pkgs/tools/security/sudo-rs/default.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / tools / security / sudo-rs / default.nix
at 24.11-pre 80 lines 2.2 kB view raw
 1{ lib
 2, bash
 3, fetchFromGitHub
 4, installShellFiles
 5, nix-update-script
 6, nixosTests
 7, pam
 8, pandoc
 9, rustPlatform
10}:
11
12rustPlatform.buildRustPackage rec {
13  pname = "sudo-rs";
14  version = "0.2.2";
15
16  src = fetchFromGitHub {
17    owner = "memorysafety";
18    repo = "sudo-rs";
19    rev = "v${version}";
20    hash = "sha256-Fc9NgKo8Be8AqB1YcH/oH514f3pOjFtqNBIC+3xwagY=";
21  };
22  cargoHash = "sha256-1XhdMHGZZOmSFuVW3Oa1Xwjy3dzkgJOE7h24Ly2F3ps=";
23
24  nativeBuildInputs = [ installShellFiles pandoc ];
25
26  buildInputs = [ pam ];
27
28  # Don't attempt to generate the docs in a (pan)Docker container
29  postPatch = ''
30    substituteInPlace util/generate-docs.sh \
31      --replace "/usr/bin/env bash" ${lib.getExe bash} \
32      --replace util/pandoc.sh pandoc
33  '';
34
35  postInstall = ''
36    ./util/generate-docs.sh
37    installManPage target/docs/man/*
38  '';
39
40  checkFlags = map (t: "--skip=${t}") [
41    # Those tests make path assumptions
42    "common::command::test::test_build_command_and_args"
43    "common::context::tests::test_build_context"
44    "common::resolve::test::canonicalization"
45    "common::resolve::tests::test_resolve_path"
46    "system::tests::kill_test"
47
48    # Assumes $SHELL is an actual shell
49    "su::context::tests::su_to_root"
50
51    # Attempts to access /etc files from the build sandbox
52    "system::audit::test::secure_open_is_predictable"
53
54    # Assume there is a `daemon` user and group
55    "system::interface::test::test_unix_group"
56    "system::interface::test::test_unix_user"
57    "system::tests::test_get_user_and_group_by_id"
58
59    # This expects some PATH_TZINFO environment var
60    "env::environment::tests::test_tzinfo"
61
62    # Unsure why those are failing
63    "env::tests::test_environment_variable_filtering"
64    "su::context::tests::invalid_shell"
65  ];
66
67  passthru = {
68    updateScript = nix-update-script { };
69    tests = nixosTests.sudo-rs;
70  };
71
72  meta = with lib; {
73    description = "A memory safe implementation of sudo and su";
74    homepage = "https://github.com/memorysafety/sudo-rs";
75    changelog = "${meta.homepage}/blob/v${version}/CHANGELOG.md";
76    license = with licenses; [ asl20 mit ];
77    maintainers = with maintainers; [ nicoo ];
78    platforms = platforms.linux;
79  };
80}