commit ed1ae485132d465bb94fc890add0e0fec9001a8b · pyrox.dev/nixpkgs

+100 -52
pkgs/tools/security/gnupg/24.nix
···

       1
       1
       -
       { lib, stdenv, fetchurl, buildPackages

     

       2
       2
       -
       , pkg-config, texinfo

     

       3
       3
       -
       , gettext, libassuan, libgcrypt, libgpg-error, libiconv, libksba, npth

     

       4
       4
       -
       , adns, bzip2, gnutls, libusb1, openldap, readline, sqlite, zlib

     

       5
       5
       -
       , enableMinimal ? false

     

       6
       6
       -
       , withPcsc ? !enableMinimal, pcsclite

     

       7
       7
       -
       , guiSupport ? stdenv.hostPlatform.isDarwin, pinentry

     

       8
       8
       -
       , withTpm2Tss ? !stdenv.hostPlatform.isDarwin && !enableMinimal, tpm2-tss

     

       9
       9
       -
       , nixosTests

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         stdenv,

     

       4
       4
       +
         fetchurl,

     

       5
       5
       +
         buildPackages,

     

       6
       6
       +
         pkg-config,

     

       7
       7
       +
         texinfo,

     

       8
       8
       +
         gettext,

     

       9
       9
       +
         libassuan,

     

       10
       10
       +
         libgcrypt,

     

       11
       11
       +
         libgpg-error,

     

       12
       12
       +
         libiconv,

     

       13
       13
       +
         libksba,

     

       14
       14
       +
         npth,

     

       15
       15
       +
         adns,

     

       16
       16
       +
         bzip2,

     

       17
       17
       +
         gnutls,

     

       18
       18
       +
         libusb1,

     

       19
       19
       +
         openldap,

     

       20
       20
       +
         readline,

     

       21
       21
       +
         sqlite,

     

       22
       22
       +
         zlib,

     

       23
       23
       +
         enableMinimal ? false,

     

       24
       24
       +
         withPcsc ? !enableMinimal,

     

       25
       25
       +
         pcsclite,

     

       26
       26
       +
         guiSupport ? stdenv.hostPlatform.isDarwin,

     

       27
       27
       +
         pinentry,

     

       28
       28
       +
         withTpm2Tss ? !stdenv.hostPlatform.isDarwin && !enableMinimal,

     

       29
       29
       +
         tpm2-tss,

     

       30
       30
       +
         nixosTests,

     

       10
       31
        
       }:

     

       11
       32
        
       

     

       12
       33
        
       assert guiSupport -> !enableMinimal;

     

       13
       34
        
       

     

       14
       35
        
       stdenv.mkDerivation rec {

     

       15
       36
        
         pname = "gnupg";

     

       16
       16
       -
         version = "2.4.5";

     

       37
       37
       +
         version = "2.4.7";

     

       17
       38
        
       

     

       18
       39
        
         src = fetchurl {

     

       19
       40
        
           url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";

     

       20
       20
       -
           hash = "sha256-9o99ddBssWNcM2002ESvl0NsP2TqFLy3yGl4L5b0Qnc=";

     

       41
       41
       +
           hash = "sha256-eyRwbk2n4OOwbKBoIxAnQB8jgQLEHJCWMTSdzDuF60Y=";

     

       21
       42
        
         };

     

       22
       43
        
       

     

       23
       44
        
         depsBuildBuild = [ buildPackages.stdenv.cc ];

     

       24
       24
       -
         nativeBuildInputs = [ pkg-config texinfo ];

     

       25
       25
       -
         buildInputs = [

     

       26
       26
       -
           gettext libassuan libgcrypt libgpg-error libiconv libksba npth

     

       27
       27
       -
         ] ++ lib.optionals (!enableMinimal) [

     

       28
       28
       -
           adns bzip2 gnutls libusb1 openldap readline sqlite zlib

     

       29
       29
       -
         ] ++ lib.optionals withTpm2Tss [ tpm2-tss ];

     

       45
       45
       +
         nativeBuildInputs = [

     

       46
       46
       +
           pkg-config

     

       47
       47
       +
           texinfo

     

       48
       48
       +
         ];

     

       49
       49
       +
         buildInputs =

     

       50
       50
       +
           [

     

       51
       51
       +
             gettext

     

       52
       52
       +
             libassuan

     

       53
       53
       +
             libgcrypt

     

       54
       54
       +
             libgpg-error

     

       55
       55
       +
             libiconv

     

       56
       56
       +
             libksba

     

       57
       57
       +
             npth

     

       58
       58
       +
           ]

     

       59
       59
       +
           ++ lib.optionals (!enableMinimal) [

     

       60
       60
       +
             adns

     

       61
       61
       +
             bzip2

     

       62
       62
       +
             gnutls

     

       63
       63
       +
             libusb1

     

       64
       64
       +
             openldap

     

       65
       65
       +
             readline

     

       66
       66
       +
             sqlite

     

       67
       67
       +
             zlib

     

       68
       68
       +
           ]

     

       69
       69
       +
           ++ lib.optionals withTpm2Tss [ tpm2-tss ];

     

       30
       70
        
       

     

       31
       71
        
         patches = [

     

       32
       72
        
           ./fix-libusb-include-path.patch

     
···

       38
       78
        
           ./v3-0001-Disallow-compressed-signatures-and-certificates.patch

     

       39
       79
        
         ];

     

       40
       80
        
       

     

       41
       41
       -
         postPatch = ''

     

       42
       42
       -
           sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1

     

       43
       43
       -
           '' + lib.optionalString (stdenv.hostPlatform.isLinux && withPcsc) ''

     

       81
       81
       +
         postPatch =

     

       82
       82
       +
           ''

     

       83
       83
       +
             sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1

     

       84
       84
       +
           ''

     

       85
       85
       +
           + lib.optionalString (stdenv.hostPlatform.isLinux && withPcsc) ''

     

       44
       86
        
             sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c

     

       45
       87
        
           '';

     

       46
       88
        
       

     

       47
       47
       -
         configureFlags = [

     

       48
       48
       -
           "--sysconfdir=/etc"

     

       49
       49
       -
           "--with-libgpg-error-prefix=${libgpg-error.dev}"

     

       50
       50
       -
           "--with-libgcrypt-prefix=${libgcrypt.dev}"

     

       51
       51
       -
           "--with-libassuan-prefix=${libassuan.dev}"

     

       52
       52
       -
           "--with-ksba-prefix=${libksba.dev}"

     

       53
       53
       -
           "GPGRT_CONFIG=${lib.getDev libgpg-error}/bin/gpgrt-config"

     

       54
       54
       -
         ]

     

       55
       55
       -
         ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentry.binaryPath or "bin/pinentry"}"

     

       56
       56
       -
         ++ lib.optional withTpm2Tss "--with-tss=intel"

     

       57
       57
       -
         ++ lib.optional stdenv.hostPlatform.isDarwin "--disable-ccid-driver";

     

       89
       89
       +
         NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isDarwin "-Wno-implicit-function-declaration";

     

       58
       90
        
       

     

       59
       59
       -
         postInstall = if enableMinimal

     

       60
       60
       -
         then ''

     

       61
       61
       -
           rm -r $out/{libexec,sbin,share}

     

       62
       62
       -
           for f in $(find $out/bin -type f -not -name gpg)

     

       63
       63
       -
           do

     

       64
       64
       -
             rm $f

     

       65
       65
       -
           done

     

       66
       66
       -
         '' else ''

     

       67
       67
       -
           # add gpg2 symlink to make sure git does not break when signing commits

     

       68
       68
       -
           ln -s $out/bin/gpg $out/bin/gpg2

     

       91
       91
       +
         configureFlags =

     

       92
       92
       +
           [

     

       93
       93
       +
             "--sysconfdir=/etc"

     

       94
       94
       +
             "--with-libgpg-error-prefix=${libgpg-error.dev}"

     

       95
       95
       +
             "--with-libgcrypt-prefix=${libgcrypt.dev}"

     

       96
       96
       +
             "--with-libassuan-prefix=${libassuan.dev}"

     

       97
       97
       +
             "--with-ksba-prefix=${libksba.dev}"

     

       98
       98
       +
             "GPGRT_CONFIG=${lib.getDev libgpg-error}/bin/gpgrt-config"

     

       99
       99
       +
           ]

     

       100
       100
       +
           ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${

     

       101
       101
       +
             pinentry.binaryPath or "bin/pinentry"

     

       102
       102
       +
           }"

     

       103
       103
       +
           ++ lib.optional withTpm2Tss "--with-tss=intel"

     

       104
       104
       +
           ++ lib.optional stdenv.hostPlatform.isDarwin "--disable-ccid-driver";

     

       69
       105
        
       

     

       70
       70
       -
           # Make libexec tools available in PATH

     

       71
       71
       -
           for f in $out/libexec/; do

     

       72
       72
       -
             if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi

     

       73
       73
       -
             ln -s $f $out/bin/$(basename $f)

     

       74
       74
       -
           done

     

       106
       106
       +
         postInstall =

     

       107
       107
       +
           if enableMinimal then

     

       108
       108
       +
             ''

     

       109
       109
       +
               rm -r $out/{libexec,sbin,share}

     

       110
       110
       +
               for f in $(find $out/bin -type f -not -name gpg)

     

       111
       111
       +
               do

     

       112
       112
       +
                 rm $f

     

       113
       113
       +
               done

     

       114
       114
       +
             ''

     

       115
       115
       +
           else

     

       116
       116
       +
             ''

     

       117
       117
       +
               # add gpg2 symlink to make sure git does not break when signing commits

     

       118
       118
       +
               ln -s $out/bin/gpg $out/bin/gpg2

     

       75
       119
        
       

     

       76
       76
       -
           for f in $out/libexec/; do

     

       77
       77
       -
             if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi

     

       78
       78
       -
             ln -s $f $out/bin/$(basename $f)

     

       79
       79
       -
           done

     

       80
       80
       -
         '';

     

       120
       120
       +
               # Make libexec tools available in PATH

     

       121
       121
       +
               for f in $out/libexec/; do

     

       122
       122
       +
                 if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi

     

       123
       123
       +
                 ln -s $f $out/bin/$(basename $f)

     

       124
       124
       +
               done

     

       125
       125
       +
             '';

     

       81
       126
        
       

     

       82
       127
        
         enableParallelBuilding = true;

     

       83
       128
        
       

     
···

       99
       144
        
             frontend applications and libraries are available.  Version 2 of GnuPG

     

       100
       145
        
             also provides support for S/MIME.

     

       101
       146
        
           '';

     

       102
       102
       -
           maintainers = with maintainers; [ fpletz sgo ];

     

       147
       147
       +
           maintainers = with maintainers; [

     

       148
       148
       +
             fpletz

     

       149
       149
       +
             sgo

     

       150
       150
       +
           ];

     

       103
       151
        
           platforms = platforms.all;

     

       104
       152
        
           mainProgram = "gpg";

     

       105
       153
        
         };