pkgs/tools/security/pass/default.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / pass / default.nix
at devShellTools-shell 214 lines 5.2 kB view raw
  1{
  2  stdenv,
  3  lib,
  4  pkgs,
  5  fetchurl,
  6  bash,
  7  buildEnv,
  8  coreutils,
  9  findutils,
 10  gnugrep,
 11  gnused,
 12  getopt,
 13  git,
 14  tree,
 15  gnupg,
 16  openssl,
 17  which,
 18  openssh,
 19  procps,
 20  qrencode,
 21  makeWrapper,
 22  pass,
 23
 24  xclip ? null,
 25  xdotool ? null,
 26  dmenu ? null,
 27  x11Support ? !stdenv.hostPlatform.isDarwin,
 28  dmenuSupport ? (x11Support || waylandSupport),
 29  waylandSupport ? false,
 30  wl-clipboard ? null,
 31  ydotool ? null,
 32  dmenu-wayland ? null,
 33
 34  # For backwards-compatibility
 35  tombPluginSupport ? false,
 36}:
 37
 38assert x11Support -> xclip != null;
 39assert waylandSupport -> wl-clipboard != null;
 40
 41assert dmenuSupport -> x11Support || waylandSupport;
 42assert dmenuSupport && x11Support -> dmenu != null && xdotool != null;
 43assert dmenuSupport && waylandSupport -> dmenu-wayland != null && ydotool != null;
 44
 45let
 46  passExtensions = import ./extensions { inherit pkgs; };
 47
 48  env =
 49    extensions:
 50    let
 51      selected = [
 52        pass
 53      ]
 54      ++ extensions passExtensions
 55      ++ lib.optional tombPluginSupport passExtensions.tomb;
 56    in
 57    buildEnv {
 58      name = "pass-env";
 59      paths = selected;
 60      nativeBuildInputs = [ makeWrapper ];
 61      buildInputs = lib.concatMap (x: x.buildInputs) selected;
 62
 63      postBuild = ''
 64        files=$(find $out/bin/ -type f -exec readlink -f {} \;)
 65        if [ -L $out/bin ]; then
 66          rm $out/bin
 67          mkdir $out/bin
 68        fi
 69
 70        for i in $files; do
 71          if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then
 72            ln -sf $i $out/bin/$(basename $i)
 73          fi
 74        done
 75
 76        wrapProgram $out/bin/pass \
 77          --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions"
 78      '';
 79      meta.mainProgram = "pass";
 80    };
 81in
 82
 83stdenv.mkDerivation rec {
 84  version = "1.7.4";
 85  pname = "password-store";
 86
 87  src = fetchurl {
 88    url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
 89    sha256 = "1h4k6w7g8pr169p5w9n6mkdhxl3pw51zphx7www6pvgjb7vgmafg";
 90  };
 91
 92  patches = [
 93    ./set-correct-program-name-for-sleep.patch
 94    ./extension-dir.patch
 95  ]
 96  ++ lib.optional stdenv.hostPlatform.isDarwin ./no-darwin-getopt.patch;
 97
 98  nativeBuildInputs = [ makeWrapper ];
 99
100  buildInputs = [ bash ];
101
102  installFlags = [
103    "PREFIX=$(out)"
104    "WITH_ALLCOMP=yes"
105  ];
106
107  postInstall = lib.optionalString dmenuSupport ''
108    cp "contrib/dmenu/passmenu" "$out/bin/"
109  '';
110
111  wrapperPath = lib.makeBinPath (
112    [
113      coreutils
114      findutils
115      getopt
116      git
117      gnugrep
118      gnupg
119      gnused
120      tree
121      which
122      openssh
123      procps
124      qrencode
125    ]
126    ++ lib.optional stdenv.hostPlatform.isDarwin openssl
127    ++ lib.optional x11Support xclip
128    ++ lib.optional waylandSupport wl-clipboard
129    ++ lib.optionals (waylandSupport && dmenuSupport) [
130      ydotool
131      dmenu-wayland
132    ]
133    ++ lib.optionals (x11Support && dmenuSupport) [
134      xdotool
135      dmenu
136    ]
137  );
138
139  postFixup = ''
140    # Fix program name in --help
141    substituteInPlace $out/bin/pass \
142      --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
143
144    # Ensure all dependencies are in PATH
145    wrapProgram $out/bin/pass \
146      --prefix PATH : "${wrapperPath}"
147  ''
148  + lib.optionalString dmenuSupport ''
149    # We just wrap passmenu with the same PATH as pass. It doesn't
150    # need all the tools in there but it doesn't hurt either.
151    wrapProgram $out/bin/passmenu \
152      --prefix PATH : "$out/bin:${wrapperPath}"
153  '';
154
155  # Turn "check" into "installcheck", since we want to test our pass,
156  # not the one before the fixup.
157  postPatch = ''
158    patchShebangs tests
159
160    substituteInPlace src/password-store.sh \
161      --replace "@out@" "$out"
162
163    # the turning
164    sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
165           -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
166           -e '/which gpg/ d' \
167      tests/setup.sh
168  ''
169  + lib.optionalString stdenv.hostPlatform.isDarwin ''
170    # 'pass edit' uses hdid, which is not available from the sandbox.
171    rm -f tests/t0200-edit-tests.sh
172    rm -f tests/t0010-generate-tests.sh
173    rm -f tests/t0020-show-tests.sh
174    rm -f tests/t0050-mv-tests.sh
175    rm -f tests/t0100-insert-tests.sh
176    rm -f tests/t0300-reencryption.sh
177    rm -f tests/t0400-grep.sh
178  '';
179
180  doCheck = false;
181
182  doInstallCheck = true;
183  nativeInstallCheckInputs = [ git ];
184  installCheckTarget = "test";
185
186  passthru = {
187    extensions = passExtensions;
188    withExtensions = env;
189  };
190
191  meta = with lib; {
192    description = "Stores, retrieves, generates, and synchronizes passwords securely";
193    homepage = "https://www.passwordstore.org/";
194    license = licenses.gpl2Plus;
195    mainProgram = "pass";
196    maintainers = with maintainers; [
197      lovek323
198      fpletz
199      tadfisher
200      globin
201      ma27
202      ryan4yin
203    ];
204    platforms = platforms.unix;
205
206    longDescription = ''
207      pass is a very simple password store that keeps passwords inside gpg2
208      encrypted files inside a simple directory tree residing at
209      ~/.password-store. The pass utility provides a series of commands for
210      manipulating the password store, allowing the user to add, remove, edit,
211      synchronize, generate, and manipulate passwords.
212    '';
213  };
214}