| blob | 8a21a3b2f3eb559027c09afa3a6cedfed554c338 |
1 { lib
2 , stdenv
3 , substituteAll
4 , fetchFromGitLab
5 , buildGoModule
6 , wrapQtAppsHook
7 , python3Packages
8 , pkg-config
9 , openvpn
10 , cmake
11 , qmake
12 , which
13 , iproute2
14 , iptables
15 , procps
16 , qtbase
17 , qtdeclarative
18 , qtsvg
19 , qttools
20 , qtwayland
21 , CoreFoundation
22 , Security
23 , provider ? "riseup"
24 }:
25 let
26 version = "0.24.8";
28 src = fetchFromGitLab {
29 domain = "0xacab.org";
30 owner = "leap";
31 repo = "bitmask-vpn";
32 rev = "8b3ac473f64b6de0262fbf945ff25af8029134f1";
33 sha256 = "sha256-nYMfO091w6H7LyY1+aYubFppg4/3GiZZm4e+0m9Gb3k=";
34 };
36 # bitmask-root is only used on GNU/Linux
37 # and may one day be replaced by pkg/helper
38 bitmask-root = stdenv.mkDerivation {
39 inherit src version;
40 sourceRoot = "${src.name}/helpers";
41 pname = "bitmask-root";
42 nativeBuildInputs = [ python3Packages.wrapPython ];
43 postPatch = ''
44 substituteInPlace bitmask-root \
45 --replace 'swhich("ip")' '"${iproute2}/bin/ip"' \
46 --replace 'swhich("iptables")' '"${iptables}/bin/iptables"' \
47 --replace 'swhich("ip6tables")' '"${iptables}/bin/ip6tables"' \
48 --replace 'swhich("sysctl")' '"${procps}/bin/sysctl"' \
49 --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
50 substituteInPlace se.leap.bitmask.policy \
51 --replace /usr/sbin/bitmask-root $out/bin/bitmask-root
52 '';
53 installPhase = ''
54 runHook preInstall
56 install -m 755 -D -t $out/bin bitmask-root
57 install -m 444 -D -t $out/share/polkit-1/actions se.leap.bitmask.policy
58 wrapPythonPrograms
60 runHook postInstall
61 '';
62 };
63 in
65 buildGoModule rec {
66 inherit src version;
67 pname = "${provider}-vpn";
68 vendorHash = null;
70 patches = [
71 # This patch fixes the paths in the build script generated by qmake
72 # to use the correct paths for qmlcachegen and lrelease
73 (substituteAll {
74 src = ./fix_paths.patch;
75 inherit qtbase qtdeclarative qttools;
76 })
78 # Don't build the debug version
79 ./build_release.patch
80 ];
82 postPatch = ''
83 substituteInPlace pkg/pickle/helpers.go \
84 --replace /usr/share $out/share
86 # Using $PROVIDER is not working,
87 # thus replacing directly into the vendor.conf
88 substituteInPlace providers/vendor.conf \
89 --replace "provider = bitmask" "provider = ${provider}"
91 substituteInPlace branding/templates/debian/app.desktop-template \
92 --replace "Icon=icon" "Icon=${pname}"
94 patchShebangs gui/build.sh
95 wrapPythonProgramsIn branding/scripts
96 '' + lib.optionalString stdenv.hostPlatform.isLinux ''
97 substituteInPlace pkg/helper/linux.go \
98 --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn
99 substituteInPlace pkg/launcher/launcher_linux.go \
100 --replace /usr/sbin/openvpn ${openvpn}/bin/openvpn \
101 --replace /usr/sbin/bitmask-root ${bitmask-root}/bin/bitmask-root \
102 --replace /usr/bin/lxpolkit /run/wrappers/bin/polkit-agent-helper-1 \
103 --replace '"polkit-gnome-authentication-agent-1",' '"polkit-gnome-authentication-agent-1","polkitd",'
104 '';
106 nativeBuildInputs = [
107 cmake
108 pkg-config
109 python3Packages.wrapPython
110 which
111 wrapQtAppsHook
112 qmake
113 qttools
114 qtsvg
115 ];
117 buildInputs = [
118 qtbase
119 qtdeclarative
120 qtsvg
121 ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ CoreFoundation Security ]
122 ++ lib.optionals stdenv.hostPlatform.isLinux [ qtwayland ];
124 # FIXME: building on Darwin currently fails
125 # due to missing debug symbols for Qt,
126 # this should be fixable once darwin.apple_sdk >= 10.13
127 # See https://bugreports.qt.io/browse/QTBUG-76777
129 # Not using buildGoModule's buildPhase:
130 # gui/build.sh will build Go modules into lib/libgoshim.a
131 buildPhase = ''
132 runHook preBuild
134 # TODO: this is a hack that copies the qrc file that should by built by qmlcachegen
135 # qmlcachegen is in qtdeclarative/libexec, but qmake is in qtbase/bin
136 # but qmake searches for qmlcachegen in qtbase/libexec which leads to the error
137 mkdir -p build/qt
138 cp ${./gui_gui_qmlcache.qrc} build/qt/gui_gui_qmlcache.qrc
140 make build
142 runHook postBuild
143 '';
145 postInstall = ''
146 install -m 755 -D -t $out/bin build/qt/release/${pname}
148 VERSION=${version} VENDOR_PATH=providers branding/scripts/generate-debian branding/templates/debian/data.json
149 (cd branding/templates/debian && ${python3Packages.python}/bin/python3 generate.py)
150 install -m 444 -D branding/templates/debian/app.desktop $out/share/applications/${pname}.desktop
151 install -m 444 -D providers/${provider}/assets/icon.svg $out/share/icons/hicolor/scalable/apps/${pname}.svg
152 '' + lib.optionalString stdenv.hostPlatform.isLinux ''
153 install -m 444 -D -t $out/share/polkit-1/actions ${bitmask-root}/share/polkit-1/actions/se.leap.bitmask.policy
154 '';
156 # Some tests need access to the Internet:
157 # Post "https://api.black.riseup.net/3/cert": dial tcp: lookup api.black.riseup.net on [::1]:53: read udp [::1]:56553->[::1]:53: read: connection refused
158 doCheck = false;
160 passthru = { inherit bitmask-root; };
162 meta = {
163 description = "Generic VPN client by LEAP";
164 longDescription = ''
165 Bitmask, by LEAP (LEAP Encryption Access Project),
166 is an application to provide easy and secure encrypted communication
167 with a VPN (Virtual Private Network). It allows you to select from
168 a variety of trusted service provider all from one app.
169 Current providers include Riseup Networks
170 and The Calyx Institute, where the former is default.
171 The <literal>${pname}</literal> executable should appear
172 in your desktop manager's XDG menu or could be launch in a terminal
173 to get an execution log. A new icon should then appear in your systray
174 to control the VPN and configure some options.
175 '';
176 homepage = "https://bitmask.net";
177 license = lib.licenses.gpl3Plus;
178 maintainers = with lib.maintainers; [ julm ];
179 # darwin requires apple_sdk >= 10.13
180 platforms = lib.platforms.linux;
181 };
182 }