summary refs log tree commit diff
path: root/pkgs/tools/security/oath-toolkit
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2021-08-04 10:43:07 +0000
committerAlyssa Ross <hi@alyssa.is>2021-08-04 10:43:07 +0000
commit62614cbef7da005c1eda8c9400160f6bcd6546b8 (patch)
treec2630f69080637987b68acb1ee8676d2681fe304 /pkgs/tools/security/oath-toolkit
parentd9c82ed3044c72cecf01c6ea042489d30914577c (diff)
parente24069138dfec3ef94f211f1da005bb5395adc11 (diff)
downloadnixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.gz
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.bz2
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.lz
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.xz
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.zst
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.zip
Merge branch 'nixpkgs-update' into master
Diffstat (limited to 'pkgs/tools/security/oath-toolkit')
-rw-r--r--pkgs/tools/security/oath-toolkit/default.nix44


-rwxr-xr-xpkgs/tools/security/oath-toolkit/update.sh50


2 files changed, 63 insertions, 31 deletions
diff --git a/pkgs/tools/security/oath-toolkit/default.nix b/pkgs/tools/security/oath-toolkit/default.nix
index 22327c6a38f..e542a2ae714 100644
--- a/pkgs/tools/security/oath-toolkit/default.nix
+++ b/pkgs/tools/security/oath-toolkit/default.nix
@@ -1,48 +1,30 @@
-{ stdenv, fetchFromGitLab, fetchpatch, pam, xmlsec, autoreconfHook, pkgconfig, libxml2, gtk-doc, perl, gengetopt, bison, help2man }:
+{ lib, stdenv, fetchurl, pam, xmlsec }:
 
 let
+  # TODO: Switch to OpenPAM once https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/26 is addressed upstream
   securityDependency =
     if stdenv.isDarwin then xmlsec
     else pam;
 
-in stdenv.mkDerivation {
-  name = "oath-toolkit-2.6.2";
+in stdenv.mkDerivation rec {
+  pname = "oath-toolkit";
+  version = "2.6.7";
 
-  src = fetchFromGitLab {
-    owner = "oath-toolkit";
-    repo = "oath-toolkit";
-    rev = "0dffdec9c5af5c89a5af43add29d8275eefe7414";
-    sha256 = "0n2sl444723f1k0sjmc0mzdwslx51yxac39c2cx2bl3ykacgfv74";
+  src = fetchurl {
+    url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz";
+    sha256 = "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n";
   };
 
-  patches = [
-    # fix for glibc>=2.28
-    (fetchpatch {
-      name   = "new_glibc_check.patch";
-      url    = "https://sources.debian.org/data/main/o/oath-toolkit/2.6.1-1.3/debian/patches/new-glibc-check.patch";
-      sha256 = "0h75xyy3xsl485v7w27yqkks6z9sgsjmrv6wiswy15fdj5wyciv3";
-    })
-  ];
+  buildInputs = [ securityDependency ];
 
-  buildInputs = [ securityDependency libxml2 perl gengetopt bison ];
+  configureFlags = lib.optionals stdenv.isDarwin [ "--disable-pam" ];
 
-  nativeBuildInputs = [ autoreconfHook gtk-doc help2man pkgconfig ];
+  passthru.updateScript = ./update.sh;
 
-  # man file generation fails when true
-  enableParallelBuilding = false;
-
-  configureFlags = [ "--disable-pskc" ];
-
-  # Replicate the steps from cfg.mk
-  preAutoreconf = ''
-    printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > liboath/man/Makefile.gdoc
-    printf "gdoc_MANS =\ngdoc_TEXINFOS =\n" > libpskc/man/Makefile.gdoc
-    touch ChangeLog
-  '';
-
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "Components for building one-time password authentication systems";
     homepage = "https://www.nongnu.org/oath-toolkit/";
+    maintainers = with maintainers; [ schnusch ];
     platforms = with platforms; linux ++ darwin;
   };
 }
diff --git a/pkgs/tools/security/oath-toolkit/update.sh b/pkgs/tools/security/oath-toolkit/update.sh
new file mode 100755
index 00000000000..3502a541fa8
--- /dev/null
+++ b/pkgs/tools/security/oath-toolkit/update.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl git gnugrep nix
+
+set -euo pipefail
+
+nixfile='default.nix'
+release_url='https://download.savannah.nongnu.org/releases/oath-toolkit/'
+attr='oathToolkit'
+command='oathtool --version'
+
+color() {
+    printf '%s: \033[%sm%s\033[39m\n' "$0" "$1" "$2" >&2 || true
+}
+
+color 32 "downloading $release_url..."
+if ! release_page=$(curl -Lf "$release_url"); then
+    color 31 "cannot download release page"
+    exit 1
+fi
+
+tarball_name=$(printf '%s\n' "$release_page" \
+    | grep -Po '(?<=href=").*?\.tar\.gz(?=")' \
+    | sort -n | tail -n1)
+tarball_version="${tarball_name%.tar.*}"
+tarball_version="${tarball_version##*-}"
+tarball_url="mirror://savannah${release_url#https://*/releases}$tarball_name"
+
+color 32 "nix-prefetch-url $tarball_url..."
+if ! tarball_sha256=$(nix-prefetch-url --type sha256 "$tarball_url"); then
+    color 31 "cannot prefetch $tarball_url"
+    exit 1
+fi
+
+old_version=$(grep -Pom1 '(?<=version = ").*?(?=";)' "$nixfile")
+
+version=$(printf 'version = "%s";\n' "$tarball_version")
+sha256=$(printf 'sha256 = "%s";\n' "$tarball_sha256")
+sed -e "s,version = .*,$version," -e "s,sha256 = .*,$sha256," -i "$nixfile"
+
+if git diff --exit-code "$nixfile" > /dev/stderr; then
+    printf '\n' >&2 || true
+    color 32 "$tarball_version is up to date"
+else
+    color 32 "running '$command' with nix-shell..."
+    nix-shell -p "callPackage ./$nixfile {}" --run "$command"
+    msg="$attr: $old_version -> $tarball_version"
+    printf '\n' >&2 || true
+    color 31 "$msg"
+    git commit -m "$msg" "$nixfile"
+fi

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-18 21:06:09 +0000