nixpkgs/pkgs/tools/security/signing-party/default.nix
Michael Weiss 813c691c21
signing-party: 2.10 -> 2.11
Note: The only change is a new gpgparticipants-filter command.
2020-07-09 20:48:30 +02:00

227 lines
9.3 KiB
Nix

{ stdenv, fetchFromGitLab, autoconf, automake, makeWrapper
, python3, perl, perlPackages
, libmd, gnupg, which, getopt, libpaper, nettools, qprint
, sendmailPath ? "/run/wrappers/bin/sendmail" }:
let
# All runtime dependencies from the CPAN graph:
# https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1
GnuPGInterfaceRuntimeDependencies = with perlPackages; [
strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny
GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate
RoleTiny SubExporterProgressive SubQuote TypeTiny
];
in stdenv.mkDerivation rec {
pname = "signing-party";
version = "2.11";
src = fetchFromGitLab {
domain = "salsa.debian.org";
owner = "signing-party-team";
repo = "signing-party";
rev = "v${version}";
sha256 = "1aig5ssabzbk4mih7xd04vgr931bw0flbi8dz902wlr610gyv5s5";
};
# TODO: Get this patch upstream...
patches = [ ./gpgwrap_makefile.patch ];
postPatch = ''
substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \
"/usr/sbin/sendmail" "${sendmailPath}"
'';
# One can use the following command to find all relevant Makefiles:
# grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules'
preBuild = ''
substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out"
substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out"
substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out"
substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out"
substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out"
'';
# Perl is required for it's pod2man.
# Python and Perl are required for patching the script interpreter paths.
nativeBuildInputs = [ autoconf automake makeWrapper ];
buildInputs = [ python3 perl perlPackages.GnuPGInterface libmd gnupg ];
postInstall = ''
# Install all tools which aren't handled by 'make install'.
# TODO: Fix upstream...!
# caff: CA - Fire and Forget signs and mails a key
install -D -m555 caff/caff $out/bin/caff;
install -D -m444 caff/caff.1 $out/share/man/man1/caff.1;
# pgp-clean: removes all non-self signatures from key
install -D -m555 caff/pgp-clean $out/bin/pgp-clean;
install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1;
# pgp-fixkey: removes broken packets from keys
install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey;
install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1;
# gpg-mailkeys: simply mail out a signed key to its owner
install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys;
install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1;
# gpg-key2ps: generate PostScript file with fingerprint paper slips
install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps;
install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1;
# gpgdir: recursive directory encryption tool
install -D -m555 gpgdir/gpgdir $out/bin/gpgdir;
install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1;
# gpglist: show who signed which of your UIDs
install -D -m555 gpglist/gpglist $out/bin/gpglist;
install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1;
# gpgsigs: annotates list of GnuPG keys with already done signatures
# The manual page is not handled by 'make install'
install -D -m444 gpgsigs/gpgsigs.1 $out/share/man/man1/gpgsigs.1;
# gpgparticipants: create list of party participants for the organiser
install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants;
install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1;
install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill;
install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1;
install -D -m555 gpgparticipants/gpgparticipants-filter $out/bin/gpgparticipants-filter;
install -D -m444 gpgparticipants/gpgparticipants-filter.1 $out/share/man/man1/gpgparticipants-filter.1;
# gpgwrap: a passphrase wrapper
install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap;
install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1;
# keyanalyze: minimum signing distance (MSD) analysis on keyrings
# Only the binaries are handled by 'make install'
install -D -m444 keyanalyze/keyanalyze.1 $out/share/man/man1/keyanalyze.1;
install -D -m444 keyanalyze/pgpring/pgpring.1 $out/share/man/man1/pgpring.1;
install -D -m444 keyanalyze/process_keys.1 $out/share/man/man1/process_keys.1;
# keylookup: ncurses wrapper around gpg --search
# Handled by 'make install'
# sig2dot: converts a list of GnuPG signatures to a .dot file
# Handled by 'make install'
# springgraph: creates a graph from a .dot file
# Handled by 'make install'
# keyart: creates a random ASCII art of a PGP key file
install -D -m555 keyart/keyart $out/bin/keyart;
install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1;
# gpg-key2latex: generate LaTeX file with fingerprint paper slips
install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex;
install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1;
'';
postFixup = ''
# Add the runtime dependencies for all programs (but mainly for the Perl
# scripts)
wrapProgram $out/bin/caff --set PERL5LIB \
${with perlPackages; makePerlPath ([
TextTemplate MIMETools MailTools TimeDate NetIDNEncode ]
++ GnuPGInterfaceRuntimeDependencies)} \
--prefix PATH ":" \
"${stdenv.lib.makeBinPath [ nettools gnupg ]}"
wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \
${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \
--prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg libpaper ]}"
wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ which gnupg libpaper ]}"
wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg qprint ]}"
wrapProgram $out/bin/gpgdir --set PERL5LIB \
${with perlPackages; makePerlPath ([
TermReadKey ]
++ GnuPGInterfaceRuntimeDependencies)} \
--prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/gpglist --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ getopt gnupg ]}"
# wrapProgram $out/bin/gpgparticipants-prefill
wrapProgram $out/bin/gpgparticipants-filter --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/gpgsigs --set PERL5LIB \
${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \
--prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/gpgwrap --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
# wrapProgram $out/bin/keyanalyze --set PERL5LIB \
wrapProgram $out/bin/keyart --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/keylookup --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/pgp-clean --set PERL5LIB \
${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \
--prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \
${perlPackages.makePerlPath GnuPGInterfaceRuntimeDependencies} \
--prefix PATH ":" \
"${stdenv.lib.makeBinPath [ gnupg ]}"
# wrapProgram $out/bin/pgpring
# wrapProgram $out/bin/process_keys
# Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore,
# please use 2.0 (stable) instead.
# wrapProgram $out/bin/sig2dot
wrapProgram $out/bin/springgraph --set PERL5LIB \
${with perlPackages; makePerlPath [ GD ]}
'';
meta = with stdenv.lib; {
homepage = "https://salsa.debian.org/signing-party-team/signing-party";
description = "A collection of several projects relating to OpenPGP";
longDescription = ''
This is a collection of several projects relating to OpenPGP.
* caff: CA - Fire and Forget signs and mails a key
* pgp-clean: removes all non-self signatures from key
* pgp-fixkey: removes broken packets from keys
* gpg-mailkeys: simply mail out a signed key to its owner
* gpg-key2ps: generate PostScript file with fingerprint paper slips
* gpgdir: recursive directory encryption tool
* gpglist: show who signed which of your UIDs
* gpgsigs: annotates list of GnuPG keys with already done signatures
* gpgparticipants: create list of party participants for the organiser
* gpgwrap: a passphrase wrapper
* keyanalyze: minimum signing distance (MSD) analysis on keyrings
* keylookup: ncurses wrapper around gpg --search
* sig2dot: converts a list of GnuPG signatures to a .dot file
* springgraph: creates a graph from a .dot file
* keyart: creates a random ASCII art of a PGP key file
* gpg-key2latex: generate LaTeX file with fingerprint paper slips
'';
license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ];
maintainers = with maintainers; [ fpletz primeos ];
platforms = platforms.linux;
};
}