diff options
Diffstat (limited to 'pkgs/tools')
8 files changed, 411 insertions, 161 deletions
diff --git a/pkgs/tools/X11/xidlehook/default.nix b/pkgs/tools/X11/xidlehook/default.nix index a4bc2295f1b9..943fdb2711c3 100644 --- a/pkgs/tools/X11/xidlehook/default.nix +++ b/pkgs/tools/X11/xidlehook/default.nix @@ -3,7 +3,7 @@ rustPlatform.buildRustPackage rec { pname = "xidlehook"; - version = "0.8.0"; + version = "0.8.2"; doCheck = false; @@ -12,11 +12,11 @@ rustPlatform.buildRustPackage rec { repo = "xidlehook"; rev = version; - sha256 = "127b20y86xs2wq5ka236057nyrh87fgzhjqbl6azf002afnbsn5m"; + sha256 = "1zvr3vk76x0gsq6z5rrnliv2bvshsm8bhkspc41bbj4kniz4h5bw"; }; cargoBuildFlags = lib.optionals (!stdenv.isLinux) ["--no-default-features" "--features" "pulse"]; - cargoSha256 = "0wakw3pqgwfwarjfb3h0a2javrhnf509v3j547a7p9k5kbjb5np0"; + cargoSha256 = "0dxz5mbdc93xb02vnmd29i2kdh05c7vx9h28x5qgs3jvddyb3xmn"; buildInputs = [ xlibsWrapper xorg.libXScrnSaver libpulseaudio ] ++ lib.optional stdenv.isDarwin Security; nativeBuildInputs = [ pkgconfig patchelf python3 ]; @@ -32,5 +32,6 @@ rustPlatform.buildRustPackage rec { license = licenses.mit; maintainers = with maintainers; [ jD91mZM2 ]; platforms = platforms.unix; + badPlatforms = platforms.darwin; }; } diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 54a8f4de7d7b..aed6a9d4012c 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, pkgs, fetchurl, buildEnv , coreutils, gnused, getopt, git, tree, gnupg, openssl, which, procps -, qrencode , makeWrapper +, qrencode , makeWrapper, pass, symlinkJoin , xclip ? null, xdotool ? null, dmenu ? null , x11Support ? !stdenv.isDarwin @@ -23,131 +23,136 @@ let env = extensions: let - selected = extensions passExtensions + selected = [ pass ] ++ extensions passExtensions ++ stdenv.lib.optional tombPluginSupport passExtensions.tomb; in buildEnv { name = "pass-extensions-env"; paths = selected; - buildInputs = concatMap (x: x.buildInputs) selected; - }; - - generic = extensionsEnv: extraPassthru: stdenv.mkDerivation rec { - version = "1.7.3"; - pname = "password-store"; + buildInputs = [ makeWrapper ] ++ concatMap (x: x.buildInputs) selected; - src = fetchurl { - url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz"; - sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"; - }; + postBuild = '' + files=$(find $out/bin/ -type f -exec readlink -f {} \;) + rm $out/bin + mkdir $out/bin - patches = [ ./set-correct-program-name-for-sleep.patch ] - ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch - # TODO (@Ma27) this patch adds support for wl-clipboard and can be removed during the next - # version bump. - ++ stdenv.lib.optional waylandSupport ./clip-wayland-support.patch; + for i in $files; do + ln -sf $i $out/bin/$(basename $i) + done - nativeBuildInputs = [ makeWrapper ]; - - buildInputs = [ extensionsEnv ]; + wrapProgram $out/bin/pass \ + --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions" + ''; + }; +in - installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; +stdenv.mkDerivation rec { + version = "1.7.3"; + pname = "password-store"; - postInstall = '' - # Install Emacs Mode. NOTE: We can't install the necessary - # dependencies (s.el and f.el) here. The user has to do this - # himself. - mkdir -p "$out/share/emacs/site-lisp" - cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" - '' + optionalString x11Support '' - cp "contrib/dmenu/passmenu" "$out/bin/" - ''; + src = fetchurl { + url = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz"; + sha256 = "1x53k5dn3cdmvy8m4fqdld4hji5n676ksl0ql4armkmsds26av1b"; + }; - wrapperPath = with stdenv.lib; makeBinPath ([ - coreutils - getopt - git - gnupg - gnused - tree - which - qrencode - procps - ] ++ optional stdenv.isDarwin openssl - ++ ifEnable x11Support [ dmenu xclip xdotool ] - ++ optional waylandSupport wl-clipboard); - - postFixup = '' - # Link extensions env - rmdir $out/lib/password-store/extensions - ln -s ${extensionsEnv}/lib/password-store/extensions $out/lib/password-store/. - for f in ${extensionsEnv}/share/man/man1/*.1.gz; do - ln -s $f $out/share/man/man1/ - done - - # Fix program name in --help - substituteInPlace $out/bin/pass \ - --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" - - # Ensure all dependencies are in PATH - wrapProgram $out/bin/pass \ - --prefix PATH : "${wrapperPath}" - '' + stdenv.lib.optionalString x11Support '' - # We just wrap passmenu with the same PATH as pass. It doesn't - # need all the tools in there but it doesn't hurt either. - wrapProgram $out/bin/passmenu \ - --prefix PATH : "$out/bin:${wrapperPath}" - ''; + patches = [ + ./set-correct-program-name-for-sleep.patch + ./extension-dir.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch + # TODO (@Ma27) this patch adds support for wl-clipboard and can be removed during the next + # version bump. + ++ stdenv.lib.optional waylandSupport ./clip-wayland-support.patch; + + nativeBuildInputs = [ makeWrapper ]; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + postInstall = '' + # Install Emacs Mode. NOTE: We can't install the necessary + # dependencies (s.el and f.el) here. The user has to do this + # himself. + mkdir -p "$out/share/emacs/site-lisp" + cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/" + '' + optionalString x11Support '' + cp "contrib/dmenu/passmenu" "$out/bin/" + ''; + + wrapperPath = with stdenv.lib; makeBinPath ([ + coreutils + getopt + git + gnupg + gnused + tree + which + qrencode + procps + ] ++ optional stdenv.isDarwin openssl + ++ ifEnable x11Support [ dmenu xclip xdotool ] + ++ optional waylandSupport wl-clipboard); + + postFixup = '' + # Fix program name in --help + substituteInPlace $out/bin/pass \ + --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass" + + # Ensure all dependencies are in PATH + wrapProgram $out/bin/pass \ + --prefix PATH : "${wrapperPath}" + '' + stdenv.lib.optionalString x11Support '' + # We just wrap passmenu with the same PATH as pass. It doesn't + # need all the tools in there but it doesn't hurt either. + wrapProgram $out/bin/passmenu \ + --prefix PATH : "$out/bin:${wrapperPath}" + ''; + + # Turn "check" into "installcheck", since we want to test our pass, + # not the one before the fixup. + postPatch = '' + patchShebangs tests + + substituteInPlace src/password-store.sh \ + --replace "@out@" "$out" + + # the turning + sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \ + -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \ + -e '/which gpg/ d' \ + tests/setup.sh + '' + stdenv.lib.optionalString stdenv.isDarwin '' + # 'pass edit' uses hdid, which is not available from the sandbox. + rm -f tests/t0200-edit-tests.sh + rm -f tests/t0010-generate-tests.sh + rm -f tests/t0020-show-tests.sh + rm -f tests/t0050-mv-tests.sh + rm -f tests/t0100-insert-tests.sh + rm -f tests/t0300-reencryption.sh + rm -f tests/t0400-grep.sh + ''; + + doCheck = false; + + doInstallCheck = true; + installCheckInputs = [ git ]; + installCheckTarget = "test"; + + passthru = { + extensions = passExtensions; + withExtensions = env; + }; - # Turn "check" into "installcheck", since we want to test our pass, - # not the one before the fixup. - postPatch = '' - patchShebangs tests - - # the turning - sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \ - -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \ - -e '/which gpg/ d' \ - tests/setup.sh - '' + stdenv.lib.optionalString stdenv.isDarwin '' - # 'pass edit' uses hdid, which is not available from the sandbox. - rm -f tests/t0200-edit-tests.sh - rm -f tests/t0010-generate-tests.sh - rm -f tests/t0020-show-tests.sh - rm -f tests/t0050-mv-tests.sh - rm -f tests/t0100-insert-tests.sh - rm -f tests/t0300-reencryption.sh - rm -f tests/t0400-grep.sh + meta = with stdenv.lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = https://www.passwordstore.org/; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ma27 ]; + platforms = platforms.unix; + + longDescription = '' + pass is a very simple password store that keeps passwords inside gpg2 + encrypted files inside a simple directory tree residing at + ~/.password-store. The pass utility provides a series of commands for + manipulating the password store, allowing the user to add, remove, edit, + synchronize, generate, and manipulate passwords. ''; - - doCheck = false; - - doInstallCheck = true; - installCheckInputs = [ git ]; - installCheckTarget = "test"; - - passthru = { - extensions = passExtensions; - } // extraPassthru; - - meta = with stdenv.lib; { - description = "Stores, retrieves, generates, and synchronizes passwords securely"; - homepage = https://www.passwordstore.org/; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ]; - platforms = platforms.unix; - - longDescription = '' - pass is a very simple password store that keeps passwords inside gpg2 - encrypted files inside a simple directory tree residing at - ~/.password-store. The pass utility provides a series of commands for - manipulating the password store, allowing the user to add, remove, edit, - synchronize, generate, and manipulate passwords. - ''; - }; }; - -in - -generic (env (_: [])) { - withExtensions = extensions: generic (env extensions) {}; } diff --git a/pkgs/tools/security/pass/extension-dir.patch b/pkgs/tools/security/pass/extension-dir.patch new file mode 100644 index 000000000000..028da31c4617 --- /dev/null +++ b/pkgs/tools/security/pass/extension-dir.patch @@ -0,0 +1,32 @@ +diff --git a/Makefile b/Makefile +index eac2291..1b1df0a 100644 +--- a/Makefile ++++ b/Makefile +@@ -46,12 +46,12 @@ install: install-common + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store" && install -m 0644 -v "$(PLATFORMFILE)" "$(DESTDIR)$(LIBDIR)/password-store/platform.sh" + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions" + @install -v -d "$(DESTDIR)$(BINDIR)/" +- @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \ ++ @trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;' src/password-store.sh > src/.pass && \ + install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass" + else + install: install-common + @install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions" +- @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \ ++ @trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;' src/password-store.sh > src/.pass && \ + install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass" + endif + +diff --git a/src/password-store.sh b/src/password-store.sh +index 68551a4..2f3b5b7 100755 +--- a/src/password-store.sh ++++ b/src/password-store.sh +@@ -656,7 +656,7 @@ cmd_extension_or_show() { + fi + } + +-SYSTEM_EXTENSION_DIR="" ++SYSTEM_EXTENSION_DIR="${SYSTEM_EXTENSION_DIR:-@out@/lib/password-store/extensions}" + cmd_extension() { + check_sneaky_paths "$1" + local user_extension system_extension extension diff --git a/pkgs/tools/security/pass/extensions/audit.nix b/pkgs/tools/security/pass/extensions/audit.nix deleted file mode 100644 index ca5ca855337f..000000000000 --- a/pkgs/tools/security/pass/extensions/audit.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper }: - -let - pythonEnv = pythonPackages.python.withPackages (p: [ p.requests ]); - -in stdenv.mkDerivation rec { - pname = "pass-audit"; - version = "0.1"; - - src = fetchFromGitHub { - owner = "roddhjav"; - repo = "pass-audit"; - rev = "v${version}"; - sha256 = "0v0db8bzpcaa7zqz17syn3c78mgvw4mpg8qg1gh5rmbjsjfxw6sm"; - }; - - nativeBuildInputs = [ makeWrapper ]; - - buildInputs = [ pythonEnv ]; - - patchPhase = '' - sed -i -e "s|/usr/lib|$out/lib|" audit.bash - sed -i -e 's|$0|${pass}/bin/pass|' audit.bash - ''; - - dontBuild = true; - - installFlags = [ "PREFIX=$(out)" ]; - - postFixup = '' - wrapProgram $out/lib/password-store/extensions/audit.bash \ - --prefix PATH : "${pythonEnv}/bin" \ - --run "export PREFIX" - ''; - - meta = with stdenv.lib; { - description = "Pass extension for auditing your password repository."; - homepage = https://github.com/roddhjav/pass-audit; - license = licenses.gpl3Plus; - platforms = platforms.unix; - }; -} diff --git a/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch b/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch new file mode 100644 index 000000000000..36faf3140ccd --- /dev/null +++ b/pkgs/tools/security/pass/extensions/audit/0001-Make-it-possible-to-run-the-tests-offline.patch @@ -0,0 +1,175 @@ +From 37c2b4d2940476555aeec20fe1e5e3fa0492a94e Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Sun, 15 Mar 2020 19:58:53 +0100 +Subject: [PATCH] Make it possible to run the tests offline + +Helpful when developing without network access, also makes sure that +the test actually depend on the API's data like number of breaches +(which will change in time). +--- + tests/commons.py | 25 +++++++++++++++++++++++++ + tests/test_audit.py | 8 +++++--- + tests/test_pass_audit.py | 10 +++++++++- + tests/test_pwned.py | 8 +++++--- + 4 files changed, 44 insertions(+), 7 deletions(-) + +diff --git a/tests/commons.py b/tests/commons.py +index 13c4cb1..4f1ecd8 100644 +--- a/tests/commons.py ++++ b/tests/commons.py +@@ -56,3 +56,28 @@ class TestPass(TestBase): + for path in self.store.list(root): + data[path] = self.store.show(path) + return data ++ ++ ++def mock_request(*args, **kwargs): ++ class MockResponse: ++ def __init__(self): ++ data = [ ++ "D5EE0CB1A41071812CCED2F1930E6E1A5D2:2", ++ "2DC183F740EE76F27B78EB39C8AD972A757:52579", ++ "CF164D7A51A1FD864B1BF9E1CE8A3EC171B:4", ++ "D0B910E7A3028703C0B30039795E908CEB2:7", ++ "AD6438836DBE526AA231ABDE2D0EEF74D42:3", ++ "EBAB0A7CE978E0194608B572E4F9404AA21:3", ++ "17727EAB0E800E62A776C76381DEFBC4145:120", ++ "5370372AC65308F03F6ED75EC6068C8E1BE:1386", ++ "1E4C9B93F3F0682250B6CF8331B7EE68FD8:3730471", ++ "437FAA5A7FCE15D1DDCB9EAEAEA377667B8:123422", ++ "944C22589AC652B0F47918D58CA0CDCCB63:411" ++ ] ++ ++ self.text = "\r\n".join(data) ++ ++ def raise_for_status(self): ++ pass ++ ++ return MockResponse() +diff --git a/tests/test_audit.py b/tests/test_audit.py +index d8c7a9a..5e0a9cf 100644 +--- a/tests/test_audit.py ++++ b/tests/test_audit.py +@@ -17,12 +17,13 @@ + # + + from .. import pass_audit +-from tests.commons import TestPass +- ++from tests.commons import TestPass, mock_request ++from unittest import mock + + class TestPassAudit(TestPass): + passwords_nb = 7 + ++ @mock.patch('requests.get', mock_request) + def test_password_notpwned(self): + """Testing: pass audit for password not breached with K-anonymity method.""" + data = self._getdata("Password/notpwned") +@@ -30,9 +31,10 @@ class TestPassAudit(TestPass): + breached = audit.password() + self.assertTrue(len(breached) == 0) + ++ @mock.patch('requests.get', mock_request) + def test_password_pwned(self): + """Testing: pass audit for password breached with K-anonymity method.""" +- ref_counts = [51259, 3, 114, 1352, 3645804, 78773, 396] ++ ref_counts = [52579, 3, 120, 1386, 3730471, 123422, 411] + data = self._getdata("Password/pwned") + audit = pass_audit.PassAudit(data) + breached = audit.password() +diff --git a/tests/test_pass_audit.py b/tests/test_pass_audit.py +index 4c10f87..2c949f7 100644 +--- a/tests/test_pass_audit.py ++++ b/tests/test_pass_audit.py +@@ -19,7 +19,8 @@ + import os + + from .. import pass_audit +-from tests.commons import TestPass ++from tests.commons import TestPass, mock_request ++from unittest import mock + + + class TestPassAuditCMD(TestPass): +@@ -47,6 +48,7 @@ class TestPassAuditCMD(TestPass): + cmd = ['--not-an-option', '-q'] + self._passaudit(cmd, 2) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_StoreNotInitialized(self): + """Testing: store not initialized.""" + cmd = ['Password/', '-v'] +@@ -56,6 +58,7 @@ class TestPassAuditCMD(TestPass): + os.rename(os.path.join(self.store.prefix, 'backup.gpg-id'), + os.path.join(self.store.prefix, '.gpg-id')) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_InvalidID(self): + """Testing: invalid user ID.""" + os.rename(os.path.join(self.store.prefix, '.gpg-id'), +@@ -66,26 +69,31 @@ class TestPassAuditCMD(TestPass): + os.rename(os.path.join(self.store.prefix, 'backup.gpg-id'), + os.path.join(self.store.prefix, '.gpg-id')) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_NotAFile(self): + """Testing: pass audit not_a_file.""" + cmd = ['not_a_file'] + self._passaudit(cmd, 1) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_passwords_notpwned(self): + """Testing: pass audit Password/notpwned.""" + cmd = ['Password/notpwned'] + self._passaudit(cmd) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_passwords_pwned(self): + """Testing: pass audit Password/pwned.""" + cmd = ['Password/pwned'] + self._passaudit(cmd) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_passwords_good(self): + """Testing: pass audit Password/good.""" + cmd = ['Password/good'] + self._passaudit(cmd) + ++ @mock.patch('requests.get', mock_request) + def test_pass_audit_passwords_all(self): + """Testing: pass audit .""" + cmd = [''] +diff --git a/tests/test_pwned.py b/tests/test_pwned.py +index 5ce6bc6..c28939a 100644 +--- a/tests/test_pwned.py ++++ b/tests/test_pwned.py +@@ -17,7 +17,8 @@ + # + + from .. import pass_audit +-from tests.commons import TestPass ++from tests.commons import TestPass, mock_request ++from unittest import mock + + + class TestPwnedAPI(TestPass): +@@ -25,12 +26,13 @@ class TestPwnedAPI(TestPass): + def setUp(self): + self.api = pass_audit.PwnedAPI() + ++ @mock.patch('requests.get', mock_request) + def test_password_range(self): + """Testing: https://api.haveibeenpwned.com/range API.""" + prefix = '21BD1' + Hash = '21BD12DC183F740EE76F27B78EB39C8AD972A757' + hashes, counts = self.api.password_range(prefix) + self.assertIn(Hash, hashes) +- self.assertTrue(counts[hashes.index(Hash)] == 51259) ++ self.assertTrue(counts[hashes.index(Hash)] == 52579) + self.assertTrue(len(hashes) == len(counts)) +- self.assertTrue(len(hashes) == 527) ++ self.assertTrue(len(hashes) == 11) +-- +2.25.0 + diff --git a/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch b/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch new file mode 100644 index 000000000000..5703f3c1f652 --- /dev/null +++ b/pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch @@ -0,0 +1,28 @@ +From 8f76b32946430737f97f2702afd828b09536afd2 Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Sun, 15 Mar 2020 20:10:11 +0100 +Subject: [PATCH 2/2] Fix audit.bash setup + +This sets PASSWORD_STORE_DIR (needed by the python-code) to +PASSWORD_STORE_DIR and properly falls back to `~/.password-store` if +it's not set. +--- + audit.bash | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/audit.bash b/audit.bash +index 7a973dc..c40ff76 100755 +--- a/audit.bash ++++ b/audit.bash +@@ -17,7 +17,7 @@ + # + + cmd_audit() { +- export PASSWORD_STORE_DIR=$PREFIX GIT_DIR PASSWORD_STORE_GPG_OPTS ++ export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-$HOME/.password-store} GIT_DIR PASSWORD_STORE_GPG_OPTS + export X_SELECTION CLIP_TIME PASSWORD_STORE_UMASK GENERATED_LENGTH + export CHARACTER_SET CHARACTER_SET_NO_SYMBOLS EXTENSIONS PASSWORD_STORE_KEY + export PASSWORD_STORE_ENABLE_EXTENSIONS PASSWORD_STORE_SIGNING_KEY +-- +2.25.0 + diff --git a/pkgs/tools/security/pass/extensions/audit/default.nix b/pkgs/tools/security/pass/extensions/audit/default.nix new file mode 100644 index 000000000000..bae6b9bbafdf --- /dev/null +++ b/pkgs/tools/security/pass/extensions/audit/default.nix @@ -0,0 +1,51 @@ +{ stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, gnupg }: + +let + pythonEnv = pythonPackages.python.withPackages (p: [ p.requests p.setuptools p.zxcvbn ]); + +in stdenv.mkDerivation rec { + pname = "pass-audit"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "roddhjav"; + repo = "pass-audit"; + rev = "v${version}"; + sha256 = "1mdckw0dwcnv8smp1za96y0zmdnykbkw2606v7mzfnzbz4zjdlwl"; + }; + + patches = [ + ./0001-Make-it-possible-to-run-the-tests-offline.patch + ./0002-Fix-audit.bash-setup.patch + ]; + + postPatch = '' + substituteInPlace audit.bash \ + --replace '/usr/bin/env python3' "${pythonEnv}/bin/python3" + ''; + + outputs = [ "out" "man" ]; + + buildInputs = [ pythonEnv ]; + nativeBuildInputs = [ makeWrapper ]; + + doCheck = true; + checkInputs = [ pythonPackages.green pass gnupg ]; + checkPhase = '' + ${pythonEnv}/bin/python3 setup.py green -q + ''; + + installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ]; + postInstall = '' + wrapProgram $out/lib/password-store/extensions/audit.bash \ + --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" + ''; + + meta = with stdenv.lib; { + description = "Pass extension for auditing your password repository."; + homepage = https://github.com/roddhjav/pass-audit; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ ma27 ]; + }; +} diff --git a/pkgs/tools/security/pass/extensions/default.nix b/pkgs/tools/security/pass/extensions/default.nix index 6eb321229e00..1f41a6924821 100644 --- a/pkgs/tools/security/pass/extensions/default.nix +++ b/pkgs/tools/security/pass/extensions/default.nix @@ -3,7 +3,7 @@ with pkgs; { - pass-audit = callPackage ./audit.nix { + pass-audit = callPackage ./audit { pythonPackages = python3Packages; }; pass-checkup = callPackage ./checkup.nix {}; |