1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
{ lib
, stdenv
, fetchurl
, makeWrapper
, alsa-lib
, at-spi2-atk
, at-spi2-core
, atk
, cairo
, cups
, dbus
, expat
, gdk-pixbuf
, glib
, gtk3
, libX11
, libXcomposite
, libXdamage
, libXext
, libXfixes
, libXrandr
, libdrm
, libxcb
, libxkbcommon
, libxshmfence
, libGL
, libappindicator-gtk3
, mesa
, nspr
, nss
, pango
, systemd
, udev
, xdg-utils
# The 1Password polkit file requires a list of users for whom polkit
# integrations should be enabled. This should be a list of strings that
# correspond to usernames.
, polkitPolicyOwners ? []
}:
let
# Convert the polkitPolicyOwners variable to a polkit-compatible string for the polkit file.
policyOwners = lib.concatStringsSep " " (map (user: "unix-user:${user}") polkitPolicyOwners);
in stdenv.mkDerivation rec {
pname = "1password";
version = "8.8.0";
src =
if stdenv.hostPlatform.isAarch64 then
fetchurl {
url = "https://downloads.1password.com/linux/tar/stable/aarch64/1password-${version}.arm64.tar.gz";
sha256 = "01swx12nqqh9i3191ibc8gv92k4dzsk1qpikg053qhn1zh2ag1dd";
}
else
fetchurl {
url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";
sha256 = "1rcvxxcz2q7kgf6qbcjnjhysnx9z81hvl0jfv0nkp0p1w8bf1h66";
};
nativeBuildInputs = [ makeWrapper ];
dontConfigure = true;
dontBuild = true;
dontPatchELF = true;
installPhase =
let rpath = lib.makeLibraryPath [
alsa-lib
at-spi2-atk
at-spi2-core
atk
cairo
cups
dbus
expat
gdk-pixbuf
glib
gtk3
libX11
libXcomposite
libXdamage
libXext
libXfixes
libXrandr
libdrm
libxcb
libxkbcommon
libxshmfence
libGL
libappindicator-gtk3
mesa
nspr
nss
pango
systemd
] + ":${stdenv.cc.cc.lib}/lib64";
in ''
runHook preInstall
mkdir -p $out/bin $out/share/1password
cp -a * $out/share/1password
# Desktop file
install -Dt $out/share/applications resources/${pname}.desktop
substituteInPlace $out/share/applications/${pname}.desktop \
--replace 'Exec=/opt/1Password/${pname}' 'Exec=${pname}'
'' + (lib.optionalString (polkitPolicyOwners != [ ])
''
# Polkit file
mkdir -p $out/share/polkit-1/actions
substitute com.1password.1Password.policy.tpl $out/share/polkit-1/actions/com.1password.1Password.policy --replace "\''${POLICY_OWNERS}" "${policyOwners}"
'') + ''
# Icons
cp -a resources/icons $out/share
interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
patchelf --set-interpreter $interp $out/share/1password/{1password,1Password-BrowserSupport,1Password-KeyringHelper}
patchelf --set-rpath ${rpath}:$out/share/1password $out/share/1password/{1password,1Password-BrowserSupport,1Password-KeyringHelper}
for file in $(find $out -type f -name \*.so\* ); do
patchelf --set-rpath ${rpath}:$out/share/1password $file
done
# Electron is trying to open udev via dlopen()
# and for some reason that doesn't seem to be impacted from the rpath.
# Adding udev to LD_LIBRARY_PATH fixes that.
makeWrapper $out/share/1password/1password $out/bin/1password \
--prefix PATH : ${lib.makeBinPath [ xdg-utils ]} \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ udev ]}
runHook postInstall
'';
meta = with lib; {
description = "Multi-platform password manager";
homepage = "https://1password.com/";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.unfree;
maintainers = with maintainers; [ timstott savannidgerinel maxeaubrey sebtm ];
platforms = [ "x86_64-linux" "aarch64-linux" ];
};
}
|