diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/signing-party')
-rw-r--r-- | nixpkgs/pkgs/tools/security/signing-party/default.nix | 226 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch | 16 |
2 files changed, 242 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/signing-party/default.nix b/nixpkgs/pkgs/tools/security/signing-party/default.nix new file mode 100644 index 000000000000..ee099b704aaa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -0,0 +1,226 @@ +{ lib, stdenv, fetchFromGitLab, autoconf, automake, makeWrapper +, python3, perl, perlPackages +, libmd, gnupg, which, getopt, libpaper, nettools, qprint +, sendmailPath ? "/run/wrappers/bin/sendmail" }: + +let + # All runtime dependencies from the CPAN graph: + # https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 + GnuPGInterfaceRuntimeDependencies = with perlPackages; [ + strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny + GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate + RoleTiny SubExporterProgressive SubQuote TypeTiny + ]; +in stdenv.mkDerivation rec { + pname = "signing-party"; + version = "2.11"; + + src = fetchFromGitLab { + domain = "salsa.debian.org"; + owner = "signing-party-team"; + repo = "signing-party"; + rev = "v${version}"; + sha256 = "1aig5ssabzbk4mih7xd04vgr931bw0flbi8dz902wlr610gyv5s5"; + }; + + # TODO: Get this patch upstream... + patches = [ ./gpgwrap_makefile.patch ]; + + postPatch = '' + substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \ + "/usr/sbin/sendmail" "${sendmailPath}" + ''; + + # One can use the following command to find all relevant Makefiles: + # grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules' + preBuild = '' + substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out" + substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out" + ''; + + # Perl is required for it's pod2man. + # Python and Perl are required for patching the script interpreter paths. + nativeBuildInputs = [ autoconf automake makeWrapper ]; + buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg ]; + + postInstall = '' + # Install all tools which aren't handled by 'make install'. + # TODO: Fix upstream...! + + # caff: CA - Fire and Forget signs and mails a key + install -D -m555 caff/caff $out/bin/caff; + install -D -m444 caff/caff.1 $out/share/man/man1/caff.1; + + # pgp-clean: removes all non-self signatures from key + install -D -m555 caff/pgp-clean $out/bin/pgp-clean; + install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1; + + # pgp-fixkey: removes broken packets from keys + install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey; + install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1; + + # gpg-mailkeys: simply mail out a signed key to its owner + install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys; + install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1; + + # gpg-key2ps: generate PostScript file with fingerprint paper slips + install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps; + install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1; + + # gpgdir: recursive directory encryption tool + install -D -m555 gpgdir/gpgdir $out/bin/gpgdir; + install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1; + + # gpglist: show who signed which of your UIDs + install -D -m555 gpglist/gpglist $out/bin/gpglist; + install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1; + + # gpgsigs: annotates list of GnuPG keys with already done signatures + # The manual page is not handled by 'make install' + install -D -m444 gpgsigs/gpgsigs.1 $out/share/man/man1/gpgsigs.1; + + # gpgparticipants: create list of party participants for the organiser + install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants; + install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; + install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; + install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; + install -D -m555 gpgparticipants/gpgparticipants-filter $out/bin/gpgparticipants-filter; + install -D -m444 gpgparticipants/gpgparticipants-filter.1 $out/share/man/man1/gpgparticipants-filter.1; + + # gpgwrap: a passphrase wrapper + install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; + install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1; + + # keyanalyze: minimum signing distance (MSD) analysis on keyrings + # Only the binaries are handled by 'make install' + install -D -m444 keyanalyze/keyanalyze.1 $out/share/man/man1/keyanalyze.1; + install -D -m444 keyanalyze/pgpring/pgpring.1 $out/share/man/man1/pgpring.1; + install -D -m444 keyanalyze/process_keys.1 $out/share/man/man1/process_keys.1; + + # keylookup: ncurses wrapper around gpg --search + # Handled by 'make install' + + # sig2dot: converts a list of GnuPG signatures to a .dot file + # Handled by 'make install' + + # springgraph: creates a graph from a .dot file + # Handled by 'make install' + + # keyart: creates a random ASCII art of a PGP key file + install -D -m555 keyart/keyart $out/bin/keyart; + install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1; + + # gpg-key2latex: generate LaTeX file with fingerprint paper slips + install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex; + install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1; + ''; + + postFixup = '' + # Add the runtime dependencies for all programs (but mainly for the Perl + # scripts) + + wrapProgram $out/bin/caff --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TextTemplate MIMETools MailTools TimeDate NetIDNEncode ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ nettools gnupg ]}" + + wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \ + "${lib.makeBinPath [ which gnupg libpaper ]}" + + wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg qprint ]}" + + wrapProgram $out/bin/gpgdir --set PERL5LIB \ + ${with perlPackages; makePerlPath ([ + TermReadKey ] + ++ GnuPGInterfaceRuntimeDependencies)} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpglist --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \ + "${lib.makeBinPath [ getopt gnupg ]}" + +# wrapProgram $out/bin/gpgparticipants-prefill + + wrapProgram $out/bin/gpgparticipants-filter --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgsigs --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/gpgwrap --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/keyanalyze --set PERL5LIB \ + + wrapProgram $out/bin/keyart --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/keylookup --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-clean --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + + wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \ + ${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \ + --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + +# wrapProgram $out/bin/pgpring + +# wrapProgram $out/bin/process_keys + + # Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore, + # please use 2.0 (stable) instead. +# wrapProgram $out/bin/sig2dot + + wrapProgram $out/bin/springgraph --set PERL5LIB \ + ${with perlPackages; makePerlPath [ GD ]} + ''; + + meta = with lib; { + homepage = "https://salsa.debian.org/signing-party-team/signing-party"; + description = "A collection of several projects relating to OpenPGP"; + longDescription = '' + This is a collection of several projects relating to OpenPGP. + + * caff: CA - Fire and Forget signs and mails a key + * pgp-clean: removes all non-self signatures from key + * pgp-fixkey: removes broken packets from keys + * gpg-mailkeys: simply mail out a signed key to its owner + * gpg-key2ps: generate PostScript file with fingerprint paper slips + * gpgdir: recursive directory encryption tool + * gpglist: show who signed which of your UIDs + * gpgsigs: annotates list of GnuPG keys with already done signatures + * gpgparticipants: create list of party participants for the organiser + * gpgwrap: a passphrase wrapper + * keyanalyze: minimum signing distance (MSD) analysis on keyrings + * keylookup: ncurses wrapper around gpg --search + * sig2dot: converts a list of GnuPG signatures to a .dot file + * springgraph: creates a graph from a .dot file + * keyart: creates a random ASCII art of a PGP key file + * gpg-key2latex: generate LaTeX file with fingerprint paper slips + ''; + license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; + maintainers = with maintainers; [ fpletz primeos ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch b/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch new file mode 100644 index 000000000000..4beaf5b80887 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/signing-party/gpgwrap_makefile.patch @@ -0,0 +1,16 @@ +--- a/gpgwrap/Makefile 2015-06-03 16:24:48.723129144 +0200 ++++ b/gpgwrap/Makefile 2015-06-03 16:24:11.639744346 +0200 +@@ -1,9 +1,12 @@ + MAKE=make + +-.PHONY: all clean ++.PHONY: all clean install + + all: + cd src && ${MAKE} all DIET="${DIET}" + ++install: ++ ++ + clean: + cd src && ${MAKE} clean |