firefox_decrypt: init at unstable-2021-12-29

add update script based on mpvScripts.sponsorblock's

2 files changed, 94 insertions, 0 deletions

diff --git a/pkgs/tools/security/firefox_decrypt/default.nix b/pkgs/tools/security/firefox_decrypt/default.nix
new file mode 100644
index 00000000000..3ca0774e22e
--- /dev/null
+++ b/pkgs/tools/security/firefox_decrypt/default.nix
@@ -0,0 +1,45 @@
+{ lib
+, fetchFromGitHub
+, stdenvNoCC
+, nss
+, wrapPython
+}:
+
+stdenvNoCC.mkDerivation rec {
+  pname = "firefox_decrypt";
+  version = "unstable-2021-12-29";
+
+  src = fetchFromGitHub {
+    owner = "unode";
+    repo = pname;
+    rev = "a3daadc09603a6cf8c4b7e49a59776340bc885e7";
+    sha256 = "0g219zqbdnhh9j09d9a0b81vr6j44zzk13ckl5fzkr10gqndiscc";
+  };
+
+  nativeBuildInputs = [ wrapPython ];
+
+  buildInputs = [ nss ];
+
+  installPhase = ''
+    runHook preInstall
+
+    install -Dm 0755 firefox_decrypt.py "$out/bin/firefox_decrypt"
+
+    runHook postInstall
+  '';
+
+  makeWrapperArgs = [ "--prefix" "LD_LIBRARY_PATH" ":" (lib.makeLibraryPath [ nss ]) ];
+
+  postFixup = ''
+    wrapPythonPrograms
+  '';
+
+  passthru.updateScript = ./update.sh;
+
+  meta = with lib; {
+    homepage = "https://github.com/unode/firefox_decrypt";
+    description = "A tool to extract passwords from profiles of Mozilla Firefox and derivates";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ schnusch ];
+  };
+}
diff --git a/pkgs/tools/security/firefox_decrypt/update.sh b/pkgs/tools/security/firefox_decrypt/update.sh
new file mode 100755
index 00000000000..a56807f0ba0
--- /dev/null
+++ b/pkgs/tools/security/firefox_decrypt/update.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p common-updater-scripts git jq nix nix-prefetch-git
+git_url='https://github.com/unode/firefox_decrypt.git'
+git_branch='master'
+git_dir='/var/tmp/firefox_decrypt.git'
+nix_file="$(dirname "${BASH_SOURCE[0]}")/default.nix"
+pkg='firefox_decrypt'
+
+set -euo pipefail
+
+info() {
+    if [ -t 2 ]; then
+        set -- '\033[32m%s\033[39m\n' "$@"
+    else
+        set -- '%s\n' "$@"
+    fi
+    printf "$@" >&2
+}
+
+old_rev=$(nix-instantiate --eval --strict --json -A "$pkg.src.rev" | jq -r)
+old_version=$(nix-instantiate --eval --strict --json -A "$pkg.version" | jq -r)
+today=$(LANG=C date -u +'%Y-%m-%d')
+
+info "fetching $git_url..."
+if [ ! -d "$git_dir" ]; then
+    git init --initial-branch="$git_branch" "$git_dir"
+    git -C "$git_dir" remote add origin "$git_url"
+fi
+git -C "$git_dir" fetch origin "$git_branch"
+
+# use latest commit before today, we should not call the version *today*
+# because there might still be commits coming
+# use the day of the latest commit we picked as version
+new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch")
+new_version="unstable-$(git -C "$git_dir" log -n 1 --format='format:%cs' "$new_rev")"
+info "latest commit before $today: $new_rev"
+
+if [ "$new_rev" = "$old_rev" ]; then
+    info "$pkg is up-to-date."
+    exit
+fi
+
+new_sha256=$(nix-prefetch-git --rev "$new_rev" "$git_dir" | jq -r .sha256)
+update-source-version "$pkg" \
+    "$new_version" \
+    "$new_sha256" \
+    --rev="$new_rev"
+git add "$nix_file"
+git commit --verbose --message "$pkg: $old_version -> $new_version"