuildInputs = [
109 cmake
110 git
111 pkg-config
112 python3
113 python3Packages.wrapPython
114 which
115 wrapQtAppsHook
116 qmake
117 qttools
118 qtsvg
119 ];
120
121 buildInputs = [
122 qtbase
123 qtdeclarative
124 qtsvg
125 ]
126 ++ lib.optionals stdenv.hostPlatform.isLinux [ qtwayland ];
127
128 # FIXME: building on Darwin currently fails
129 # due to missing debug symbols for Qt,
130 # this should be fixable once darwin.apple_sdk >= 10.13
131 # See https://bugreports.qt.io/browse/QTBUG-76777
132
133 # Not using buildGoModule's buildPhase:
134 # gui/build.sh will build Go modules into lib/libgoshim.a
135 buildPhase = ''
136 runHook preBuild
137
138 make vendor
139
140 # TODO: this is a hack that copies the qrc file that should by built by qmlcachegen
141 # qmlcachegen is in qtdeclarative/libexec, but qmake is in qtbase/bin
142 # but qmake searches for qmlcachegen in qtbase/libexec which leads to the error
143 mkdir -p build/qt
144 cp ${./gui_gui_qmlcache.qrc} build/qt/gui_gui_qmlcache.qrc
145
146 make build
147
148 runHook postBuild
149 '';
150
151 postInstall = ''
152 install -m 755 -D -t $out/bin build/qt/release/${pname}
153
154 VERSION=${version} VENDOR_PATH=providers branding/scripts/generate-debian branding/templates/debian/data.json
155 (cd branding/templates/debian && ${python3Packages.python}/bin/python3 generate.py)
156 install -m 444 -D branding/templates/debian/app.desktop $out/share/applications/${pname}.desktop
157 install -m 444 -D providers/${provider}/assets/icon.svg $out/share/icons/hicolor/scalable/apps/${pname}.svg
158 ''
159 + lib.optionalString stdenv.hostPlatform.isLinux ''
160 install -m 444 -D -t $out/share/polkit-1/actions ${bitmask-root}/share/polkit-1/actions/se.leap.bitmask.policy
161 '';
162
163 # Some tests need access to the Internet:
164 # Post "https://api.black.riseup.net/3/cert": dial tcp: lookup api.black.riseup.net on [::1]:53: read udp [::1]:56553->[::1]:53: read: connection refused
165 doCheck = false;
166
167 passthru = { inherit bitmask-root; };
168
169 meta = {
170 description = "Generic VPN client by LEAP";
171 longDescription = ''
172 Bitmask, by LEAP (LEAP Encryption Access Project),
173 is an application to provide easy and secure encrypted communication
174 with a VPN (Virtual Private Network). It allows you to select from
175 a variety of trusted service provider all from one app.
176 Current providers include Riseup Networks
177 and The Calyx Institute, where the former is default.
178 The <literal>${pname}</literal> executable should appear
179 in your desktop manager's XDG menu or could be launch in a terminal
180 to get an execution log. A new icon should then appear in your systray
181 to control the VPN and configure some options.
182 '';
183 homepage = "https://bitmask.net";
184 license = lib.licenses.gpl3Plus;
185 maintainers = with lib.maintainers; [ julm ];
186 # darwin requires apple_sdk >= 10.13
187 platforms = lib.platforms.linux;
188 };
189}