From 21dd07a0ca3a4997972daf7137b8428c0ea74f8d Mon Sep 17 00:00:00 2001 From: Yurii Matsiuk Date: Thu, 24 Jun 2021 08:33:31 +0200 Subject: [PATCH] appgate-sdp: minimize and improve derivation --- nixos/modules/programs/appgate-sdp.nix | 8 +- .../networking/appgate-sdp/default.nix | 115 +++++++----------- 2 files changed, 47 insertions(+), 76 deletions(-) diff --git a/nixos/modules/programs/appgate-sdp.nix b/nixos/modules/programs/appgate-sdp.nix index 1dec4ecf9ecc..12cb542f4d04 100644 --- a/nixos/modules/programs/appgate-sdp.nix +++ b/nixos/modules/programs/appgate-sdp.nix @@ -5,8 +5,7 @@ with lib; { options = { programs.appgate-sdp = { - enable = mkEnableOption - "AppGate SDP VPN client"; + enable = mkEnableOption "AppGate SDP VPN client"; }; }; @@ -17,7 +16,10 @@ with lib; systemd = { packages = [ pkgs.appgate-sdp ]; # https://github.com/NixOS/nixpkgs/issues/81138 - services.appgatedriver.wantedBy = [ "multi-user.target" ]; + services.appgatedriver.wantedBy = [ "multi-user.target" ]; + services.appgate-dumb-resolver.path = [ pkgs.e2fsprogs ]; + services.appgate-resolver.path = [ pkgs.procps pkgs.e2fsprogs ]; + services.appgatedriver.path = [ pkgs.e2fsprogs ]; }; }; } diff --git a/pkgs/applications/networking/appgate-sdp/default.nix b/pkgs/applications/networking/appgate-sdp/default.nix index 5977b86d0930..e894572dd78c 100644 --- a/pkgs/applications/networking/appgate-sdp/default.nix +++ b/pkgs/applications/networking/appgate-sdp/default.nix @@ -2,15 +2,13 @@ , at-spi2-atk , at-spi2-core , atk -, bash +, autoPatchelfHook , cairo -, coreutils , cups , curl , dbus , dnsmasq , dpkg -, e2fsprogs , expat , fetchurl , gdk-pixbuf @@ -20,25 +18,14 @@ , iproute2 , krb5 , lib -, mesa , libdrm -, libX11 -, libXScrnSaver -, libXcomposite -, libXcursor -, libXdamage -, libXext -, libXfixes -, libXi -, libXrandr -, libXrender -, libXtst -, libxkbcommon , libsecret , libuuid , libxcb +, libxkbcommon , lttng-ust , makeWrapper +, mesa , networkmanager , nspr , nss @@ -50,6 +37,7 @@ , stdenv , systemd , xdg-utils +, xorg , zlib }: with lib; @@ -69,46 +57,48 @@ let gtk3 icu krb5 - mesa libdrm - libX11 - libXScrnSaver - libXcomposite - libXcursor - libXdamage - libXext - libXfixes - libXi - libXrandr - libXrender - libXtst - libxkbcommon libsecret libuuid libxcb + libxkbcommon lttng-ust + mesa nspr nss openssl pango stdenv.cc.cc systemd + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxkbfile + xorg.libxshmfence zlib ]; - rpath = lib.makeLibraryPath deps; in stdenv.mkDerivation rec { pname = "appgate-sdp"; version = "5.4.2"; src = fetchurl { - url = "https://bin.appgate-sdp.com/${lib.versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb"; + url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb"; sha256 = "sha256-wAhcTRO/Cd4MG1lfPNDq92yGcu3NOfymucddy92VaXo="; }; + # just patch interpreter + autoPatchelfIgnoreMissingDeps = true; dontConfigure = true; dontBuild = true; - enableParallelBuilding = true; buildInputs = [ python37 @@ -116,6 +106,7 @@ stdenv.mkDerivation rec { ]; nativeBuildInputs = [ + autoPatchelfHook makeWrapper dpkg ]; @@ -125,62 +116,39 @@ stdenv.mkDerivation rec { ''; installPhase = '' - mkdir -p $out/bin - ln -s "$out/opt/appgate/appgate" "$out/bin/appgate" cp -r $out/usr/share $out/share - for file in $out/opt/appgate/linux/appgate-resolver.pre \ - $out/opt/appgate/linux/appgate-dumb-resolver.pre - do - substituteInPlace $file \ - --replace "/bin/sh" "${bash}/bin/sh" \ - --replace "cat" "${coreutils}/bin/cat" \ - --replace "chattr" "${e2fsprogs}/bin/chattr" \ - --replace "mv " "${coreutils}/bin/mv " \ - --replace "pkill" "${procps}/bin/pkill" - done - - for file in $out/lib/systemd/system/appgatedriver.service \ - $out/lib/systemd/system/appgate-dumb-resolver.service \ - $out/lib/systemd/system/appgate-resolver.service - do - substituteInPlace $file \ - --replace "/bin/sh" "${bash}/bin/sh" \ - --replace "/opt/" "$out/opt/" \ - --replace "chattr" "${e2fsprogs}/bin/chattr" \ - --replace "mv " "${coreutils}/bin/mv " - done + substituteInPlace $out/lib/systemd/system/appgate-dumb-resolver.service \ + --replace "/opt/" "$out/opt/" substituteInPlace $out/lib/systemd/system/appgatedriver.service \ + --replace "/opt/" "$out/opt/" \ --replace "InaccessiblePaths=/mnt /srv /boot /media" "InaccessiblePaths=-/mnt -/srv -/boot -/media" substituteInPlace $out/lib/systemd/system/appgate-resolver.service \ + --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" \ + --replace "/opt/" "$out/opt/" + + substituteInPlace $out/opt/appgate/linux/nm.py \ --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" - substituteInPlace $out/opt/appgate/linux/nm.py --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" - substituteInPlace $out/opt/appgate/linux/set_dns --replace "/etc/appgate.conf" "$out/etc/appgate.conf" + substituteInPlace $out/opt/appgate/linux/set_dns \ + --replace "/etc/appgate.conf" "$out/etc/appgate.conf" - ''; + wrapProgram $out/opt/appgate/service/createdump \ + --set LD_LIBRARY_PATH "${makeLibraryPath [ stdenv.cc.cc ]}" - postFixup = '' - find $out -type f -name "*.so" -exec patchelf --set-rpath '$ORIGIN:${rpath}' {} \; - for binary in $out/opt/appgate/appgate-driver \ - $out/opt/appgate/appgate \ - $out/opt/appgate/service/createdump \ - $out/opt/appgate/service/appgateservice.bin - do - patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" --set-rpath "$ORIGIN:$out/opt/appgate/service/:$out/opt/appgate/:${rpath}" $binary - done + wrapProgram $out/opt/appgate/appgate-driver \ + --prefix PATH : ${makeBinPath [ iproute2 networkmanager dnsmasq ]} \ + --set LD_LIBRARY_PATH $out/opt/appgate/service - # fail if there are missing dependencies - ldd $out/opt/appgate/appgate | grep -i 'not found' && exit 1 - ldd $out/opt/appgate/service/appgateservice.bin | grep -i 'not found' && exit 1 - ldd $out/opt/appgate/appgate-driver | grep -i 'not found' && exit 1 + makeWrapper $out/opt/appgate/Appgate $out/bin/appgate \ + --prefix PATH : ${makeBinPath [ xdg-utils ]} \ + --set LD_LIBRARY_PATH $out/opt/appgate:${makeLibraryPath deps} - wrapProgram $out/opt/appgate/appgate-driver --prefix PATH : ${lib.makeBinPath [ iproute2 networkmanager dnsmasq ]} wrapProgram $out/opt/appgate/linux/set_dns --set PYTHONPATH $PYTHONPATH - wrapProgram $out/bin/appgate --prefix PATH : ${lib.makeBinPath [ xdg-utils ]} ''; + meta = with lib; { description = "Appgate SDP (Software Defined Perimeter) desktop client"; homepage = "https://www.appgate.com/support/software-defined-perimeter-support"; @@ -189,3 +157,4 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ ymatsiuk ]; }; } +