90 lines
3.3 KiB
Nix
90 lines
3.3 KiB
Nix
{ stdenv, fetchurl, makeWrapper
|
|
, perl, libassuan, libgcrypt
|
|
, perlPackages, lockfileProgs, gnupg, coreutils
|
|
# For the tests:
|
|
, bash, openssh, which, socat, cpio, hexdump
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "monkeysphere-${version}";
|
|
version = "0.42";
|
|
|
|
src = fetchurl {
|
|
url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz";
|
|
sha256 = "1haqgjxm8v2xnhc652lx79p2cqggb9gxgaf19w9l9akar2qmdjf1";
|
|
};
|
|
|
|
patches = [ ./monkeysphere.patch ];
|
|
|
|
postPatch = ''
|
|
sed -i "s,/usr/bin/env,${coreutils}/bin/env," src/share/ma/update_users
|
|
'';
|
|
|
|
nativeBuildInputs = [ makeWrapper ];
|
|
buildInputs = [ perl libassuan libgcrypt ]
|
|
++ stdenv.lib.optional doCheck
|
|
([ gnupg openssh which socat cpio hexdump lockfileProgs ] ++
|
|
(with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ]));
|
|
|
|
makeFlags = ''
|
|
PREFIX=/
|
|
DESTDIR=$(out)
|
|
'';
|
|
|
|
# The tests "drain" entropy (GnuPG still uses /dev/random) and they don't run
|
|
# inside of the sandbox, because nixbld isn't allowed to login via SSH
|
|
# (/etc/passwd: "nixbld:x:1000:100:Nix build user:/build:/noshell",
|
|
# sshd: "User nixbld not allowed because shell /noshell does not exist").
|
|
doCheck = false;
|
|
preCheck = ''
|
|
patchShebangs tests/
|
|
patchShebangs src/
|
|
sed -i "s,/usr/sbin/sshd,${openssh}/bin/sshd," tests/basic
|
|
sed -i "s/<(hd/<(hexdump/" tests/keytrans
|
|
'';
|
|
|
|
postFixup =
|
|
let wrapperArgs = runtimeDeps:
|
|
"--prefix PERL5LIB : "
|
|
+ (with perlPackages; stdenv.lib.makePerlPath [
|
|
CryptOpenSSLRSA
|
|
CryptOpenSSLBignum
|
|
])
|
|
+ stdenv.lib.optionalString
|
|
(builtins.length runtimeDeps > 0)
|
|
" --prefix PATH : ${stdenv.lib.makeBinPath runtimeDeps}";
|
|
wrapMonkeysphere = runtimeDeps: program:
|
|
"wrapProgram $out/bin/${program} ${wrapperArgs runtimeDeps}\n";
|
|
wrapPrograms = runtimeDeps: programs: stdenv.lib.concatMapStrings
|
|
(wrapMonkeysphere runtimeDeps)
|
|
programs;
|
|
in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ]
|
|
+ wrapPrograms [ lockfileProgs ] [ "monkeysphere" ]
|
|
+ ''
|
|
# These 4 programs depend on the program name ($0):
|
|
for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do
|
|
rm $out/bin/$program
|
|
ln -sf keytrans $out/share/monkeysphere/$program
|
|
makeWrapper $out/share/monkeysphere/$program $out/bin/$program \
|
|
${wrapperArgs [ ]}
|
|
done
|
|
'';
|
|
|
|
meta = with stdenv.lib; {
|
|
homepage = http://web.monkeysphere.info/;
|
|
description = "Leverage the OpenPGP web of trust for SSH and TLS authentication";
|
|
longDescription = ''
|
|
The Monkeysphere project's goal is to extend OpenPGP's web of
|
|
trust to new areas of the Internet to help us securely identify
|
|
servers we connect to, as well as each other while we work online.
|
|
The suite of Monkeysphere utilities provides a framework to
|
|
transparently leverage the web of trust for authentication of
|
|
TLS/SSL communications through the normal use of tools you are
|
|
familiar with, such as your web browser0 or secure shell.
|
|
'';
|
|
license = licenses.gpl3Plus;
|
|
platforms = platforms.all;
|
|
maintainers = with maintainers; [ primeos ];
|
|
};
|
|
}
|