From 11d974e67a3099d2a5a0d6d1e7e7feda474a38fa Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Thu, 9 May 2024 13:21:40 -0400 Subject: [PATCH 1/2] curl-impersonate: fix darwin build and make cross-compilation work --- ...impersonate-0.6.1-fix-command-paths.patch} | 2 +- .../networking/curl-impersonate/default.nix | 40 ++++++++++--------- 2 files changed, 23 insertions(+), 19 deletions(-) rename pkgs/tools/networking/curl-impersonate/{curl-impersonate-0.5.2-fix-shebangs.patch => curl-impersonate-0.6.1-fix-command-paths.patch} (79%) diff --git a/pkgs/tools/networking/curl-impersonate/curl-impersonate-0.5.2-fix-shebangs.patch b/pkgs/tools/networking/curl-impersonate/curl-impersonate-0.6.1-fix-command-paths.patch similarity index 79% rename from pkgs/tools/networking/curl-impersonate/curl-impersonate-0.5.2-fix-shebangs.patch rename to pkgs/tools/networking/curl-impersonate/curl-impersonate-0.6.1-fix-command-paths.patch index 7082c25ac148b..04ae8e93595f6 100644 --- a/pkgs/tools/networking/curl-impersonate/curl-impersonate-0.5.2-fix-shebangs.patch +++ b/pkgs/tools/networking/curl-impersonate/curl-impersonate-0.6.1-fix-command-paths.patch @@ -7,7 +7,7 @@ index 877c54f..3e39ed1 100644 $(nss_static_libs): $(NSS_VERSION).tar.gz tar xf $(NSS_VERSION).tar.gz + sed -i -e "1s@#!/usr/bin/env bash@#!$$(type -p bash)@" $(NSS_VERSION)/nss/build.sh -+ sed -i -e "s@/usr/bin/env grep@$$(type -p grep)@" $(NSS_VERSION)/nss/coreconf/config.gypi ++ sed -i -e "s@/usr/bin/\(env \)\?grep@$$(type -p grep)@" $(NSS_VERSION)/nss/coreconf/config.gypi ifeq ($(host),$(build)) # Native build, use NSS' build script. diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index 53db8a6220809..05e525db28241 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -6,16 +6,14 @@ , buildGoModule , installShellFiles , symlinkJoin +, buildPackages , zlib , sqlite , cmake , python3 , ninja , perl -# autoconf-2.71 fails on problematic configure: -# checking curl version... 7.84.0 -# ./configure: line 6713: syntax error near unexpected token `;;' -, autoconf269 +, autoconf , automake , libtool , darwin @@ -41,13 +39,14 @@ let }; patches = [ - # Fix shebangs in the NSS build script - # (can't just patchShebangs since makefile unpacks it) - ./curl-impersonate-0.5.2-fix-shebangs.patch + # Fix shebangs and commands in the NSS build scripts + # (can't just patchShebangs or substituteInPlace since makefile unpacks it) + ./curl-impersonate-0.6.1-fix-command-paths.patch # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html (fetchpatch { - url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.patch"; + name = "curl-impersonate-patch-cve-2023-38545.patch"; + url = "https://github.com/lwthiker/curl-impersonate/commit/e7b90a0d9c61b6954aca27d346750240e8b6644e.diff"; hash = "sha256-jFrz4Q+MJGfNmwwzHhThado4c9hTd/+b/bfRsr3FW5k="; }) ]; @@ -58,6 +57,10 @@ let strictDeps = true; + depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + buildPackages.stdenv.cc + ]; + nativeBuildInputs = lib.optionals stdenv.isDarwin [ # Must come first so that it shadows the 'libtool' command but leaves 'libtoolize' darwin.cctools @@ -65,10 +68,10 @@ let installShellFiles cmake python3 - python3.pkgs.gyp + python3.pythonOnBuildForHost.pkgs.gyp ninja perl - autoconf269 + autoconf automake libtool unzip @@ -115,26 +118,26 @@ let # Patch all shebangs of installed scripts patchShebangs $out/bin + # Install headers + make -C curl-*/include install + '' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' # Build and install completions for each curl binary # Patch in correct binary name and alias it to all scripts perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell zsh >$TMPDIR/curl-impersonate-${name}.zsh substituteInPlace $TMPDIR/curl-impersonate-${name}.zsh \ - --replace \ + --replace-fail \ '#compdef curl' \ "#compdef curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' %f=curl-impersonate-${name}')" perl curl-*/scripts/completion.pl --curl $out/bin/curl-impersonate-${name} --shell fish >$TMPDIR/curl-impersonate-${name}.fish substituteInPlace $TMPDIR/curl-impersonate-${name}.fish \ - --replace \ + --replace-fail \ '--command curl' \ "--command curl-impersonate-${name}$(find $out/bin -name 'curl_*' -printf ' --command %f')" # Install zsh and fish completions installShellCompletion $TMPDIR/curl-impersonate-${name}.{zsh,fish} - - # Install headers - make -C curl-*/include install ''; preFixup = let @@ -142,9 +145,10 @@ let in '' # If libnssckbi.so is needed, link libnssckbi.so without needing nss in closure if grep -F nssckbi $out/lib/libcurl-impersonate-*${libext} &>/dev/null; then - # NOTE: "p11-kit-trust" always ends in ".so" even when on darwin - ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust.so $out/lib/libnssckbi${libext} - ${lib.optionalString stdenv.isLinux "patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext}"} + ln -s ${p11-kit}/lib/pkcs11/p11-kit-trust${libext} $out/lib/libnssckbi${libext} + ${lib.optionalString stdenv.hostPlatform.isElf '' + patchelf --add-needed libnssckbi${libext} $out/lib/libcurl-impersonate-*${libext} + ''} fi ''; From 1acb0ea6a93c5a98a6d079a3c8522ba361664414 Mon Sep 17 00:00:00 2001 From: Lily Foster Date: Thu, 9 May 2024 13:22:07 -0400 Subject: [PATCH 2/2] curl-impersonate: add meta.mainProgram --- pkgs/tools/networking/curl-impersonate/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/curl-impersonate/default.nix b/pkgs/tools/networking/curl-impersonate/default.nix index 05e525db28241..8f7b659d19b58 100644 --- a/pkgs/tools/networking/curl-impersonate/default.nix +++ b/pkgs/tools/networking/curl-impersonate/default.nix @@ -175,13 +175,14 @@ let license = with licenses; [ curl mit ]; maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ]; platforms = platforms.unix; + mainProgram = "curl-impersonate-${name}"; }; }; in symlinkJoin rec { pname = "curl-impersonate"; - inherit (passthru.curl-impersonate-ff) version meta; + inherit (passthru.curl-impersonate-chrome) version meta; name = "${pname}-${version}"; @@ -196,7 +197,7 @@ symlinkJoin rec { updateScript = ./update.sh; - inherit (passthru.curl-impersonate-ff) src; + inherit (passthru.curl-impersonate-chrome) src; tests = { inherit (nixosTests) curl-impersonate; }; };