From 68573a61a932050815f64a1150c417f903a3dd59 Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Sat, 12 May 2018 10:38:11 -0400
Subject: [PATCH 1/4] smmap2: init at 2.0.3

This commit adds smmap2, which is a separate pypi package from the existing
smmap 0.9.0, though they both come from the same repo. It also moves smmap into
the new python modules location.
---
 .../python-modules/smmap/default.nix          | 19 ++++++++++++++++++
 .../python-modules/smmap2/default.nix         | 20 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            | 13 ++----------
 3 files changed, 41 insertions(+), 11 deletions(-)
 create mode 100644 pkgs/development/python-modules/smmap/default.nix
 create mode 100644 pkgs/development/python-modules/smmap2/default.nix

diff --git a/pkgs/development/python-modules/smmap/default.nix b/pkgs/development/python-modules/smmap/default.nix
new file mode 100644
index 00000000000..366897d3e19
--- /dev/null
+++ b/pkgs/development/python-modules/smmap/default.nix
@@ -0,0 +1,19 @@
+{ lib, fetchPypi, buildPythonPackage, nosexcover }:
+
+buildPythonPackage rec {
+  pname = "smmap";
+  version = "0.9.0";
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "0qlx25f6n2n9ff37w9gg62f217fzj16xlbh0pkz0lpxxjys64aqf";
+  };
+
+  checkInputs = [ nosexcover ];
+
+  meta = {
+    description = "A pure python implementation of a sliding window memory map manager";
+    homepage = https://github.com/gitpython-developers/smmap;
+    maintainers = [ ];
+    license = lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/development/python-modules/smmap2/default.nix b/pkgs/development/python-modules/smmap2/default.nix
new file mode 100644
index 00000000000..ea0f0859bbd
--- /dev/null
+++ b/pkgs/development/python-modules/smmap2/default.nix
@@ -0,0 +1,20 @@
+{ lib, fetchPypi, buildPythonPackage, nosexcover }:
+
+buildPythonPackage rec {
+  pname = "smmap2";
+  version = "2.0.3";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1hvn28p3zvxa98sbi9lrqvv2ps4q284j4jq9a619zw0m7yv0sly7";
+  };
+
+  checkInputs = [ nosexcover ];
+
+  meta = {
+    description = "A pure python implementation of a sliding window memory map manager";
+    homepage = https://pypi.org/project/smmap2;
+    maintainers = [ ];
+    license = lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index a5a24e42865..7e1ece5c77c 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -14241,18 +14241,9 @@ in {
 
   tqdm = callPackage ../development/python-modules/tqdm { };
 
-  smmap = buildPythonPackage rec {
-    name = "smmap-0.9.0";
-    disabled = isPyPy;  # This fails the tests if built with pypy
-    meta.maintainers = with maintainers; [ ];
+  smmap = callPackage ../development/python-modules/smmap { };
 
-    buildInputs = with self; [ nosexcover ];
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/s/smmap/${name}.tar.gz";
-      sha256 = "0qlx25f6n2n9ff37w9gg62f217fzj16xlbh0pkz0lpxxjys64aqf";
-    };
-  };
+  smmap2 = callPackage ../development/python-modules/smmap2 { };
 
   traits = buildPythonPackage rec {
     name = "traits-${version}";

From 318ce72a050a32ba2d0f5ce1192ae7c039e9c323 Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Sat, 12 May 2018 10:46:59 -0400
Subject: [PATCH 2/4] gitdb2: init at 2.0.3

Also move gitdb and gitdb2 to the new python module structure.
---
 .../python-modules/gitdb/default.nix          | 23 ++++++++++++++++
 .../python-modules/gitdb2/default.nix         | 23 ++++++++++++++++
 pkgs/top-level/python-packages.nix            | 26 ++-----------------
 3 files changed, 48 insertions(+), 24 deletions(-)
 create mode 100644 pkgs/development/python-modules/gitdb/default.nix
 create mode 100644 pkgs/development/python-modules/gitdb2/default.nix

diff --git a/pkgs/development/python-modules/gitdb/default.nix b/pkgs/development/python-modules/gitdb/default.nix
new file mode 100644
index 00000000000..ceca6e3719b
--- /dev/null
+++ b/pkgs/development/python-modules/gitdb/default.nix
@@ -0,0 +1,23 @@
+{ lib, buildPythonPackage, fetchPypi, smmap }:
+
+buildPythonPackage rec {
+  pname = "gitdb";
+  version = "0.6.4";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "0n4n2c7rxph9vs2l6xlafyda5x1mdr8xy16r9s3jwnh3pqkvrsx3";
+  };
+
+  propagatedBuildInputs = [ smmap ];
+
+  # Bunch of tests fail because they need an actual git repo
+  doCheck = false;
+
+  meta = {
+    description = "Git Object Database";
+    maintainers = [ ];
+    homepage = https://github.com/gitpython-developers/gitdb;
+    license = lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/development/python-modules/gitdb2/default.nix b/pkgs/development/python-modules/gitdb2/default.nix
new file mode 100644
index 00000000000..1ebbd3de785
--- /dev/null
+++ b/pkgs/development/python-modules/gitdb2/default.nix
@@ -0,0 +1,23 @@
+{ lib, buildPythonPackage, fetchPypi, smmap2 }:
+
+buildPythonPackage rec {
+  pname = "gitdb2";
+  version = "2.0.3";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "02azg62mr99b7cllyjrly77np3vw32y8nrxpa2xjapiyaga2j3mn";
+  };
+
+  propagatedBuildInputs = [ smmap2 ];
+
+  # Bunch of tests fail because they need an actual git repo
+  doCheck = false;
+
+  meta = {
+    description = "Git Object Database";
+    maintainers = [ ];
+    homepage = https://github.com/gitpython-developers/gitdb;
+    license = lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 7e1ece5c77c..f20b6d2f247 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2820,31 +2820,9 @@ in {
 
   gpy = callPackage ../development/python-modules/gpy { };
 
-  gitdb = buildPythonPackage rec {
-    name = "gitdb-0.6.4";
+  gitdb = callPackage ../development/python-modules/gitdb { };
 
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/g/gitdb/${name}.tar.gz";
-      sha256 = "0n4n2c7rxph9vs2l6xlafyda5x1mdr8xy16r9s3jwnh3pqkvrsx3";
-    };
-
-    buildInputs = with self; [ nose ];
-    propagatedBuildInputs = with self; [ smmap ];
-
-    checkPhase = ''
-      nosetests
-    '';
-
-    doCheck = false; # Bunch of tests fail because they need an actual git repo
-
-    meta = {
-      description = "Git Object Database";
-      maintainers = with maintainers; [ ];
-      homepage = https://github.com/gitpython-developers/gitdb;
-      license = licenses.bsd3;
-    };
-
-  };
+  gitdb2 = callPackage ../development/python-modules/gitdb2 { };
 
   GitPython = buildPythonPackage rec {
     version = "2.0.8";

From 5efce7c43d269c7e95a17c289ce6ca146341cfcf Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Sat, 12 May 2018 10:52:04 -0400
Subject: [PATCH 3/4] GitPython: 2.0.8 -> 2.1.9

Also moves GitPython into the newer python module folder structure.
---
 .../python-modules/GitPython/default.nix      | 24 ++++++++++++++++++
 pkgs/top-level/python-packages.nix            | 25 +------------------
 2 files changed, 25 insertions(+), 24 deletions(-)
 create mode 100644 pkgs/development/python-modules/GitPython/default.nix

diff --git a/pkgs/development/python-modules/GitPython/default.nix b/pkgs/development/python-modules/GitPython/default.nix
new file mode 100644
index 00000000000..c2f3706923a
--- /dev/null
+++ b/pkgs/development/python-modules/GitPython/default.nix
@@ -0,0 +1,24 @@
+{ lib, buildPythonPackage, fetchPypi, gitdb2, mock, nose, ddt }:
+
+buildPythonPackage rec {
+  version = "2.1.9";
+  pname = "GitPython";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "0a9in1jfv9ssxhckl6sasw45bhm762y2r5ikgb2pk2g8yqdc6z64";
+  };
+
+  checkInputs = [ mock nose ddt ];
+  propagatedBuildInputs = [ gitdb2 ];
+
+  # Tests require a git repo
+  doCheck = false;
+
+  meta = {
+    description = "Python Git Library";
+    maintainers = [ ];
+    homepage = https://github.com/gitpython-developers/GitPython;
+    license = lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index f20b6d2f247..c3435520877 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2824,30 +2824,7 @@ in {
 
   gitdb2 = callPackage ../development/python-modules/gitdb2 { };
 
-  GitPython = buildPythonPackage rec {
-    version = "2.0.8";
-    name = "GitPython-${version}";
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/G/GitPython/GitPython-${version}.tar.gz";
-      sha256 = "7c03d1130f903aafba6ae5b89ccf8eb433a995cd3120cbb781370e53fc4eb222";
-    };
-
-    buildInputs = with self; [ mock nose ];
-    propagatedBuildInputs = with self; [ gitdb ];
-
-    # All tests error with
-    # InvalidGitRepositoryError: /tmp/nix-build-python2.7-GitPython-1.0.1.drv-0/GitPython-1.0.1
-    # Maybe due to being in a chroot?
-    doCheck = false;
-
-    meta = {
-      description = "Python Git Library";
-      maintainers = with maintainers; [ ];
-      homepage = https://github.com/gitpython-developers/GitPython;
-      license = licenses.bsd3;
-    };
-  };
+  GitPython = callPackage ../development/python-modules/GitPython { };
 
   git-annex-adapter = callPackage ../development/python-modules/git-annex-adapter {
     inherit (pkgs.gitAndTools) git-annex;

From 3fc1694e8ae7fe148288e9e0a0f3e47008fdd580 Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Sat, 12 May 2018 10:59:54 -0400
Subject: [PATCH 4/4] truffleHog: init at 2.0.91

This commit adds the python3 application truffleHog, which is a stand-alone tool
that scans a git repo for unencrypted passwords.

This depends on a newer GitPython, which depends on a new major version of
gitdb, which depends on a new major version of smmap, so I've packaged those
as well in the preceding commits.
---
 pkgs/tools/security/trufflehog/default.nix | 38 ++++++++++++++++++++++
 pkgs/top-level/all-packages.nix            |  2 ++
 2 files changed, 40 insertions(+)
 create mode 100644 pkgs/tools/security/trufflehog/default.nix

diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix
new file mode 100644
index 00000000000..f805670a5d5
--- /dev/null
+++ b/pkgs/tools/security/trufflehog/default.nix
@@ -0,0 +1,38 @@
+{ lib, pythonPackages }:
+
+let
+  truffleHogRegexes = pythonPackages.buildPythonPackage rec {
+    pname = "truffleHogRegexes";
+    version = "0.0.4";
+    src = pythonPackages.fetchPypi {
+      inherit pname version;
+      sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z";
+    };
+  };
+in
+  pythonPackages.buildPythonApplication rec {
+    pname = "truffleHog";
+    version = "2.0.91";
+
+    src = pythonPackages.fetchPypi {
+      inherit pname version;
+      sha256 = "0r4c9ihy6wjh5cwli7lb6cr2yfvxrh7r6cgznql1src5gzlnkymx";
+    };
+
+    # Relax overly restricted version constraint
+    postPatch = ''
+      substituteInPlace setup.py --replace "GitPython ==" "GitPython >= "
+    '';
+
+    propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ];
+
+    # Test cases run git clone and require network access
+    doCheck = false;
+
+    meta = {
+      homepage = https://github.com/dxa4481/truffleHog;
+      description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history";
+      license = with lib.licenses; [ gpl2 ];
+      maintainers = with lib.maintainers; [ bhipple ];
+    };
+  }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 774f2becdd4..90f9edcd9f1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -21119,6 +21119,8 @@ with pkgs;
 
   tup = callPackage ../development/tools/build-managers/tup { };
 
+  trufflehog = callPackage ../tools/security/trufflehog { };
+
   tvheadend = callPackage ../servers/tvheadend { };
 
   ums = callPackage ../servers/ums { };