nixpkgs-suyu/pkgs/applications/office/gnucash/default.nix
Anders Kaseorg 3cd8ce3bce treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-01-15 09:47:03 +01:00

110 lines
3.5 KiB
Nix

{ fetchurl, stdenv, pkgconfig, makeWrapper, cmake, gtest
, boost, icu, libxml2, libxslt, gettext, swig, isocodes, gtk3, glibcLocales
, webkitgtk, dconf, hicolor-icon-theme, libofx, aqbanking, gwenhywfar, libdbi
, libdbiDrivers, guile, perl, perlPackages
}:
let
# Enable gnc-fq-* to run in command line.
perlWrapper = stdenv.mkDerivation {
name = perl.name + "-wrapper-for-gnucash";
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ perl ] ++ (with perlPackages; [ FinanceQuote DateManip ]);
phases = [ "installPhase" ];
installPhase = ''
mkdir -p $out/bin
for script in ${perl}/bin/*; do
makeWrapper $script $out''${script#${perl}} \
--prefix "PERL5LIB" ":" "$PERL5LIB"
done
'';
};
in
stdenv.mkDerivation rec {
pname = "gnucash";
version = "3.8b";
src = fetchurl {
url = "mirror://sourceforge/gnucash/${pname}-${version}.tar.bz2";
sha256 = "0dvzm3bib7jcj685sklpzyy9mrak9mxyvih2k9fk4sl3v21wlphg";
};
nativeBuildInputs = [ pkgconfig makeWrapper cmake gtest ];
buildInputs = [
boost icu libxml2 libxslt gettext swig isocodes gtk3 glibcLocales
webkitgtk dconf libofx aqbanking gwenhywfar libdbi
libdbiDrivers guile
perlWrapper perl
] ++ (with perlPackages; [ FinanceQuote DateManip ]);
propagatedUserEnvPkgs = [ dconf ];
# glib-2.62 deprecations
NIX_CFLAGS_COMPILE = "-DGLIB_DISABLE_DEPRECATION_WARNINGS";
patches = [ ./cmake_check_symbol_exists.patch ];
postPatch = ''
patchShebangs .
'';
makeFlags = [ "GUILE_AUTO_COMPILE=0" ];
postInstall = ''
# Auto-updaters don't make sense in Nix.
rm $out/bin/gnc-fq-update
# Unnecessary in the release build.
rm $out/bin/gnucash-valgrind
wrapProgram "$out/bin/gnucash" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH:$out/share/gsettings-schemas/${pname}-${version}" \
--prefix XDG_DATA_DIRS : "${hicolor-icon-theme}/share" \
--prefix PERL5LIB ":" "$PERL5LIB" \
--prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib dconf}/lib/gio/modules"
'';
# TODO: The following tests FAILED:
# 61 - test-gnc-timezone (Failed)
# 70 - test-load-c (Failed)
# 71 - test-modsysver (Failed)
# 72 - test-incompatdep (Failed)
# 73 - test-agedver (Failed)
# 77 - test-gnc-module-swigged-c (Failed)
# 78 - test-gnc-module-load-deps (Failed)
# 80 - test-gnc-module-scm-module (Failed)
# 81 - test-gnc-module-scm-multi (Failed)
preCheck = ''
export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
export NIX_CFLAGS_LINK="-lgtest -lgtest_main"
'';
doCheck = false;
enableParallelBuilding = true;
meta = {
description = "Personal and small-business financial-accounting application";
longDescription = ''
GnuCash is personal and small-business financial-accounting software,
freely licensed under the GNU GPL and available for GNU/Linux, BSD,
Solaris, macOS and Microsoft Windows.
Designed to be easy to use, yet powerful and flexible, GnuCash allows
you to track bank accounts, stocks, income and expenses. As quick and
intuitive to use as a checkbook register, it is based on professional
accounting principles to ensure balanced books and accurate reports.
'';
license = stdenv.lib.licenses.gpl2Plus;
homepage = http://www.gnucash.org/;
maintainers = [ stdenv.lib.maintainers.peti stdenv.lib.maintainers.domenkozar ];
platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}