From 2f46ed8ef6101dab2fc2cf82d0a68f9309d35179 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 13 Feb 2021 05:59:36 +0100
Subject: [PATCH 1/3] gnulib: cleanup, fix shebangs for python script

---
 pkgs/development/tools/gnulib/default.nix | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/pkgs/development/tools/gnulib/default.nix b/pkgs/development/tools/gnulib/default.nix
index 2a2ce1b190ff..7441d4018a85 100644
--- a/pkgs/development/tools/gnulib/default.nix
+++ b/pkgs/development/tools/gnulib/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchgit }:
+{ lib, stdenv, fetchgit, python3 }:
 
 stdenv.mkDerivation {
   pname = "gnulib";
@@ -10,19 +10,26 @@ stdenv.mkDerivation {
     sha256 = "0hkg3nql8nsll0vrqk4ifda0v4kpi67xz42r8daqsql6c4rciqnw";
   };
 
-  dontFixup = true;
-  # no "make install", gnulib is a collection of source code
+  postPatch = ''
+    patchShebangs gnulib-tool.py
+  '';
+
+  buildInputs = [ python3 ];
+
   installPhase = ''
-    mkdir -p $out; mv * $out/
-    ln -s $out/lib $out/include
     mkdir -p $out/bin
+    cp -r * $out/
+    ln -s $out/lib $out/include
     ln -s $out/gnulib-tool $out/bin/
   '';
 
-  meta = {
+  # do not change headers to not update all vendored build files
+  dontFixup = true;
+
+  meta = with lib; {
     homepage = "https://www.gnu.org/software/gnulib/";
     description = "Central location for code to be shared among GNU packages";
-    license = lib.licenses.gpl3Plus;
-    platforms = lib.platforms.unix;
+    license = licenses.gpl3Plus;
+    platforms = platforms.unix;
   };
 }

From a4402edf94f77944fa23ee1021747af5bb4a36cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 13 Feb 2021 21:11:54 +0100
Subject: [PATCH 2/3] libhsts: ini at 0.1.0

---
 .../development/libraries/libhsts/default.nix | 40 +++++++++++++++++++
 pkgs/development/libraries/libhsts/update.sh  | 13 ++++++
 pkgs/top-level/all-packages.nix               |  2 +
 3 files changed, 55 insertions(+)
 create mode 100644 pkgs/development/libraries/libhsts/default.nix
 create mode 100755 pkgs/development/libraries/libhsts/update.sh

diff --git a/pkgs/development/libraries/libhsts/default.nix b/pkgs/development/libraries/libhsts/default.nix
new file mode 100644
index 000000000000..df53e7d294f2
--- /dev/null
+++ b/pkgs/development/libraries/libhsts/default.nix
@@ -0,0 +1,40 @@
+{ lib, stdenv, fetchFromGitLab, fetchurl, autoconf-archive, autoreconfHook, pkg-config, python3 }:
+let
+  chromium_version = "90.0.4417.1";
+
+  hsts_list = fetchurl {
+    url = "https://raw.github.com/chromium/chromium/${chromium_version}/net/http/transport_security_state_static.json";
+    sha256 = "09f24n30x5dmqk8zk7k2glcilgr27832a3304wj1yp97158sqsfx";
+  };
+
+in
+stdenv.mkDerivation rec {
+  pname = "libhsts";
+  version = "0.1.0";
+
+  src = fetchFromGitLab {
+    owner = "rockdaboot";
+    repo = pname;
+    rev = "libhsts-${version}";
+    sha256 = "0gbchzf0f4xzb6zjc56dk74hqrmdgyirmgxvvsqp9vqn9wb5kkx4";
+  };
+
+  postPatch = ''
+    pushd tests
+    cp ${hsts_list} transport_security_state_static.json
+    sed 's/^ *\/\/.*$//g' transport_security_state_static.json >hsts.json
+    popd
+    patchShebangs src/hsts-make-dafsa
+  '';
+
+  nativeBuildInputs = [ autoconf-archive autoreconfHook pkg-config python3 ];
+
+  outputs = [ "out" "dev" ];
+
+  meta = with lib; {
+    description = "Library to easily check a domain against the Chromium HSTS Preload list";
+    homepage = "https://gitlab.com/rockdaboot/libhsts";
+    license = with licenses; [ mit bsd3 ];
+    maintainers = with maintainers; [ SuperSandro2000 ];
+  };
+}
diff --git a/pkgs/development/libraries/libhsts/update.sh b/pkgs/development/libraries/libhsts/update.sh
new file mode 100755
index 000000000000..f80966e08c9a
--- /dev/null
+++ b/pkgs/development/libraries/libhsts/update.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl jq
+
+set -euo pipefail -x
+
+cd "$(dirname "$0")"
+
+chromium_version=$(curl -s "https://api.github.com/repos/chromium/chromium/tags" | jq -r 'map(select(.prerelease | not)) | .[1].name')
+sha256=$(nix-prefetch-url "https://raw.github.com/chromium/chromium/$chromium_version/net/http/transport_security_state_static.json")
+
+sed -e "0,/chromium_version/s/chromium_version = \".*\"/chromium_version = \"$chromium_version\"/" \
+    -e "0,/sha256/s/sha256 = \".*\"/sha256 = \"$sha256\"/" \
+  --in-place ./default.nix
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 86cefd9f946f..806960b4ad4e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13841,6 +13841,8 @@ in
 
   libgit2-glib = callPackage ../development/libraries/libgit2-glib { };
 
+  libhsts = callPackage ../development/libraries/libhsts { };
+
   glbinding = callPackage ../development/libraries/glbinding { };
 
   gle = callPackage ../development/libraries/gle { };

From e11e0b15363f62c6e6260e558555ce54df6887f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 13 Feb 2021 21:12:20 +0100
Subject: [PATCH 3/3] wget2: init at 1.99.2

---
 pkgs/tools/networking/wget2/default.nix | 100 ++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix         |  12 +++
 2 files changed, 112 insertions(+)
 create mode 100644 pkgs/tools/networking/wget2/default.nix

diff --git a/pkgs/tools/networking/wget2/default.nix b/pkgs/tools/networking/wget2/default.nix
new file mode 100644
index 000000000000..1537da36163f
--- /dev/null
+++ b/pkgs/tools/networking/wget2/default.nix
@@ -0,0 +1,100 @@
+{ lib
+, stdenv
+, fetchFromGitLab
+, fetchpatch
+  # build support
+, autoreconfHook
+, flex
+, gnulib
+, lzip
+, pkg-config
+, python3
+, texinfo
+  # libraries
+, brotli
+, bzip2
+, gpgme
+, libhsts
+, libidn2
+, libpsl
+, lzma
+, nghttp2
+, sslSupport ? true
+, openssl
+, pcre2
+, zlib
+, zstd
+}:
+
+stdenv.mkDerivation rec {
+  pname = "wget2";
+  version = "1.99.2";
+
+  src = fetchFromGitLab {
+    owner = "gnuwget";
+    repo = pname;
+    rev = version;
+    sha256 = "1gws8y3z8xzi46c48n7jb162mr3ar4c34s7yy8kjcs14yzq951qz";
+  };
+
+  patches = [
+    (fetchpatch {
+      name = "fix-autotools-2.70.patch";
+      url = "https://gitlab.com/gnuwget/wget2/-/commit/580af869093cfda6bc8a9d5901850354a16b3666.patch";
+      sha256 = "1x6wq4wxvvy6174d52qrhxkcgmv366f8smxyki49zb6rs4gqhskd";
+    })
+    (fetchpatch {
+      name = "update-potfiles-for-gnulib-2020-11-28.patch";
+      url = "https://gitlab.com/gnuwget/wget2/-/commit/368deb9fcca0c281f9c76333607cc878c3945ad0.patch";
+      sha256 = "1qsz8hbzbgg14wikxsbjjlq0cp3jw4pajbaz9wdn6ny617hdvi8y";
+    })
+  ];
+
+  # wget2_noinstall contains forbidden reference to /build/
+  postPatch = ''
+    substituteInPlace src/Makefile.am \
+      --replace 'bin_PROGRAMS = wget2 wget2_noinstall' 'bin_PROGRAMS = wget2'
+  '';
+
+  nativeBuildInputs = [ autoreconfHook flex lzip pkg-config python3 texinfo ];
+
+  buildInputs = [ brotli bzip2 gpgme libhsts libidn2 libpsl lzma nghttp2 pcre2 zlib zstd ]
+    ++ lib.optional sslSupport openssl;
+
+  # TODO: include translation files
+  autoreconfPhase = ''
+    # copy gnulib into build dir and make writable.
+    # Otherwise ./bootstrap copies the non-writable files from nix store and fails to modify them
+    rmdir gnulib
+    cp -r ${gnulib} gnulib
+    chmod -R u+w gnulib/{build-aux,lib}
+
+    # fix bashisms can be removed when https://gitlab.com/gnuwget/wget2/-/commit/c9499dcf2f58983d03e659e2a1a7f21225141edf is in the release
+    sed 's|==|=|g' -i configure.ac
+
+    ./bootstrap --no-git --gnulib-srcdir=gnulib --skip-po
+  '';
+
+  configureFlags = [
+    "--disable-static"
+    # TODO: https://gitlab.com/gnuwget/wget2/-/issues/537
+    (lib.withFeatureAs sslSupport "ssl" "openssl")
+  ];
+
+  outputs = [ "out" "lib" "dev" ];
+
+  meta = with lib; {
+    description = "successor of GNU Wget, a file and recursive website downloader.";
+    longDescription = ''
+      Designed and written from scratch it wraps around libwget, that provides the basic
+      functions needed by a web client.
+      Wget2 works multi-threaded and uses many features to allow fast operation.
+      In many cases Wget2 downloads much faster than Wget1.x due to HTTP2, HTTP compression,
+      parallel connections and use of If-Modified-Since HTTP header.
+    '';
+    homepage = "https://gitlab.com/gnuwget/wget2";
+    # wget2 GPLv3+; libwget LGPLv3+
+    license = with licenses; [ gpl3Plus lgpl3Plus ];
+    maintainers = with maintainers; [ SuperSandro2000 ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 806960b4ad4e..15c6f259a44d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9037,6 +9037,18 @@ in
     libpsl = null;
   };
 
+  wget2 = callPackage ../tools/networking/wget2 {
+    # update breaks grub2
+    gnulib = pkgs.gnulib.overrideAttrs (oldAttrs: rec {
+      version = "20210208";
+      src = fetchgit {
+        url = "https://git.savannah.gnu.org/r/gnulib.git";
+        rev = "0b38e1d69f03d3977d7ae7926c1efeb461a8a971";
+        sha256 = "06bj9y8wcfh35h653yk8j044k7h5g82d2j3z3ib69rg0gy1xagzp";
+      };
+    });
+  };
+
   wg-bond = callPackage ../applications/networking/wg-bond { };
 
   which = callPackage ../tools/system/which { };