tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{ lib
2, stdenv
3, pname
4, version
5, src
6, meta
7, makeShellWrapper
8, wrapGAppsHook
9, alsa-lib
10, at-spi2-atk
11, at-spi2-core
12, atk
13, cairo
14, cups
15, dbus
16, expat
17, gdk-pixbuf
18, glib
19, gtk3
20, libX11
21, libXcomposite
22, libXdamage
23, libXext
24, libXfixes
25, libXrandr
26, libdrm
27, libxcb
28, libxkbcommon
29, libxshmfence
30, libGL
31, libappindicator-gtk3
32, mesa
33, nspr
34, nss
35, pango
36, systemd
37, udev
38, xdg-utils
39
40 # The 1Password polkit file requires a list of users for whom polkit
41 # integrations should be enabled. This should be a list of strings that
42 # correspond to usernames.
43, polkitPolicyOwners ? []
44}:
45let
46 # Convert the polkitPolicyOwners variable to a polkit-compatible string for the polkit file.
47 policyOwners = lib.concatStringsSep " " (map (user: "unix-user:${user}") polkitPolicyOwners);
48
49in stdenv.mkDerivation {
50 inherit pname version src meta;
51
52 nativeBuildInputs = [ makeShellWrapper wrapGAppsHook ];
53 buildInputs = [ glib ];
54
55 dontConfigure = true;
56 dontBuild = true;
57 dontPatchELF = true;
58 dontWrapGApps = true;
59
60 installPhase =
61 let rpath = lib.makeLibraryPath [
62 alsa-lib
63 at-spi2-atk
64 at-spi2-core
65 atk
66 cairo
67 cups
68 dbus
69 expat
70 gdk-pixbuf
71 glib
72 gtk3
73 libX11
74 libXcomposite
75 libXdamage
76 libXext
77 libXfixes
78 libXrandr
79 libdrm
80 libxcb
81 libxkbcommon
82 libxshmfence
83 libGL
84 libappindicator-gtk3
85 mesa
86 nspr
87 nss
88 pango
89 systemd
90 ] + ":${stdenv.cc.cc.lib}/lib64";
91 in ''
92 runHook preInstall
93
94 mkdir -p $out/bin $out/share/1password
95 cp -a * $out/share/1password
96
97 # Desktop file
98 install -Dt $out/share/applications resources/${pname}.desktop
99 substituteInPlace $out/share/applications/${pname}.desktop \
100 --replace 'Exec=/opt/1Password/${pname}' 'Exec=${pname}'
101
102 '' + (lib.optionalString (polkitPolicyOwners != [ ])
103 ''
104 # Polkit file
105 mkdir -p $out/share/polkit-1/actions
106 substitute com.1password.1Password.policy.tpl $out/share/polkit-1/actions/com.1password.1Password.policy --replace "\''${POLICY_OWNERS}" "${policyOwners}"
107 '') + ''
108
109 # Icons
110 cp -a resources/icons $out/share
111
112 interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
113 patchelf --set-interpreter $interp $out/share/1password/{1password,1Password-BrowserSupport,1Password-HIDHelper,1Password-KeyringHelper,1Password-LastPass-Exporter,op-ssh-sign}
114 patchelf --set-rpath ${rpath}:$out/share/1password $out/share/1password/{1password,1Password-BrowserSupport,1Password-HIDHelper,1Password-KeyringHelper,1Password-LastPass-Exporter,op-ssh-sign}
115 for file in $(find $out -type f -name \*.so\* ); do
116 patchelf --set-rpath ${rpath}:$out/share/1password $file
117 done
118
119 ln -s $out/share/1password/op-ssh-sign $out/bin/op-ssh-sign
120
121 runHook postInstall
122 '';
123
124 preFixup = ''
125 # makeWrapper defaults to makeBinaryWrapper due to wrapGAppsHook
126 # but we need a shell wrapper specifically for `NIXOS_OZONE_WL`.
127 # Electron is trying to open udev via dlopen()
128 # and for some reason that doesn't seem to be impacted from the rpath.
129 # Adding udev to LD_LIBRARY_PATH fixes that.
130 # Make xdg-open overrideable at runtime.
131 makeShellWrapper $out/share/1password/1password $out/bin/1password \
132 "''${gappsWrapperArgs[@]}" \
133 --suffix PATH : ${lib.makeBinPath [ xdg-utils ]} \
134 --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ udev ]} \
135 --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}"
136 '';
137}