pkgs/tools/security/pinentry/mac.nix at devShellTools-shell

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / tools / security / pinentry / mac.nix
at devShellTools-shell 108 lines 2.8 kB view raw
wrap content
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  autoreconfHook,
  6  libassuan,
  7  libgpg-error,
  8  makeBinaryWrapper,
  9  texinfo,
 10  common-updater-scripts,
 11  writers,
 12}:
 13
 14stdenv.mkDerivation rec {
 15  pname = "pinentry-mac";
 16
 17  # NOTE: Don't update manually. Use passthru.updateScript on a Mac with XCode
 18  # installed.
 19  version = "1.1.1.1";
 20
 21  src = fetchFromGitHub {
 22    owner = "GPGTools";
 23    repo = "pinentry";
 24    rev = "v${version}";
 25    sha256 = "sha256-QnDuqFrI/U7aZ5WcOCp5vLE+w59LVvDGOFNQy9fSy70=";
 26  };
 27
 28  patches = [
 29    ./gettext-0.25.patch
 30  ];
 31
 32  # use pregenerated nib files because generating them requires XCode
 33  postPatch = ''
 34    cp -r ${./mac/Main.nib} macosx/Main.nib
 35    cp -r ${./mac/Pinentry.nib} macosx/Pinentry.nib
 36    chmod -R u+w macosx/*.nib
 37    # pinentry_mac requires updated macros to correctly detect v2 API support in libassuan 3.x.
 38    cp '${lib.getDev libassuan}/share/aclocal/libassuan.m4' m4/libassuan.m4
 39  '';
 40
 41  # Unfortunately, PlistBuddy from xcbuild is not compatible enough pinentry-mac’s build process.
 42  sandboxProfile = ''
 43    (allow process-exec (literal "/usr/libexec/PlistBuddy"))
 44  '';
 45
 46  strictDeps = true;
 47  nativeBuildInputs = [
 48    autoreconfHook
 49    makeBinaryWrapper
 50    texinfo
 51  ];
 52
 53  configureFlags = [
 54    "--enable-maintainer-mode"
 55    "--disable-ncurses"
 56    "--with-libgpg-error-prefix=${libgpg-error.dev}"
 57    "--with-libassuan-prefix=${libassuan.dev}"
 58  ];
 59
 60  installPhase = ''
 61    mkdir -p $out/Applications $out/bin
 62    mv macosx/pinentry-mac.app $out/Applications
 63
 64    # Compatibility with `lib.getExe`
 65    makeWrapper $out/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac $out/bin/pinentry-mac
 66  '';
 67
 68  enableParallelBuilding = true;
 69
 70  passthru = {
 71    binaryPath = "Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac";
 72    updateScript = writers.writeBash "update-pinentry-mac" ''
 73      set -euxo pipefail
 74
 75      main() {
 76        tag="$(queryLatestTag)"
 77        ver="$(expr "$tag" : 'v\(.*\)')"
 78
 79        ${common-updater-scripts}/bin/update-source-version pinentry_mac "$ver"
 80
 81        cd ${lib.escapeShellArg ./.}
 82        rm -rf mac
 83        mkdir mac
 84
 85        srcDir="$(nix-build ../../../.. --no-out-link -A pinentry_mac.src)"
 86        for path in "$srcDir"/macosx/*.xib; do
 87          filename="''${path##*/}"
 88          /usr/bin/ibtool --compile "mac/''${filename%.*}.nib" "$path"
 89        done
 90      }
 91
 92      queryLatestTag() {
 93        curl -sS https://api.github.com/repos/GPGTools/pinentry/tags \
 94          | jq -r '.[] | .name' | sort --version-sort | tail -1
 95      }
 96
 97      main
 98    '';
 99  };
100
101  meta = {
102    description = "Pinentry for GPG on Mac";
103    license = lib.licenses.gpl2Plus;
104    homepage = "https://github.com/GPGTools/pinentry";
105    platforms = lib.platforms.darwin;
106    mainProgram = "pinentry-mac";
107  };
108}