nixpkgs/pkgs/tools/security/gnupg/20.nix
Franz Pletz 3d832dee59 gnupg: disable gui/pinentry support by default
This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.

NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.

Co-authored-by: Florian Klink <flokli@flokli.de>
2019-10-16 20:31:16 -04:00

66 lines
2.5 KiB
Nix

{ fetchurl, stdenv, readline, zlib, libgpgerror, pth, libgcrypt, libassuan
, libksba, coreutils, libiconv, pcsclite
# Each of the dependencies below are optional.
# Gnupg can be built without them at the cost of reduced functionality.
, pinentry ? null, guiSupport ? false
, openldap ? null, bzip2 ? null, libusb ? null, curl ? null
}:
with stdenv.lib;
assert guiSupport -> pinentry != null;
stdenv.mkDerivation rec {
pname = "gnupg";
version = "2.0.30";
src = fetchurl {
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
sha256 = "0wax4cy14hh0h7kg9hj0hjn9424b71z8lrrc5kbsasrn9xd7hag3";
};
buildInputs
= [ readline zlib libgpgerror libgcrypt libassuan libksba pth
openldap bzip2 libusb curl libiconv ];
patches = [ ./gpgkey2ssh-20.patch ];
prePatch = ''
find tests -type f | xargs sed -e 's@/bin/pwd@${coreutils}&@g' -i
'' + stdenv.lib.optionalString stdenv.isLinux ''
sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
'' + stdenv.lib.optionalString stdenv.isDarwin ''
find . -name pcsc-wrapper.c | xargs sed -i 's/typedef unsinged int pcsc_dword_t/typedef unsigned int pcsc_dword_t/'
'' + ''
patch gl/stdint_.h < ${./clang.patch}
'';
pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry";
configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}";
postConfigure = "substituteAllInPlace tools/gpgkey2ssh.c";
checkPhase="GNUPGHOME=`pwd` ./agent/gpg-agent --daemon make check";
doCheck = true;
meta = with stdenv.lib; {
homepage = https://gnupg.org;
description = "Stable (2.0) release of the GNU Privacy Guard, a GPL OpenPGP implementation";
license = licenses.gpl3Plus;
longDescription = ''
The GNU Privacy Guard is the GNU project's complete and free
implementation of the OpenPGP standard as defined by RFC4880. GnuPG
"stable" (2.0) is the current stable version for general use. This is
what most users are still using. GnuPG allows to encrypt and sign your
data and communication, features a versatile key management system as well
as access modules for all kind of public key directories. GnuPG, also
known as GPG, is a command line tool with features for easy integration
with other applications. A wealth of frontend applications and libraries
are available. Version 2 of GnuPG also provides support for S/MIME.
'';
maintainers = with maintainers; [ roconnor ];
platforms = platforms.all;
};
}