pyrox.dev
1{
2 lib, stdenv, buildPackages, fetchurl, fetchpatch,
3 runCommand,
4 autoreconfHook,
5 autoconf, automake, libtool, bash,
6 # Enabling python support while cross compiling would be possible, but
7 # the configure script tries executing python to gather info instead of
8 # relying on python3-config exclusively
9 enablePython ? stdenv.hostPlatform == stdenv.buildPlatform, python3, swig,
10 linuxHeaders ? stdenv.cc.libc.linuxHeaders
11}:
12
13stdenv.mkDerivation rec {
14 pname = "audit";
15 version = "2.8.5"; # at the next release, remove the patches below!
16
17 src = fetchurl {
18 url = "https://people.redhat.com/sgrubb/audit/audit-${version}.tar.gz";
19 sha256 = "1dzcwb2q78q7x41shcachn7f4aksxbxd470yk38zh03fch1l2p8f";
20 };
21
22 outputs = [ "bin" "dev" "out" "man" ];
23
24 strictDeps = true;
25 depsBuildBuild = [ buildPackages.stdenv.cc ];
26 nativeBuildInputs = [ autoreconfHook ]
27 ++ lib.optionals enablePython [ python3 swig ];
28 buildInputs = [ bash ];
29
30 configureFlags = [
31 # z/OS plugin is not useful on Linux,
32 # and pulls in an extra openldap dependency otherwise
33 "--disable-zos-remote"
34 (if enablePython then "--with-python" else "--without-python")
35 "--with-arm"
36 "--with-aarch64"
37 ];
38
39 enableParallelBuilding = true;
40
41 # TODO: Remove the musl patches when
42 # https://github.com/linux-audit/audit-userspace/pull/25
43 # is available with the next release.
44 patches = [
45 ./patches/weak-symbols.patch
46 (fetchpatch {
47 # upstream build fix against -fno-common compilers like >=gcc-10
48 url = "https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f.patch";
49 sha256 = "100xa1rzkv0mvhjbfgpfm72f7c4p68syflvgc3xm6pxgrqqmfq8h";
50 })
51
52 (
53 let patch = fetchpatch {
54 url = "https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e.patch";
55 name = "Add-substitue-functions-for-strndupa-rawmemchr.patch";
56 sha256 = "015bvzflg1s1k5viap30nznlpjj44a66khyc8yq0waa68qwvdlsd";
57 };
58 in
59 runCommand "Add-substitue-functions-for-strndupa-rawmemchr.patch-fix-copyright-merge-conflict" {} ''
60 cp ${patch} $out
61 substituteInPlace $out --replace \
62 '-* Copyright (c) 2007-09,2011-16,2018 Red Hat Inc., Durham, North Carolina.' \
63 '-* Copyright (c) 2007-09,2011-16 Red Hat Inc., Durham, North Carolina.'
64 ''
65 )
66
67 # upstream fix for linux-headers-5.15 which removed ipx.h
68 (fetchpatch {
69 name = "no-ipx.patch";
70 url = "https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch";
71 sha256 = "0qjq41ridyamajz9v9nyplgq7f8nn3fxw375s9sa5a0igsrx9pm0";
72 excludes = [ "ChangeLog" ];
73 })
74 # Fix pending upstream inclusion for linux-headers-5.17 support:
75 # https://github.com/linux-audit/audit-userspace/pull/253
76 (fetchpatch {
77 name = "ignore-flexible-array.patch";
78 url = "https://github.com/linux-audit/audit-userspace/commit/beed138222421a2eb4212d83cb889404bd7efc49.patch";
79 sha256 = "1hf02zaxv6x0wmn4ca9fj48y2shks7vfna43i1zz58xw9jq7sza0";
80 })
81 ];
82
83 postPatch = ''
84 sed -i 's,#include <sys/poll.h>,#include <poll.h>\n#include <limits.h>,' audisp/audispd.c
85 substituteInPlace bindings/swig/src/auditswig.i \
86 --replace "/usr/include/linux/audit.h" \
87 "${linuxHeaders}/include/linux/audit.h"
88 ''
89 # According to https://stackoverflow.com/questions/13089166
90 # --whole-archive linker flag is required to be sure that linker
91 # correctly chooses strong version of symbol regardless of order of
92 # object files at command line.
93 + lib.optionalString stdenv.hostPlatform.isStatic ''
94 export LDFLAGS=-Wl,--whole-archive
95 '';
96 meta = {
97 description = "Audit Library";
98 homepage = "https://people.redhat.com/sgrubb/audit/";
99 license = lib.licenses.gpl2;
100 platforms = lib.platforms.linux;
101 maintainers = with lib.maintainers; [ ];
102 };
103}