diff options
25 files changed, 672 insertions, 20 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index d1a85532b3d..4d1acd1d820 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -1764,6 +1764,12 @@ githubId = 11946442; name = "Dipin Hora"; }; + dirkx = { + email = "dirkx@webweaving.org"; + github = "dirkx"; + githubId = 392583; + name = "Dirk-Willem van Gulik"; + }; disassembler = { email = "disasm@gmail.com"; github = "disassembler"; diff --git a/pkgs/applications/office/tusk/default.nix b/pkgs/applications/office/tusk/default.nix new file mode 100644 index 00000000000..d54f27f9bbf --- /dev/null +++ b/pkgs/applications/office/tusk/default.nix @@ -0,0 +1,54 @@ +{ appimageTools, fetchurl, lib, gsettings-desktop-schemas, gtk3 +, makeDesktopItem +}: + +let + pname = "tusk"; + version = "0.23.0"; + + icon = fetchurl { + url = "https://raw.githubusercontent.com/klaussinani/tusk/v${version}/static/Icon.png"; + sha256 = "1jqclyrjgg6hir45spg75plfmd8k9nrsrzw3plbcg43s5m1qzihb"; + }; + + desktopItem = makeDesktopItem { + name = pname; + exec = pname; + icon = icon; + desktopName = pname; + genericName = "Evernote desktop app"; + categories = "Application"; + }; + +in appimageTools.wrapType2 rec { + name = "${pname}-v${version}"; + src = fetchurl { + url = "https://github.com/klaussinani/tusk/releases/download/v${version}/${pname}-${version}-x86_64.AppImage"; + sha256 = "02q7wsnhlyq8z74avflrm7805ny8fzlmsmz4bmafp4b4pghjh5ky"; + }; + + + profile = '' + export LC_ALL=C.UTF-8 + export XDG_DATA_DIRS=${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}:${gtk3}/share/gsettings-schemas/${gtk3.name}:$XDG_DATA_DIRS + ''; + + multiPkgs = null; # no 32bit needed + extraPkgs = appimageTools.defaultFhsEnvArgs.multiPkgs; + extraInstallCommands = '' + mv $out/bin/{${name},${pname}} + mkdir "$out/share" + ln -s "${desktopItem}/share/applications" "$out/share/" + ''; + + meta = with lib; { + description = "Refined Evernote desktop app"; + longDescription = '' + Tusk is an unofficial, featureful, open source, community-driven, free Evernote app used by people in more than 140 countries. Tusk is indicated by Evernote as an alternative client for Linux environments trusted by the open source community. + ''; + homepage = "https://klaussinani.github.io/tusk/"; + license = licenses.mit; + maintainers = with maintainers; [ tbenst ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/applications/virtualization/conmon/default.nix b/pkgs/applications/virtualization/conmon/default.nix index 77f3d271b59..49d14d25bab 100644 --- a/pkgs/applications/virtualization/conmon/default.nix +++ b/pkgs/applications/virtualization/conmon/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { project = "conmon"; name = "${project}-${version}"; - version = "2.0.8"; + version = "2.0.9"; src = fetchFromGitHub { owner = "containers"; repo = project; rev = "v${version}"; - sha256 = "17pv80ba79wh4nwxy3wl0vl1m8054s346hgcp87iy3mpnrvq2cv2"; + sha256 = "0wy3nihif9ih62rlskrjysshfaxdl878fj5ni1zfb9db4nsx6z0m"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/desktops/deepin/dde-control-center/default.nix b/pkgs/desktops/deepin/dde-control-center/default.nix index 97e44c6c36e..a644da2e9a9 100644 --- a/pkgs/desktops/deepin/dde-control-center/default.nix +++ b/pkgs/desktops/deepin/dde-control-center/default.nix @@ -93,6 +93,14 @@ mkDerivation rec { --replace "/bin/systemctl" "${systemd}/bin/systemctl" ''; + dontWrapQtApps = true; + + preFixup = '' + gappsWrapperArgs+=( + "''${qtWrapperArgs[@]}" + ) + ''; + postFixup = '' # debuging searchForUnresolvedDLL $out diff --git a/pkgs/desktops/deepin/dde-dock/default.nix b/pkgs/desktops/deepin/dde-dock/default.nix index 7b44b69d5b7..62d5622340c 100644 --- a/pkgs/desktops/deepin/dde-dock/default.nix +++ b/pkgs/desktops/deepin/dde-dock/default.nix @@ -31,7 +31,7 @@ unwrapped = mkDerivation rec { deepin-desktop-schemas dtkcore dtkwidget - glib.bin + glib gsettings-qt libdbusmenu polkit @@ -64,6 +64,14 @@ unwrapped = mkDerivation rec { cmakeFlags = [ "-DDOCK_TRAY_USE_NATIVE_POPUP=YES" ]; + dontWrapQtApps = true; + + preFixup = '' + gappsWrapperArgs+=( + "''${qtWrapperArgs[@]}" + ) + ''; + postFixup = '' searchHardCodedPaths $out ''; diff --git a/pkgs/desktops/deepin/dde-file-manager/default.nix b/pkgs/desktops/deepin/dde-file-manager/default.nix index 62b4da71dd6..5d0d04bfb76 100644 --- a/pkgs/desktops/deepin/dde-file-manager/default.nix +++ b/pkgs/desktops/deepin/dde-file-manager/default.nix @@ -45,8 +45,7 @@ mkDerivation rec { dtkwidget ffmpegthumbnailer file - glib.bin - glib.dev + glib gnugrep gsettings-qt gvfs @@ -233,6 +232,14 @@ mkDerivation rec { export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${libX11}/lib"; ''; + dontWrapQtApps = true; + + preFixup = '' + gappsWrapperArgs+=( + "''${qtWrapperArgs[@]}" + ) + ''; + postFixup = '' # debuging unset LD_LIBRARY_PATH diff --git a/pkgs/desktops/deepin/dde-launcher/default.nix b/pkgs/desktops/deepin/dde-launcher/default.nix index f5e5f23cc2c..eae074381f3 100644 --- a/pkgs/desktops/deepin/dde-launcher/default.nix +++ b/pkgs/desktops/deepin/dde-launcher/default.nix @@ -1,7 +1,7 @@ { stdenv, mkDerivation, fetchFromGitHub, pkgconfig, cmake, dde-qt-dbus-factory, dde-session-ui, deepin, deepin-desktop-schemas, deepin-wallpapers, dtkcore, dtkwidget, gsettings-qt, qtsvg, qttools, qtx11extras, - which, xdg_utils, wrapGAppsHook }: + which, xdg_utils, wrapGAppsHook, glib }: mkDerivation rec { pname = "dde-launcher"; @@ -29,6 +29,7 @@ mkDerivation rec { deepin-wallpapers dtkcore dtkwidget + glib gsettings-qt qtsvg qtx11extras @@ -58,6 +59,14 @@ mkDerivation rec { # note: `dbus-send` path does not need to be hard coded because it is not used for dtkcore >= 2.0.8.0 ''; + dontWrapQtApps = true; + + preFixup = '' + gappsWrapperArgs+=( + "''${qtWrapperArgs[@]}" + ) + ''; + postFixup = '' # debugging searchHardCodedPaths $out diff --git a/pkgs/desktops/deepin/dde-session-ui/default.nix b/pkgs/desktops/deepin/dde-session-ui/default.nix index 699403567b7..a664defae56 100644 --- a/pkgs/desktops/deepin/dde-session-ui/default.nix +++ b/pkgs/desktops/deepin/dde-session-ui/default.nix @@ -104,10 +104,18 @@ mkDerivation rec { # - do not wrap dde-dman-portal related files: it appears it has been removed: https://github.com/linuxdeepin/dde-session-ui/commit/3bd028cf135ad22c784c0146e447ef34a69af768 ''; + dontWrapQtApps = true; + + preFixup = '' + gappsWrapperArgs+=( + "''${qtWrapperArgs[@]}" + ) + ''; + postFixup = '' - # wrapGAppsHook does not work with binaries outside of $out/bin or $out/libexec + # wrapGAppsHook or wrapQtAppsHook does not work with binaries outside of $out/bin or $out/libexec for binary in $out/lib/deepin-daemon/*; do - wrapProgram $binary "''${qtWrapperArgs[@]}" + wrapProgram $binary "''${gappsWrapperArgs[@]}" done searchHardCodedPaths $out # debugging diff --git a/pkgs/desktops/deepin/default.nix b/pkgs/desktops/deepin/default.nix index 57b0b35a532..64dbdbfd104 100644 --- a/pkgs/desktops/deepin/default.nix +++ b/pkgs/desktops/deepin/default.nix @@ -50,6 +50,7 @@ let qcef = callPackage ./qcef { }; qt5dxcb-plugin = callPackage ./qt5dxcb-plugin { }; qt5integration = callPackage ./qt5integration { }; + startdde = callPackage ./startdde { }; udisks2-qt5 = callPackage ./udisks2-qt5 { }; }; diff --git a/pkgs/desktops/deepin/startdde/default.nix b/pkgs/desktops/deepin/startdde/default.nix new file mode 100644 index 00000000000..137b3f690a6 --- /dev/null +++ b/pkgs/desktops/deepin/startdde/default.nix @@ -0,0 +1,136 @@ +{ stdenv, buildGoPackage, fetchFromGitHub, pkgconfig, alsaLib, + coreutils, dbus-factory, dde-api, dde-daemon, dde-dock, + dde-file-manager, dde-polkit-agent, dde-session-ui, deepin, + deepin-desktop-base, deepin-desktop-schemas, deepin-turbo, + dde-kwin, glib, gnome3, go, go-dbus-factory, go-gir-generator, + go-lib, gtk3, jq, kmod, libX11, libXi, libcgroup, pciutils, psmisc, + pulseaudio, systemd, xorg, wrapGAppsHook }: + +buildGoPackage rec { + name = "${pname}-${version}"; + pname = "startdde"; + version = "5.0.1"; + + goPackagePath = "pkg.deepin.io/dde/startdde"; + + src = fetchFromGitHub { + owner = "linuxdeepin"; + repo = pname; + rev = version; + sha256 = "1xydmglydksy7hjlavf5pbfy0s0lndgavh8x3kg2mg7d36mbra43"; + }; + + goDeps = ./deps.nix; + + outputs = [ "out" ]; + + nativeBuildInputs = [ + pkgconfig + dbus-factory + dde-api + go-dbus-factory + go-gir-generator + go-lib + jq + wrapGAppsHook + deepin.setupHook + ]; + + buildInputs = [ + alsaLib + dde-daemon + dde-dock + dde-file-manager + dde-kwin + dde-polkit-agent + dde-session-ui + deepin-desktop-schemas + deepin-turbo + glib + gnome3.dconf + gnome3.gnome-keyring + gnome3.libgnome-keyring + gtk3 + kmod + libX11 + libXi + libcgroup + pciutils + psmisc + pulseaudio + systemd + xorg.xdriinfo + ]; + + postPatch = '' + searchHardCodedPaths # debugging + + # Commented lines below indicates a doubt about how to fix the hard coded path + + fixPath $out /etc/X11 Makefile + #fixPath ? /etc/xdg/autostop autostop/autostop.go + fixPath ${coreutils} /bin/ls copyfile_test.go + fixPath $out /usr/share/startdde/auto_launch.json launch_group.go + #fixPath ? /usr/bin/kwin_no_scale main.go # not found on deepin linux and archlinux + fixPath $out /usr/share/startdde/memchecker.json memchecker/config.go + fixPath $out /usr/bin/startdde misc/00deepin-dde-env + fixPath ${dde-file-manager} /usr/bin/dde-file-manager misc/auto_launch/chinese.json + fixPath ${deepin-turbo} /usr/lib/deepin-turbo/booster-dtkwidget misc/auto_launch/chinese.json + fixPath ${dde-daemon} /usr/lib/deepin-daemon/dde-session-daemon misc/auto_launch/chinese.json misc/auto_launch/default.json + fixPath ${dde-dock} /usr/bin/dde-dock misc/auto_launch/chinese.json misc/auto_launch/default.json + fixPath ${dde-file-manager} /usr/bin/dde-desktop misc/auto_launch/chinese.json misc/auto_launch/default.json + fixPath $out /usr/bin/startdde misc/deepin-session + #fixPath ? /usr/lib/lightdm/config-error-dialog.sh misc/deepin-session # provided by lightdm on deepin linux + #fixPath ? /usr/sbin/lightdm-session misc/deepin-session # provided by lightdm on deepin linux + fixPath ${dde-session-ui} /usr/bin/dde-lock session.go + fixPath ${dde-session-ui} /usr/bin/dde-shutdown session.go + fixPath ${dde-session-ui} /usr/lib/deepin-daemon/dde-osd session.go + fixPath ${deepin-desktop-base} /etc/deepin-version session.go + fixPath ${gnome3.gnome-keyring} /usr/bin/gnome-keyring-daemon session.go + fixPath ${pulseaudio} /usr/bin/pulseaudio sound_effect.go + #fixPath ? /usr/lib/UIAppSched.hooks startmanager.go # not found anything about this + fixPath ${dde-session-ui} /usr/lib/deepin-daemon/dde-welcome utils.go + fixPath ${dde-polkit-agent} /usr/lib/polkit-1-dde/dde-polkit-agent watchdog/dde_polkit_agent.go + #fixPath ? /var/log/Xorg.0.log wm/driver.go + #fixPath ? /etc/deepin-wm-switcher/config.json wm/switcher_config.go # not present on nixos, deepin linux and archlinux + + substituteInPlace wm/driver.go --replace '/sbin/lsmod' "${kmod}/bin/lsmod" + + substituteInPlace session.go --replace 'LookPath("cgexec"' 'LookPath("${libcgroup}/bin/cgexec"' + substituteInPlace vm.go --replace 'Command("dde-wm-chooser"' 'Command("${dde-session-ui}/bin/dde-wm-chooser"' + substituteInPlace vm.go --replace 'Command("systemd-detect-virt"' 'Command("${systemd}/bin/systemd-detect-virt"' + substituteInPlace wm/card_info.go --replace 'Command("lspci"' 'Command("${pciutils}/bin/lspci"' + substituteInPlace wm/driver.go --replace 'Command("lspci"' 'Command("${pciutils}/bin/lspci"' + substituteInPlace wm/driver.go --replace 'Command("xdriinfo"' 'Command("${xorg.xdriinfo}/bin/xdriinfo"' + substituteInPlace wm/platform.go --replace 'Command("gsettings"' 'Command("${glib}/bin/gsettings"' + substituteInPlace wm/platform.go --replace 'Command("uname"' 'Command("${coreutils}/bin/uname"' + substituteInPlace wm/switcher.go --replace 'Command("killall"' 'Command("${psmisc}/bin/killall"' + ''; + + buildPhase = '' + make -C go/src/${goPackagePath} + ''; + + installPhase = '' + make install PREFIX="$out" -C go/src/${goPackagePath} + rm -rf $out/share/lightdm # this is uselesss for NixOS + remove-references-to -t ${go} $out/bin/* $out/sbin/* + ''; + + postFixup = '' + searchHardCodedPaths $out # debugging + ''; + + passthru = { + updateScript = deepin.updateScript { inherit name; }; + providedSessions = [ "deepin" ]; + }; + + meta = with stdenv.lib; { + description = "Starter of deepin desktop environment"; + homepage = https://github.com/linuxdeepin/startdde; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ romildo ]; + }; +} diff --git a/pkgs/desktops/deepin/startdde/deps.nix b/pkgs/desktops/deepin/startdde/deps.nix new file mode 100644 index 00000000000..8898b8c50fb --- /dev/null +++ b/pkgs/desktops/deepin/startdde/deps.nix @@ -0,0 +1,30 @@ +# This file was generated by https://github.com/kamilchm/go2nix v1.3.0 +[ + { + goPackagePath = "github.com/cryptix/wav"; + fetch = { + type = "git"; + url = "https://github.com/cryptix/wav"; + rev = "8bdace674401f0bd3b63c65479b6a6ff1f9d5e44"; + sha256 = "18nyqv0ic35fs9fny8sj84c00vbxs8mnric6vr6yl42624fh5id6"; + }; + } + { + goPackagePath = "github.com/linuxdeepin/go-x11-client"; + fetch = { + type = "git"; + url = "https://github.com/linuxdeepin/go-x11-client"; + rev = "b5b01565d224d5ccd5a4143d9099acceb23e182a"; + sha256 = "1lnffjp8bqy6f8caw6drg1js6hny5w7432riqchcrcd4q85d94rs"; + }; + } + { + goPackagePath = "golang.org/x/net"; + fetch = { + type = "git"; + url = "https://go.googlesource.com/net"; + rev = "daa7c04131f568e31c51927b359a2d197a357058"; + sha256 = "17gbfvb5iqyayzw0zd6q218zsbf7x74rflvn18wkxvsw95n1y54h"; + }; + } +] diff --git a/pkgs/desktops/pantheon/apps/elementary-files/default.nix b/pkgs/desktops/pantheon/apps/elementary-files/default.nix index 1cb81344ea6..ae43a372acc 100644 --- a/pkgs/desktops/pantheon/apps/elementary-files/default.nix +++ b/pkgs/desktops/pantheon/apps/elementary-files/default.nix @@ -24,13 +24,13 @@ , glib-networking , elementary-icon-theme , libcloudproviders -, fetchpatch +, libgit2-glib , wrapGAppsHook }: stdenv.mkDerivation rec { pname = "elementary-files"; - version = "4.2.0"; + version = "4.3.0"; repoName = "files"; @@ -40,7 +40,7 @@ stdenv.mkDerivation rec { owner = "elementary"; repo = repoName; rev = version; - sha256 = "12f0hzb62nchksyqd2gwj3cv001rph24ggd9wywh9i1qwppx4b5k"; + sha256 = "0brckm0vi9lh8l4g3cy37pbyrdh6g0mdsv3cpii069y2drrh8mz5"; }; passthru = { @@ -70,6 +70,7 @@ stdenv.mkDerivation rec { libcloudproviders libdbusmenu-gtk3 libgee + libgit2-glib libnotify libunity pango @@ -80,11 +81,6 @@ stdenv.mkDerivation rec { patches = [ ./hardcode-gsettings.patch - # Fixes https://github.com/elementary/files/issues/1081 - (fetchpatch { - url = "https://github.com/elementary/files/commit/76b5cc95466733c2c100a99127ecd4fbd4d2a5ec.patch"; - sha256 = "0dn8a9l7i2rdgia1rsc50332fsw0yrbfvpb5z8ba4iiki3lxy2nn"; - }) ]; postPatch = '' diff --git a/pkgs/desktops/pantheon/desktop/gala/default.nix b/pkgs/desktops/pantheon/desktop/gala/default.nix index baff9871105..5791fb5c58f 100644 --- a/pkgs/desktops/pantheon/desktop/gala/default.nix +++ b/pkgs/desktops/pantheon/desktop/gala/default.nix @@ -26,13 +26,13 @@ stdenv.mkDerivation rec { pname = "gala"; - version = "unstable-2019-10-31"; # Is tracking https://github.com/elementary/gala/commits/stable/juno + version = "3.2.0"; src = fetchFromGitHub { owner = "elementary"; repo = pname; - rev = "0f0724c97ad49f470f41c4a25c63103f51122997"; - sha256 = "09cl3k2am878iiy76bijb0ykrcafh944kz027jgi1y5yk4bwfjc4"; + rev = version; + sha256 = "1vf55ls3h20zpf0yxb206cijq8nkf89z2lmhccb4i1g2zajd31ix"; }; passthru = { diff --git a/pkgs/desktops/pantheon/nixpkgs_github_update/lib/nixpkgs_github_update/github_latest_version.ex b/pkgs/desktops/pantheon/nixpkgs_github_update/lib/nixpkgs_github_update/github_latest_version.ex index bd4bb8100ba..ad7f96d6b2a 100644 --- a/pkgs/desktops/pantheon/nixpkgs_github_update/lib/nixpkgs_github_update/github_latest_version.ex +++ b/pkgs/desktops/pantheon/nixpkgs_github_update/lib/nixpkgs_github_update/github_latest_version.ex @@ -24,7 +24,7 @@ defmodule NixpkgsGitHubUpdate.GitHubLatestVersion do String.to_charlist("#{System.get_env("OAUTH_TOKEN")}") end - defp put_token(headers, token) when is_binary(token) do + defp put_token(headers, token) when is_list(token) do Map.put_new(headers, 'Authorization', 'token #{token}') end diff --git a/pkgs/servers/http/apache-modules/mod_ca/default.nix b/pkgs/servers/http/apache-modules/mod_ca/default.nix new file mode 100644 index 00000000000..37f2a397ae6 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_ca/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchurl, pkgconfig, apacheHttpd, openssl, openldap }: + +stdenv.mkDerivation rec { + pname = "mod_ca"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "1pxapjrzdsk2s25vhgvf56fkakdqcbn9hjncwmqh0asl1pa25iic"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ apacheHttpd openssl openldap ]; + + # Note that configureFlags and installFlags are inherited by + # the various submodules. + # + configureFlags = [ + "--with-apxs=${apacheHttpd.dev}/bin/apxs" + ]; + + installFlags = [ + "INCLUDEDIR=${placeholder ''out''}/include" + "LIBEXECDIR=${placeholder ''out''}/modules" + ]; + + meta = with stdenv.lib; { + description = "RedWax CA service module"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_crl/default.nix b/pkgs/servers/http/apache-modules/mod_crl/default.nix new file mode 100644 index 00000000000..54c0de1c701 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_crl/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_crl"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "0k6iqn5a4bqdz3yx6d53f1r75c21jnwhxmmcq071zq0361xjzzj6"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + meta = with stdenv.lib; { + description = "RedWax module for Certificate Revocation Lists"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_csr/default.nix b/pkgs/servers/http/apache-modules/mod_csr/default.nix new file mode 100644 index 00000000000..60f97d2f361 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_csr/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_csr"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "01sdvv07kchdd6ssrmd2cbhj50qh2ibp5g5h6jy1jqbzp0b3j9ja"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + # After openssl-1.0.2t, starting in openssl-1.1.0l + # parts of the OpenSSL struct API was replaced by + # getters - but some setters where forgotten. + # + # It is expected that these are back/retrofitted in version + # openssl-1.1.1d -- but while fixing this it was found + # that there were quite a few other setters missing and + # that some of the memory management needed was at odds + # with the principles used sofar. + # + # See https://github.com/openssl/openssl/pull/10563 + # + # So as a stopgap - use a minimalist compat. layer + # https://source.redwax.eu/projects/RS/repos/mod_csr/browse/openssl_setter_compat.h + # + preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h"; + + meta = with stdenv.lib; { + description = "RedWax CA service module to handle Certificate Signing Requests"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h b/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h new file mode 100644 index 00000000000..a2a9e0f7a18 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_csr/openssl_setter_compat.h @@ -0,0 +1,66 @@ +/* Licensed to Stichting The Commons Conservancy (TCC) under one or more + * contributor license agreements. See the AUTHORS file distributed with + * this work for additional information regarding copyright ownership. + * TCC licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c +// and the private header files for that. They are needed as +// starting with OpenSSL 1.1.0 the X509_req structure became +// private; and got some get0 functions to access its internals. +// But no getter's until post 1.1.1 (PR#10563). So this is a +// stopgap for these lacking releases. +// +// Testest against: +// openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile) +// openssl-1.1.0l 0x0101000cfL (needs it) +// openssl-1.1.1d 0x01010104fL (last version that needs it) +// openssl-1.1.1-dev (should not need it - post PR#10563). +// +/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L && OPENSSL_VERSION_NUMBER <= 0x01010104fL */ +#if OPENSSL_VERSION_NUMBER >= 0x010100000L +#include "openssl/x509.h" + +#define HAS_OPENSSL_PR10563_WORK_AROUND + +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +typedef _Atomic int CRYPTO_REF_COUNT; + +struct X509_req_st { + X509_REQ_INFO req_info; + X509_ALGOR sig_alg; + ASN1_BIT_STRING *signature; /* signature */ + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; +# ifndef OPENSSL_NO_SM2 + ASN1_OCTET_STRING *sm2_id; +# endif +}; + + +static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg) +{ + if (req->sig_alg.algorithm) + ASN1_OBJECT_free(req->sig_alg.algorithm); + if (req->sig_alg.parameter) + ASN1_TYPE_free(req->sig_alg.parameter); + req->sig_alg = *palg; +} +#endif diff --git a/pkgs/servers/http/apache-modules/mod_ocsp/default.nix b/pkgs/servers/http/apache-modules/mod_ocsp/default.nix new file mode 100644 index 00000000000..6730ca16f10 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_ocsp/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_ocsp"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "1vwgai56krdf8knb0mgy07ni9mqxk82bcb4gibwpnxvl6qwgv2i0"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + meta = with stdenv.lib; { + description = "RedWax CA service modules of OCSP Online Certificate Validation"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix b/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix new file mode 100644 index 00000000000..2bcf3b1d9c2 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_pkcs12/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_pkcs12"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "0by4qfjs3a8q0amzwazfq8ii6ydv36v2mjga0jzc9i6xyl4rs6ai"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + meta = with stdenv.lib; { + description = "RedWax CA service modules for PKCS#12 format files"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_scep/default.nix b/pkgs/servers/http/apache-modules/mod_scep/default.nix new file mode 100644 index 00000000000..98703659c35 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_scep/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_scep"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "14l8v6y6kx5dg8avb5ny95qdcgrw40ss80nqrgmw615mk7zcj81f"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + # After openssl-1.0.2t, starting in openssl-1.1.0l + # parts of the OpenSSL struct API was replaced by + # getters - but some setters where forgotten. + # + # It is expected that these are back/retrofitted in version + # openssl-1.1.1d -- but while fixing this it was found + # that there were quite a few other setters missing and + # that some of the memory management needed was at odds + # with the principles used sofar. + # + # See https://github.com/openssl/openssl/pull/10563 + # + # So as a stopgap - use a minimalist compat. layer + # https://source.redwax.eu/projects/RS/repos/mod_csr/browse/openssl_setter_compat.h + # + preBuild = "cp ${./openssl_setter_compat.h} openssl_setter_compat.h"; + + meta = with stdenv.lib; { + description = "RedWax CA service modules for SCEP (Automatic ceritifcate issue/renewal)"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h b/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h new file mode 100644 index 00000000000..a2a9e0f7a18 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_scep/openssl_setter_compat.h @@ -0,0 +1,66 @@ +/* Licensed to Stichting The Commons Conservancy (TCC) under one or more + * contributor license agreements. See the AUTHORS file distributed with + * this work for additional information regarding copyright ownership. + * TCC licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These routines are copies from OpenSSL/1.1.1 its x509/x509_req.c +// and the private header files for that. They are needed as +// starting with OpenSSL 1.1.0 the X509_req structure became +// private; and got some get0 functions to access its internals. +// But no getter's until post 1.1.1 (PR#10563). So this is a +// stopgap for these lacking releases. +// +// Testest against: +// openssl-1.0.2t 0x01000214fL (does not need it, privates still accessile) +// openssl-1.1.0l 0x0101000cfL (needs it) +// openssl-1.1.1d 0x01010104fL (last version that needs it) +// openssl-1.1.1-dev (should not need it - post PR#10563). +// +/* #if OPENSSL_VERSION_NUMBER >= 0x010100000L && OPENSSL_VERSION_NUMBER <= 0x01010104fL */ +#if OPENSSL_VERSION_NUMBER >= 0x010100000L +#include "openssl/x509.h" + +#define HAS_OPENSSL_PR10563_WORK_AROUND + +struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + X509_PUBKEY *pubkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +typedef _Atomic int CRYPTO_REF_COUNT; + +struct X509_req_st { + X509_REQ_INFO req_info; + X509_ALGOR sig_alg; + ASN1_BIT_STRING *signature; /* signature */ + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; +# ifndef OPENSSL_NO_SM2 + ASN1_OCTET_STRING *sm2_id; +# endif +}; + + +static void _X509_REQ_set1_signature(X509_REQ *req, X509_ALGOR *palg) +{ + if (req->sig_alg.algorithm) + ASN1_OBJECT_free(req->sig_alg.algorithm); + if (req->sig_alg.parameter) + ASN1_TYPE_free(req->sig_alg.parameter); + req->sig_alg = *palg; +} +#endif diff --git a/pkgs/servers/http/apache-modules/mod_spkac/default.nix b/pkgs/servers/http/apache-modules/mod_spkac/default.nix new file mode 100644 index 00000000000..72e0d521e3b --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_spkac/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_spkac"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "0x6ia9qcr7lx2awpv9cr4ndic5f4g8yqzmp2hz66zpzkmk2b2pyz"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + meta = with stdenv.lib; { + description = "RedWax CA service module for handling the Netscape keygen requests. "; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/servers/http/apache-modules/mod_timestamp/default.nix b/pkgs/servers/http/apache-modules/mod_timestamp/default.nix new file mode 100644 index 00000000000..139da289078 --- /dev/null +++ b/pkgs/servers/http/apache-modules/mod_timestamp/default.nix @@ -0,0 +1,24 @@ +{ stdenv, fetchurl, pkgconfig, mod_ca, apr, aprutil }: + +stdenv.mkDerivation rec { + pname = "mod_timestamp"; + version = "0.2.1"; + + src = fetchurl { + url = "https://redwax.eu/dist/rs/${pname}-${version}.tar.gz"; + sha256 = "0j4b04dbdwn9aff3da9m0lnqi0qbw6c6hhi81skl15kyc3vzp67f"; + }; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ mod_ca apr aprutil ]; + inherit (mod_ca) configureFlags installFlags; + + meta = with stdenv.lib; { + description = "RedWax CA service module for issuing signed timestamps"; + + homepage = "https://redwax.eu"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ dirkx ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b41c8b5191c..c59c1795241 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14994,6 +14994,16 @@ in mod_auth_mellon = callPackage ../servers/http/apache-modules/mod_auth_mellon { }; + # Redwax collection + mod_ca = callPackage ../servers/http/apache-modules/mod_ca { }; + mod_crl = callPackage ../servers/http/apache-modules/mod_crl { }; + mod_csr = callPackage ../servers/http/apache-modules/mod_csr { }; + mod_ocsp = callPackage ../servers/http/apache-modules/mod_ocsp{ }; + mod_scep = callPackage ../servers/http/apache-modules/mod_scep { }; + mod_pkcs12 = callPackage ../servers/http/apache-modules/mod_pkcs12 { }; + mod_spkac= callPackage ../servers/http/apache-modules/mod_spkac { }; + mod_timestamp = callPackage ../servers/http/apache-modules/mod_timestamp { }; + mod_dnssd = callPackage ../servers/http/apache-modules/mod_dnssd { }; mod_evasive = callPackage ../servers/http/apache-modules/mod_evasive { }; @@ -15254,6 +15264,14 @@ in mod_fastcgi = pkgs.apacheHttpdPackages.mod_fastcgi; mod_python = pkgs.apacheHttpdPackages.mod_python; mod_wsgi = pkgs.apacheHttpdPackages.mod_wsgi; + mod_ca = pkgs.apacheHttpdPackages.mod_ca; + mod_crl = pkgs.apacheHttpdPackages.mod_crl; + mod_csr = pkgs.apacheHttpdPackages.mod_csr; + mod_ocsp = pkgs.apacheHttpdPackages.mod_ocsp; + mod_scep = pkgs.apacheHttpdPackages.mod_scep; + mod_spkac = pkgs.apacheHttpdPackages.mod_spkac; + mod_pkcs12 = pkgs.apacheHttpdPackages.mod_pkcs12; + mod_timestamp = pkgs.apacheHttpdPackages.mod_timestamp; inherit (callPackages ../servers/mpd { }) mpd mpd-small mpdWithFeatures; @@ -25302,6 +25320,8 @@ in tup = callPackage ../development/tools/build-managers/tup { }; + tusk = callPackage ../applications/office/tusk { }; + trufflehog = callPackage ../tools/security/trufflehog { }; tvbrowser-bin = callPackage ../applications/misc/tvbrowser/bin.nix { }; |