pkgs/os-specific/linux/pam/default.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / pam / default.nix
at 18.03-beta 78 lines 2.9 kB view raw
 1{ stdenv, buildPackages, hostPlatform, fetchurl, fetchpatch, flex, cracklib }:
 2
 3stdenv.mkDerivation rec {
 4  name = "linux-pam-${version}";
 5  version = "1.3.0";
 6
 7  src = fetchurl {
 8    url = "http://www.linux-pam.org/library/Linux-PAM-${version}.tar.bz2";
 9    sha256 = "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4";
10  };
11
12  patches = stdenv.lib.optionals (hostPlatform.libc == "musl") [
13    (fetchpatch {
14      url = "https://git.alpinelinux.org/cgit/aports/plain/main/linux-pam/fix-compat.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc";
15      sha256 = "1h5yp5h2mqp1fcwiwwklyfpa69a3i03ya32pivs60fd7g5bqa7sf";
16    })
17    (fetchpatch {
18      url = "https://git.alpinelinux.org/cgit/aports/plain/main/linux-pam/libpam-fix-build-with-eglibc-2.16.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc";
19      sha256 = "1ib6shhvgzinjsc603k2x1lxh9dic6qq449fnk110gc359m23j81";
20    })
21    (fetchpatch {
22      url = "https://git.alpinelinux.org/cgit/aports/plain/main/linux-pam/musl-fix-pam_exec.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc";
23      sha256 = "04dx6s9d8cxl40r7m7dc4si47ds4niaqm7902y1d6wcjvs11vrf0";
24    })
25  ];
26
27  outputs = [ "out" "doc" "man" /* "modules" */ ];
28
29  depsBuildBuild = [ buildPackages.stdenv.cc ];
30  nativeBuildInputs = [ flex ];
31
32  buildInputs = [ cracklib ];
33
34  enableParallelBuilding = true;
35
36  crossAttrs = {
37    propagatedBuildInputs = [ flex.crossDrv cracklib.crossDrv ];
38    preConfigure = preConfigure + ''
39      $crossConfig-ar x ${flex.crossDrv}/lib/libfl.a
40      mv libyywrap.o libyywrap-target.o
41      ar x ${flex}/lib/libfl.a
42      mv libyywrap.o libyywrap-host.o
43      export LDFLAGS="$LDFLAGS $PWD/libyywrap-target.o"
44      sed -e 's/@CC@/gcc/' -i doc/specs/Makefile.in
45    '';
46    postConfigure = ''
47      sed -e "s@ $PWD/libyywrap-target.o@ $PWD/libyywrap-host.o@" -i doc/specs/Makefile
48    '';
49  };
50
51  postInstall = ''
52    mv -v $out/sbin/unix_chkpwd{,.orig}
53    ln -sv /run/wrappers/bin/unix_chkpwd $out/sbin/unix_chkpwd
54  ''; /*
55    rm -rf $out/etc
56    mkdir -p $modules/lib
57    mv $out/lib/security $modules/lib/
58  '';*/
59  # don't move modules, because libpam needs to (be able to) find them,
60  # which is done by dlopening $out/lib/security/pam_foo.so
61  # $out/etc was also missed: pam_env(login:session): Unable to open config file
62
63  preConfigure = ''
64    configureFlags="$configureFlags --includedir=$out/include/security"
65  '' + stdenv.lib.optionalString (hostPlatform.libc == "musl") ''
66      # export ac_cv_search_crypt=no
67      # (taken from Alpine linux, apparently insecure but also doesn't build O:))
68      # disable insecure modules
69      # sed -e 's/pam_rhosts//g' -i modules/Makefile.am
70      sed -e 's/pam_rhosts//g' -i modules/Makefile.in
71  '';
72
73  meta = {
74    homepage = http://ftp.kernel.org/pub/linux/libs/pam/;
75    description = "Pluggable Authentication Modules, a flexible mechanism for authenticating user";
76    platforms = stdenv.lib.platforms.linux;
77  };
78}