From a4402edf94f77944fa23ee1021747af5bb4a36cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sat, 13 Feb 2021 21:11:54 +0100 Subject: [PATCH] libhsts: ini at 0.1.0 --- .../development/libraries/libhsts/default.nix | 40 +++++++++++++++++++ pkgs/development/libraries/libhsts/update.sh | 13 ++++++ pkgs/top-level/all-packages.nix | 2 + 3 files changed, 55 insertions(+) create mode 100644 pkgs/development/libraries/libhsts/default.nix create mode 100755 pkgs/development/libraries/libhsts/update.sh diff --git a/pkgs/development/libraries/libhsts/default.nix b/pkgs/development/libraries/libhsts/default.nix new file mode 100644 index 00000000000..df53e7d294f --- /dev/null +++ b/pkgs/development/libraries/libhsts/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, fetchFromGitLab, fetchurl, autoconf-archive, autoreconfHook, pkg-config, python3 }: +let + chromium_version = "90.0.4417.1"; + + hsts_list = fetchurl { + url = "https://raw.github.com/chromium/chromium/${chromium_version}/net/http/transport_security_state_static.json"; + sha256 = "09f24n30x5dmqk8zk7k2glcilgr27832a3304wj1yp97158sqsfx"; + }; + +in +stdenv.mkDerivation rec { + pname = "libhsts"; + version = "0.1.0"; + + src = fetchFromGitLab { + owner = "rockdaboot"; + repo = pname; + rev = "libhsts-${version}"; + sha256 = "0gbchzf0f4xzb6zjc56dk74hqrmdgyirmgxvvsqp9vqn9wb5kkx4"; + }; + + postPatch = '' + pushd tests + cp ${hsts_list} transport_security_state_static.json + sed 's/^ *\/\/.*$//g' transport_security_state_static.json >hsts.json + popd + patchShebangs src/hsts-make-dafsa + ''; + + nativeBuildInputs = [ autoconf-archive autoreconfHook pkg-config python3 ]; + + outputs = [ "out" "dev" ]; + + meta = with lib; { + description = "Library to easily check a domain against the Chromium HSTS Preload list"; + homepage = "https://gitlab.com/rockdaboot/libhsts"; + license = with licenses; [ mit bsd3 ]; + maintainers = with maintainers; [ SuperSandro2000 ]; + }; +} diff --git a/pkgs/development/libraries/libhsts/update.sh b/pkgs/development/libraries/libhsts/update.sh new file mode 100755 index 00000000000..f80966e08c9 --- /dev/null +++ b/pkgs/development/libraries/libhsts/update.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl jq + +set -euo pipefail -x + +cd "$(dirname "$0")" + +chromium_version=$(curl -s "https://api.github.com/repos/chromium/chromium/tags" | jq -r 'map(select(.prerelease | not)) | .[1].name') +sha256=$(nix-prefetch-url "https://raw.github.com/chromium/chromium/$chromium_version/net/http/transport_security_state_static.json") + +sed -e "0,/chromium_version/s/chromium_version = \".*\"/chromium_version = \"$chromium_version\"/" \ + -e "0,/sha256/s/sha256 = \".*\"/sha256 = \"$sha256\"/" \ + --in-place ./default.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 86cefd9f946..806960b4ad4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13841,6 +13841,8 @@ in libgit2-glib = callPackage ../development/libraries/libgit2-glib { }; + libhsts = callPackage ../development/libraries/libhsts { }; + glbinding = callPackage ../development/libraries/glbinding { }; gle = callPackage ../development/libraries/gle { };