pkgs/by-name/sh/shh/package.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

{
  lib,
  rustPlatform,
  fetchFromGitHub,
  python3,
  strace,
  systemd,
  iproute2,
}:

rustPlatform.buildRustPackage rec {
  pname = "shh";
  version = "2025.4.12";

  src = fetchFromGitHub {
    owner = "desbma";
    repo = "shh";
    tag = "v${version}";
    hash = "sha256-+JWz0ya6gi8pPERnpAcQIe7zZUzWGxha+9/gizMVtEw=";
  };

  cargoHash = "sha256-TdP+1sb1GEFM57z+rc+gqhoWQhPAXzvMt/FCWf3wpr8=";

  patches = [
    ./fix_run_checks.patch
    ./pr13-profile-path-fix-strace.patch
  ];

  # buildFeatures = [ /*"gen-man-pages"*/ ];

  checkFeatures = [ "nix-build-env" ];

  buildInputs = [
    strace
    systemd
  ];

  nativeCheckInputs = [
    strace
    systemd
    python3
    iproute2
  ];

  # RUST_BACKTRACE = 1;

  meta = {
    description = "Automatic systemd service hardening guided by strace profiling";
    homepage = "https://github.com/desbma/shh";
    license = lib.licenses.gpl3Only;
    platforms = lib.platforms.linux;
    mainProgram = "shh";
    maintainers = with lib.maintainers; [
      erdnaxe
      kuflierl
    ];
  };
}