diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/pass/extensions')
10 files changed, 372 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch new file mode 100644 index 000000000000..ce6849d677f8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch @@ -0,0 +1,43 @@ +From a2d5d973f53efb11bdcaecbd0099df9714bc287f Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Tue, 8 Feb 2022 19:35:35 +0100 +Subject: [PATCH] Set `base` to an empty value + +`DESTDIR` ensures that everything lands in the correct location (i.e. +the target store-path on Nix), within this path, everything should be +moved into `/lib` and `/share`. +--- + setup.py | 17 ++--------------- + 1 file changed, 2 insertions(+), 15 deletions(-) + +diff --git a/setup.py b/setup.py +index 1f0a58b..f7baa41 100644 +--- a/setup.py ++++ b/setup.py +@@ -8,21 +8,8 @@ from pathlib import Path + + from setuptools import setup + +-share = Path(sys.prefix, 'share') +-base = '/usr' +-if os.uname().sysname == 'Darwin': +- base = '/usr/local' +-lib = Path(base, 'lib', 'password-store', 'extensions') +- +-if '--user' in sys.argv: +- if 'PASSWORD_STORE_EXTENSIONS_DIR' in os.environ: +- lib = Path(os.environ['PASSWORD_STORE_EXTENSIONS_DIR']) +- else: +- lib = Path.home() / '.password-store' / '.extensions' +- if 'XDG_DATA_HOME' in os.environ: +- share = Path(os.environ['XDG_DATA_HOME']) +- else: +- share = Path.home() / '.local' / 'share' ++share = Path('share') ++lib = Path('lib', 'password-store', 'extensions') + + setup( + data_files=[ +-- +2.33.1 + diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch new file mode 100644 index 000000000000..5703f3c1f652 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch @@ -0,0 +1,28 @@ +From 8f76b32946430737f97f2702afd828b09536afd2 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Sun, 15 Mar 2020 20:10:11 +0100 +Subject: [PATCH 2/2] Fix audit.bash setup + +This sets PASSWORD_STORE_DIR (needed by the python-code) to +PASSWORD_STORE_DIR and properly falls back to `~/.password-store` if +it's not set. +--- + audit.bash | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/audit.bash b/audit.bash +index 7a973dc..c40ff76 100755 +--- a/audit.bash ++++ b/audit.bash +@@ -17,7 +17,7 @@ + # + + cmd_audit() { +- export PASSWORD_STORE_DIR=$PREFIX GIT_DIR PASSWORD_STORE_GPG_OPTS ++ export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-$HOME/.password-store} GIT_DIR PASSWORD_STORE_GPG_OPTS + export X_SELECTION CLIP_TIME PASSWORD_STORE_UMASK GENERATED_LENGTH + export CHARACTER_SET CHARACTER_SET_NO_SYMBOLS EXTENSIONS PASSWORD_STORE_KEY + export PASSWORD_STORE_ENABLE_EXTENSIONS PASSWORD_STORE_SIGNING_KEY +-- +2.25.0 + diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix new file mode 100644 index 000000000000..c4c16b8ff848 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix @@ -0,0 +1,55 @@ +{ lib, stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, gnupg }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ p.requests p.setuptools p.zxcvbn ]); + +in stdenv.mkDerivation rec { + pname = "pass-audit"; + version = "1.2"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-audit"; + rev = "v${version}"; + sha256 = "sha256-xigP8LxRXITLF3X21zhWx6ooFNSTKGv46yFSt1dd4vs="; + }; + + patches = [ + ./0001-Set-base-to-an-empty-value.patch + ./0002-Fix-audit.bash-setup.patch + ]; + + postPatch = '' + substituteInPlace audit.bash \ + --replace 'python3' "${pythonEnv}/bin/python3" + substituteInPlace Makefile \ + --replace "install --root" "install --prefix ''' --root" + ''; + + outputs = [ "out" "man" ]; + + buildInputs = [ pythonEnv ]; + nativeBuildInputs = [ makeWrapper ]; + + # Tests freeze on darwin with: pass-audit-1.1 (checkPhase): EOFError + doCheck = !stdenv.isDarwin; + checkInputs = [ pythonPackages.green pass gnupg ]; + checkPhase = '' + ${pythonEnv}/bin/python3 setup.py green -q + ''; + + installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ]; + postInstall = '' + wrapProgram $out/lib/password-store/extensions/audit.bash \ + --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" \ + --run "export COMMAND" + ''; + + meta = with lib; { + description = "Pass extension for auditing your password repository."; + homepage = "https://github.com/roddhjav/pass-audit"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix b/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix new file mode 100644 index 000000000000..5ae846d4a4b3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/checkup.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchFromGitHub +, curl, findutils, gnugrep, gnused, shellcheck }: + +let + pname = "pass-checkup"; + version = "0.2.1"; +in stdenv.mkDerivation { + inherit pname version; + + src = fetchFromGitHub { + owner = "etu"; + repo = pname; + rev = version; + sha256 = "18b6rx59r7g0hvqs2affvw0g0jyifyzhanwgz2q2b8nhjgqgnar2"; + }; + + nativeBuildInputs = [ shellcheck ]; + + postPatch = '' + substituteInPlace checkup.bash \ + --replace curl ${curl}/bin/curl \ + --replace find ${findutils}/bin/find \ + --replace grep ${gnugrep}/bin/grep \ + --replace sed ${gnused}/bin/sed + ''; + + installPhase = '' + runHook preInstall + + install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash + + runHook postInstall + ''; + + meta = with lib; { + description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not"; + homepage = "https://github.com/etu/pass-checkup"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ etu ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix new file mode 100644 index 000000000000..96c252156de8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +with pkgs; + +{ + pass-audit = callPackage ./audit { + pythonPackages = python3Packages; + }; + pass-checkup = callPackage ./checkup.nix {}; + pass-import = callPackage ./import.nix {}; + pass-otp = callPackage ./otp.nix {}; + pass-tomb = callPackage ./tomb.nix {}; + pass-update = callPackage ./update.nix {}; + pass-genphrase = callPackage ./genphrase.nix {}; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix b/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix new file mode 100644 index 000000000000..dff64d7f1855 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/genphrase.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "pass-genphrase"; + version = "0.3"; + + src = fetchFromGitHub { + owner = "congma"; + repo = "pass-genphrase"; + rev = version; + sha256 = "01dff2jlp111y7vlmp1wbgijzphhlzc19m02fs8nzmn5vxyffanx"; + }; + + dontBuild = true; + + installTargets = [ "globalinstall" ]; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/genphrase.bash \ + --replace '$EXTENSIONS' "$out/lib/password-store/extensions/" + ''; + + meta = with lib; { + description = "Pass extension that generates memorable passwords"; + homepage = "https://github.com/congma/pass-genphrase"; + license = licenses.gpl3; + maintainers = with maintainers; [ seqizz ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix new file mode 100644 index 000000000000..60775be180c8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -0,0 +1,62 @@ +{ lib +, fetchFromGitHub +, fetchpatch +, python3Packages +, gnupg +, pass +, makeWrapper +}: + +python3Packages.buildPythonApplication rec { + pname = "pass-import"; + version = "3.2"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-import"; + rev = "v${version}"; + sha256 = "0hrpg7yiv50xmbajfy0zdilsyhbj5iv0qnlrgkfv99q1dvd5qy56"; + }; + + propagatedBuildInputs = with python3Packages; [ + cryptography + defusedxml + pyaml + pykeepass + python_magic # similar API to "file-magic", but already in nixpkgs. + secretstorage + ]; + + checkInputs = [ + gnupg + pass + python3Packages.pytestCheckHook + ]; + + disabledTests = [ + "test_import_gnome_keyring" # requires dbus, which pytest doesn't support + ]; + + postInstall = '' + mkdir -p $out/lib/password-store/extensions + cp ${src}/import.bash $out/lib/password-store/extensions/import.bash + wrapProgram $out/lib/password-store/extensions/import.bash \ + --prefix PATH : "${python3Packages.python.withPackages (_: propagatedBuildInputs)}/bin" \ + --prefix PYTHONPATH : "$out/${python3Packages.python.sitePackages}" \ + --run "export PREFIX" + cp -r ${src}/share $out/ + ''; + + postCheck = '' + $out/bin/pimport --list-exporters --list-importers + ''; + + meta = with lib; { + description = "Pass extension for importing data from existing password managers"; + homepage = "https://github.com/roddhjav/pass-import"; + changelog = "https://github.com/roddhjav/pass-import/blob/v${version}/CHANGELOG.rst"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix new file mode 100644 index 000000000000..8d9b350543dc --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchFromGitHub, oathToolkit }: + +stdenv.mkDerivation rec { + pname = "pass-otp"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "tadfisher"; + repo = "pass-otp"; + rev = "v${version}"; + sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; + }; + + buildInputs = [ oathToolkit ]; + + dontBuild = true; + + patchPhase = '' + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + ''; + + installFlags = [ "PREFIX=$(out)" + "BASHCOMPDIR=$(out)/share/bash-completion/completions" + ]; + + meta = with lib; { + description = "A pass extension for managing one-time-password (OTP) tokens"; + homepage = "https://github.com/tadfisher/pass-otp"; + license = licenses.gpl3; + maintainers = with maintainers; [ jwiegley tadfisher toonn ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix new file mode 100644 index 000000000000..58630c4ec9f3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/tomb.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchFromGitHub, tomb }: + +stdenv.mkDerivation rec { + pname = "pass-tomb"; + version = "1.3"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-tomb"; + rev = "v${version}"; + sha256 = "sha256-kbbMHmYmeyt7HM8YiNhknePm1vUaXWWXPWePKGpbU+o="; + }; + + buildInputs = [ tomb ]; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + postFixup = '' + substituteInPlace $out/lib/password-store/extensions/tomb.bash \ + --replace 'TOMB="''${PASSWORD_STORE_TOMB:-tomb}"' 'TOMB="''${PASSWORD_STORE_TOMB:-${tomb}/bin/tomb}"' + ''; + + meta = with lib; { + description = "Pass extension that keeps the password store encrypted inside a tomb"; + homepage = "https://github.com/roddhjav/pass-tomb"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/update.nix b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix new file mode 100644 index 000000000000..50a4c49b90d1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pass/extensions/update.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "pass-update"; + version = "2.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-update"; + rev = "v${version}"; + sha256 = "0yx8w97jcp6lv7ad5jxqnj04csbrn2hhc4pskssxknw2sbvg4g6c"; + }; + + postPatch = '' + substituteInPlace Makefile \ + --replace "BASHCOMPDIR ?= /etc/bash_completion.d" "BASHCOMPDIR ?= $out/share/bash-completion/completions" + ''; + + dontBuild = true; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + description = "Pass extension that provides an easy flow for updating passwords"; + homepage = "https://github.com/roddhjav/pass-update"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; + platforms = platforms.unix; + }; +} |