Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
signing-party: Fix deps and include all tools
Additional tools: - gpg-key2latex - gpgdir - gpgwrap This module is really hacky and the dependencies are very messy... :o However I tried my best at testing all 19 individual tools and they should (hopefully) all work now (apart from sendmail which can be provided by multiple packages) :) The code is very redundant (sorry) but imho it's easier to read and maintain it that way. TODO: There are some additional manual pages that could be included (I'm too exhausted for that atm...). And there might be a lot of stuff that could be improved in the future.
- Loading branch information
Showing
3 changed files
with
193 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,73 +1,217 @@ | ||
{ stdenv, fetchurl, makeWrapper, autoconf, automake | ||
, gnupg, perl, python, libmd, qprint, coreutils, gnused, glibc, gnupg1compat | ||
, perlPackages }: | ||
{ stdenv, fetchurl, autoconf, automake, makeWrapper | ||
, python, perl, perlPackages | ||
, libmd, gnupg1, which, getopt, libpaper, nettools, qprint | ||
, sendmailPath ? "/run/wrappers/bin/sendmail" }: | ||
|
||
let | ||
# All runtime dependencies from the CPAN graph: | ||
# https://widgets.stratopan.com/wheel?q=GnuPG-Interface-0.52&runtime=1&fs=1 | ||
# TODO: XSLoader seems optional | ||
GnuPGInterfaceRuntimeDependencies = with perlPackages; [ | ||
strictures ClassMethodModifiers DataPerl DevelGlobalDestruction ExporterTiny | ||
GnuPGInterface ListMoreUtils ModuleRuntime Moo MooXHandlesVia MooXlate | ||
RoleTiny SubExporterProgressive SubQuote TypeTiny XSLoader | ||
]; | ||
in | ||
stdenv.mkDerivation rec { | ||
pname = "signing-party"; | ||
version = "2.5"; | ||
basename = "signing-party"; | ||
name = "${basename}-${version}"; | ||
name = "${pname}-${version}"; | ||
|
||
src = fetchurl { | ||
url = "mirror://debian/pool/main/s/${basename}/${basename}_${version}.orig.tar.gz"; | ||
url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz"; | ||
sha256 = "1y2bxk01qiwaqaily0s6zi10ssv7l35vksib6fxzyl76pp693nv2"; | ||
}; | ||
|
||
sourceRoot = "."; | ||
|
||
# TODO: Get this patch upstream... | ||
patches = [ ./gpgwrap_makefile.patch ]; | ||
|
||
postPatch = '' | ||
substituteInPlace gpg-mailkeys/gpg-mailkeys --replace "/usr/sbin/sendmail" "sendmail" | ||
substituteInPlace gpg-mailkeys/gpg-mailkeys --replace \ | ||
"/usr/sbin/sendmail" "${sendmailPath}" | ||
''; | ||
|
||
# One can use the following command to find all relevant Makefiles: | ||
# grep -R '$(DESTDIR)/usr' | cut -d: -f1 | sort -u | grep -v 'debian/rules' | ||
preBuild = '' | ||
substituteInPlace sig2dot/Makefile --replace "\$(DESTDIR)/usr" "$out" | ||
substituteInPlace gpgsigs/Makefile --replace "\$(DESTDIR)/usr" "$out" | ||
substituteInPlace keylookup/Makefile --replace "\$(DESTDIR)/usr" "$out" | ||
substituteInPlace springgraph/Makefile --replace "\$(DESTDIR)/usr" "$out" | ||
substituteInPlace keyanalyze/Makefile --replace "\$(DESTDIR)/usr" "$out" | ||
substituteInPlace gpgsigs/Makefile --replace '$(DESTDIR)/usr' "$out" | ||
substituteInPlace keyanalyze/Makefile --replace '$(DESTDIR)/usr' "$out" | ||
substituteInPlace keylookup/Makefile --replace '$(DESTDIR)/usr' "$out" | ||
substituteInPlace sig2dot/Makefile --replace '$(DESTDIR)/usr' "$out" | ||
substituteInPlace springgraph/Makefile --replace '$(DESTDIR)/usr' "$out" | ||
''; | ||
|
||
# Perl is required for it's pod2man. | ||
# Python and Perl are required for patching the script interpreter paths. | ||
nativeBuildInputs = [ autoconf automake makeWrapper ]; | ||
buildInputs = [ gnupg perl python libmd ] ++ | ||
(with perlPackages; [ GnuPGInterface TextTemplate MIMEtools NetIDNEncode MailTools ]); | ||
|
||
installFlags = [ "DESTDIR=\${out}" ]; | ||
buildInputs = [ python perl perlPackages.GnuPGInterface libmd gnupg1 ]; | ||
|
||
postInstall = '' | ||
install -m 755 \ | ||
caff/caff caff/pgp-clean caff/pgp-fixkey \ | ||
gpglist/gpglist \ | ||
gpgparticipants/gpgparticipants \ | ||
gpgparticipants/gpgparticipants-prefill \ | ||
gpgsigs/gpgsigs \ | ||
gpg-key2ps/gpg-key2ps \ | ||
gpg-mailkeys/gpg-mailkeys \ | ||
keyart/keyart \ | ||
$out/bin | ||
install -m 644 \ | ||
caff/caff.1 caff/pgp-clean.1 caff/pgp-fixkey.1 \ | ||
gpglist/gpglist.1 \ | ||
gpgparticipants/gpgparticipants-prefill.1 \ | ||
gpgparticipants/gpgparticipants.1 \ | ||
gpgsigs/gpgsigs.1 \ | ||
gpg-key2ps/gpg-key2ps.1 \ | ||
gpg-mailkeys/gpg-mailkeys.1 \ | ||
$out/share/man/man1 | ||
wrapProgram $out/bin/caff --prefix PERL5LIB ":" "$PERL5LIB" \ | ||
--prefix PATH ":" "${stdenv.lib.makeBinPath [ gnupg1compat ]}" | ||
wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" "${stdenv.lib.makeBinPath [ qprint coreutils gnused glibc gnupg1compat ]}" | ||
# Install all tools which aren't handled by 'make install'. | ||
# TODO: Fix upstream...! | ||
# caff: CA - Fire and Forget signs and mails a key | ||
install -D -m555 caff/caff $out/bin/caff; | ||
install -D -m444 caff/caff.1 $out/share/man/man1/caff.1; | ||
# pgp-clean: removes all non-self signatures from key | ||
install -D -m555 caff/pgp-clean $out/bin/pgp-clean; | ||
install -D -m444 caff/pgp-clean.1 $out/share/man/man1/pgp-clean.1; | ||
# pgp-fixkey: removes broken packets from keys | ||
install -D -m555 caff/pgp-fixkey $out/bin/pgp-fixkey; | ||
install -D -m444 caff/pgp-fixkey.1 $out/share/man/man1/pgp-fixkey.1; | ||
# gpg-mailkeys: simply mail out a signed key to its owner | ||
install -D -m555 gpg-mailkeys/gpg-mailkeys $out/bin/gpg-mailkeys; | ||
install -D -m444 gpg-mailkeys/gpg-mailkeys.1 $out/share/man/man1/gpg-mailkeys.1; | ||
# gpg-key2ps: generate PostScript file with fingerprint paper slips | ||
install -D -m555 gpg-key2ps/gpg-key2ps $out/bin/gpg-key2ps; | ||
install -D -m444 gpg-key2ps/gpg-key2ps.1 $out/share/man/man1/gpg-key2ps.1; | ||
# gpgdir: recursive directory encryption tool | ||
install -D -m555 gpgdir/gpgdir $out/bin/gpgdir; | ||
install -D -m444 gpgdir/gpgdir.1 $out/share/man/man1/gpgdir.1; | ||
# gpglist: show who signed which of your UIDs | ||
install -D -m555 gpglist/gpglist $out/bin/gpglist; | ||
install -D -m444 gpglist/gpglist.1 $out/share/man/man1/gpglist.1; | ||
# gpgsigs: annotates list of GnuPG keys with already done signatures | ||
# Handled by 'make install' | ||
# gpgparticipants: create list of party participants for the organiser | ||
install -D -m555 gpgparticipants/gpgparticipants $out/bin/gpgparticipants; | ||
install -D -m444 gpgparticipants/gpgparticipants.1 $out/share/man/man1/gpgparticipants.1; | ||
install -D -m555 gpgparticipants/gpgparticipants-prefill $out/bin/gpgparticipants-prefill; | ||
install -D -m444 gpgparticipants/gpgparticipants-prefill.1 $out/share/man/man1/gpgparticipants-prefill.1; | ||
# gpgwrap: a passphrase wrapper | ||
install -D -m555 gpgwrap/bin/gpgwrap $out/bin/gpgwrap; | ||
install -D -m444 gpgwrap/doc/gpgwrap.1 $out/share/man/man1/gpgwrap.1; | ||
# keyanalyze: minimum signing distance (MSD) analysis on keyrings | ||
# Handled by 'make install' | ||
# keylookup: ncurses wrapper around gpg --search | ||
# Handled by 'make install' | ||
# sig2dot: converts a list of GnuPG signatures to a .dot file | ||
# Handled by 'make install' | ||
# springgraph: creates a graph from a .dot file | ||
# Handled by 'make install' | ||
# keyart: creates a random ASCII art of a PGP key file | ||
install -D -m555 keyart/keyart $out/bin/keyart; | ||
install -D -m444 keyart/doc/keyart.1 $out/share/man/man1/keyart.1; | ||
# gpg-key2latex: generate LaTeX file with fingerprint paper slips | ||
install -D -m555 gpg-key2latex/gpg-key2latex $out/bin/gpg-key2latex; | ||
install -D -m444 gpg-key2latex/gpg-key2latex.1 $out/share/man/man1/gpg-key2latex.1; | ||
''; | ||
|
||
postFixup = '' | ||
# Add the runtime dependencies for all programs (but mainly for the Perl | ||
# scripts) | ||
wrapProgram $out/bin/caff --set PERL5LIB \ | ||
${with perlPackages; stdenv.lib.makePerlPath ([ | ||
TextTemplate MIMEtools MailTools TimeDate NetIDNEncode ] | ||
++ GnuPGInterfaceRuntimeDependencies)} \ | ||
--prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ nettools gnupg1 ]}" | ||
wrapProgram $out/bin/gpg-key2latex --set PERL5LIB \ | ||
${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ | ||
--prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 libpaper ]}" | ||
wrapProgram $out/bin/gpg-key2ps --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ which gnupg1 libpaper ]}" | ||
wrapProgram $out/bin/gpg-mailkeys --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 qprint ]}" | ||
wrapProgram $out/bin/gpgdir --set PERL5LIB \ | ||
${with perlPackages; stdenv.lib.makePerlPath ([ | ||
TermReadKey ] | ||
++ GnuPGInterfaceRuntimeDependencies)} | ||
wrapProgram $out/bin/gpglist --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
wrapProgram $out/bin/gpgparticipants --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ getopt gnupg1 ]}" | ||
# wrapProgram $out/bin/gpgparticipants-prefill | ||
wrapProgram $out/bin/gpgsigs --set PERL5LIB \ | ||
${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ | ||
--prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
wrapProgram $out/bin/gpgwrap --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
# wrapProgram $out/bin/keyanalyze --set PERL5LIB \ | ||
wrapProgram $out/bin/keyart --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
wrapProgram $out/bin/keylookup --prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
wrapProgram $out/bin/pgp-clean --set PERL5LIB \ | ||
${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ | ||
--prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
wrapProgram $out/bin/pgp-fixkey --set PERL5LIB \ | ||
${stdenv.lib.makePerlPath GnuPGInterfaceRuntimeDependencies} \ | ||
--prefix PATH ":" \ | ||
"${stdenv.lib.makeBinPath [ gnupg1 ]}" | ||
# wrapProgram $out/bin/pgpring | ||
# wrapProgram $out/bin/process_keys | ||
# Upstream-Bug: Seems like sig2dot doesn't work with 2.1 (modern) anymore, | ||
# please use 2.0 (stable) instead. | ||
# wrapProgram $out/bin/sig2dot | ||
wrapProgram $out/bin/springgraph --set PERL5LIB \ | ||
${with perlPackages; stdenv.lib.makePerlPath [ GD ]} | ||
''; | ||
|
||
doCheck = false; # no tests | ||
meta = with stdenv.lib; { | ||
homepage = "https://pgp-tools.alioth.debian.org/"; | ||
description = "A collection of several projects relating to OpenPGP"; | ||
longDescription = '' | ||
This is a collection of several projects relating to OpenPGP. | ||
meta = { | ||
description = "A collection for all kinds of pgp related things, including signing scripts, party preparation scripts etc"; | ||
homepage = http://pgp-tools.alioth.debian.org; | ||
platforms = gnupg.meta.platforms; | ||
license = stdenv.lib.licenses.gpl2; | ||
maintainers = with stdenv.lib.maintainers; [ fpletz ]; | ||
* caff: CA - Fire and Forget signs and mails a key | ||
* pgp-clean: removes all non-self signatures from key | ||
* pgp-fixkey: removes broken packets from keys | ||
* gpg-mailkeys: simply mail out a signed key to its owner | ||
* gpg-key2ps: generate PostScript file with fingerprint paper slips | ||
* gpgdir: recursive directory encryption tool | ||
* gpglist: show who signed which of your UIDs | ||
* gpgsigs: annotates list of GnuPG keys with already done signatures | ||
* gpgparticipants: create list of party participants for the organiser | ||
* gpgwrap: a passphrase wrapper | ||
* keyanalyze: minimum signing distance (MSD) analysis on keyrings | ||
* keylookup: ncurses wrapper around gpg --search | ||
* sig2dot: converts a list of GnuPG signatures to a .dot file | ||
* springgraph: creates a graph from a .dot file | ||
* keyart: creates a random ASCII art of a PGP key file | ||
* gpg-key2latex: generate LaTeX file with fingerprint paper slips | ||
''; | ||
license = licenses.gpl2; | ||
maintainers = with maintainers; [ fpletz primeos ]; | ||
platforms = platforms.linux; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ef8c0d1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@primeos @fpletz I dunno, some repetition can sometimes make things easier to maintain, but copying and pasting things that could easily be simple loops feels a like taking it a bit far 😄
ef8c0d1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@copumpkin I agree it really looks like crap... (@fpletz isn't responsible for that)
I hope that I can get the install stuff upsteam (no idea why they have an empty install target for most tools...) but until then (as I noted and you apparently noticed) I'll prefer it that way as it helps me keeping an overview. It took me hours and great pain to package this (*** :D) especially since I had to test all 19 tools (and some of them provide neither a help option nor a manual page apart from doing strange things like returning 1 when called with --help or failing with completely unrelated error messages when missing a dependency).
If you would have packaged this you could hopefully understand 😄.
And as a side note: Other Linux distributions are actually packaging this incorrectly (e.g. Gentoo lacks 5 tools and I believe there are enough other distributions) while they don't even have to deal with individual run-time dependencies (wrapProgram). So please believe me that this wasn't fun and that I'm happy enough that it works at all.