pkgs/tools/security/pass/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / pass / default.nix
at netboot-syslinux-multiplatform 170 lines 5.2 kB view raw
  1{ stdenv, lib, pkgs, fetchurl, buildEnv
  2, coreutils, findutils, gnugrep, gnused, getopt, git, tree, gnupg, openssl
  3, which, openssh, procps, qrencode, makeWrapper, pass, symlinkJoin
  4
  5, xclip ? null, xdotool ? null, dmenu ? null
  6, x11Support ? !stdenv.isDarwin , dmenuSupport ? (x11Support || waylandSupport)
  7, waylandSupport ? false, wl-clipboard ? null
  8, ydotool ? null, dmenu-wayland ? null
  9
 10# For backwards-compatibility
 11, tombPluginSupport ? false
 12}:
 13
 14assert x11Support -> xclip != null;
 15assert waylandSupport -> wl-clipboard != null;
 16
 17assert dmenuSupport -> x11Support || waylandSupport;
 18assert dmenuSupport && x11Support
 19  -> dmenu != null && xdotool != null;
 20assert dmenuSupport && waylandSupport
 21  -> dmenu-wayland != null && ydotool != null;
 22
 23
 24let
 25  passExtensions = import ./extensions { inherit pkgs; };
 26
 27  env = extensions:
 28    let
 29      selected = [ pass ] ++ extensions passExtensions
 30        ++ lib.optional tombPluginSupport passExtensions.tomb;
 31    in buildEnv {
 32      # lib.getExe looks for name, so we keep it the same as mainProgram
 33      name = "pass";
 34      paths = selected;
 35      nativeBuildInputs = [ makeWrapper ];
 36      buildInputs = lib.concatMap (x: x.buildInputs) selected;
 37
 38      postBuild = ''
 39        files=$(find $out/bin/ -type f -exec readlink -f {} \;)
 40        if [ -L $out/bin ]; then
 41          rm $out/bin
 42          mkdir $out/bin
 43        fi
 44
 45        for i in $files; do
 46          if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then
 47            ln -sf $i $out/bin/$(basename $i)
 48          fi
 49        done
 50
 51        wrapProgram $out/bin/pass \
 52          --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions"
 53      '';
 54    };
 55in
 56
 57stdenv.mkDerivation rec {
 58  version = "1.7.4";
 59  pname = "password-store";
 60
 61  src = fetchurl {
 62    url    = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
 63    sha256 = "1h4k6w7g8pr169p5w9n6mkdhxl3pw51zphx7www6pvgjb7vgmafg";
 64  };
 65
 66  patches = [
 67    ./set-correct-program-name-for-sleep.patch
 68    ./extension-dir.patch
 69  ] ++ lib.optional stdenv.isDarwin ./no-darwin-getopt.patch;
 70
 71  nativeBuildInputs = [ makeWrapper ];
 72
 73  installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
 74
 75  postInstall = ''
 76    # Install Emacs Mode. NOTE: We can't install the necessary
 77    # dependencies (s.el) here. The user has to do this themselves.
 78    mkdir -p "$out/share/emacs/site-lisp"
 79    cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
 80  '' + lib.optionalString dmenuSupport ''
 81    cp "contrib/dmenu/passmenu" "$out/bin/"
 82  '';
 83
 84  wrapperPath = with lib; makeBinPath ([
 85    coreutils
 86    findutils
 87    getopt
 88    git
 89    gnugrep
 90    gnupg
 91    gnused
 92    tree
 93    which
 94    openssh
 95    procps
 96    qrencode
 97  ] ++ optional stdenv.isDarwin openssl
 98    ++ optional x11Support xclip
 99    ++ optional waylandSupport wl-clipboard
100    ++ optionals (waylandSupport && dmenuSupport) [ ydotool dmenu-wayland ]
101    ++ optionals (x11Support && dmenuSupport) [ xdotool dmenu ]
102  );
103
104  postFixup = ''
105    # Fix program name in --help
106    substituteInPlace $out/bin/pass \
107      --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
108
109    # Ensure all dependencies are in PATH
110    wrapProgram $out/bin/pass \
111      --prefix PATH : "${wrapperPath}"
112  '' + lib.optionalString dmenuSupport ''
113    # We just wrap passmenu with the same PATH as pass. It doesn't
114    # need all the tools in there but it doesn't hurt either.
115    wrapProgram $out/bin/passmenu \
116      --prefix PATH : "$out/bin:${wrapperPath}"
117  '';
118
119  # Turn "check" into "installcheck", since we want to test our pass,
120  # not the one before the fixup.
121  postPatch = ''
122    patchShebangs tests
123
124    substituteInPlace src/password-store.sh \
125      --replace "@out@" "$out"
126
127    # the turning
128    sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
129           -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
130           -e '/which gpg/ d' \
131      tests/setup.sh
132  '' + lib.optionalString stdenv.isDarwin ''
133    # 'pass edit' uses hdid, which is not available from the sandbox.
134    rm -f tests/t0200-edit-tests.sh
135    rm -f tests/t0010-generate-tests.sh
136    rm -f tests/t0020-show-tests.sh
137    rm -f tests/t0050-mv-tests.sh
138    rm -f tests/t0100-insert-tests.sh
139    rm -f tests/t0300-reencryption.sh
140    rm -f tests/t0400-grep.sh
141  '';
142
143  doCheck = false;
144
145  doInstallCheck = true;
146  nativeInstallCheckInputs = [ git ];
147  installCheckTarget = "test";
148
149  passthru = {
150    extensions = passExtensions;
151    withExtensions = env;
152  };
153
154  meta = with lib; {
155    description = "Stores, retrieves, generates, and synchronizes passwords securely";
156    homepage    = "https://www.passwordstore.org/";
157    license     = licenses.gpl2Plus;
158    mainProgram = "pass";
159    maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ];
160    platforms   = platforms.unix;
161
162    longDescription = ''
163      pass is a very simple password store that keeps passwords inside gpg2
164      encrypted files inside a simple directory tree residing at
165      ~/.password-store. The pass utility provides a series of commands for
166      manipulating the password store, allowing the user to add, remove, edit,
167      synchronize, generate, and manipulate passwords.
168    '';
169  };
170}