pkgs/by-name/sh/shh/package.nix at python-updates

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / by-name / sh / shh / package.nix
at python-updates 110 lines 2.5 kB view raw
wrap content
  1{
  2  lib,
  3  rustPlatform,
  4  fetchFromGitHub,
  5  nix-update-script,
  6  installShellFiles,
  7  python3,
  8  strace,
  9  systemd,
 10  iproute2,
 11  stdenv,
 12  enableDocumentationFeature ? true,
 13  enableDocumentationGeneration ? true,
 14}:
 15let
 16  isNativeDocgen =
 17    (stdenv.buildPlatform.canExecute stdenv.hostPlatform) && enableDocumentationFeature;
 18in
 19rustPlatform.buildRustPackage (finalAttrs: {
 20  pname = "shh";
 21  version = "2025.11.3";
 22
 23  src = fetchFromGitHub {
 24    owner = "desbma";
 25    repo = "shh";
 26    tag = "v${finalAttrs.version}";
 27    hash = "sha256-oXTrKUs6J3Us2m1hFbVa+G03q3oV3pqppQ+QfPXVrFA=";
 28  };
 29
 30  cargoHash = "sha256-GGu/oy4bfsnJNbquDeu9bDJWY9HEWS3hwsOj3nhcUNQ=";
 31
 32  patches = [
 33    ./fix_run_checks.patch
 34  ];
 35
 36  env = {
 37    SHH_STRACE_BIN_PATH = lib.getExe strace;
 38  };
 39
 40  buildFeatures = lib.optional enableDocumentationFeature "generate-extra";
 41
 42  checkFlags = [
 43    # no access to system modules in build env
 44    "--skip=run_ls_modules"
 45    # missing systemd daemon in build env
 46    "--skip=run_systemctl"
 47    # no raw socket cap in nix build
 48    "--skip=run_ping_4"
 49    "--skip=run_ping_6"
 50  ];
 51
 52  buildInputs = [
 53    strace
 54    systemd
 55  ];
 56
 57  nativeBuildInputs = [
 58    installShellFiles
 59    systemd
 60    strace
 61  ];
 62
 63  nativeCheckInputs = [
 64    python3
 65    iproute2
 66  ];
 67
 68  # todo elvish
 69  postInstall = lib.optionalString enableDocumentationGeneration ''
 70    mkdir -p target/{mangen,shellcomplete}
 71
 72    ${
 73      if isNativeDocgen then
 74        ''
 75          $out/bin/shh gen-man-pages target/mangen
 76          $out/bin/shh gen-shell-complete target/shellcomplete
 77        ''
 78      else
 79        ''
 80          unset SHH_STRACE_BIN_PATH
 81          cargo run --features generate-extra -- gen-man-pages target/mangen
 82          cargo run --features generate-extra -- gen-shell-complete target/shellcomplete
 83        ''
 84    }
 85
 86    installManPage target/mangen/*
 87
 88    installShellCompletion --cmd ${finalAttrs.pname} \
 89      target/shellcomplete/${finalAttrs.pname}.{bash,fish} \
 90      --zsh target/shellcomplete/_${finalAttrs.pname}
 91  '';
 92
 93  # RUST_BACKTRACE = 1;
 94
 95  passthru.updateScript = nix-update-script { };
 96
 97  meta = {
 98    description = "Automatic systemd service hardening guided by strace profiling";
 99    homepage = "https://github.com/desbma/shh";
100    license = lib.licenses.gpl3Only;
101    platforms = lib.platforms.linux;
102    changelog = "https://github.com/desbma/shh/blob/v${finalAttrs.version}/CHANGELOG.md";
103    mainProgram = "shh";
104    maintainers = with lib.maintainers; [
105      erdnaxe
106      kuflierl
107      jk
108    ];
109  };
110})