element-desktop: make keytar optional

nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

@@ -917,6 +917,16 @@
           <literal>true</literal>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          The <literal>element-desktop</literal> package now has an
+          <literal>useKeytar</literal> option (defaults to
+          <literal>true</literal>), which allows disabling
+          <literal>keytar</literal> and in turn
+          <literal>libsecret</literal> usage (which binds to native
+          credential managers / keychain libraries).
+        </para>
+      </listitem>
       <listitem>
         <para>
           The option <literal>services.thelounge.plugins</literal> has

nixos/doc/manual/release-notes/rl-2205.section.md

@@ -307,6 +307,10 @@ In addition to numerous new and upgraded packages, this release has the followin
   using `fetchgit` or `fetchhg` if the argument `fetchSubmodules`
   is set to `true`.
 
+- The `element-desktop` package now has an `useKeytar` option (defaults to `true`),
+  which allows disabling `keytar` and in turn `libsecret` usage
+  (which binds to native credential managers / keychain libraries).
+
 - The option `services.thelounge.plugins` has been added to allow installing plugins for The Lounge. Plugins can be found in `pkgs.theLoungePlugins.plugins` and `pkgs.theLoungePlugins.themes`.
 
 - The `firmwareLinuxNonfree` package has been renamed to `linux-firmware`.

pkgs/applications/networking/instant-messengers/element/element-desktop.nix

@@ -13,12 +13,15 @@
 , AppKit
 , CoreServices
 , desktopToDarwinBundle
+, useKeytar ? true
 }:
 
 let
   pinData = lib.importJSON ./pin.json;
   executableName = "element-desktop";
   electron_exec = if stdenv.isDarwin then "${electron}/Applications/Electron.app/Contents/MacOS/Electron" else "${electron}/bin/electron";
+  keytar = callPackage ./keytar { inherit Security AppKit; };
+  seshat = callPackage ./seshat { inherit CoreServices; };
 in
 mkYarnPackage rec {
   pname = "element-desktop";
@@ -39,8 +42,7 @@ mkYarnPackage rec {
 
   nativeBuildInputs = [ makeWrapper ] ++ lib.optionals stdenv.isDarwin [ desktopToDarwinBundle ];
 
-  seshat = callPackage ./seshat { inherit CoreServices; };
-  keytar = callPackage ./keytar { inherit Security AppKit; };
+  inherit seshat;
 
   buildPhase = ''
     runHook preBuild
@@ -51,12 +53,14 @@ mkYarnPackage rec {
     node ./scripts/copy-res.js
     popd
     rm -rf node_modules/matrix-seshat node_modules/keytar
-    ln -s $keytar node_modules/keytar
+    ${lib.optionalString useKeytar "ln -s ${keytar} node_modules/keytar"}
     ln -s $seshat node_modules/matrix-seshat
     runHook postBuild
   '';
 
   installPhase = ''
+    runHook preInstall
+
     # resources
     mkdir -p "$out/share/element"
     ln -s '${element-web}' "$out/share/element/webapp"
@@ -83,6 +87,8 @@ mkYarnPackage rec {
       --set LD_PRELOAD ${sqlcipher}/lib/libsqlcipher.so \
       --add-flags "$out/share/element/electron" \
       --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}"
+
+    runHook postInstall
   '';
 
   # Do not attempt generating a tarball for element-web again.
@@ -107,7 +113,20 @@ mkYarnPackage rec {
     '';
   };
 
-  passthru.updateScript = ./update.sh;
+  passthru = {
+    updateScript = ./update.sh;
+
+    # TL;DR: keytar is optional while seshat isn't.
+    #
+    # This prevents building keytar when `useKeytar` is set to `false`, because
+    # if libsecret is unavailable (e.g. set to `null` or fails to build), then
+    # this package wouldn't even considered for building because
+    # "one of the dependencies failed to build",
+    # although the dependency wouldn't even be used.
+    #
+    # It needs to be `passthru` anyways because other packages do depend on it.
+    inherit keytar;
+  };
 
   meta = with lib; {
     description = "A feature-rich client for Matrix.org";

pkgs/applications/networking/instant-messengers/element/keytar/default.nix

@@ -28,6 +28,7 @@ in stdenv.mkDerivation rec {
   };
 
   buildPhase = ''
+    runHook preBuild
     cp ${./yarn.lock} ./yarn.lock
     chmod u+w . ./yarn.lock
     export HOME=$PWD/tmp
@@ -37,16 +38,19 @@ in stdenv.mkDerivation rec {
     yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
     patchShebangs node_modules/
     node_modules/.bin/node-gyp rebuild
+    runHook postBuild
   '';
 
   doCheck = false;
 
   installPhase = ''
+    runHook preInstall
     shopt -s extglob
     rm -rf node_modules
     rm -rf $HOME
     mkdir -p $out
     cp -r ./!(build) $out
     install -D -t $out/build/Release build/Release/keytar.node
+    runHook postInstall
   '';
 }

pkgs/applications/networking/instant-messengers/element/seshat/default.nix

@@ -27,6 +27,7 @@ in rustPlatform.buildRustPackage rec {
   };
 
   buildPhase = ''
+    runHook preBuild
     cd ..
     chmod u+w . ./yarn.lock
     export HOME=$PWD/tmp
@@ -36,16 +37,18 @@ in rustPlatform.buildRustPackage rec {
     yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
     patchShebangs node_modules/
     node_modules/.bin/neon build --release
+    runHook postBuild
   '';
 
   doCheck = false;
 
   installPhase = ''
+    runHook preInstall
     shopt -s extglob
     rm -rf native/!(index.node)
-    rm -rf node_modules
-    rm -rf $HOME
+    rm -rf node_modules $HOME
     cp -r . $out
+    runHook postInstall
   '';
 
   cargoSha256 = pinData.cargoHash;