pass: allow adding extensions without rebuilding the package

Until now, `pkgs.pass` was rebuilt entirely when adding an extension
using the `pass.withExtensions`-function. This is fixed now by removing the
linking of extensions from the fixupPhase and merge all paths (including
those from pkgs.pass) together in using `pkgs.buildEnv`.

2 files changed, 152 insertions, 115 deletions

diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix
index 54a8f4de7d7b..aed6a9d4012c 100644
--- a/pkgs/tools/security/pass/default.nix
+++ b/pkgs/tools/security/pass/default.nix
@@ -1,6 +1,6 @@
 { stdenv, lib, pkgs, fetchurl, buildEnv
 , coreutils, gnused, getopt, git, tree, gnupg, openssl, which, procps
-, qrencode , makeWrapper
+, qrencode , makeWrapper, pass, symlinkJoin
 
 , xclip ? null, xdotool ? null, dmenu ? null
 , x11Support ? !stdenv.isDarwin
@@ -23,131 +23,136 @@ let
 
   env = extensions:
     let
-      selected = extensions passExtensions
+      selected = [ pass ] ++ extensions passExtensions
         ++ stdenv.lib.optional tombPluginSupport passExtensions.tomb;
     in buildEnv {
       name = "pass-extensions-env";
       paths = selected;
-      buildInputs = concatMap (x: x.buildInputs) selected;
-    };
-
-  generic = extensionsEnv: extraPassthru: stdenv.mkDerivation rec {
-    version = "1.7.3";
-    pname = "password-store";
+      buildInputs = [ makeWrapper ] ++ concatMap (x: x.buildInputs) selected;
 
-    src = fetchurl {
-      url    = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
-      sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b";
-    };
+      postBuild = ''
+        files=$(find $out/bin/ -type f -exec readlink -f {} \;)
+        rm $out/bin
+        mkdir $out/bin
 
-    patches = [ ./set-correct-program-name-for-sleep.patch ]
-      ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch
-      # TODO (@Ma27) this patch adds support for wl-clipboard and can be removed during the next
-      # version bump.
-      ++ stdenv.lib.optional waylandSupport ./clip-wayland-support.patch;
+        for i in $files; do
+          ln -sf $i $out/bin/$(basename $i)
+        done
 
-    nativeBuildInputs = [ makeWrapper ];
-
-    buildInputs = [ extensionsEnv ];
+        wrapProgram $out/bin/pass \
+          --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions"
+      '';
+    };
+in
 
-    installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
+stdenv.mkDerivation rec {
+  version = "1.7.3";
+  pname = "password-store";
 
-    postInstall = ''
-      # Install Emacs Mode. NOTE: We can't install the necessary
-      # dependencies (s.el and f.el) here. The user has to do this
-      # himself.
-      mkdir -p "$out/share/emacs/site-lisp"
-      cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
-    '' + optionalString x11Support ''
-      cp "contrib/dmenu/passmenu" "$out/bin/"
-    '';
+  src = fetchurl {
+    url    = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
+    sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b";
+  };
 
-    wrapperPath = with stdenv.lib; makeBinPath ([
-      coreutils
-      getopt
-      git
-      gnupg
-      gnused
-      tree
-      which
-      qrencode
-      procps
-    ] ++ optional stdenv.isDarwin openssl
-      ++ ifEnable x11Support [ dmenu xclip xdotool ]
-      ++ optional waylandSupport wl-clipboard);
-
-    postFixup = ''
-      # Link extensions env
-      rmdir $out/lib/password-store/extensions
-      ln -s ${extensionsEnv}/lib/password-store/extensions $out/lib/password-store/.
-      for f in ${extensionsEnv}/share/man/man1/*.1.gz; do
-          ln -s $f $out/share/man/man1/
-      done
-
-      # Fix program name in --help
-      substituteInPlace $out/bin/pass \
-        --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
-
-      # Ensure all dependencies are in PATH
-      wrapProgram $out/bin/pass \
-        --prefix PATH : "${wrapperPath}"
-    '' + stdenv.lib.optionalString x11Support ''
-      # We just wrap passmenu with the same PATH as pass. It doesn't
-      # need all the tools in there but it doesn't hurt either.
-      wrapProgram $out/bin/passmenu \
-        --prefix PATH : "$out/bin:${wrapperPath}"
-    '';
+  patches = [
+    ./set-correct-program-name-for-sleep.patch
+    ./extension-dir.patch
+  ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch
+    # TODO (@Ma27) this patch adds support for wl-clipboard and can be removed during the next
+    # version bump.
+    ++ stdenv.lib.optional waylandSupport ./clip-wayland-support.patch;
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
+
+  postInstall = ''
+    # Install Emacs Mode. NOTE: We can't install the necessary
+    # dependencies (s.el and f.el) here. The user has to do this
+    # himself.
+    mkdir -p "$out/share/emacs/site-lisp"
+    cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
+  '' + optionalString x11Support ''
+    cp "contrib/dmenu/passmenu" "$out/bin/"
+  '';
+
+  wrapperPath = with stdenv.lib; makeBinPath ([
+    coreutils
+    getopt
+    git
+    gnupg
+    gnused
+    tree
+    which
+    qrencode
+    procps
+  ] ++ optional stdenv.isDarwin openssl
+    ++ ifEnable x11Support [ dmenu xclip xdotool ]
+    ++ optional waylandSupport wl-clipboard);
+
+  postFixup = ''
+    # Fix program name in --help
+    substituteInPlace $out/bin/pass \
+      --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
+
+    # Ensure all dependencies are in PATH
+    wrapProgram $out/bin/pass \
+      --prefix PATH : "${wrapperPath}"
+  '' + stdenv.lib.optionalString x11Support ''
+    # We just wrap passmenu with the same PATH as pass. It doesn't
+    # need all the tools in there but it doesn't hurt either.
+    wrapProgram $out/bin/passmenu \
+      --prefix PATH : "$out/bin:${wrapperPath}"
+  '';
+
+  # Turn "check" into "installcheck", since we want to test our pass,
+  # not the one before the fixup.
+  postPatch = ''
+    patchShebangs tests
+
+    substituteInPlace src/password-store.sh \
+      --replace "@out@" "$out"
+
+    # the turning
+    sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
+           -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
+           -e '/which gpg/ d' \
+      tests/setup.sh
+  '' + stdenv.lib.optionalString stdenv.isDarwin ''
+    # 'pass edit' uses hdid, which is not available from the sandbox.
+    rm -f tests/t0200-edit-tests.sh
+    rm -f tests/t0010-generate-tests.sh
+    rm -f tests/t0020-show-tests.sh
+    rm -f tests/t0050-mv-tests.sh
+    rm -f tests/t0100-insert-tests.sh
+    rm -f tests/t0300-reencryption.sh
+    rm -f tests/t0400-grep.sh
+  '';
+
+  doCheck = false;
+
+  doInstallCheck = true;
+  installCheckInputs = [ git ];
+  installCheckTarget = "test";
+
+  passthru = {
+    extensions = passExtensions;
+    withExtensions = env;
+  };
 
-    # Turn "check" into "installcheck", since we want to test our pass,
-    # not the one before the fixup.
-    postPatch = ''
-      patchShebangs tests
-
-      # the turning
-      sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
-             -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
-             -e '/which gpg/ d' \
-        tests/setup.sh
-    '' + stdenv.lib.optionalString stdenv.isDarwin ''
-      # 'pass edit' uses hdid, which is not available from the sandbox.
-      rm -f tests/t0200-edit-tests.sh
-      rm -f tests/t0010-generate-tests.sh
-      rm -f tests/t0020-show-tests.sh
-      rm -f tests/t0050-mv-tests.sh
-      rm -f tests/t0100-insert-tests.sh
-      rm -f tests/t0300-reencryption.sh
-      rm -f tests/t0400-grep.sh
+  meta = with stdenv.lib; {
+    description = "Stores, retrieves, generates, and synchronizes passwords securely";
+    homepage    = https://www.passwordstore.org/;
+    license     = licenses.gpl2Plus;
+    maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ma27 ];
+    platforms   = platforms.unix;
+
+    longDescription = ''
+      pass is a very simple password store that keeps passwords inside gpg2
+      encrypted files inside a simple directory tree residing at
+      ~/.password-store. The pass utility provides a series of commands for
+      manipulating the password store, allowing the user to add, remove, edit,
+      synchronize, generate, and manipulate passwords.
     '';
-
-    doCheck = false;
-
-    doInstallCheck = true;
-    installCheckInputs = [ git ];
-    installCheckTarget = "test";
-
-    passthru = {
-      extensions = passExtensions;
-    } // extraPassthru;
-
-    meta = with stdenv.lib; {
-      description = "Stores, retrieves, generates, and synchronizes passwords securely";
-      homepage    = https://www.passwordstore.org/;
-      license     = licenses.gpl2Plus;
-      maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ];
-      platforms   = platforms.unix;
-
-      longDescription = ''
-        pass is a very simple password store that keeps passwords inside gpg2
-        encrypted files inside a simple directory tree residing at
-        ~/.password-store. The pass utility provides a series of commands for
-        manipulating the password store, allowing the user to add, remove, edit,
-        synchronize, generate, and manipulate passwords.
-      '';
-    };
   };
-
-in
-
-generic (env (_: [])) {
-  withExtensions = extensions: generic (env extensions) {};
 }
diff --git a/pkgs/tools/security/pass/extension-dir.patch b/pkgs/tools/security/pass/extension-dir.patch
new file mode 100644
index 000000000000..028da31c4617
--- /dev/null
+++ b/pkgs/tools/security/pass/extension-dir.patch
@@ -0,0 +1,32 @@
+diff --git a/Makefile b/Makefile
+index eac2291..1b1df0a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -46,12 +46,12 @@ install: install-common
+ 	@install -v -d "$(DESTDIR)$(LIBDIR)/password-store" && install -m 0644 -v "$(PLATFORMFILE)" "$(DESTDIR)$(LIBDIR)/password-store/platform.sh"
+ 	@install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions"
+ 	@install -v -d "$(DESTDIR)$(BINDIR)/"
+-	@trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \
++	@trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;' src/password-store.sh > src/.pass && \
+ 	install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass"
+ else
+ install: install-common
+ 	@install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions"
+-	@trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \
++	@trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;' src/password-store.sh > src/.pass && \
+ 	install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass"
+ endif
+ 
+diff --git a/src/password-store.sh b/src/password-store.sh
+index 68551a4..2f3b5b7 100755
+--- a/src/password-store.sh
++++ b/src/password-store.sh
+@@ -656,7 +656,7 @@ cmd_extension_or_show() {
+ 	fi
+ }
+ 
+-SYSTEM_EXTENSION_DIR=""
++SYSTEM_EXTENSION_DIR="${SYSTEM_EXTENSION_DIR:-@out@/lib/password-store/extensions}"
+ cmd_extension() {
+ 	check_sneaky_paths "$1"
+ 	local user_extension system_extension extension