1 files changed, 53 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/tools/security/please/default.nix b/nixpkgs/pkgs/tools/security/please/default.nix
new file mode 100644
index 000000000000..2ecbc9ab3035
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/please/default.nix
@@ -0,0 +1,53 @@
+{ lib
+, rustPlatform
+, fetchFromGitLab
+, installShellFiles
+, pam
+, nixosTests
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "please";
+  version = "0.5.4";
+
+  src = fetchFromGitLab {
+    owner = "edneville";
+    repo = "please";
+    rev = "v${version}";
+    hash = "sha256-GW2t3pTX06mqEwFTpiLe3mlzFTmb5Fep5R0yHooRmig=";
+  };
+
+  cargoHash = "sha256-bd3Pc8QPyPjE+xVcwASDILTXvMCioId/n6dXSr/KDOQ=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  buildInputs = [ pam ];
+
+  patches = [ ./nixos-specific.patch ];
+
+  postInstall = ''
+    installManPage man/*
+  '';
+
+  # Unit tests are broken on NixOS.
+  doCheck = false;
+
+  passthru.tests = { inherit (nixosTests) please; };
+
+  meta = with lib; {
+    description = "A polite regex-first sudo alternative";
+    longDescription = ''
+      Delegate accurate least privilege access with ease. Express easily with a
+      regex and expose only what is needed and nothing more. Or validate file
+      edits with pleaseedit.
+
+      Please is written with memory safe rust. Traditional C memory unsafety is
+      avoided, logic problems may exist but this codebase is relatively small.
+    '';
+    homepage = "https://www.usenix.org.uk/content/please.html";
+    changelog = "https://github.com/edneville/please/blob/${src.rev}/CHANGELOG.md";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ azahi ];
+    platforms = platforms.linux;
+  };
+}