pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / build-support / replace-secret / replace-secret.nix
at c36498cc75206008b5666e6340999f4da4597c2f 1.3 kB view raw
1{ 2 stdenv, 3 lib, 4 python3, 5}: 6 7stdenv.mkDerivation { 8 name = "replace-secret"; 9 buildInputs = [ python3 ]; 10 dontUnpack = true; 11 installPhase = '' 12 runHook preInstall 13 install -D ${./replace-secret.py} $out/bin/replace-secret 14 patchShebangs $out 15 runHook postInstall 16 ''; 17 installCheckPhase = '' 18 install -m 0600 ${./test/input_file} long_test 19 $out/bin/replace-secret "replace this" ${./test/passwd} long_test 20 $out/bin/replace-secret "and this" ${./test/rsa} long_test 21 diff ${./test/expected_long_output} long_test 22 23 install -m 0600 ${./test/input_file} short_test 24 $out/bin/replace-secret "replace this" <(echo "a") short_test 25 $out/bin/replace-secret "and this" <(echo "b") short_test 26 diff ${./test/expected_short_output} short_test 27 ''; 28 meta = with lib; { 29 platforms = platforms.all; 30 maintainers = with maintainers; [ talyz ]; 31 license = licenses.mit; 32 description = "Replace a string in one file with a secret from a second file"; 33 longDescription = '' 34 Replace a string in one file with a secret from a second file. 35 36 Since the secret is read from a file, it won't be leaked through 37 '/proc/<pid>/cmdline', unlike when 'sed' or 'replace' is used. 38 ''; 39 mainProgram = "replace-secret"; 40 }; 41}