1 files changed, 52 insertions, 0 deletions

diff --git a/pkgs/by-name/pe/pesign/package.nix b/pkgs/by-name/pe/pesign/package.nix
new file mode 100644
index 00000000000..b39db9cd430
--- /dev/null
+++ b/pkgs/by-name/pe/pesign/package.nix
@@ -0,0 +1,52 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, pkg-config
+, nss
+, efivar
+, util-linux
+, popt
+, nspr
+, mandoc
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pesign";
+  version = "116";
+
+  src = fetchFromGitHub {
+    owner = "rhboot";
+    repo = "pesign";
+    rev = version;
+    hash = "sha256-cuOSD/ZHkilgguDFJviIZCG8kceRWw2JgssQuWN02Do=";
+  };
+
+  # nss-util is missing because it is already contained in nss
+  # Red Hat seems to be shipping a separate nss-util:
+  # https://centos.pkgs.org/7/centos-x86_64/nss-util-devel-3.44.0-4.el7_7.x86_64.rpm.html
+  # containing things we already have in `nss`.
+  # We can ignore all the errors pertaining to a missing
+  # nss-util.pc I suppose.
+  buildInputs = [ efivar util-linux nss popt nspr mandoc ];
+  nativeBuildInputs = [ pkg-config ];
+
+  makeFlags = [ "INSTALLROOT=$(out)" ];
+
+  postInstall = ''
+    mv $out/usr/bin $out/bin
+    mv $out/usr/share $out/share
+
+    rm -rf $out/usr
+    rm -rf $out/etc
+    rm -rf $out/run
+  '';
+
+  meta = with lib; {
+    description = "Signing tools for PE-COFF binaries. Compliant with the PE and Authenticode specifications.";
+    homepage = "https://github.com/rhboot/pesign";
+    license = licenses.gpl2Only;
+    maintainers = with maintainers; [ raitobezarius ];
+    # efivar is currently Linux-only.
+    platforms = platforms.linux;
+  };
+}