pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / tools / security / super / default.nix
at 23.05-pre 56 lines 1.8 kB view raw
1{ lib, stdenv, fetchurl, fetchpatch, libxcrypt }: 2 3stdenv.mkDerivation rec { 4 pname = "super"; 5 version = "3.30.0"; 6 7 src = fetchurl { 8 name = "super-${version}.tar.gz"; 9 url = "https://www.ucolick.org/~will/RUE/super/super-${version}-tar.gz"; 10 sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy"; 11 }; 12 13 prePatch = '' 14 # do not set sticky bit in nix store 15 substituteInPlace Makefile.in \ 16 --replace "-o root" "" \ 17 --replace 04755 755 18 ''; 19 20 patches = [ 21 ./0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch 22 (fetchpatch { 23 name = "CVE-2014-0470.patch"; 24 url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch"; 25 sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh"; 26 }) 27 ]; 28 29 # -fcommon: workaround build failure on -fno-common toolchains like upstream 30 # gcc-10. Otherwise build fails as: 31 # ld: pam.o:/build/super-3.30.0/super.h:293: multiple definition of 32 # `Method'; super.o:/build/super-3.30.0/super.h:293: first defined here 33 NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -fcommon"; 34 35 configureFlags = [ 36 "--sysconfdir=/etc" 37 "--localstatedir=/var" 38 ]; 39 40 buildInputs = [ libxcrypt ]; 41 42 installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ]; 43 44 meta = { 45 homepage = "https://www.ucolick.org/~will/#super"; 46 description = "Allows users to execute scripts as if they were root"; 47 longDescription = 48 '' 49 This package provides two commands: 1) super, which allows 50 users to execute commands under a different uid/gid (specified 51 in /etc/super.tab); and 2) setuid, which allows root to 52 execute a command under a different uid. 53 ''; 54 platforms = lib.platforms.linux; 55 }; 56}