pkgs/os-specific/linux/shadow/default.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / shadow / default.nix
at 23.11-beta 101 lines 2.7 kB view raw
  1{ lib, stdenv, fetchFromGitHub
  2, runtimeShell, nixosTests
  3, autoreconfHook, bison, flex
  4, docbook_xml_dtd_45, docbook_xsl
  5, itstool, libbsd, libxml2, libxslt
  6, libxcrypt, pkg-config
  7, glibcCross ? null
  8, pam ? null
  9, withTcb ? lib.meta.availableOn stdenv.hostPlatform tcb, tcb
 10}:
 11let
 12  glibc =
 13    if stdenv.hostPlatform != stdenv.buildPlatform then glibcCross
 14    else assert stdenv.hostPlatform.libc == "glibc"; stdenv.cc.libc;
 15
 16in
 17
 18stdenv.mkDerivation rec {
 19  pname = "shadow";
 20  version = "4.14.1";
 21
 22  src = fetchFromGitHub {
 23    owner = "shadow-maint";
 24    repo = pname;
 25    rev = version;
 26    hash = "sha256-DzPPnttnJSOMQwXWyFcz6fEtjwBC3p2PpZpBAQ/Ew18=";
 27  };
 28
 29  outputs = [ "out" "su" "dev" "man" ];
 30
 31  RUNTIME_SHELL = runtimeShell;
 32
 33  nativeBuildInputs = [
 34    autoreconfHook bison flex
 35    docbook_xml_dtd_45 docbook_xsl
 36    itstool libxml2 libxslt
 37    pkg-config
 38  ];
 39
 40  buildInputs = [ libbsd libxcrypt ]
 41    ++ lib.optional (pam != null && stdenv.isLinux) pam
 42    ++ lib.optional withTcb tcb;
 43
 44  patches = [
 45    ./keep-path.patch
 46    # Obtain XML resources from XML catalog (patch adapted from gtk-doc)
 47    ./respect-xml-catalog-files-var.patch
 48    ./runtime-shell.patch
 49    ./fix-install-with-tcb.patch
 50  ];
 51
 52  # The nix daemon often forbids even creating set[ug]id files.
 53  postPatch = ''
 54    sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
 55  '';
 56
 57  # Assume System V `setpgrp (void)', which is the default on GNU variants
 58  # (`AC_FUNC_SETPGRP' is not cross-compilation capable.)
 59  preConfigure = ''
 60    export ac_cv_func_setpgrp_void=yes
 61    export shadow_cv_logdir=/var/log
 62  '';
 63
 64  configureFlags = [
 65    "--enable-man"
 66    "--with-group-name-max-length=32"
 67    "--with-bcrypt"
 68    "--with-yescrypt"
 69  ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"
 70    ++ lib.optional withTcb "--with-tcb";
 71
 72  preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") ''
 73    substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd
 74  '';
 75
 76  postInstall = ''
 77    # Don't install ‘groups’, since coreutils already provides it.
 78    rm $out/bin/groups
 79    rm $man/share/man/man1/groups.*
 80
 81    # Move the su binary into the su package
 82    mkdir -p $su/bin
 83    mv $out/bin/su $su/bin
 84  '';
 85
 86  enableParallelBuilding = true;
 87
 88  disallowedReferences = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) stdenv.shellPackage;
 89
 90  meta = with lib; {
 91    homepage = "https://github.com/shadow-maint";
 92    description = "Suite containing authentication-related tools such as passwd and su";
 93    license = licenses.bsd3;
 94    platforms = platforms.linux;
 95  };
 96
 97  passthru = {
 98    shellPath = "/bin/nologin";
 99    tests = { inherit (nixosTests) shadow; };
100  };
101}