diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libhsts')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/libhsts/default.nix | 41 | ||||
-rwxr-xr-x | nixpkgs/pkgs/development/libraries/libhsts/update.sh | 13 |
2 files changed, 54 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libhsts/default.nix b/nixpkgs/pkgs/development/libraries/libhsts/default.nix new file mode 100644 index 000000000000..967ffe563172 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libhsts/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchFromGitLab, fetchurl, autoconf-archive, autoreconfHook, pkg-config, python3 }: +let + chromium_version = "90.0.4417.1"; + + hsts_list = fetchurl { + url = "https://raw.github.com/chromium/chromium/${chromium_version}/net/http/transport_security_state_static.json"; + sha256 = "09f24n30x5dmqk8zk7k2glcilgr27832a3304wj1yp97158sqsfx"; + }; + +in +stdenv.mkDerivation rec { + pname = "libhsts"; + version = "0.1.0"; + + src = fetchFromGitLab { + owner = "rockdaboot"; + repo = pname; + rev = "libhsts-${version}"; + sha256 = "0gbchzf0f4xzb6zjc56dk74hqrmdgyirmgxvvsqp9vqn9wb5kkx4"; + }; + + postPatch = '' + pushd tests + cp ${hsts_list} transport_security_state_static.json + sed 's/^ *\/\/.*$//g' transport_security_state_static.json >hsts.json + popd + patchShebangs src/hsts-make-dafsa + ''; + + nativeBuildInputs = [ autoconf-archive autoreconfHook pkg-config python3 ]; + + outputs = [ "out" "dev" ]; + + meta = with lib; { + description = "Library to easily check a domain against the Chromium HSTS Preload list"; + mainProgram = "hsts"; + homepage = "https://gitlab.com/rockdaboot/libhsts"; + license = with licenses; [ mit bsd3 ]; + maintainers = with maintainers; [ ]; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/libhsts/update.sh b/nixpkgs/pkgs/development/libraries/libhsts/update.sh new file mode 100755 index 000000000000..f80966e08c9a --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libhsts/update.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl jq + +set -euo pipefail -x + +cd "$(dirname "$0")" + +chromium_version=$(curl -s "https://api.github.com/repos/chromium/chromium/tags" | jq -r 'map(select(.prerelease | not)) | .[1].name') +sha256=$(nix-prefetch-url "https://raw.github.com/chromium/chromium/$chromium_version/net/http/transport_security_state_static.json") + +sed -e "0,/chromium_version/s/chromium_version = \".*\"/chromium_version = \"$chromium_version\"/" \ + -e "0,/sha256/s/sha256 = \".*\"/sha256 = \"$sha256\"/" \ + --in-place ./default.nix |