appgate-sdp: minimize and improve derivation

This commit is contained in:
Yurii Matsiuk 2021-06-24 08:33:31 +02:00
parent 65db0350fe
commit 21dd07a0ca
No known key found for this signature in database
GPG key ID: 61302290298601AA
2 changed files with 47 additions and 76 deletions

View file

@ -5,8 +5,7 @@ with lib;
{ {
options = { options = {
programs.appgate-sdp = { programs.appgate-sdp = {
enable = mkEnableOption enable = mkEnableOption "AppGate SDP VPN client";
"AppGate SDP VPN client";
}; };
}; };
@ -18,6 +17,9 @@ with lib;
packages = [ pkgs.appgate-sdp ]; packages = [ pkgs.appgate-sdp ];
# https://github.com/NixOS/nixpkgs/issues/81138 # https://github.com/NixOS/nixpkgs/issues/81138
services.appgatedriver.wantedBy = [ "multi-user.target" ]; services.appgatedriver.wantedBy = [ "multi-user.target" ];
services.appgate-dumb-resolver.path = [ pkgs.e2fsprogs ];
services.appgate-resolver.path = [ pkgs.procps pkgs.e2fsprogs ];
services.appgatedriver.path = [ pkgs.e2fsprogs ];
}; };
}; };
} }

View file

@ -2,15 +2,13 @@
, at-spi2-atk , at-spi2-atk
, at-spi2-core , at-spi2-core
, atk , atk
, bash , autoPatchelfHook
, cairo , cairo
, coreutils
, cups , cups
, curl , curl
, dbus , dbus
, dnsmasq , dnsmasq
, dpkg , dpkg
, e2fsprogs
, expat , expat
, fetchurl , fetchurl
, gdk-pixbuf , gdk-pixbuf
@ -20,25 +18,14 @@
, iproute2 , iproute2
, krb5 , krb5
, lib , lib
, mesa
, libdrm , libdrm
, libX11
, libXScrnSaver
, libXcomposite
, libXcursor
, libXdamage
, libXext
, libXfixes
, libXi
, libXrandr
, libXrender
, libXtst
, libxkbcommon
, libsecret , libsecret
, libuuid , libuuid
, libxcb , libxcb
, libxkbcommon
, lttng-ust , lttng-ust
, makeWrapper , makeWrapper
, mesa
, networkmanager , networkmanager
, nspr , nspr
, nss , nss
@ -50,6 +37,7 @@
, stdenv , stdenv
, systemd , systemd
, xdg-utils , xdg-utils
, xorg
, zlib , zlib
}: }:
with lib; with lib;
@ -69,46 +57,48 @@ let
gtk3 gtk3
icu icu
krb5 krb5
mesa
libdrm libdrm
libX11
libXScrnSaver
libXcomposite
libXcursor
libXdamage
libXext
libXfixes
libXi
libXrandr
libXrender
libXtst
libxkbcommon
libsecret libsecret
libuuid libuuid
libxcb libxcb
libxkbcommon
lttng-ust lttng-ust
mesa
nspr nspr
nss nss
openssl openssl
pango pango
stdenv.cc.cc stdenv.cc.cc
systemd systemd
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxkbfile
xorg.libxshmfence
zlib zlib
]; ];
rpath = lib.makeLibraryPath deps;
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "appgate-sdp"; pname = "appgate-sdp";
version = "5.4.2"; version = "5.4.2";
src = fetchurl { src = fetchurl {
url = "https://bin.appgate-sdp.com/${lib.versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb"; url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb";
sha256 = "sha256-wAhcTRO/Cd4MG1lfPNDq92yGcu3NOfymucddy92VaXo="; sha256 = "sha256-wAhcTRO/Cd4MG1lfPNDq92yGcu3NOfymucddy92VaXo=";
}; };
# just patch interpreter
autoPatchelfIgnoreMissingDeps = true;
dontConfigure = true; dontConfigure = true;
dontBuild = true; dontBuild = true;
enableParallelBuilding = true;
buildInputs = [ buildInputs = [
python37 python37
@ -116,6 +106,7 @@ stdenv.mkDerivation rec {
]; ];
nativeBuildInputs = [ nativeBuildInputs = [
autoPatchelfHook
makeWrapper makeWrapper
dpkg dpkg
]; ];
@ -125,62 +116,39 @@ stdenv.mkDerivation rec {
''; '';
installPhase = '' installPhase = ''
mkdir -p $out/bin
ln -s "$out/opt/appgate/appgate" "$out/bin/appgate"
cp -r $out/usr/share $out/share cp -r $out/usr/share $out/share
for file in $out/opt/appgate/linux/appgate-resolver.pre \ substituteInPlace $out/lib/systemd/system/appgate-dumb-resolver.service \
$out/opt/appgate/linux/appgate-dumb-resolver.pre --replace "/opt/" "$out/opt/"
do
substituteInPlace $file \
--replace "/bin/sh" "${bash}/bin/sh" \
--replace "cat" "${coreutils}/bin/cat" \
--replace "chattr" "${e2fsprogs}/bin/chattr" \
--replace "mv " "${coreutils}/bin/mv " \
--replace "pkill" "${procps}/bin/pkill"
done
for file in $out/lib/systemd/system/appgatedriver.service \
$out/lib/systemd/system/appgate-dumb-resolver.service \
$out/lib/systemd/system/appgate-resolver.service
do
substituteInPlace $file \
--replace "/bin/sh" "${bash}/bin/sh" \
--replace "/opt/" "$out/opt/" \
--replace "chattr" "${e2fsprogs}/bin/chattr" \
--replace "mv " "${coreutils}/bin/mv "
done
substituteInPlace $out/lib/systemd/system/appgatedriver.service \ substituteInPlace $out/lib/systemd/system/appgatedriver.service \
--replace "/opt/" "$out/opt/" \
--replace "InaccessiblePaths=/mnt /srv /boot /media" "InaccessiblePaths=-/mnt -/srv -/boot -/media" --replace "InaccessiblePaths=/mnt /srv /boot /media" "InaccessiblePaths=-/mnt -/srv -/boot -/media"
substituteInPlace $out/lib/systemd/system/appgate-resolver.service \ substituteInPlace $out/lib/systemd/system/appgate-resolver.service \
--replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" \
--replace "/opt/" "$out/opt/"
substituteInPlace $out/opt/appgate/linux/nm.py \
--replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq"
substituteInPlace $out/opt/appgate/linux/nm.py --replace "/usr/sbin/dnsmasq" "${dnsmasq}/bin/dnsmasq" substituteInPlace $out/opt/appgate/linux/set_dns \
substituteInPlace $out/opt/appgate/linux/set_dns --replace "/etc/appgate.conf" "$out/etc/appgate.conf" --replace "/etc/appgate.conf" "$out/etc/appgate.conf"
''; wrapProgram $out/opt/appgate/service/createdump \
--set LD_LIBRARY_PATH "${makeLibraryPath [ stdenv.cc.cc ]}"
postFixup = '' wrapProgram $out/opt/appgate/appgate-driver \
find $out -type f -name "*.so" -exec patchelf --set-rpath '$ORIGIN:${rpath}' {} \; --prefix PATH : ${makeBinPath [ iproute2 networkmanager dnsmasq ]} \
for binary in $out/opt/appgate/appgate-driver \ --set LD_LIBRARY_PATH $out/opt/appgate/service
$out/opt/appgate/appgate \
$out/opt/appgate/service/createdump \
$out/opt/appgate/service/appgateservice.bin
do
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" --set-rpath "$ORIGIN:$out/opt/appgate/service/:$out/opt/appgate/:${rpath}" $binary
done
# fail if there are missing dependencies makeWrapper $out/opt/appgate/Appgate $out/bin/appgate \
ldd $out/opt/appgate/appgate | grep -i 'not found' && exit 1 --prefix PATH : ${makeBinPath [ xdg-utils ]} \
ldd $out/opt/appgate/service/appgateservice.bin | grep -i 'not found' && exit 1 --set LD_LIBRARY_PATH $out/opt/appgate:${makeLibraryPath deps}
ldd $out/opt/appgate/appgate-driver | grep -i 'not found' && exit 1
wrapProgram $out/opt/appgate/appgate-driver --prefix PATH : ${lib.makeBinPath [ iproute2 networkmanager dnsmasq ]}
wrapProgram $out/opt/appgate/linux/set_dns --set PYTHONPATH $PYTHONPATH wrapProgram $out/opt/appgate/linux/set_dns --set PYTHONPATH $PYTHONPATH
wrapProgram $out/bin/appgate --prefix PATH : ${lib.makeBinPath [ xdg-utils ]}
''; '';
meta = with lib; { meta = with lib; {
description = "Appgate SDP (Software Defined Perimeter) desktop client"; description = "Appgate SDP (Software Defined Perimeter) desktop client";
homepage = "https://www.appgate.com/support/software-defined-perimeter-support"; homepage = "https://www.appgate.com/support/software-defined-perimeter-support";
@ -189,3 +157,4 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ ymatsiuk ]; maintainers = with maintainers; [ ymatsiuk ];
}; };
} }