bitmask-vpn: init at 0.21.6

2021-09-10 02:39:06 +02:00 · 2021-09-10 02:39:06 +02:00 · def828bab6
commit def828bab6
parent a0e89960f5
2 changed files with 178 additions and 0 deletions
--- a/pkgs/tools/networking/bitmask-vpn/default.nix
+++ b/pkgs/tools/networking/bitmask-vpn/default.nix
@ -0,0 +1,168 @@
+{ lib
+, stdenv
+, fetchFromGitLab
+, mkDerivation
+, buildGoModule
+, wrapQtAppsHook
+, python3Packages
+, pkg-config
+, openvpn
+, cmake
+, qmake
+, which
+, iproute2
+, iptables
+, procps
+, qmltermwidget
+, qtbase
+, qtdeclarative
+, qtinstaller
+, qtquickcontrols
+, qtquickcontrols2
+, qttools
+, CoreFoundation
+, Security
+, provider ? "riseup"
+}:
+let
+  version = "0.21.6";
+
+  src = fetchFromGitLab {
+    domain = "0xacab.org";
+    owner = "leap";
+    repo = "bitmask-vpn";
+    rev = version;
+    sha256 = "sha256-LMz+ZgQVFGujoLA8rlyZ3VnW/NSlPipD5KwCe+cFtnY=";
+  };
+
+  # bitmask-root is only used on GNU/Linux
+  # and may one day be replaced by pkg/helper
+  bitmask-root = mkDerivation {
+    inherit src version;
+    sourceRoot = "source/helpers";
+    pname = "bitmask-root";
+    nativeBuildInputs = [ python3Packages.wrapPython ];
+    postPatch = ''
+      substituteInPlace bitmask-root \
+        --replace 'swhich("ip")' '"${iproute2}/bin/ip"' \
+        --replace 'swhich("iptables")' '"${iptables}/bin/iptables"' \
+        --replace 'swhich("ip6tables")' '"${iptables}/bin/ip6tables"' \
+        --replace 'swhich("sysctl")' '"${procps}/bin/sysctl"' \
+        --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
+      substituteInPlace se.leap.bitmask.policy \
+        --replace /usr/sbin/bitmask-root $out/bin/bitmask-root
+    '';
+    installPhase = ''
+      runHook preInstall
+
+      install -m 755 -D -t $out/bin bitmask-root
+      install -m 444 -D -t $out/share/polkit-1/actions se.leap.bitmask.policy
+      wrapPythonPrograms
+
+      runHook postInstall
+    '';
+  };
+in
+
+buildGoModule rec {
+  inherit src version;
+  pname = "${provider}-vpn";
+  vendorSha256 = null;
+
+  postPatch = ''
+    substituteInPlace pkg/pickle/helpers.go \
+      --replace /usr/share $out/share
+
+    # Using $PROVIDER is not working,
+    # thus replacing directly into the vendor.conf
+    substituteInPlace providers/vendor.conf \
+      --replace "provider = riseup" "provider = ${provider}"
+
+    patchShebangs gui/build.sh
+    wrapPythonProgramsIn branding/scripts
+  '' + lib.optionalString stdenv.isLinux ''
+    substituteInPlace pkg/helper/linux.go \
+      --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
+    substituteInPlace pkg/vpn/launcher_linux.go \
+      --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn \
+      --replace /usr/sbin/bitmask-root ${bitmask-root}/bin/bitmask-root \
+      --replace /usr/bin/lxpolkit /run/wrappers/bin/polkit-agent-helper-1 \
+      --replace '"polkit-gnome-authentication-agent-1",' '"polkit-gnome-authentication-agent-1","polkitd",'
+  '';
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+    python3Packages.wrapPython
+    qmake
+    qtquickcontrols
+    qtquickcontrols2
+    qttools
+    which
+    wrapQtAppsHook
+  ] ++ lib.optional (!stdenv.isLinux) qtinstaller;
+
+  buildInputs = [
+    qtbase
+    qmltermwidget
+    qtdeclarative
+  ] ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
+  # FIXME: building on Darwin currently fails
+  # due to missing debug symbols for Qt,
+  # this should be fixable once darwin.apple_sdk >= 10.13
+  # See https://bugreports.qt.io/browse/QTBUG-76777
+
+  # Not using buildGoModule's buildPhase:
+  # gui/build.sh will build Go modules into lib/libgoshim.a
+  buildPhase = ''
+    runHook preBuild
+
+    make gen_providers_json
+    make generate
+    # Remove timestamps in comments
+    sed -i -e '/^\/\//d' pkg/config/version/version.go
+
+    # Not using -j$NIX_BUILD_CORES because the Makefile's rules
+    # are not thread-safe: lib/libgoshim.h is used before being built.
+    make build
+
+    runHook postBuild
+  '';
+
+  postInstall = ''
+    install -m 755 -D -t $out/bin build/qt/release/${provider}-vpn
+
+    VERSION=${version} VENDOR_PATH=providers branding/scripts/generate-debian branding/templates/debian/data.json
+    (cd branding/templates/debian && ${python3Packages.python}/bin/python3 generate.py)
+    install -m 444 -D branding/templates/debian/app.desktop $out/share/applications/${provider}-vpn.desktop
+  '' + lib.optionalString stdenv.isLinux ''
+    install -m 444 -D -t $out/share/polkit-1/actions ${bitmask-root}/share/polkit-1/actions/se.leap.bitmask.policy
+  '';
+
+  # Some tests need access to the Internet:
+  # Post "https://api.black.riseup.net/3/cert": dial tcp: lookup api.black.riseup.net on [::1]:53: read udp [::1]:56553->[::1]:53: read: connection refused
+  doCheck = false;
+
+  passthru = { inherit bitmask-root; };
+
+  meta = {
+    description = "Generic VPN client by LEAP";
+    longDescription = ''
+      Bitmask, by LEAP (LEAP Encryption Access Project),
+      is an application to provide easy and secure encrypted communication
+      with a VPN (Virtual Private Network). It allows you to select from
+      a variety of trusted service provider all from one app.
+      Current providers include Riseup Networks
+      and The Calyx Institute, where the former is default.
+      The <literal>${provider}-vpn</literal> executable should appear
+      in your desktop manager's XDG menu or could be launch in a terminal
+      to get an execution log. A new icon should then appear in your systray
+      to control the VPN and configure some options.
+    '';
+    homepage = "https://bitmask.net";
+    license = lib.licenses.gpl3Plus;
+    maintainers = with lib.maintainers; [ julm ];
+    # darwin requires apple_sdk >= 10.13
+    platforms = lib.platforms.linux;
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -3997,6 +3997,11 @@ with pkgs;

  bluetooth_battery = python3Packages.callPackage ../applications/misc/bluetooth_battery { };

+  calyx-vpn = libsForQt5.callPackage ../tools/networking/bitmask-vpn {
+    provider = "calyx";
+    inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
+  };
+
  code-browser-qt = libsForQt5.callPackage ../applications/editors/code-browser { withQt = true;
                                                                                };
  code-browser-gtk = callPackage ../applications/editors/code-browser { withGtk = true;
@ -8484,6 +8489,11 @@ with pkgs;
    stdenv = gccStdenv;
  };

+  riseup-vpn = libsForQt5.callPackage ../tools/networking/bitmask-vpn {
+    provider = "riseup";
+    inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
+  };
+
  rocket = libsForQt5.callPackage ../tools/graphics/rocket { };

  rtaudio = callPackage ../development/libraries/audio/rtaudio {