2d6247a414
From gkd-capability.c: This program needs the CAP_IPC_LOCK posix capability. We want to allow either setuid root or file system based capabilies to work. If file system based capabilities, this is a no-op unless the root user is running the program. In that case we just drop capabilities down to IPC_LOCK. If we are setuid root, then change to the invoking user retaining just the IPC_LOCK capability. The application is aborted if for any reason we are unable to drop privileges.
73 lines
2.1 KiB
Nix
73 lines
2.1 KiB
Nix
{ stdenv, fetchurl, pkgconfig, dbus, libgcrypt, pam, python2, glib, libxslt
|
|
, gettext, gcr, libcap_ng, libselinux, p11-kit, openssh, wrapGAppsHook
|
|
, docbook_xsl, docbook_xml_dtd_43, gnome3 }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "gnome-keyring-${version}";
|
|
version = "3.31.91";
|
|
|
|
src = fetchurl {
|
|
url = "mirror://gnome/sources/gnome-keyring/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
|
|
sha256 = "1fjylqw4xp0rqsylq4gbxzw1sql2sy55h1mnz1pprrxb9py0mnd4";
|
|
};
|
|
|
|
outputs = [ "out" "dev" ];
|
|
|
|
buildInputs = [
|
|
glib libgcrypt pam openssh libcap_ng libselinux
|
|
gcr p11-kit
|
|
];
|
|
|
|
nativeBuildInputs = [
|
|
pkgconfig gettext libxslt docbook_xsl docbook_xml_dtd_43 wrapGAppsHook
|
|
];
|
|
|
|
configureFlags = [
|
|
"--with-pkcs11-config=${placeholder ''out''}/etc/pkcs11/" # installation directories
|
|
"--with-pkcs11-modules=${placeholder ''out''}/lib/pkcs11/"
|
|
];
|
|
|
|
postPatch = ''
|
|
patchShebangs build
|
|
'';
|
|
|
|
# Tends to fail non-deterministically.
|
|
# - https://github.com/NixOS/nixpkgs/issues/55293
|
|
# - https://github.com/NixOS/nixpkgs/issues/51121
|
|
doCheck = false;
|
|
|
|
# In 3.20.1, tests do not support Python 3
|
|
checkInputs = [ dbus python2 ];
|
|
|
|
checkPhase = ''
|
|
export HOME=$(mktemp -d)
|
|
dbus-run-session \
|
|
--config-file=${dbus.daemon}/share/dbus-1/session.conf \
|
|
make check
|
|
'';
|
|
|
|
# Use wrapped gnome-keyring-daemon with cap_ipc_lock=ep
|
|
postFixup = ''
|
|
files=($out/etc/xdg/autostart/* $out/share/dbus-1/services/*)
|
|
|
|
for file in ''${files[*]}; do
|
|
substituteInPlace $file \
|
|
--replace "$out/bin/gnome-keyring-daemon" "/run/wrappers/bin/gnome-keyring-daemon"
|
|
done
|
|
'';
|
|
|
|
passthru = {
|
|
updateScript = gnome3.updateScript {
|
|
packageName = "gnome-keyring";
|
|
attrPath = "gnome3.gnome-keyring";
|
|
};
|
|
};
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "Collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications";
|
|
homepage = https://wiki.gnome.org/Projects/GnomeKeyring;
|
|
license = licenses.gpl2;
|
|
maintainers = gnome3.maintainers;
|
|
platforms = platforms.linux;
|
|
};
|
|
}
|