Merge #306080: staging-next 2024-04-22

11 files changed, 67 insertions, 41 deletions

diff --git a/pkgs/tools/security/cryptomator/default.nix b/pkgs/tools/security/cryptomator/default.nix
index 8fb34dbbbcc23..cac3717625e46 100644
--- a/pkgs/tools/security/cryptomator/default.nix
+++ b/pkgs/tools/security/cryptomator/default.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, fetchFromGitHub
 , autoPatchelfHook
 , fuse3
-, maven, jdk, makeShellWrapper, glib, wrapGAppsHook
+, maven, jdk, makeShellWrapper, glib, wrapGAppsHook3
 , libayatana-appindicator
 }:
 
@@ -86,7 +86,7 @@ mavenJdk.buildMavenPackage rec {
   nativeBuildInputs = [
     autoPatchelfHook
     makeShellWrapper
-    wrapGAppsHook
+    wrapGAppsHook3
     jdk
   ];
   buildInputs = [ fuse3 jdk glib libayatana-appindicator ];
diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix
index 5a330c7126fab..851e6f578db6d 100644
--- a/pkgs/tools/security/eid-mw/default.nix
+++ b/pkgs/tools/security/eid-mw/default.nix
@@ -16,7 +16,7 @@
 , openssl
 , p11-kit
 , pcsclite
-, wrapGAppsHook
+, wrapGAppsHook3
 }:
 
 stdenv.mkDerivation rec {
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
   '';
 
 
-  nativeBuildInputs = [ wrapGAppsHook autoreconfHook autoconf-archive pkg-config makeWrapper ];
+  nativeBuildInputs = [ wrapGAppsHook3 autoreconfHook autoconf-archive pkg-config makeWrapper ];
   buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ];
 
   preConfigure = ''
diff --git a/pkgs/tools/security/gencfsm/default.nix b/pkgs/tools/security/gencfsm/default.nix
index 537b2caf45b39..42a0b3d9188d6 100644
--- a/pkgs/tools/security/gencfsm/default.nix
+++ b/pkgs/tools/security/gencfsm/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, autoconf, automake, intltool, libtool, pkg-config
-, encfs, libsecret , glib , libgee, gtk3, vala, wrapGAppsHook, xorg
+, encfs, libsecret , glib , libgee, gtk3, vala, wrapGAppsHook3, xorg
 , gobject-introspection
 }:
 
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
     libtool
     pkg-config
     vala
-    wrapGAppsHook
+    wrapGAppsHook3
     gobject-introspection
   ];
   buildInputs = [
diff --git a/pkgs/tools/security/gnome-keysign/default.nix b/pkgs/tools/security/gnome-keysign/default.nix
index c70a86aaf3617..af794097cf552 100644
--- a/pkgs/tools/security/gnome-keysign/default.nix
+++ b/pkgs/tools/security/gnome-keysign/default.nix
@@ -1,7 +1,7 @@
 { lib
 , fetchFromGitLab
 , python3
-, wrapGAppsHook
+, wrapGAppsHook3
 , gobject-introspection
 , gtk3
 , glib
@@ -21,7 +21,7 @@ python3.pkgs.buildPythonApplication rec {
   };
 
   nativeBuildInputs = [
-    wrapGAppsHook
+    wrapGAppsHook3
     gobject-introspection
   ] ++ (with python3.pkgs; [
     babel
diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix
index 577e91c24e59d..e9f5f52e8a0b4 100644
--- a/pkgs/tools/security/keybase/gui.nix
+++ b/pkgs/tools/security/keybase/gui.nix
@@ -1,6 +1,6 @@
 { stdenv, lib, fetchurl, alsa-lib, atk, cairo, cups, udev, libdrm, mesa
 , dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3
-, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook
+, libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook3
 , runtimeShell, gsettings-desktop-schemas }:
 
 let
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [
     autoPatchelfHook
-    wrapGAppsHook
+    wrapGAppsHook3
   ];
 
   buildInputs = [
diff --git a/pkgs/tools/security/onioncircuits/default.nix b/pkgs/tools/security/onioncircuits/default.nix
index 95692ef1c188c..048631e2b774d 100644
--- a/pkgs/tools/security/onioncircuits/default.nix
+++ b/pkgs/tools/security/onioncircuits/default.nix
@@ -5,7 +5,7 @@
 , gobject-introspection
 , intltool
 , python3
-, wrapGAppsHook
+, wrapGAppsHook3
 }:
 
 python3.pkgs.buildPythonApplication rec {
@@ -23,7 +23,7 @@ python3.pkgs.buildPythonApplication rec {
   nativeBuildInputs = [
     gobject-introspection
     intltool
-    wrapGAppsHook
+    wrapGAppsHook3
     python3.pkgs.distutils-extra
   ];
 
diff --git a/pkgs/tools/security/onlykey/default.nix b/pkgs/tools/security/onlykey/default.nix
index c63173d889b2e..a9337be7ac050 100644
--- a/pkgs/tools/security/onlykey/default.nix
+++ b/pkgs/tools/security/onlykey/default.nix
@@ -5,7 +5,7 @@
 , makeDesktopItem
 , stdenv
 , writeShellScript
-, wrapGAppsHook
+, wrapGAppsHook3
 }:
 
 let
@@ -53,7 +53,7 @@ stdenv.mkDerivation {
   pname = "${onlykey.packageName}";
   inherit (onlykey) version;
   dontUnpack = true;
-  nativeBuildInputs = [ wrapGAppsHook copyDesktopItems ];
+  nativeBuildInputs = [ wrapGAppsHook3 copyDesktopItems ];
   desktopItems = [
     (makeDesktopItem {
       name = onlykey.packageName;
diff --git a/pkgs/tools/security/pcsc-tools/default.nix b/pkgs/tools/security/pcsc-tools/default.nix
index c479caa0a6137..371a159f8c618 100644
--- a/pkgs/tools/security/pcsc-tools/default.nix
+++ b/pkgs/tools/security/pcsc-tools/default.nix
@@ -6,9 +6,9 @@
 , gobject-introspection
 , makeWrapper
 , pkg-config
-, wrapGAppsHook
-, systemd
-, dbus
+, wrapGAppsHook3
+, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd
+, dbusSupport ? stdenv.isLinux, dbus
 , pcsclite
 , PCSC
 , wget
@@ -16,8 +16,13 @@
 , perlPackages
 , testers
 , nix-update-script
+
+# gui does not cross compile properly
+, withGui ? stdenv.buildPlatform.canExecute stdenv.hostPlatform
 }:
 
+assert systemdSupport -> dbusSupport;
+
 stdenv.mkDerivation (finalAttrs: {
   pname = "pcsc-tools";
   version = "1.7.1";
@@ -33,17 +38,21 @@ stdenv.mkDerivation (finalAttrs: {
     "--datarootdir=${placeholder "out"}/share"
   ];
 
-  buildInputs = [ dbus perlPackages.perl pcsclite ]
-    ++ lib.optional stdenv.isDarwin PCSC
-    ++ lib.optional stdenv.isLinux systemd;
+  buildInputs = lib.optionals dbusSupport [
+    dbus
+  ] ++ [
+    perlPackages.perl pcsclite
+  ] ++ lib.optional stdenv.isDarwin PCSC
+    ++ lib.optional systemdSupport systemd;
 
   nativeBuildInputs = [
     autoconf-archive
     autoreconfHook
-    gobject-introspection
     makeWrapper
     pkg-config
-    wrapGAppsHook
+  ] ++ lib.optionals withGui [
+    gobject-introspection
+    wrapGAppsHook3
   ];
 
   preFixup = ''
@@ -54,6 +63,7 @@ stdenv.mkDerivation (finalAttrs: {
     wrapProgram $out/bin/scriptor \
       --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC libintl-perl ]}"
 
+  '' + lib.optionalString withGui ''
     wrapProgram $out/bin/gscriptor \
       ''${makeWrapperArgs[@]} \
       --set PERL5LIB "${with perlPackages; makePerlPath [
@@ -66,6 +76,7 @@ stdenv.mkDerivation (finalAttrs: {
           Cairo
           CairoGObject
       ]}"
+  '' + ''
 
     wrapProgram $out/bin/ATR_analysis \
       --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC libintl-perl ]}"
diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix
index 956bf451c7bfd..b078ee737bd95 100644
--- a/pkgs/tools/security/pcsclite/default.nix
+++ b/pkgs/tools/security/pcsclite/default.nix
@@ -10,6 +10,10 @@
 , dbus
 , polkit
 , systemdLibs
+, dbusSupport ? stdenv.isLinux
+, systemdSupport ? lib.meta.availableOn stdenv.hostPlatform systemdLibs
+, udevSupport ? dbusSupport
+, libusb1
 , IOKit
 , testers
 , nix-update-script
@@ -17,9 +21,12 @@
 , polkitSupport ? false
 }:
 
+assert polkitSupport -> dbusSupport;
+assert systemdSupport -> dbusSupport;
+
 stdenv.mkDerivation (finalAttrs: {
   inherit pname;
-  version = "2.0.3";
+  version = "2.1.0";
 
   outputs = [ "out" "lib" "dev" "doc" "man" ];
 
@@ -28,18 +35,20 @@ stdenv.mkDerivation (finalAttrs: {
     owner = "rousseau";
     repo = "PCSC";
     rev = "refs/tags/${finalAttrs.version}";
-    hash = "sha256-VDQh2PYAMFwgWvZFD20H3JxgKSFrSUoDLv/6fKEoy5Y=";
+    hash = "sha256-aJKI6pWrZJFmiTxZ9wgCuxKRWRMFVRAkzlo+tSqV8B4=";
   };
 
   configureFlags = [
     "--enable-confdir=/etc"
     # The OS should care on preparing the drivers into this location
     "--enable-usbdropdir=/var/lib/pcsc/drivers"
-    (lib.enableFeature stdenv.isLinux "libsystemd")
+    (lib.enableFeature systemdSupport "libsystemd")
     (lib.enableFeature polkitSupport "polkit")
-  ] ++ lib.optionals stdenv.isLinux [
     "--enable-ipcdir=/run/pcscd"
+  ] ++ lib.optionals systemdSupport [
     "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
+  ] ++ lib.optionals (!udevSupport) [
+    "--disable-libudev"
   ];
 
   makeFlags = [
@@ -50,8 +59,8 @@ stdenv.mkDerivation (finalAttrs: {
   # see also: https://github.com/LudovicRousseau/PCSC/issues/25
   postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
     substituteInPlace src/Makefile.am \
-      --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \
-                "noinst_PROGRAMS = testpcsc"
+      --replace-fail "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \
+                     "noinst_PROGRAMS = testpcsc"
   '';
 
   postInstall = ''
@@ -70,25 +79,31 @@ stdenv.mkDerivation (finalAttrs: {
   ];
 
   buildInputs = [ python3 ]
-    ++ lib.optionals stdenv.isLinux [ systemdLibs ]
+    ++ lib.optionals systemdSupport [ systemdLibs ]
     ++ lib.optionals stdenv.isDarwin [ IOKit ]
-    ++ lib.optionals polkitSupport [ dbus polkit ];
+    ++ lib.optionals dbusSupport [ dbus ]
+    ++ lib.optionals polkitSupport [ polkit ]
+    ++ lib.optionals (!udevSupport) [ libusb1 ];
 
   passthru = {
-    tests.version = testers.testVersion {
-      package = finalAttrs.finalPackage;
-      command = "pcscd --version";
+    tests = {
+      pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
+      version = testers.testVersion {
+        package = finalAttrs.finalPackage;
+        command = "pcscd --version";
+      };
     };
     updateScript = nix-update-script { };
   };
 
-  meta = with lib; {
+  meta = {
     description = "Middleware to access a smart card using SCard API (PC/SC)";
     homepage = "https://pcsclite.apdu.fr/";
     changelog = "https://salsa.debian.org/rousseau/PCSC/-/blob/${finalAttrs.version}/ChangeLog";
-    license = licenses.bsd3;
+    license = lib.licenses.bsd3;
     mainProgram = "pcscd";
-    maintainers = [ maintainers.anthonyroussel ];
-    platforms = with platforms; unix;
+    maintainers = [ lib.maintainers.anthonyroussel ];
+    pkgConfigModules = [ "libpcsclite" ];
+    platforms = lib.platforms.unix;
   };
 })
diff --git a/pkgs/tools/security/pinentry/default.nix b/pkgs/tools/security/pinentry/default.nix
index 10984e489fd4f..756b2a67565a4 100644
--- a/pkgs/tools/security/pinentry/default.nix
+++ b/pkgs/tools/security/pinentry/default.nix
@@ -4,7 +4,7 @@
 , fetchpatch
 , pkg-config
 , autoreconfHook
-, wrapGAppsHook
+, wrapGAppsHook3
 , libgpg-error
 , libassuan
 , libsForQt5
@@ -29,7 +29,7 @@ let
     gnome3 = {
       flag = "gnome3";
       buildInputs = [ gcr ];
-      nativeBuildInputs = [ wrapGAppsHook ];
+      nativeBuildInputs = [ wrapGAppsHook3 ];
     };
     qt = {
       flag = "qt";
diff --git a/pkgs/tools/security/xsser/default.nix b/pkgs/tools/security/xsser/default.nix
index c5fab523166e8..c1d93c03f7e4e 100644
--- a/pkgs/tools/security/xsser/default.nix
+++ b/pkgs/tools/security/xsser/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildPythonApplication, fetchFromGitHub, wrapGAppsHook, gobject-introspection, gtk3, pango
+{ lib, buildPythonApplication, fetchFromGitHub, wrapGAppsHook3, gobject-introspection, gtk3, pango
 , pillow, pycurl, beautifulsoup4, pygeoip, pygobject3, cairocffi, selenium }:
 
 buildPythonApplication rec {
@@ -22,7 +22,7 @@ buildPythonApplication rec {
     substituteInPlace setup.py --replace /usr/share share
   '';
 
-  nativeBuildInputs = [ wrapGAppsHook gobject-introspection ];
+  nativeBuildInputs = [ wrapGAppsHook3 gobject-introspection ];
 
   buildInputs = [
     gtk3