diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/ecryptfs')
-rw-r--r-- | nixpkgs/pkgs/tools/security/ecryptfs/default.nix | 60 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/ecryptfs/helper.nix | 35 |
2 files changed, 95 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/default.nix b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix new file mode 100644 index 000000000000..d0d01761c246 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix @@ -0,0 +1,60 @@ +{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: + +stdenv.mkDerivation rec { + name = "ecryptfs-${version}"; + version = "111"; + + src = fetchurl { + url = "https://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz"; + sha256 = "0zwq19siiwf09h7lwa7n7mgmrr8cxifp45lmwgcfr8c1gviv6b0i"; + }; + + # TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir; + wrapperDir = "/run/wrappers/bin"; + + postPatch = '' + FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)" + for file in $FILES; do + substituteInPlace "$file" \ + --replace /bin/mount ${utillinux}/bin/mount \ + --replace /bin/umount ${utillinux}/bin/umount \ + --replace /sbin/mount.ecryptfs_private ${wrapperDir}/mount.ecryptfs_private \ + --replace /sbin/umount.ecryptfs_private ${wrapperDir}/umount.ecryptfs_private \ + --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \ + --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \ + --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \ + --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \ + --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \ + --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \ + --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \ + --replace /sbin/unix_chkpwd ${wrapperDir}/unix_chkpwd \ + --replace /bin/bash ${bash}/bin/bash + done + ''; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ perl nss nspr python2 pam intltool makeWrapper ]; + propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; + + postInstall = '' + FILES="$(grep -r '/bin/sh' $out/bin -l)" + for file in $FILES; do + wrapProgram $file \ + --prefix PATH ":" "${coreutils}/bin" \ + --prefix PATH ":" "${gettext}/bin" \ + --prefix PATH ":" "${rsync}/bin" \ + --prefix PATH ":" "${keyutils}/bin" \ + --prefix PATH ":" "${which}/bin" \ + --prefix PATH ":" "${lsof}/bin" \ + --prefix PATH ":" "$out/bin" + done + ''; + + meta = with stdenv.lib; { + description = "Enterprise-class stacked cryptographic filesystem"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix new file mode 100644 index 000000000000..40a728f6cb1a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix @@ -0,0 +1,35 @@ +{ stdenv +, fetchurl +, makeWrapper +, python2 +}: + +stdenv.mkDerivation rec { + name = pname + "-" + version; + pname = "ecryptfs-helper"; + version = "20160722"; + + src = fetchurl { + url = "https://gist.githubusercontent.com/obadz/ec053fdb00dcb48441d8313169874e30/raw/4b657a4b7c3dc684e4d5e3ffaf46ced1b7675163/ecryptfs-helper.py"; + sha256 = "0gp4m22zc80814ng80s38hp930aa8r4zqihr7jr23m0m2iq4pdpg"; + }; + + phases = [ "installPhase" ]; + + buildInputs = [ makeWrapper ]; + + # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers/bin + installPhase = '' + mkdir -p $out/bin $out/libexec + cp $src $out/libexec/ecryptfs-helper.py + makeWrapper "${python2.interpreter}" "$out/bin/ecryptfs-helper" --add-flags "$out/libexec/ecryptfs-helper.py" + ''; + + meta = with stdenv.lib; { + description = "Helper script to create/mount/unemount encrypted directories using eCryptfs without needing root permissions"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ obadz ]; + platforms = platforms.linux; + hydraPlatforms = []; + }; +} |