2023-04-29 16:46:19 +00:00
|
|
|
{ lib, stdenv, fetchurl, buildPackages
|
|
|
|
, pkg-config, texinfo
|
|
|
|
, gettext, libassuan, libgcrypt, libgpg-error, libiconv, libksba, npth
|
|
|
|
, adns, bzip2, gnutls, libusb1, openldap, readline, sqlite, zlib
|
|
|
|
, enableMinimal ? false
|
2022-10-06 18:32:54 +00:00
|
|
|
, withPcsc ? !enableMinimal, pcsclite
|
2023-04-29 16:46:19 +00:00
|
|
|
, guiSupport ? stdenv.isDarwin, pinentry
|
2022-10-06 18:32:54 +00:00
|
|
|
, withTpm2Tss ? !stdenv.isDarwin && !enableMinimal, tpm2-tss
|
2020-04-24 23:36:52 +00:00
|
|
|
}:
|
|
|
|
|
2022-08-21 13:32:41 +00:00
|
|
|
assert guiSupport -> enableMinimal == false;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
|
|
stdenv.mkDerivation rec {
|
|
|
|
pname = "gnupg";
|
2023-02-16 17:41:37 +00:00
|
|
|
version = "2.4.0";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
|
|
src = fetchurl {
|
|
|
|
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
|
2023-04-29 16:46:19 +00:00
|
|
|
hash = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM=";
|
2020-04-24 23:36:52 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
2021-02-05 17:12:51 +00:00
|
|
|
nativeBuildInputs = [ pkg-config texinfo ];
|
2020-04-24 23:36:52 +00:00
|
|
|
buildInputs = [
|
2023-04-29 16:46:19 +00:00
|
|
|
gettext libassuan libgcrypt libgpg-error libiconv libksba npth
|
|
|
|
] ++ lib.optionals (!enableMinimal) [
|
|
|
|
adns bzip2 gnutls libusb1 openldap readline sqlite zlib
|
|
|
|
] ++ lib.optionals withTpm2Tss [ tpm2-tss ];
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
|
|
patches = [
|
|
|
|
./fix-libusb-include-path.patch
|
|
|
|
./tests-add-test-cases-for-import-without-uid.patch
|
|
|
|
./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
|
2023-04-29 16:46:19 +00:00
|
|
|
./24-allow-import-of-previously-known-keys-even-without-UI.patch
|
2022-07-14 12:49:19 +00:00
|
|
|
# Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
|
|
|
|
./v3-0001-Disallow-compressed-signatures-and-certificates.patch
|
2020-04-24 23:36:52 +00:00
|
|
|
];
|
2023-04-29 16:46:19 +00:00
|
|
|
|
2020-04-24 23:36:52 +00:00
|
|
|
postPatch = ''
|
2022-03-30 09:31:56 +00:00
|
|
|
sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
|
2023-04-29 16:46:19 +00:00
|
|
|
'' + lib.optionalString (stdenv.isLinux && withPcsc) ''
|
|
|
|
sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
|
|
|
|
'';
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
|
|
configureFlags = [
|
2023-04-29 16:46:19 +00:00
|
|
|
"--sysconfdir=/etc"
|
2021-10-08 15:17:17 +00:00
|
|
|
"--with-libgpg-error-prefix=${libgpg-error.dev}"
|
2020-04-24 23:36:52 +00:00
|
|
|
"--with-libgcrypt-prefix=${libgcrypt.dev}"
|
|
|
|
"--with-libassuan-prefix=${libassuan.dev}"
|
|
|
|
"--with-ksba-prefix=${libksba.dev}"
|
|
|
|
"--with-npth-prefix=${npth}"
|
2023-04-29 16:46:19 +00:00
|
|
|
]
|
|
|
|
++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentry.binaryPath or "bin/pinentry"}"
|
2023-01-11 07:51:40 +00:00
|
|
|
++ lib.optional withTpm2Tss "--with-tss=intel"
|
|
|
|
++ lib.optional stdenv.isDarwin "--disable-ccid-driver";
|
2023-04-29 16:46:19 +00:00
|
|
|
|
2020-04-24 23:36:52 +00:00
|
|
|
postInstall = if enableMinimal
|
|
|
|
then ''
|
|
|
|
rm -r $out/{libexec,sbin,share}
|
2022-01-13 20:06:32 +00:00
|
|
|
for f in $(find $out/bin -type f -not -name gpg)
|
2020-04-24 23:36:52 +00:00
|
|
|
do
|
|
|
|
rm $f
|
|
|
|
done
|
|
|
|
'' else ''
|
|
|
|
mkdir -p $out/lib/systemd/user
|
|
|
|
for f in doc/examples/systemd-user/*.{service,socket} ; do
|
|
|
|
substitute $f $out/lib/systemd/user/$(basename $f) \
|
|
|
|
--replace /usr/bin $out/bin
|
|
|
|
done
|
|
|
|
|
|
|
|
# add gpg2 symlink to make sure git does not break when signing commits
|
|
|
|
ln -s $out/bin/gpg $out/bin/gpg2
|
2020-11-12 09:05:59 +00:00
|
|
|
|
|
|
|
# Make libexec tools available in PATH
|
2022-01-13 20:06:32 +00:00
|
|
|
for f in $out/libexec/; do
|
|
|
|
if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
|
|
|
|
ln -s $f $out/bin/$(basename $f)
|
|
|
|
done
|
2023-04-29 16:46:19 +00:00
|
|
|
|
|
|
|
for f in $out/libexec/; do
|
|
|
|
if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
|
|
|
|
ln -s $f $out/bin/$(basename $f)
|
|
|
|
done
|
2020-04-24 23:36:52 +00:00
|
|
|
'';
|
|
|
|
|
2022-01-13 20:06:32 +00:00
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
2023-04-29 16:46:19 +00:00
|
|
|
passthru.tests.connman = lib.nixosTests.gnupg;
|
2023-02-09 11:40:11 +00:00
|
|
|
|
2021-01-15 22:18:51 +00:00
|
|
|
meta = with lib; {
|
2020-04-24 23:36:52 +00:00
|
|
|
homepage = "https://gnupg.org";
|
2022-01-13 20:06:32 +00:00
|
|
|
description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation";
|
2020-04-24 23:36:52 +00:00
|
|
|
license = licenses.gpl3Plus;
|
|
|
|
longDescription = ''
|
|
|
|
The GNU Privacy Guard is the GNU project's complete and free
|
|
|
|
implementation of the OpenPGP standard as defined by RFC4880. GnuPG
|
|
|
|
"modern" (2.1) is the latest development with a lot of new features.
|
|
|
|
GnuPG allows to encrypt and sign your data and communication, features a
|
|
|
|
versatile key management system as well as access modules for all kind of
|
|
|
|
public key directories. GnuPG, also known as GPG, is a command line tool
|
|
|
|
with features for easy integration with other applications. A wealth of
|
|
|
|
frontend applications and libraries are available. Version 2 of GnuPG
|
|
|
|
also provides support for S/MIME.
|
|
|
|
'';
|
2021-10-17 02:12:59 +00:00
|
|
|
maintainers = with maintainers; [ fpletz vrthra ];
|
2020-04-24 23:36:52 +00:00
|
|
|
platforms = platforms.all;
|
2022-04-03 18:54:34 +00:00
|
|
|
mainProgram = "gpg";
|
2020-04-24 23:36:52 +00:00
|
|
|
};
|
|
|
|
}
|