2 files changed, 86 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/version-management/git-and-tools/transcrypt/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/version-management/git-and-tools/transcrypt/default.nix
new file mode 100644
index 000000000000..c99c70379df4
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/version-management/git-and-tools/transcrypt/default.nix
@@ -0,0 +1,49 @@
+{ stdenv, fetchFromGitHub, git, makeWrapper, openssl, coreutils, util-linux, gnugrep, gnused, gawk }:
+
+stdenv.mkDerivation rec {
+  pname = "transcrypt";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = "elasticdog";
+    repo = "transcrypt";
+    rev = "v${version}";
+    sha256 = "1dkr69plk16wllk5bzlkchrzw63pk239dgbjhrb3mb61i065jdam";
+  };
+
+  buildInputs = [ makeWrapper git openssl coreutils util-linux gnugrep gnused gawk ];
+
+  patches = [ ./helper-scripts_depspathprefix.patch ];
+
+  installPhase = ''
+    install -m 755 -D transcrypt $out/bin/transcrypt
+    install -m 644 -D man/transcrypt.1 $out/share/man/man1/transcrypt.1
+    install -m 644 -D contrib/bash/transcrypt $out/share/bash-completion/completions/transcrypt
+    install -m 644 -D contrib/zsh/_transcrypt $out/share/zsh/site-functions/_transcrypt
+
+    wrapProgram $out/bin/transcrypt \
+      --prefix PATH : "${stdenv.lib.makeBinPath [ git openssl coreutils util-linux gnugrep gnused gawk ]}"
+
+    cat > $out/bin/transcrypt-depspathprefix << EOF
+    #!${stdenv.shell}
+    echo "${stdenv.lib.makeBinPath [ git openssl coreutils gawk ]}:"
+    EOF
+    chmod +x $out/bin/transcrypt-depspathprefix
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Transparently encrypt files within a Git repository";
+    longDescription = ''
+      A script to configure transparent encryption of sensitive files stored in
+      a Git repository. Files that you choose will be automatically encrypted
+      when you commit them, and automatically decrypted when you check them
+      out. The process will degrade gracefully, so even people without your
+      encryption password can safely commit changes to the repository's
+      non-encrypted files.
+    '';
+    homepage = "https://github.com/elasticdog/transcrypt";
+    license = licenses.mit;
+    maintainers = [ maintainers.elasticdog ];
+    platforms = platforms.all;
+  };
+}
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/version-management/git-and-tools/transcrypt/helper-scripts_depspathprefix.patch b/infra/libkookie/nixpkgs/pkgs/applications/version-management/git-and-tools/transcrypt/helper-scripts_depspathprefix.patch
new file mode 100644
index 000000000000..925aadab3dd5
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/version-management/git-and-tools/transcrypt/helper-scripts_depspathprefix.patch
@@ -0,0 +1,37 @@
+diff --git a/transcrypt b/transcrypt
+index a0b562d..7888f5d 100755
+--- a/transcrypt
++++ b/transcrypt
+@@ -278,6 +278,7 @@ save_helper_scripts() {
+ 
+ 	cat <<-'EOF' > "${GIT_DIR}/crypt/clean"
+ 		#!/usr/bin/env bash
++		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
+ 		filename=$1
+ 		# ignore empty files
+ 		if [[ -s $filename ]]; then
+@@ -300,6 +301,7 @@ save_helper_scripts() {
+ 
+ 	cat <<-'EOF' > "${GIT_DIR}/crypt/smudge"
+ 		#!/usr/bin/env bash
++		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
+ 		tempfile=$(mktemp 2> /dev/null || mktemp -t tmp)
+ 		trap 'rm -f "$tempfile"' EXIT
+ 		cipher=$(git config --get --local transcrypt.cipher)
+@@ -309,6 +311,7 @@ save_helper_scripts() {
+ 
+ 	cat <<-'EOF' > "${GIT_DIR}/crypt/textconv"
+ 		#!/usr/bin/env bash
++		PATH="$(transcrypt-depspathprefix 2>/dev/null)$PATH"
+ 		filename=$1
+ 		# ignore empty files
+ 		if [[ -s $filename ]]; then
+@@ -351,7 +354,7 @@ save_configuration() {
+ 	git config merge.renormalize 'true'
+ 
+ 	# add a git alias for listing encrypted files
+-	git config alias.ls-crypt "!git ls-files | git check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; /crypt$/{ print \$1 }'"
++	git config alias.ls-crypt "!PATH=\"\$(transcrypt-depspathprefix 2>/dev/null)\$PATH\"; git ls-files | git check-attr --stdin filter | awk 'BEGIN { FS = \":\" }; /crypt$/{ print \$1 }'"
+ }
+ 
+ # display the current configuration settings