pkgs/development/libraries/polkit/default.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / development / libraries / polkit / default.nix
at 18.09-beta 90 lines 3.4 kB view raw
 1{ stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, glib, expat, pam, perl
 2, intltool, spidermonkey_52 , gobjectIntrospection, libxslt, docbook_xsl, dbus
 3, docbook_xml_dtd_412, gtk-doc, coreutils
 4, useSystemd ? stdenv.isLinux, systemd
 5, doCheck ? stdenv.isLinux
 6}:
 7
 8let
 9
10  system = "/run/current-system/sw";
11  setuid = "/run/wrappers/bin"; #TODO: from <nixos> config.security.wrapperDir;
12
13in
14
15stdenv.mkDerivation rec {
16  name = "polkit-0.115";
17
18  src = fetchurl {
19    url = "https://www.freedesktop.org/software/polkit/releases/${name}.tar.gz";
20    sha256 = "0c91y61y4gy6p91cwbzg32dhavw4b7fflg370rimqhdxpzdfr1rg";
21  };
22
23
24  postPatch = stdenv.lib.optionalString stdenv.isDarwin ''
25    sed -i -e "s/-Wl,--as-needed//" configure.ac
26  '';
27
28  outputs = [ "bin" "dev" "out" ]; # small man pages in $bin
29
30  nativeBuildInputs =
31    [ gtk-doc pkgconfig autoreconfHook intltool gobjectIntrospection perl ]
32    ++ [ libxslt docbook_xsl docbook_xml_dtd_412 ]; # man pages
33  buildInputs =
34    [ glib expat pam spidermonkey_52 gobjectIntrospection ]
35    ++ stdenv.lib.optional useSystemd systemd;
36
37  NIX_CFLAGS_COMPILE = " -Wno-deprecated-declarations "; # for polkit 0.114 and glib 2.56
38
39  preConfigure = ''
40    chmod +x test/mocklibc/bin/mocklibc{,-test}.in
41    patchShebangs .
42
43    # ‘libpolkit-agent-1.so’ should call the setuid wrapper on
44    # NixOS.  Hard-coding the path is kinda ugly.  Maybe we can just
45    # call through $PATH, but that might have security implications.
46    substituteInPlace src/polkitagent/polkitagentsession.c \
47      --replace   'PACKAGE_PREFIX "/lib/polkit-1/'   '"${setuid}/'
48    substituteInPlace test/data/etc/polkit-1/rules.d/10-testing.rules \
49      --replace   /bin/true ${coreutils}/bin/true \
50      --replace   /bin/false ${coreutils}/bin/false
51
52  '' + stdenv.lib.optionalString useSystemd /* bogus chroot detection */ ''
53    sed '/libsystemd autoconfigured/s/.*/:/' -i configure
54  '';
55
56  configureFlags = [
57    "--datadir=${system}/share"
58    "--sysconfdir=/etc"
59    "--with-systemdsystemunitdir=$(out)/etc/systemd/system"
60    "--with-polkitd-user=polkituser" #TODO? <nixos> config.ids.uids.polkituser
61    "--with-os-type=NixOS" # not recognized but prevents impurities on non-NixOS
62    "--enable-introspection"
63  ] ++ stdenv.lib.optional (!doCheck) "--disable-test";
64
65  makeFlags = "INTROSPECTION_GIRDIR=$(out)/share/gir-1.0 INTROSPECTION_TYPELIBDIR=$(out)/lib/girepository-1.0";
66
67  # The following is required on grsecurity/PaX due to spidermonkey's JIT
68  postBuild = stdenv.lib.optionalString stdenv.isLinux ''
69    paxmark mr src/polkitbackend/.libs/polkitd
70  '' + stdenv.lib.optionalString (stdenv.isLinux && doCheck) ''
71    paxmark mr test/polkitbackend/.libs/polkitbackendjsauthoritytest
72  '';
73
74  installFlags=["datadir=$(out)/share" "sysconfdir=$(out)/etc"];
75
76  inherit doCheck;
77  checkInputs = [dbus];
78  checkPhase = ''
79    # tests need access to the system bus
80    dbus-run-session --config-file=${./system_bus.conf} -- sh -c 'DBUS_SYSTEM_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS make check'
81  '';
82
83  meta = with stdenv.lib; {
84    homepage = http://www.freedesktop.org/wiki/Software/polkit;
85    description = "A toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes";
86    license = licenses.gpl2;
87    platforms = platforms.unix;
88    maintainers = [ ];
89  };
90}