mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-05 20:43:28 +00:00
0a10c17c8d
ChangeLog: https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.0 As documented in the Nix expression, I unfortunately had to patch `yarn.lock` manually (the `yarn.nix` result isn't affected by this). By adding a `git+https`-prefix to `midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` in the lock-file I ensured that `yarn` actually uses the `MIDI.js` from the offline-cache from `yarn2nix` rather than trying to download a tarball from GitHub. Also, this release contains a fix for CVE-2021-39175 which doesn't seem to be backported to 1.8. To quote NVD[1]: > In versions prior to 1.9.0, an unauthenticated attacker can inject > arbitrary JavaScript into the speaker-notes of the slide-mode feature > by embedding an iframe hosting the malicious code into the slides or by > embedding the HedgeDoc instance into another page. Even though it "only" has a medium rating by NVD (6.1), this seems rather problematic to me (also, GitHub rates this as "High"), so it's actually a candidate for a backport. [1] https://nvd.nist.gov/vuln/detail/CVE-2021-39175
114 lines
2.7 KiB
Nix
114 lines
2.7 KiB
Nix
{ lib
|
|
, stdenv
|
|
, fetchFromGitHub
|
|
, fetchpatch
|
|
, makeWrapper
|
|
, which
|
|
, nodejs
|
|
, mkYarnPackage
|
|
, python2
|
|
, nixosTests
|
|
, buildGoModule
|
|
}:
|
|
|
|
let
|
|
# we need a different version than the one already available in nixpkgs
|
|
esbuild-hedgedoc = buildGoModule rec {
|
|
pname = "esbuild";
|
|
version = "0.12.27";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "evanw";
|
|
repo = "esbuild";
|
|
rev = "v${version}";
|
|
sha256 = "sha256-UclUTfm6fxoYEEdEEmO/j+WLZLe8SFzt7+Tej4bR0RU=";
|
|
};
|
|
|
|
vendorSha256 = "sha256-QPkBR+FscUc3jOvH7olcGUhM6OW4vxawmNJuRQxPuGs=";
|
|
};
|
|
in
|
|
|
|
mkYarnPackage rec {
|
|
pname = "hedgedoc";
|
|
version = "1.9.0";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "hedgedoc";
|
|
repo = "hedgedoc";
|
|
rev = version;
|
|
sha256 = "sha256-hSKQGkI1+68Zf05RhgRKZo47buyobzjhURSZ30/h0PA=";
|
|
};
|
|
|
|
nativeBuildInputs = [ which makeWrapper ];
|
|
extraBuildInputs = [ python2 esbuild-hedgedoc ];
|
|
|
|
yarnNix = ./yarn.nix;
|
|
|
|
# FIXME(@Ma27) on the bump to 1.9.0 I had to patch this file manually:
|
|
# I replaced `midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` with
|
|
# `midi "git+https://github.com/paulrosen/MIDI.js.git#abcjs"` on all occurrences.
|
|
#
|
|
# Without this change `yarn` attempted to download the code directly from GitHub, with
|
|
# the `git+`-prefix it actually uses the `midi.js` version from the offline cache
|
|
# created by `yarn2nix`. On future bumps this may be necessary as well!
|
|
yarnLock = ./yarn.lock;
|
|
packageJSON = ./package.json;
|
|
|
|
postConfigure = ''
|
|
rm deps/HedgeDoc/node_modules
|
|
cp -R "$node_modules" deps/HedgeDoc
|
|
chmod -R u+w deps/HedgeDoc
|
|
'';
|
|
|
|
buildPhase = ''
|
|
runHook preBuild
|
|
|
|
cd deps/HedgeDoc
|
|
|
|
pushd node_modules/sqlite3
|
|
export CPPFLAGS="-I${nodejs}/include/node"
|
|
npm run install --build-from-source --nodedir=${nodejs}/include/node
|
|
popd
|
|
|
|
pushd node_modules/esbuild
|
|
rm bin/esbuild
|
|
ln -s ${lib.getBin esbuild-hedgedoc}/bin/esbuild bin/
|
|
popd
|
|
|
|
npm run build
|
|
|
|
patchShebangs bin/*
|
|
|
|
runHook postBuild
|
|
'';
|
|
|
|
dontInstall = true;
|
|
|
|
distPhase = ''
|
|
runHook preDist
|
|
|
|
mkdir -p $out
|
|
cp -R {app.js,bin,lib,locales,node_modules,package.json,public} $out
|
|
|
|
cat > $out/bin/hedgedoc <<EOF
|
|
#!${stdenv.shell}/bin/sh
|
|
${nodejs}/bin/node $out/app.js
|
|
EOF
|
|
chmod +x $out/bin/hedgedoc
|
|
wrapProgram $out/bin/hedgedoc \
|
|
--set NODE_PATH "$out/lib/node_modules"
|
|
|
|
runHook postDist
|
|
'';
|
|
|
|
passthru.tests = { inherit (nixosTests) hedgedoc; };
|
|
|
|
meta = with lib; {
|
|
description = "Realtime collaborative markdown notes on all platforms";
|
|
license = licenses.agpl3;
|
|
homepage = "https://hedgedoc.org";
|
|
maintainers = with maintainers; [ willibutz ma27 globin ];
|
|
platforms = platforms.linux;
|
|
};
|
|
}
|