pyrox.dev
1{ stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, glib, expat, pam
2, intltool, spidermonkey_17 , gobjectIntrospection, libxslt, docbook_xsl
3, docbook_xml_dtd_412, gtk_doc
4, useSystemd ? stdenv.isLinux, systemd
5}:
6
7let
8
9 system = "/var/run/current-system/sw";
10 setuid = "/run/wrappers/bin"; #TODO: from <nixos> config.security.wrapperDir;
11
12 foolVars = {
13 SYSCONF = "/etc";
14 DATA = "${system}/share"; # to find share/polkit-1/actions of other apps at runtime
15 };
16
17in
18
19stdenv.mkDerivation rec {
20 name = "polkit-0.113";
21
22 src = fetchurl {
23 url = "http://www.freedesktop.org/software/polkit/releases/${name}.tar.gz";
24 sha256 = "109w86kfqrgz83g9ivggplmgc77rz8kx8646izvm2jb57h4rbh71";
25 };
26
27 patches = [
28 (fetchpatch {
29 url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-agent-leaks.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760";
30 sha256 = "1cxnhj0y30g7ldqq1y6zwsbdwcx7h97d3mpd3h5jy7dhg3h9ym91";
31 })
32 (fetchpatch {
33 url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-polkitpermission-leak.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760";
34 sha256 = "1h1rkd4avqyyr8q6836zzr3w10jf521gcqnvhrhzwdpgp1ay4si7";
35 })
36 (fetchpatch {
37 url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-itstool.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760";
38 sha256 = "0bxmjwp8ahy1y5g1l0kxmld0l3mlvb2l0i5n1qabia3d5iyjkyfh";
39 })
40 ];
41
42 outputs = [ "bin" "dev" "out" ]; # small man pages in $bin
43
44 nativeBuildInputs =
45 [ gtk_doc pkgconfig autoreconfHook ]
46 ++ [ libxslt docbook_xsl docbook_xml_dtd_412 ]; # man pages
47 buildInputs =
48 [ glib expat pam intltool spidermonkey_17 gobjectIntrospection ]
49 ++ stdenv.lib.optional useSystemd systemd;
50
51 # Ugly hack to overwrite hardcoded directories
52 # TODO: investigate a proper patch which will be accepted upstream
53 # After update it's good to check the sources via:
54 # grep '\<PACKAGE_' '--include=*.[ch]' -R
55 CFLAGS = stdenv.lib.concatStringsSep " "
56 ( map (var: ''-DPACKAGE_${var}_DIR=\""${builtins.getAttr var foolVars}"\"'')
57 (builtins.attrNames foolVars) );
58
59 preConfigure = ''
60 patchShebangs .
61 '' + stdenv.lib.optionalString useSystemd /* bogus chroot detection */ ''
62 sed '/libsystemd autoconfigured/s/.*/:/' -i configure
63 ''
64 # ‘libpolkit-agent-1.so’ should call the setuid wrapper on
65 # NixOS. Hard-coding the path is kinda ugly. Maybe we can just
66 # call through $PATH, but that might have security implications.
67 + ''
68 substituteInPlace src/polkitagent/polkitagentsession.c \
69 --replace 'PACKAGE_PREFIX "/lib/polkit-1/' '"${setuid}/'
70 '';
71
72 configureFlags = [
73 #"--libexecdir=$(out)/libexec/polkit-1" # this and localstatedir are ignored by configure
74 "--with-systemdsystemunitdir=$(out)/etc/systemd/system"
75 "--with-polkitd-user=polkituser" #TODO? <nixos> config.ids.uids.polkituser
76 "--with-os-type=NixOS" # not recognized but prevents impurities on non-NixOS
77 "--enable-introspection"
78 ];
79
80 makeFlags = "INTROSPECTION_GIRDIR=$(out)/share/gir-1.0 INTROSPECTION_TYPELIBDIR=$(out)/lib/girepository-1.0";
81
82 # The following is required on grsecurity/PaX due to spidermonkey's JIT
83 postBuild = ''
84 paxmark mr src/polkitbackend/.libs/polkitd
85 paxmark mr test/polkitbackend/.libs/polkitbackendjsauthoritytest
86 '';
87
88 #doCheck = true; # some /bin/bash problem that isn't auto-solved by patchShebangs
89
90 meta = with stdenv.lib; {
91 homepage = http://www.freedesktop.org/wiki/Software/polkit;
92 description = "A toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes";
93 platforms = platforms.linux;
94 maintainers = [ ];
95 };
96}