diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/oath-toolkit')
| -rw-r--r-- | nixpkgs/pkgs/tools/security/oath-toolkit/default.nix | 30 | ||||
| -rwxr-xr-x | nixpkgs/pkgs/tools/security/oath-toolkit/update.sh | 50 |
2 files changed, 80 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix new file mode 100644 index 000000000000..e542a2ae7140 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchurl, pam, xmlsec }: + +let + # TODO: Switch to OpenPAM once https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/26 is addressed upstream + securityDependency = + if stdenv.isDarwin then xmlsec + else pam; + +in stdenv.mkDerivation rec { + pname = "oath-toolkit"; + version = "2.6.7"; + + src = fetchurl { + url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz"; + sha256 = "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n"; + }; + + buildInputs = [ securityDependency ]; + + configureFlags = lib.optionals stdenv.isDarwin [ "--disable-pam" ]; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + description = "Components for building one-time password authentication systems"; + homepage = "https://www.nongnu.org/oath-toolkit/"; + maintainers = with maintainers; [ schnusch ]; + platforms = with platforms; linux ++ darwin; + }; +} diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh b/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh new file mode 100755 index 000000000000..3502a541fa8c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl git gnugrep nix + +set -euo pipefail + +nixfile='default.nix' +release_url='https://download.savannah.nongnu.org/releases/oath-toolkit/' +attr='oathToolkit' +command='oathtool --version' + +color() { + printf '%s: \033[%sm%s\033[39m\n' "$0" "$1" "$2" >&2 || true +} + +color 32 "downloading $release_url..." +if ! release_page=$(curl -Lf "$release_url"); then + color 31 "cannot download release page" + exit 1 +fi + +tarball_name=$(printf '%s\n' "$release_page" \ + | grep -Po '(?<=href=").*?\.tar\.gz(?=")' \ + | sort -n | tail -n1) +tarball_version="${tarball_name%.tar.*}" +tarball_version="${tarball_version##*-}" +tarball_url="mirror://savannah${release_url#https://*/releases}$tarball_name" + +color 32 "nix-prefetch-url $tarball_url..." +if ! tarball_sha256=$(nix-prefetch-url --type sha256 "$tarball_url"); then + color 31 "cannot prefetch $tarball_url" + exit 1 +fi + +old_version=$(grep -Pom1 '(?<=version = ").*?(?=";)' "$nixfile") + +version=$(printf 'version = "%s";\n' "$tarball_version") +sha256=$(printf 'sha256 = "%s";\n' "$tarball_sha256") +sed -e "s,version = .*,$version," -e "s,sha256 = .*,$sha256," -i "$nixfile" + +if git diff --exit-code "$nixfile" > /dev/stderr; then + printf '\n' >&2 || true + color 32 "$tarball_version is up to date" +else + color 32 "running '$command' with nix-shell..." + nix-shell -p "callPackage ./$nixfile {}" --run "$command" + msg="$attr: $old_version -> $tarball_version" + printf '\n' >&2 || true + color 31 "$msg" + git commit -m "$msg" "$nixfile" +fi |