Merge pull request #292863 from doronbehar/pkg/ssh-openpgp-auth

sshd-openpgp-auth: init at 0.3.0

pkgs/by-name/ss/ssh-openpgp-auth/daemon.nix

@@ -0,0 +1,14 @@
+# Ideally, this file would have been placed in
+# pkgs/by-name/ss/sshd-openpgp-auth/package.nix, but since `./generic.nix` is
+# outside of the directory, the nixpkgs-check-by-name test will fail the CI. So
+# we call this file in all-packages.nix like in the old days.
+{ callPackage }:
+
+callPackage ./generic.nix {
+  pname = "sshd-openpgp-auth";
+  version = "0.3.0";
+  srcHash = "sha256-IV0Nhdqyn12HDOp1jaKz3sKTI3ktFd5b6qybCLWt27I=";
+  cargoHash = "sha256-/+lZkVMeFUMRD7NQ/MHDU5f3rkKDx1kDv5tjA41RExc=";
+  metaDescription =
+    "Command-line tool for creating and managing OpenPGP based trust anchors for SSH host keys";
+}

pkgs/by-name/ss/ssh-openpgp-auth/generic.nix

@@ -0,0 +1,82 @@
+# This file is based upon upstream's package.nix shared among both
+# "ssh-openpgp-auth" and "sshd-openpgpg-auth"
+{ lib
+, rustPlatform
+, fetchFromGitea
+, pkg-config
+, just
+, rust-script
+, installShellFiles
+, bzip2
+, nettle
+, openssl
+, sqlite
+, stdenv
+, darwin
+, openssh
+# Arguments not supplied by callPackage
+, pname , version , srcHash , cargoHash, metaDescription
+}:
+
+rustPlatform.buildRustPackage {
+  inherit pname version;
+
+  src = fetchFromGitea {
+    domain = "codeberg.org";
+    owner = "wiktor";
+    repo = "ssh-openpgp-auth";
+    # See also: https://codeberg.org/wiktor/ssh-openpgp-auth/pulls/92#issuecomment-1635274
+    rev = "${pname}/${version}";
+    hash = srcHash;
+  };
+  buildAndTestSubdir = pname;
+  inherit cargoHash;
+
+  nativeBuildInputs = [
+    pkg-config
+    rustPlatform.bindgenHook
+    just
+    rust-script
+    installShellFiles
+  ];
+  # Otherwise just's build, check and install phases take precedence over
+  # buildRustPackage's phases.
+  dontUseJustBuild = true;
+  dontUseJustCheck = true;
+  dontUseJustInstall = true;
+
+  postInstall = ''
+    export HOME=$(mktemp -d)
+    just generate manpages ${pname} $out/share/man/man1
+    just generate shell_completions ${pname} shell_completions
+    installShellCompletion --cmd ${pname} \
+      --bash shell_completions/${pname}.bash \
+      --fish shell_completions/${pname}.fish \
+      --zsh  shell_completions/_${pname}
+  '';
+
+
+  buildInputs = [
+    nettle
+    openssl
+    sqlite
+  ] ++ lib.optionals stdenv.isDarwin [
+    darwin.apple_sdk_11_0.frameworks.CoreFoundation
+    darwin.apple_sdk_11_0.frameworks.IOKit
+    darwin.apple_sdk_11_0.frameworks.Security
+    darwin.apple_sdk_11_0.frameworks.SystemConfiguration
+  ];
+
+  doCheck = true;
+  nativeCheckInputs = [
+    openssh
+  ];
+
+  meta = with lib; {
+    description = metaDescription;
+    homepage = "https://codeberg.org/wiktor/ssh-openpgp-auth";
+    license = with licenses; [ mit /* or */ asl20 ];
+    maintainers = with maintainers; [ doronbehar ];
+    mainProgram = pname;
+  };
+}

pkgs/by-name/ss/ssh-openpgp-auth/package.nix

@@ -0,0 +1,10 @@
+{ callPackage }:
+
+callPackage ./generic.nix {
+  pname = "ssh-openpgp-auth";
+  version = "0.2.2";
+  srcHash = "sha256-5ew6jT6Zr54QYaWFQIGYXd8sqC3yHHZjPfoaCossm8o=";
+  cargoHash = "sha256-/k/XAp7PHIJaJWf4Oa1JC1mMSR5pyeM4SSPCcr77cAg=";
+  metaDescription =
+    "Command-line tool that provides client-side functionality to transparently verify the identity of remote SSH hosts";
+}

pkgs/top-level/all-packages.nix

@@ -11573,6 +11573,8 @@ with pkgs;
 
   ssh-copy-id = callPackage ../tools/networking/openssh/copyid.nix { };
 
+  sshd-openpgp-auth = callPackage ../by-name/ss/ssh-openpgp-auth/daemon.nix { };
+
   opensp = callPackage ../tools/text/sgml/opensp { };
 
   opentofu = callPackage ../applications/networking/cluster/opentofu { };