pkgs/tools/security/pass/default.nix at flake-libs

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / tools / security / pass / default.nix
at flake-libs 211 lines 5.2 kB view raw
wrap content
  1{
  2  stdenv,
  3  lib,
  4  pkgs,
  5  fetchurl,
  6  bash,
  7  buildEnv,
  8  coreutils,
  9  findutils,
 10  gnugrep,
 11  gnused,
 12  getopt,
 13  git,
 14  tree,
 15  gnupg,
 16  openssl,
 17  which,
 18  openssh,
 19  procps,
 20  qrencode,
 21  makeWrapper,
 22  pass,
 23
 24  xclip ? null,
 25  xdotool ? null,
 26  dmenu ? null,
 27  x11Support ? !stdenv.hostPlatform.isDarwin,
 28  dmenuSupport ? (x11Support || waylandSupport),
 29  waylandSupport ? false,
 30  wl-clipboard ? null,
 31  ydotool ? null,
 32  dmenu-wayland ? null,
 33
 34  # For backwards-compatibility
 35  tombPluginSupport ? false,
 36}:
 37
 38assert x11Support -> xclip != null;
 39assert waylandSupport -> wl-clipboard != null;
 40
 41assert dmenuSupport -> x11Support || waylandSupport;
 42assert dmenuSupport && x11Support -> dmenu != null && xdotool != null;
 43assert dmenuSupport && waylandSupport -> dmenu-wayland != null && ydotool != null;
 44
 45let
 46  passExtensions = import ./extensions { inherit pkgs; };
 47
 48  env =
 49    extensions:
 50    let
 51      selected =
 52        [ pass ] ++ extensions passExtensions ++ lib.optional tombPluginSupport passExtensions.tomb;
 53    in
 54    buildEnv {
 55      name = "pass-env";
 56      paths = selected;
 57      nativeBuildInputs = [ makeWrapper ];
 58      buildInputs = lib.concatMap (x: x.buildInputs) selected;
 59
 60      postBuild = ''
 61        files=$(find $out/bin/ -type f -exec readlink -f {} \;)
 62        if [ -L $out/bin ]; then
 63          rm $out/bin
 64          mkdir $out/bin
 65        fi
 66
 67        for i in $files; do
 68          if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then
 69            ln -sf $i $out/bin/$(basename $i)
 70          fi
 71        done
 72
 73        wrapProgram $out/bin/pass \
 74          --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions"
 75      '';
 76      meta.mainProgram = "pass";
 77    };
 78in
 79
 80stdenv.mkDerivation rec {
 81  version = "1.7.4";
 82  pname = "password-store";
 83
 84  src = fetchurl {
 85    url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
 86    sha256 = "1h4k6w7g8pr169p5w9n6mkdhxl3pw51zphx7www6pvgjb7vgmafg";
 87  };
 88
 89  patches = [
 90    ./set-correct-program-name-for-sleep.patch
 91    ./extension-dir.patch
 92  ] ++ lib.optional stdenv.hostPlatform.isDarwin ./no-darwin-getopt.patch;
 93
 94  nativeBuildInputs = [ makeWrapper ];
 95
 96  buildInputs = [ bash ];
 97
 98  installFlags = [
 99    "PREFIX=$(out)"
100    "WITH_ALLCOMP=yes"
101  ];
102
103  postInstall = lib.optionalString dmenuSupport ''
104    cp "contrib/dmenu/passmenu" "$out/bin/"
105  '';
106
107  wrapperPath = lib.makeBinPath (
108    [
109      coreutils
110      findutils
111      getopt
112      git
113      gnugrep
114      gnupg
115      gnused
116      tree
117      which
118      openssh
119      procps
120      qrencode
121    ]
122    ++ lib.optional stdenv.hostPlatform.isDarwin openssl
123    ++ lib.optional x11Support xclip
124    ++ lib.optional waylandSupport wl-clipboard
125    ++ lib.optionals (waylandSupport && dmenuSupport) [
126      ydotool
127      dmenu-wayland
128    ]
129    ++ lib.optionals (x11Support && dmenuSupport) [
130      xdotool
131      dmenu
132    ]
133  );
134
135  postFixup =
136    ''
137      # Fix program name in --help
138      substituteInPlace $out/bin/pass \
139        --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
140
141      # Ensure all dependencies are in PATH
142      wrapProgram $out/bin/pass \
143        --prefix PATH : "${wrapperPath}"
144    ''
145    + lib.optionalString dmenuSupport ''
146      # We just wrap passmenu with the same PATH as pass. It doesn't
147      # need all the tools in there but it doesn't hurt either.
148      wrapProgram $out/bin/passmenu \
149        --prefix PATH : "$out/bin:${wrapperPath}"
150    '';
151
152  # Turn "check" into "installcheck", since we want to test our pass,
153  # not the one before the fixup.
154  postPatch =
155    ''
156      patchShebangs tests
157
158      substituteInPlace src/password-store.sh \
159        --replace "@out@" "$out"
160
161      # the turning
162      sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
163             -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
164             -e '/which gpg/ d' \
165        tests/setup.sh
166    ''
167    + lib.optionalString stdenv.hostPlatform.isDarwin ''
168      # 'pass edit' uses hdid, which is not available from the sandbox.
169      rm -f tests/t0200-edit-tests.sh
170      rm -f tests/t0010-generate-tests.sh
171      rm -f tests/t0020-show-tests.sh
172      rm -f tests/t0050-mv-tests.sh
173      rm -f tests/t0100-insert-tests.sh
174      rm -f tests/t0300-reencryption.sh
175      rm -f tests/t0400-grep.sh
176    '';
177
178  doCheck = false;
179
180  doInstallCheck = true;
181  nativeInstallCheckInputs = [ git ];
182  installCheckTarget = "test";
183
184  passthru = {
185    extensions = passExtensions;
186    withExtensions = env;
187  };
188
189  meta = with lib; {
190    description = "Stores, retrieves, generates, and synchronizes passwords securely";
191    homepage = "https://www.passwordstore.org/";
192    license = licenses.gpl2Plus;
193    mainProgram = "pass";
194    maintainers = with maintainers; [
195      lovek323
196      fpletz
197      tadfisher
198      globin
199      ma27
200    ];
201    platforms = platforms.unix;
202
203    longDescription = ''
204      pass is a very simple password store that keeps passwords inside gpg2
205      encrypted files inside a simple directory tree residing at
206      ~/.password-store. The pass utility provides a series of commands for
207      manipulating the password store, allowing the user to add, remove, edit,
208      synchronize, generate, and manipulate passwords.
209    '';
210  };
211}