tor{,socks}: move to by-name; 2.4.0 -> 2.5.0; improve (#419239)

pkgs/by-name/to/tor/package.nix

@@ -15,6 +15,7 @@
   scrypt,
   nixosTests,
   writeShellScript,
+  versionCheckHook,
 
   # for update.nix
   writeScript,
@@ -27,6 +28,7 @@
   gnused,
   nix,
 }:
+
 let
   tor-client-auth-gen = writeShellScript "tor-client-auth-gen" ''
     PATH="${
@@ -48,13 +50,14 @@ let
     base64 -d | tail --bytes=32 | base32 | tr -d =
   '';
 in
-stdenv.mkDerivation rec {
+
+stdenv.mkDerivation (finalAttrs: {
   pname = "tor";
   version = "0.4.8.17";
 
   src = fetchurl {
-    url = "https://dist.torproject.org/${pname}-${version}.tar.gz";
-    sha256 = "sha256-ebRyXh1LiHueaP0JsNIkN3fVzjzUceU4WDvPb52M21Y=";
+    url = "https://dist.torproject.org/tor-${finalAttrs.version}.tar.gz";
+    hash = "sha256-ebRyXh1LiHueaP0JsNIkN3fVzjzUceU4WDvPb52M21Y=";
   };
 
   outputs = [
@@ -63,6 +66,7 @@ stdenv.mkDerivation rec {
   ];
 
   nativeBuildInputs = [ pkg-config ];
+
   buildInputs =
     [
       libevent
@@ -98,8 +102,7 @@ stdenv.mkDerivation rec {
 
   postPatch = ''
     substituteInPlace contrib/client-tools/torify \
-      --replace 'pathfind torsocks' true          \
-      --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks'
+      --replace-fail 'exec torsocks' 'exec ${torsocks}/bin/torsocks'
 
     patchShebangs ./scripts/maint/checkShellScripts.sh
   '';
@@ -117,6 +120,10 @@ stdenv.mkDerivation rec {
     ln -s ${tor-client-auth-gen} $out/bin/tor-client-auth-gen
   '';
 
+  doInstallCheck = true;
+  nativeInstallCheckInputs = [ versionCheckHook ];
+  versionCheckProgramArg = "--version";
+
   passthru = {
     tests.tor = nixosTests.tor;
     updateScript = import ./update.nix {
@@ -135,10 +142,9 @@ stdenv.mkDerivation rec {
     };
   };
 
-  meta = with lib; {
+  meta = {
     homepage = "https://www.torproject.org/";
     description = "Anonymizing overlay network";
-
     longDescription = ''
       Tor helps improve your privacy by bouncing your communications around a
       network of relays run by volunteers all around the world: it makes it
@@ -148,17 +154,16 @@ stdenv.mkDerivation rec {
       instant messaging clients, remote login, and other applications based on
       the TCP protocol.
     '';
-
-    license = with licenses; [
+    license = with lib.licenses; [
       bsd3
       gpl3Only
     ];
-
-    maintainers = with maintainers; [
+    mainProgram = "tor";
+    maintainers = with lib.maintainers; [
       thoughtpolice
       joachifm
       prusnak
     ];
-    platforms = platforms.unix;
+    platforms = lib.platforms.unix;
   };
-}
+})

pkgs/by-name/to/torsocks/package.nix

@@ -5,28 +5,26 @@
   fetchpatch,
   autoreconfHook,
   libcap,
+  nix-update-script,
+  versionCheckHook,
 }:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (finalAttrs: {
   pname = "torsocks";
-  version = "2.4.0";
+  version = "2.5.0";
 
   src = fetchFromGitLab {
     domain = "gitlab.torproject.org";
     group = "tpo";
     owner = "core";
     repo = "torsocks";
-    rev = "v${version}";
-    sha256 = "sha256-ocJkoF9LMLC84ukFrm5pzjp/1gaXqDz8lzr9TdG+f88=";
+    tag = "v${finalAttrs.version}";
+    hash = "sha256-um5D6d/fzKynfa1kA/VbdnKvAlZ7jQs+pmOgWQMpwgM=";
   };
 
+  nativeBuildInputs = [ autoreconfHook ];
+
   patches = [
-    # fix compatibility with C99
-    # https://gitlab.torproject.org/tpo/core/torsocks/-/merge_requests/9
-    (fetchpatch {
-      url = "https://gitlab.torproject.org/tpo/core/torsocks/-/commit/1171bf2fd4e7a0cab02cf5fca59090b65af9cd29.patch";
-      hash = "sha256-qu5/0fy72+02QI0cVE/6YrR1kPuJxsZfG8XeODqVOPY=";
-    })
     # tsocks_libc_accept4 only exists on Linux, use tsocks_libc_accept on other platforms
     (fetchpatch {
       url = "https://gitlab.torproject.org/tpo/core/torsocks/uploads/eeec9833512850306a42a0890d283d77/0001-Fix-macros-for-accept4-2.patch";
@@ -36,30 +34,24 @@ stdenv.mkDerivation rec {
     ./torsocks-gethostbyaddr-darwin.patch
   ];
 
-  postPatch =
-    ''
-      # Patch torify_app()
-      sed -i \
-        -e 's,\(local app_path\)=`which $1`,\1=`type -P $1`,' \
-        src/bin/torsocks.in
-    ''
-    + lib.optionalString stdenv.hostPlatform.isLinux ''
-      sed -i \
-        -e 's,\(local getcap\)=.*,\1=${libcap}/bin/getcap,' \
-        src/bin/torsocks.in
-    '';
-
-  nativeBuildInputs = [ autoreconfHook ];
+  postPatch = lib.optionalString stdenv.hostPlatform.isLinux ''
+    substituteInPlace src/bin/torsocks.in --replace-fail \
+    '"$(PATH="$PATH:/usr/sbin:/sbin" command -v getcap)"' '${libcap}/bin/getcap'
+  '';
 
   doInstallCheck = true;
   installCheckTarget = "check-recursive";
+  nativeInstallCheckInputs = [ versionCheckHook ];
+
+  passthru.updateScript = nix-update-script { };
 
   meta = {
+    changelog = "https://gitlab.torproject.org/tpo/core/torsocks/-/releases/v${finalAttrs.version}";
     description = "Wrapper to safely torify applications";
-    mainProgram = "torsocks";
     homepage = "https://gitlab.torproject.org/tpo/core/torsocks";
     license = lib.licenses.gpl2Plus;
-    platforms = lib.platforms.unix;
+    mainProgram = "torsocks";
     maintainers = with lib.maintainers; [ thoughtpolice ];
+    platforms = lib.platforms.unix;
   };
-}
+})

pkgs/top-level/all-packages.nix

@@ -4483,10 +4483,6 @@ with pkgs;
     }
   );
 
-  tor = callPackage ../tools/security/tor { };
-
-  torsocks = callPackage ../tools/security/tor/torsocks.nix { };
-
   trackma-curses = trackma.override { withCurses = true; };
 
   trackma-gtk = trackma.override { withGTK = true; };