diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-08-04 10:43:07 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-08-04 10:43:07 +0000 |
commit | 62614cbef7da005c1eda8c9400160f6bcd6546b8 (patch) | |
tree | c2630f69080637987b68acb1ee8676d2681fe304 /pkgs/tools/security/oath-toolkit | |
parent | d9c82ed3044c72cecf01c6ea042489d30914577c (diff) | |
parent | e24069138dfec3ef94f211f1da005bb5395adc11 (diff) | |
download | nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.gz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.bz2 nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.lz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.xz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.zst nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.zip |
Merge branch 'nixpkgs-update' into master
Diffstat (limited to 'pkgs/tools/security/oath-toolkit')
-rw-r--r-- | pkgs/tools/security/oath-toolkit/default.nix | 44 | ||||
-rwxr-xr-x | pkgs/tools/security/oath-toolkit/update.sh | 50 |
2 files changed, 63 insertions, 31 deletions
diff --git a/pkgs/tools/security/oath-toolkit/default.nix b/pkgs/tools/security/oath-toolkit/default.nix index 22327c6a38f..e542a2ae714 100644 --- a/pkgs/tools/security/oath-toolkit/default.nix +++ b/pkgs/tools/security/oath-toolkit/default.nix @@ -1,48 +1,30 @@ -{ stdenv, fetchFromGitLab, fetchpatch, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }: +{ lib, stdenv, fetchurl, pam, xmlsec }: let + # TODO: Switch to OpenPAM once https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/26 is addressed upstream securityDependency = if stdenv.isDarwin then xmlsec else pam; -in stdenv.mkDerivation { - name = "oath-toolkit-2.6.2"; +in stdenv.mkDerivation rec { + pname = "oath-toolkit"; + version = "2.6.7"; - src = fetchFromGitLab { - owner = "oath-toolkit"; - repo = "oath-toolkit"; - rev = "0dffdec9c5af5c89a5af43add29d8275eefe7414"; - sha256 = "0n2sl444723f1k0sjmc0mzdwslx51yxac39c2cx2bl3ykacgfv74"; + src = fetchurl { + url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz"; + sha256 = "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n"; }; - patches = [ - # fix for glibc>=2.28 - (fetchpatch { - name = "new_glibc_check.patch"; - url = "https://sources.debian.org/data/main/o/oath-toolkit/2.6.1-1.3/debian/patches/new-glibc-check.patch"; - sha256 = "0h75xyy3xsl485v7w27yqkks6z9sgsjmrv6wiswy15fdj5wyciv3"; - }) - ]; + buildInputs = [ securityDependency ]; - buildInputs = [ securityDependency libxml2 perl gengetopt bison ]; + configureFlags = lib.optionals stdenv.isDarwin [ "--disable-pam" ]; - nativeBuildInputs = [ autoreconfHook gtk-doc help2man pkgconfig ]; + passthru.updateScript = ./update.sh; - # man file generation fails when true - enableParallelBuilding = false; - - configureFlags = [ "--disable-pskc" ]; - - # Replicate the steps from cfg.mk - preAutoreconf = '' - printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > liboath/man/Makefile.gdoc - printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > libpskc/man/Makefile.gdoc - touch ChangeLog - ''; - - meta = with stdenv.lib; { + meta = with lib; { description = "Components for building one-time password authentication systems"; homepage = "https://www.nongnu.org/oath-toolkit/"; + maintainers = with maintainers; [ schnusch ]; platforms = with platforms; linux ++ darwin; }; } diff --git a/pkgs/tools/security/oath-toolkit/update.sh b/pkgs/tools/security/oath-toolkit/update.sh new file mode 100755 index 00000000000..3502a541fa8 --- /dev/null +++ b/pkgs/tools/security/oath-toolkit/update.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl git gnugrep nix + +set -euo pipefail + +nixfile='default.nix' +release_url='https://download.savannah.nongnu.org/releases/oath-toolkit/' +attr='oathToolkit' +command='oathtool --version' + +color() { + printf '%s: \033[%sm%s\033[39m\n' "$0" "$1" "$2" >&2 || true +} + +color 32 "downloading $release_url..." +if ! release_page=$(curl -Lf "$release_url"); then + color 31 "cannot download release page" + exit 1 +fi + +tarball_name=$(printf '%s\n' "$release_page" \ + | grep -Po '(?<=href=").*?\.tar\.gz(?=")' \ + | sort -n | tail -n1) +tarball_version="${tarball_name%.tar.*}" +tarball_version="${tarball_version##*-}" +tarball_url="mirror://savannah${release_url#https://*/releases}$tarball_name" + +color 32 "nix-prefetch-url $tarball_url..." +if ! tarball_sha256=$(nix-prefetch-url --type sha256 "$tarball_url"); then + color 31 "cannot prefetch $tarball_url" + exit 1 +fi + +old_version=$(grep -Pom1 '(?<=version = ").*?(?=";)' "$nixfile") + +version=$(printf 'version = "%s";\n' "$tarball_version") +sha256=$(printf 'sha256 = "%s";\n' "$tarball_sha256") +sed -e "s,version = .*,$version," -e "s,sha256 = .*,$sha256," -i "$nixfile" + +if git diff --exit-code "$nixfile" > /dev/stderr; then + printf '\n' >&2 || true + color 32 "$tarball_version is up to date" +else + color 32 "running '$command' with nix-shell..." + nix-shell -p "callPackage ./$nixfile {}" --run "$command" + msg="$attr: $old_version -> $tarball_version" + printf '\n' >&2 || true + color 31 "$msg" + git commit -m "$msg" "$nixfile" +fi |