uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>

pkgs/tools/security/pass/default.nix

@@ -0,0 +1,168 @@
+{ stdenv, lib, pkgs, fetchurl, buildEnv
+, coreutils, findutils, gnugrep, gnused, getopt, git, tree, gnupg, openssl
+, which, procps , qrencode , makeWrapper, pass, symlinkJoin
+
+, xclip ? null, xdotool ? null, dmenu ? null
+, x11Support ? !stdenv.isDarwin , dmenuSupport ? (x11Support || waylandSupport)
+, waylandSupport ? false, wl-clipboard ? null
+, ydotool ? null, dmenu-wayland ? null
+
+# For backwards-compatibility
+, tombPluginSupport ? false
+}:
+
+with lib;
+
+assert x11Support -> xclip != null;
+assert waylandSupport -> wl-clipboard != null;
+
+assert dmenuSupport -> x11Support || waylandSupport;
+assert dmenuSupport && x11Support
+  -> dmenu != null && xdotool != null;
+assert dmenuSupport && waylandSupport
+  -> dmenu-wayland != null && ydotool != null;
+
+
+let
+  passExtensions = import ./extensions { inherit pkgs; };
+
+  env = extensions:
+    let
+      selected = [ pass ] ++ extensions passExtensions
+        ++ lib.optional tombPluginSupport passExtensions.tomb;
+    in buildEnv {
+      name = "pass-extensions-env";
+      paths = selected;
+      buildInputs = [ makeWrapper ] ++ concatMap (x: x.buildInputs) selected;
+
+      postBuild = ''
+        files=$(find $out/bin/ -type f -exec readlink -f {} \;)
+        if [ -L $out/bin ]; then
+          rm $out/bin
+          mkdir $out/bin
+        fi
+
+        for i in $files; do
+          if ! [ "$(readlink -f "$out/bin/$(basename $i)")" = "$i" ]; then
+            ln -sf $i $out/bin/$(basename $i)
+          fi
+        done
+
+        wrapProgram $out/bin/pass \
+          --set SYSTEM_EXTENSION_DIR "$out/lib/password-store/extensions"
+      '';
+    };
+in
+
+stdenv.mkDerivation rec {
+  version = "1.7.4";
+  pname = "password-store";
+
+  src = fetchurl {
+    url    = "https://git.zx2c4.com/password-store/snapshot/${pname}-${version}.tar.xz";
+    sha256 = "1h4k6w7g8pr169p5w9n6mkdhxl3pw51zphx7www6pvgjb7vgmafg";
+  };
+
+  patches = [
+    ./set-correct-program-name-for-sleep.patch
+    ./extension-dir.patch
+  ] ++ lib.optional stdenv.isDarwin ./no-darwin-getopt.patch;
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
+
+  postInstall = ''
+    # Install Emacs Mode. NOTE: We can't install the necessary
+    # dependencies (s.el) here. The user has to do this themselves.
+    mkdir -p "$out/share/emacs/site-lisp"
+    cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
+  '' + optionalString dmenuSupport ''
+    cp "contrib/dmenu/passmenu" "$out/bin/"
+  '';
+
+  wrapperPath = with lib; makeBinPath ([
+    coreutils
+    findutils
+    getopt
+    git
+    gnugrep
+    gnupg
+    gnused
+    tree
+    which
+    qrencode
+    procps
+  ] ++ optional stdenv.isDarwin openssl
+    ++ optional x11Support xclip
+    ++ optional waylandSupport wl-clipboard
+    ++ optionals (waylandSupport && dmenuSupport) [ ydotool dmenu-wayland ]
+    ++ optionals (x11Support && dmenuSupport) [ xdotool dmenu ]
+  );
+
+  postFixup = ''
+    # Fix program name in --help
+    substituteInPlace $out/bin/pass \
+      --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
+
+    # Ensure all dependencies are in PATH
+    wrapProgram $out/bin/pass \
+      --prefix PATH : "${wrapperPath}"
+  '' + lib.optionalString dmenuSupport ''
+    # We just wrap passmenu with the same PATH as pass. It doesn't
+    # need all the tools in there but it doesn't hurt either.
+    wrapProgram $out/bin/passmenu \
+      --prefix PATH : "$out/bin:${wrapperPath}"
+  '';
+
+  # Turn "check" into "installcheck", since we want to test our pass,
+  # not the one before the fixup.
+  postPatch = ''
+    patchShebangs tests
+
+    substituteInPlace src/password-store.sh \
+      --replace "@out@" "$out"
+
+    # the turning
+    sed -i -e 's@^PASS=.*''$@PASS=$out/bin/pass@' \
+           -e 's@^GPGS=.*''$@GPG=${gnupg}/bin/gpg2@' \
+           -e '/which gpg/ d' \
+      tests/setup.sh
+  '' + lib.optionalString stdenv.isDarwin ''
+    # 'pass edit' uses hdid, which is not available from the sandbox.
+    rm -f tests/t0200-edit-tests.sh
+    rm -f tests/t0010-generate-tests.sh
+    rm -f tests/t0020-show-tests.sh
+    rm -f tests/t0050-mv-tests.sh
+    rm -f tests/t0100-insert-tests.sh
+    rm -f tests/t0300-reencryption.sh
+    rm -f tests/t0400-grep.sh
+  '';
+
+  doCheck = false;
+
+  doInstallCheck = true;
+  installCheckInputs = [ git ];
+  installCheckTarget = "test";
+
+  passthru = {
+    extensions = passExtensions;
+    withExtensions = env;
+  };
+
+  meta = with lib; {
+    description = "Stores, retrieves, generates, and synchronizes passwords securely";
+    homepage    = "https://www.passwordstore.org/";
+    license     = licenses.gpl2Plus;
+    maintainers = with maintainers; [ lovek323 fpletz tadfisher globin ma27 ];
+    platforms   = platforms.unix;
+
+    longDescription = ''
+      pass is a very simple password store that keeps passwords inside gpg2
+      encrypted files inside a simple directory tree residing at
+      ~/.password-store. The pass utility provides a series of commands for
+      manipulating the password store, allowing the user to add, remove, edit,
+      synchronize, generate, and manipulate passwords.
+    '';
+  };
+}

pkgs/tools/security/pass/extension-dir.patch

@@ -0,0 +1,32 @@
+diff --git a/Makefile b/Makefile
+index eac2291..1b1df0a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -46,12 +46,12 @@ install: install-common
+ 	@install -v -d "$(DESTDIR)$(LIBDIR)/password-store" && install -m 0644 -v "$(PLATFORMFILE)" "$(DESTDIR)$(LIBDIR)/password-store/platform.sh"
+ 	@install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions"
+ 	@install -v -d "$(DESTDIR)$(BINDIR)/"
+-	@trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \
++	@trap 'rm -f src/.pass' EXIT; sed 's:.*PLATFORM_FUNCTION_FILE.*:source "$(LIBDIR)/password-store/platform.sh":;' src/password-store.sh > src/.pass && \
+ 	install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass"
+ else
+ install: install-common
+ 	@install -v -d "$(DESTDIR)$(LIBDIR)/password-store/extensions"
+-	@trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;s:^SYSTEM_EXTENSION_DIR=.*:SYSTEM_EXTENSION_DIR="$(LIBDIR)/password-store/extensions":' src/password-store.sh > src/.pass && \
++	@trap 'rm -f src/.pass' EXIT; sed '/PLATFORM_FUNCTION_FILE/d;' src/password-store.sh > src/.pass && \
+ 	install -v -d "$(DESTDIR)$(BINDIR)/" && install -m 0755 -v src/.pass "$(DESTDIR)$(BINDIR)/pass"
+ endif
+ 
+diff --git a/src/password-store.sh b/src/password-store.sh
+index 68551a4..2f3b5b7 100755
+--- a/src/password-store.sh
++++ b/src/password-store.sh
+@@ -656,7 +656,7 @@ cmd_extension_or_show() {
+ 	fi
+ }
+ 
+-SYSTEM_EXTENSION_DIR=""
++SYSTEM_EXTENSION_DIR="${SYSTEM_EXTENSION_DIR:-@out@/lib/password-store/extensions}"
+ cmd_extension() {
+ 	check_sneaky_paths "$1"
+ 	local user_extension system_extension extension

pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch

@@ -0,0 +1,43 @@
+From a2d5d973f53efb11bdcaecbd0099df9714bc287f Mon Sep 17 00:00:00 2001
+From: Maximilian Bosch <maximilian@mbosch.me>
+Date: Tue, 8 Feb 2022 19:35:35 +0100
+Subject: [PATCH] Set `base` to an empty value
+
+`DESTDIR` ensures that everything lands in the correct location (i.e.
+the target store-path on Nix), within this path, everything should be
+moved into `/lib` and `/share`.
+---
+ setup.py | 17 ++---------------
+ 1 file changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 1f0a58b..f7baa41 100644
+--- a/setup.py
++++ b/setup.py
+@@ -8,21 +8,8 @@ from pathlib import Path
+ 
+ from setuptools import setup
+ 
+-share = Path(sys.prefix, 'share')
+-base = '/usr'
+-if os.uname().sysname == 'Darwin':
+-    base = '/usr/local'
+-lib = Path(base, 'lib', 'password-store', 'extensions')
+-
+-if '--user' in sys.argv:
+-    if 'PASSWORD_STORE_EXTENSIONS_DIR' in os.environ:
+-        lib = Path(os.environ['PASSWORD_STORE_EXTENSIONS_DIR'])
+-    else:
+-        lib = Path.home() / '.password-store' / '.extensions'
+-    if 'XDG_DATA_HOME' in os.environ:
+-        share = Path(os.environ['XDG_DATA_HOME'])
+-    else:
+-        share = Path.home() / '.local' / 'share'
++share = Path('share')
++lib = Path('lib', 'password-store', 'extensions')
+ 
+ setup(
+     data_files=[
+-- 
+2.33.1
+

pkgs/tools/security/pass/extensions/audit/0002-Fix-audit.bash-setup.patch

@@ -0,0 +1,28 @@
+From 8f76b32946430737f97f2702afd828b09536afd2 Mon Sep 17 00:00:00 2001
+From: Maximilian Bosch <maximilian@mbosch.me>
+Date: Sun, 15 Mar 2020 20:10:11 +0100
+Subject: [PATCH 2/2] Fix audit.bash setup
+
+This sets PASSWORD_STORE_DIR (needed by the python-code) to
+PASSWORD_STORE_DIR and properly falls back to `~/.password-store` if
+it's not set.
+---
+ audit.bash | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/audit.bash b/audit.bash
+index 7a973dc..c40ff76 100755
+--- a/audit.bash
++++ b/audit.bash
+@@ -17,7 +17,7 @@
+ #
+ 
+ cmd_audit() {
+-	export PASSWORD_STORE_DIR=$PREFIX GIT_DIR PASSWORD_STORE_GPG_OPTS
++	export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-$HOME/.password-store} GIT_DIR PASSWORD_STORE_GPG_OPTS
+ 	export X_SELECTION CLIP_TIME PASSWORD_STORE_UMASK GENERATED_LENGTH
+ 	export CHARACTER_SET CHARACTER_SET_NO_SYMBOLS EXTENSIONS PASSWORD_STORE_KEY
+ 	export PASSWORD_STORE_ENABLE_EXTENSIONS PASSWORD_STORE_SIGNING_KEY
+-- 
+2.25.0
+

pkgs/tools/security/pass/extensions/audit/default.nix

@@ -0,0 +1,55 @@
+{ lib, stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, gnupg }:
+
+let
+  pythonEnv = pythonPackages.python.withPackages (p: [ p.requests p.setuptools p.zxcvbn ]);
+
+in stdenv.mkDerivation rec {
+  pname = "pass-audit";
+  version = "1.2";
+
+  src = fetchFromGitHub {
+    owner = "roddhjav";
+    repo = "pass-audit";
+    rev = "v${version}";
+    sha256 = "sha256-xigP8LxRXITLF3X21zhWx6ooFNSTKGv46yFSt1dd4vs=";
+  };
+
+  patches = [
+    ./0001-Set-base-to-an-empty-value.patch
+    ./0002-Fix-audit.bash-setup.patch
+  ];
+
+  postPatch = ''
+    substituteInPlace audit.bash \
+      --replace 'python3' "${pythonEnv}/bin/python3"
+    substituteInPlace Makefile \
+      --replace "install --root" "install --prefix ''' --root"
+  '';
+
+  outputs = [ "out" "man" ];
+
+  buildInputs = [ pythonEnv ];
+  nativeBuildInputs = [ makeWrapper ];
+
+  # Tests freeze on darwin with: pass-audit-1.1 (checkPhase): EOFError
+  doCheck = !stdenv.isDarwin;
+  checkInputs = [ pythonPackages.green pass gnupg ];
+  checkPhase = ''
+    ${pythonEnv}/bin/python3 setup.py green -q
+  '';
+
+  installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ];
+  postInstall = ''
+    wrapProgram $out/lib/password-store/extensions/audit.bash \
+      --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" \
+      --run "export COMMAND"
+  '';
+
+  meta = with lib; {
+    description = "Pass extension for auditing your password repository.";
+    homepage = "https://github.com/roddhjav/pass-audit";
+    license = licenses.gpl3Plus;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ ma27 ];
+  };
+}

pkgs/tools/security/pass/extensions/checkup.nix

@@ -0,0 +1,42 @@
+{ lib, stdenv, fetchFromGitHub
+, curl, findutils, gnugrep, gnused, shellcheck }:
+
+let
+  pname = "pass-checkup";
+  version = "0.2.1";
+in stdenv.mkDerivation {
+  inherit pname version;
+
+  src = fetchFromGitHub {
+    owner = "etu";
+    repo = pname;
+    rev = version;
+    sha256 = "18b6rx59r7g0hvqs2affvw0g0jyifyzhanwgz2q2b8nhjgqgnar2";
+  };
+
+  nativeBuildInputs = [ shellcheck ];
+
+  postPatch = ''
+    substituteInPlace checkup.bash \
+      --replace curl ${curl}/bin/curl \
+      --replace find ${findutils}/bin/find \
+      --replace grep ${gnugrep}/bin/grep \
+      --replace sed ${gnused}/bin/sed
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    install -D -m755 checkup.bash $out/lib/password-store/extensions/checkup.bash
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "A pass extension to check against the Have I been pwned API to see if your passwords are publicly leaked or not";
+    homepage = "https://github.com/etu/pass-checkup";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ etu ];
+    platforms = platforms.unix;
+  };
+}

pkgs/tools/security/pass/extensions/default.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+{
+  pass-audit = callPackage ./audit {
+    pythonPackages = python3Packages;
+  };
+  pass-checkup = callPackage ./checkup.nix {};
+  pass-import = callPackage ./import.nix {};
+  pass-otp = callPackage ./otp.nix {};
+  pass-tomb = callPackage ./tomb.nix {};
+  pass-update = callPackage ./update.nix {};
+  pass-genphrase = callPackage ./genphrase.nix {};
+}

pkgs/tools/security/pass/extensions/genphrase.nix

@@ -0,0 +1,32 @@
+{ lib, stdenv, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  pname = "pass-genphrase";
+  version = "0.3";
+
+  src = fetchFromGitHub {
+    owner = "congma";
+    repo = "pass-genphrase";
+    rev = version;
+    sha256 = "01dff2jlp111y7vlmp1wbgijzphhlzc19m02fs8nzmn5vxyffanx";
+  };
+
+  dontBuild = true;
+
+  installTargets = [ "globalinstall" ];
+
+  installFlags = [ "PREFIX=$(out)" ];
+
+  postFixup = ''
+    substituteInPlace $out/lib/password-store/extensions/genphrase.bash \
+      --replace '$EXTENSIONS' "$out/lib/password-store/extensions/"
+  '';
+
+  meta = with lib; {
+    description = "Pass extension that generates memorable passwords";
+    homepage = "https://github.com/congma/pass-genphrase";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ seqizz ];
+    platforms = platforms.unix;
+  };
+}

pkgs/tools/security/pass/extensions/import.nix

@@ -0,0 +1,62 @@
+{ lib
+, fetchFromGitHub
+, fetchpatch
+, python3Packages
+, gnupg
+, pass
+, makeWrapper
+}:
+
+python3Packages.buildPythonApplication rec {
+  pname = "pass-import";
+  version = "3.2";
+
+  src = fetchFromGitHub {
+    owner = "roddhjav";
+    repo = "pass-import";
+    rev = "v${version}";
+    sha256 = "0hrpg7yiv50xmbajfy0zdilsyhbj5iv0qnlrgkfv99q1dvd5qy56";
+  };
+
+  propagatedBuildInputs = with python3Packages; [
+    cryptography
+    defusedxml
+    pyaml
+    pykeepass
+    python-magic # similar API to "file-magic", but already in nixpkgs.
+    secretstorage
+  ];
+
+  checkInputs = [
+    gnupg
+    pass
+    python3Packages.pytestCheckHook
+  ];
+
+  disabledTests = [
+    "test_import_gnome_keyring" # requires dbus, which pytest doesn't support
+  ];
+
+  postInstall = ''
+    mkdir -p $out/lib/password-store/extensions
+    cp ${src}/import.bash $out/lib/password-store/extensions/import.bash
+    wrapProgram $out/lib/password-store/extensions/import.bash \
+      --prefix PATH : "${python3Packages.python.withPackages (_: propagatedBuildInputs)}/bin" \
+      --prefix PYTHONPATH : "$out/${python3Packages.python.sitePackages}" \
+      --run "export PREFIX"
+    cp -r ${src}/share $out/
+  '';
+
+  postCheck = ''
+    $out/bin/pimport --list-exporters --list-importers
+  '';
+
+  meta = with lib; {
+    description = "Pass extension for importing data from existing password managers";
+    homepage = "https://github.com/roddhjav/pass-import";
+    changelog = "https://github.com/roddhjav/pass-import/blob/v${version}/CHANGELOG.rst";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ lovek323 fpletz tadfisher ];
+    platforms = platforms.unix;
+  };
+}

pkgs/tools/security/pass/extensions/otp.nix

@@ -0,0 +1,33 @@
+{ lib, stdenv, fetchFromGitHub, oath-toolkit }:
+
+stdenv.mkDerivation rec {
+  pname = "pass-otp";
+  version = "1.2.0";
+
+  src = fetchFromGitHub {
+    owner = "tadfisher";
+    repo = "pass-otp";
+    rev = "v${version}";
+    sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v";
+  };
+
+  buildInputs = [ oath-toolkit ];
+
+  dontBuild = true;
+
+  patchPhase = ''
+    sed -i -e 's|OATH=\$(which oathtool)|OATH=${oath-toolkit}/bin/oathtool|' otp.bash
+  '';
+
+  installFlags = [ "PREFIX=$(out)"
+                   "BASHCOMPDIR=$(out)/share/bash-completion/completions"
+                 ];
+
+  meta = with lib; {
+    description = "A pass extension for managing one-time-password (OTP) tokens";
+    homepage = "https://github.com/tadfisher/pass-otp";
+    license = licenses.gpl3;
+    maintainers = with maintainers; [ jwiegley tadfisher toonn ];
+    platforms = platforms.unix;
+  };
+}

pkgs/tools/security/pass/extensions/tomb.nix

@@ -0,0 +1,32 @@
+{ lib, stdenv, fetchFromGitHub, tomb }:
+
+stdenv.mkDerivation rec {
+  pname = "pass-tomb";
+  version = "1.3";
+
+  src = fetchFromGitHub {
+    owner = "roddhjav";
+    repo = "pass-tomb";
+    rev = "v${version}";
+    sha256 = "sha256-kbbMHmYmeyt7HM8YiNhknePm1vUaXWWXPWePKGpbU+o=";
+  };
+
+  buildInputs = [ tomb ];
+
+  dontBuild = true;
+
+  installFlags = [ "PREFIX=$(out)" ];
+
+  postFixup = ''
+    substituteInPlace $out/lib/password-store/extensions/tomb.bash \
+      --replace 'TOMB="''${PASSWORD_STORE_TOMB:-tomb}"' 'TOMB="''${PASSWORD_STORE_TOMB:-${tomb}/bin/tomb}"'
+  '';
+
+  meta = with lib; {
+    description = "Pass extension that keeps the password store encrypted inside a tomb";
+    homepage = "https://github.com/roddhjav/pass-tomb";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ lovek323 fpletz tadfisher ];
+    platforms = platforms.unix;
+  };
+}

pkgs/tools/security/pass/extensions/update.nix

@@ -0,0 +1,30 @@
+{ lib, stdenv, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  pname = "pass-update";
+  version = "2.1";
+
+  src = fetchFromGitHub {
+    owner = "roddhjav";
+    repo = "pass-update";
+    rev = "v${version}";
+    sha256 = "0yx8w97jcp6lv7ad5jxqnj04csbrn2hhc4pskssxknw2sbvg4g6c";
+  };
+
+  postPatch = ''
+    substituteInPlace Makefile \
+      --replace "BASHCOMPDIR ?= /etc/bash_completion.d" "BASHCOMPDIR ?= $out/share/bash-completion/completions"
+  '';
+
+  dontBuild = true;
+
+  installFlags = [ "PREFIX=$(out)" ];
+
+  meta = with lib; {
+    description = "Pass extension that provides an easy flow for updating passwords";
+    homepage = "https://github.com/roddhjav/pass-update";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ lovek323 fpletz tadfisher ];
+    platforms = platforms.unix;
+  };
+}

pkgs/tools/security/pass/no-darwin-getopt.patch

@@ -0,0 +1,11 @@
+diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
+index f6cc471..e2e8bba 100644
+--- a/src/platform/darwin.sh
++++ b/src/platform/darwin.sh
+@@ -39,6 +39,5 @@ qrcode() {
+ 	fi
+ }
+ 
+-GETOPT="$({ test -x /usr/local/opt/gnu-getopt/bin/getopt && echo /usr/local/opt/gnu-getopt; } || brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt"
+ SHRED="srm -f -z"
+ BASE64="openssl base64"

pkgs/tools/security/pass/rofi-pass.nix

@@ -0,0 +1,56 @@
+{ lib, stdenv, fetchFromGitHub, pass, rofi, coreutils, util-linux, xdotool, gnugrep
+, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper
+}:
+
+stdenv.mkDerivation rec {
+  pname = "rofi-pass";
+  version = "2.0.2";
+
+  src = fetchFromGitHub {
+    owner = "carnager";
+    repo = "rofi-pass";
+    rev = version;
+    sha256 = "131jpcwyyzgzjn9lx4k1zn95pd68pjw4i41jfzcp9z9fnazyln5n";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -a rofi-pass $out/bin/rofi-pass
+
+    mkdir -p $out/share/doc/rofi-pass/
+    cp -a config.example $out/share/doc/rofi-pass/config.example
+  '';
+
+  wrapperPath = with lib; makeBinPath [
+    coreutils
+    findutils
+    gawk
+    gnugrep
+    gnused
+    libnotify
+    (pass.withExtensions (ext: [ ext.pass-otp ]))
+    pwgen
+    rofi
+    util-linux
+    xclip
+    xdotool
+  ];
+
+  fixupPhase = ''
+    patchShebangs $out/bin
+
+    wrapProgram $out/bin/rofi-pass \
+      --prefix PATH : "${wrapperPath}"
+  '';
+
+  meta = {
+    description = "A script to make rofi work with password-store";
+    homepage = "https://github.com/carnager/rofi-pass";
+    license = lib.licenses.gpl3;
+    platforms = with lib.platforms; linux;
+  };
+}

pkgs/tools/security/pass/set-correct-program-name-for-sleep.patch

@@ -0,0 +1,50 @@
+From d11261c2ad184daf6e9edd777bc8a3372c277b4b Mon Sep 17 00:00:00 2001
+From: Johannes Frankenau <johannes@frankenau.net>
+Date: Fri, 10 Aug 2018 09:49:57 +0200
+Subject: [PATCH] Patch the clip() function to work even when using
+ single-binary coreutils
+
+---
+ src/platform/cygwin.sh | 4 ++--
+ src/platform/darwin.sh | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh
+index 5a8d5ea..423e0ce 100644
+--- a/src/platform/cygwin.sh
++++ b/src/platform/cygwin.sh
+@@ -3,11 +3,11 @@
+ 
+ clip() {
+ 	local sleep_argv0="password store sleep on display $DISPLAY"
+-	pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++	pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ 	local before="$($BASE64 < /dev/clipboard)"
+ 	echo -n "$1" > /dev/clipboard
+ 	(
+-		( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
++		( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
+ 		local now="$($BASE64 < /dev/clipboard)"
+ 		[[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now"
+ 		echo "$before" | $BASE64 -d > /dev/clipboard
+diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
+index 342ecce..9e12837 100644
+--- a/src/platform/darwin.sh
++++ b/src/platform/darwin.sh
+@@ -3,11 +3,11 @@
+ 
+ clip() {
+ 	local sleep_argv0="password store sleep for user $(id -u)"
+-	pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++	pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ 	local before="$(pbpaste | $BASE64)"
+ 	echo -n "$1" | pbcopy
+ 	(
+-		( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
++		( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
+ 		local now="$(pbpaste | $BASE64)"
+ 		[[ $now != $(echo -n "$1" | $BASE64) ]] && before="$now"
+ 		echo "$before" | $BASE64 -d | pbcopy
+-- 
+2.16.4
+