about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/libhsts
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2021-04-09 18:28:16 +0000
committerAlyssa Ross <hi@alyssa.is>2021-04-12 18:46:15 +0000
commitfd2e737e0678ee7d8081baef05b305146a2c0034 (patch)
treeac3e9b27576a0382335532d126f9a66d486bc638 /nixpkgs/pkgs/development/libraries/libhsts
parentcc207d720b6aa836e256c1ee9842bc739e630a8a (diff)
parent9e377a6ce42dccd9b624ae4ce8f978dc892ba0e2 (diff)
downloadnixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar
nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.gz
nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.bz2
nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.lz
nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.xz
nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.tar.zst
nixlib-fd2e737e0678ee7d8081baef05b305146a2c0034.zip
Merge remote-tracking branch 'nixpkgs/nixos-unstable'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libhsts')
-rw-r--r--nixpkgs/pkgs/development/libraries/libhsts/default.nix40
-rwxr-xr-xnixpkgs/pkgs/development/libraries/libhsts/update.sh13
2 files changed, 53 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libhsts/default.nix b/nixpkgs/pkgs/development/libraries/libhsts/default.nix
new file mode 100644
index 000000000000..df53e7d294f2
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/libhsts/default.nix
@@ -0,0 +1,40 @@
+{ lib, stdenv, fetchFromGitLab, fetchurl, autoconf-archive, autoreconfHook, pkg-config, python3 }:
+let
+  chromium_version = "90.0.4417.1";
+
+  hsts_list = fetchurl {
+    url = "https://raw.github.com/chromium/chromium/${chromium_version}/net/http/transport_security_state_static.json";
+    sha256 = "09f24n30x5dmqk8zk7k2glcilgr27832a3304wj1yp97158sqsfx";
+  };
+
+in
+stdenv.mkDerivation rec {
+  pname = "libhsts";
+  version = "0.1.0";
+
+  src = fetchFromGitLab {
+    owner = "rockdaboot";
+    repo = pname;
+    rev = "libhsts-${version}";
+    sha256 = "0gbchzf0f4xzb6zjc56dk74hqrmdgyirmgxvvsqp9vqn9wb5kkx4";
+  };
+
+  postPatch = ''
+    pushd tests
+    cp ${hsts_list} transport_security_state_static.json
+    sed 's/^ *\/\/.*$//g' transport_security_state_static.json >hsts.json
+    popd
+    patchShebangs src/hsts-make-dafsa
+  '';
+
+  nativeBuildInputs = [ autoconf-archive autoreconfHook pkg-config python3 ];
+
+  outputs = [ "out" "dev" ];
+
+  meta = with lib; {
+    description = "Library to easily check a domain against the Chromium HSTS Preload list";
+    homepage = "https://gitlab.com/rockdaboot/libhsts";
+    license = with licenses; [ mit bsd3 ];
+    maintainers = with maintainers; [ SuperSandro2000 ];
+  };
+}
diff --git a/nixpkgs/pkgs/development/libraries/libhsts/update.sh b/nixpkgs/pkgs/development/libraries/libhsts/update.sh
new file mode 100755
index 000000000000..f80966e08c9a
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/libhsts/update.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl jq
+
+set -euo pipefail -x
+
+cd "$(dirname "$0")"
+
+chromium_version=$(curl -s "https://api.github.com/repos/chromium/chromium/tags" | jq -r 'map(select(.prerelease | not)) | .[1].name')
+sha256=$(nix-prefetch-url "https://raw.github.com/chromium/chromium/$chromium_version/net/http/transport_security_state_static.json")
+
+sed -e "0,/chromium_version/s/chromium_version = \".*\"/chromium_version = \"$chromium_version\"/" \
+    -e "0,/sha256/s/sha256 = \".*\"/sha256 = \"$sha256\"/" \
+  --in-place ./default.nix