pkgs/os-specific/linux/libcap/default.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / libcap / default.nix
at 24.11-pre 92 lines 2.2 kB view raw
 1{ stdenv, lib, buildPackages, fetchurl, attr, runtimeShell
 2, usePam ? !isStatic, pam ? null
 3, isStatic ? stdenv.hostPlatform.isStatic
 4
 5# passthru.tests
 6, bind
 7, chrony
 8, htop
 9, libgcrypt
10, libvirt
11, ntp
12, qemu
13, squid
14, tor
15, uwsgi
16}:
17
18assert usePam -> pam != null;
19
20stdenv.mkDerivation rec {
21  pname = "libcap";
22  version = "2.69";
23
24  src = fetchurl {
25    url = "mirror://kernel/linux/libs/security/linux-privs/libcap2/${pname}-${version}.tar.xz";
26    sha256 = "sha256-8xH489rYRpnQVm0db37JQ6kpiyj3FMrjyTHf1XSS1+s=";
27  };
28
29  outputs = [ "out" "dev" "lib" "man" "doc" ]
30    ++ lib.optional usePam "pam";
31
32  depsBuildBuild = [ buildPackages.stdenv.cc ];
33
34  buildInputs = lib.optional usePam pam;
35
36  propagatedBuildInputs = [ attr ];
37
38  makeFlags = [
39    "lib=lib"
40    "PAM_CAP=${if usePam then "yes" else "no"}"
41    "BUILD_CC=$(CC_FOR_BUILD)"
42    "CC:=$(CC)"
43    "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
44  ] ++ lib.optionals isStatic [ "SHARED=no" "LIBCSTATIC=yes" ];
45
46  postPatch = ''
47    patchShebangs ./progs/mkcapshdoc.sh
48
49    # use full path to bash
50    substituteInPlace progs/capsh.c --replace "/bin/bash" "${runtimeShell}"
51
52    # set prefixes
53    substituteInPlace Make.Rules \
54      --replace 'prefix=/usr' "prefix=$lib" \
55      --replace 'exec_prefix=' "exec_prefix=$out" \
56      --replace 'lib_prefix=$(exec_prefix)' "lib_prefix=$lib" \
57      --replace 'inc_prefix=$(prefix)' "inc_prefix=$dev" \
58      --replace 'man_prefix=$(prefix)' "man_prefix=$doc"
59  '';
60
61  installFlags = [ "RAISE_SETFCAP=no" ];
62
63  postInstall = ''
64    ${lib.optionalString (!isStatic) ''rm "$lib"/lib/*.a''}
65    mkdir -p "$doc/share/doc/${pname}-${version}"
66    cp License "$doc/share/doc/${pname}-${version}/"
67  '' + lib.optionalString usePam ''
68    mkdir -p "$pam/lib/security"
69    mv "$lib"/lib/security "$pam/lib"
70  '';
71
72  passthru.tests = {
73    inherit
74      bind
75      chrony
76      htop
77      libgcrypt
78      libvirt
79      ntp
80      qemu
81      squid
82      tor
83      uwsgi;
84  };
85
86  meta = {
87    description = "Library for working with POSIX capabilities";
88    homepage = "https://sites.google.com/site/fullycapable";
89    platforms = lib.platforms.linux;
90    license = lib.licenses.bsd3;
91  };
92}