pkgs/tools/security/ecryptfs/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / ecryptfs / default.nix
at netboot-syslinux-multiplatform 67 lines 2.7 kB view raw
 1{ lib, stdenv, fetchurl, pkg-config, perl, util-linux, keyutils, nss, nspr, python2, pam, enablePython ? false
 2, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }:
 3
 4stdenv.mkDerivation rec {
 5  pname = "ecryptfs";
 6  version = "111";
 7
 8  src = fetchurl {
 9    url = "https://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz";
10    sha256 = "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i";
11  };
12
13  # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir;
14  wrapperDir = "/run/wrappers/bin";
15
16  postPatch = ''
17    FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)"
18    for file in $FILES; do
19      substituteInPlace "$file" \
20        --replace /bin/mount ${util-linux}/bin/mount \
21        --replace /bin/umount ${util-linux}/bin/umount \
22        --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \
23        --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \
24        --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \
25        --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \
26        --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \
27        --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \
28        --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \
29        --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \
30        --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \
31        --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \
32        --replace /bin/bash ${bash}/bin/bash
33    done
34  '';
35
36  configureFlags = lib.optionals (!enablePython) [ "--disable-pywrap" ];
37
38  nativeBuildInputs = [ pkg-config makeWrapper intltool ]
39  # if python2 support is requested, it is needed at builtime as well as runtime.
40  ++ lib.optionals (enablePython) [ python2 ]
41  ;
42  buildInputs = [ perl nss nspr pam ]
43  ++ lib.optionals (enablePython) [ python2 ]
44  ;
45  propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ];
46
47  postInstall = ''
48    FILES="$(grep -r '/bin/sh' $out/bin -l)"
49    for file in $FILES; do
50      wrapProgram $file \
51        --prefix PATH ":" "${coreutils}/bin" \
52        --prefix PATH ":" "${gettext}/bin" \
53        --prefix PATH ":" "${rsync}/bin" \
54        --prefix PATH ":" "${keyutils}/bin" \
55        --prefix PATH ":" "${which}/bin" \
56        --prefix PATH ":" "${lsof}/bin" \
57        --prefix PATH ":" "$out/bin"
58    done
59  '';
60
61  meta = with lib; {
62    description = "Enterprise-class stacked cryptographic filesystem";
63    license     = licenses.gpl2Plus;
64    maintainers = with maintainers; [ obadz ];
65    platforms   = platforms.linux;
66  };
67}