summary refs log tree commit diff
path: root/pkgs/tools/filesystems/cryfs/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/filesystems/cryfs/default.nix')
-rw-r--r--pkgs/tools/filesystems/cryfs/default.nix79
1 files changed, 79 insertions, 0 deletions
diff --git a/pkgs/tools/filesystems/cryfs/default.nix b/pkgs/tools/filesystems/cryfs/default.nix
new file mode 100644
index 000000000000..0469ad54eb13
--- /dev/null
+++ b/pkgs/tools/filesystems/cryfs/default.nix
@@ -0,0 +1,79 @@
+{ stdenv, fetchFromGitHub
+, cmake, pkgconfig, coreutils
+, boost, cryptopp, curl, fuse, openssl, python, spdlog
+}:
+
+stdenv.mkDerivation rec {
+  name = "cryfs-${version}";
+  version = "0.9.7";
+
+  src = fetchFromGitHub {
+    owner  = "cryfs";
+    repo   = "cryfs";
+    rev    = "${version}";
+    sha256 = "1wsv4cyjkyg3cyr6vipw1mj41bln2m69123l3miav8r4mvmkfq8w";
+  };
+
+  prePatch = ''
+    patchShebangs src
+
+    substituteInPlace vendor/scrypt/CMakeLists.txt \
+      --replace /usr/bin/ ""
+
+    # scrypt in nixpkgs only produces a binary so we lift the patching from that so allow
+    # building the vendored version. This is very much NOT DRY.
+    # The proper solution is to have scrypt generate a dev output with the required files and just symlink
+    # into vendor/scrypt
+    for f in Makefile.in autocrap/Makefile.am libcperciva/cpusupport/Build/cpusupport.sh ; do
+      substituteInPlace vendor/scrypt/scrypt-*/scrypt/$f --replace "command -p " ""
+    done
+
+    # cryfs is vendoring an old version of spdlog
+    rm -rf vendor/spdlog/spdlog
+    ln -s ${spdlog} vendor/spdlog/spdlog
+  '';
+
+  buildInputs = [ boost cryptopp curl fuse openssl python spdlog ];
+
+  patches = [
+    ./test-no-network.patch  # Disable tests using external networking
+    ./skip-failing-test-large-malloc.patch
+  ];
+
+  # coreutils is needed for the vendored scrypt
+  nativeBuildInputs = [ cmake coreutils pkgconfig ];
+
+  enableParallelBuilding = true;
+
+  cmakeFlags = [
+    "-DCRYFS_UPDATE_CHECKS=OFF"
+    "-DBoost_USE_STATIC_LIBS=OFF" # this option is case sensitive
+    "-DBUILD_TESTING=ON"
+  ];
+
+  doCheck = true;
+
+  # Cryfs tests are broken on darwin
+  checkPhase = stdenv.lib.optionalString (!stdenv.isDarwin) ''
+    # Skip CMakeFiles directory and tests depending on fuse (does not work well with sandboxing)
+    SKIP_IMPURE_TESTS="CMakeFiles|fspp|cryfs-cli"
+
+    for test in `ls -d test/*/ | egrep -v "$SKIP_IMPURE_TESTS"`; do
+      "./$test`basename $test`-test"
+    done
+  '';
+
+  installPhase = ''
+    # Building with BUILD_TESTING=ON is missing the install target
+    mkdir -p $out/bin
+    install -m 755 ./src/cryfs-cli/cryfs $out/bin/cryfs
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Cryptographic filesystem for the cloud";
+    homepage    = https://www.cryfs.org;
+    license     = licenses.lgpl3;
+    maintainers = with maintainers; [ peterhoeg ];
+    platforms   = with platforms; linux;
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 00:58:44 +0000