pkgs/by-name/su/sudo/package.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / by-name / su / sudo / package.nix
at master 107 lines 2.9 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchurl,
  5  buildPackages,
  6  coreutils,
  7  pam,
  8  groff,
  9  sssd,
 10  nixosTests,
 11  genericUpdater,
 12  writeShellScript,
 13  curl,
 14  sendmailPath ? "/run/wrappers/bin/sendmail",
 15  withInsults ? false,
 16  withSssd ? false,
 17}:
 18
 19stdenv.mkDerivation (finalAttrs: {
 20  pname = "sudo";
 21  # be sure to check if nixos/modules/security/sudo.nix needs updating when bumping
 22  # e.g. links to man pages, value constraints etc.
 23  version = "1.9.17p2";
 24
 25  __structuredAttrs = true;
 26
 27  src = fetchurl {
 28    url = "https://www.sudo.ws/dist/sudo-${finalAttrs.version}.tar.gz";
 29    hash = "sha256-SjihqzrbEZklftwqfEor1xRmXrYFsENohDsG2tos/Ps=";
 30  };
 31
 32  prePatch = ''
 33    # do not set sticky bit in nix store
 34    substituteInPlace src/Makefile.in --replace 04755 0755
 35  '';
 36
 37  configureFlags = [
 38    "--with-env-editor"
 39    "--with-editor=/run/current-system/sw/bin/nano"
 40    "--with-rundir=/run/sudo"
 41    "--with-vardir=/var/db/sudo"
 42    "--with-logpath=/var/log/sudo.log"
 43    "--with-iologdir=/var/log/sudo-io"
 44    "--with-sendmail=${sendmailPath}"
 45    "--enable-tmpfiles.d=no"
 46    "--with-passprompt=[sudo] password for %p: " # intentional trailing space
 47  ]
 48  ++ lib.optionals withInsults [
 49    "--with-insults"
 50    "--with-all-insults"
 51  ]
 52  ++ lib.optionals withSssd [
 53    "--with-sssd"
 54    "--with-sssd-lib=${sssd}/lib"
 55  ];
 56
 57  postConfigure = ''
 58    cat >> pathnames.h <<'EOF'
 59      #undef _PATH_MV
 60      #define _PATH_MV "${coreutils}/bin/mv"
 61    EOF
 62    makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
 63    installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/"
 64  '';
 65
 66  depsBuildBuild = [ buildPackages.stdenv.cc ];
 67  nativeBuildInputs = [ groff ];
 68  buildInputs = lib.optionals (!stdenv.hostPlatform.isOpenBSD) [ pam ];
 69
 70  enableParallelBuilding = true;
 71
 72  doCheck = false; # needs root
 73
 74  postInstall = ''
 75    rm $out/share/doc/sudo/ChangeLog
 76  '';
 77
 78  passthru = {
 79    tests = { inherit (nixosTests) sudo; };
 80    updateScript = genericUpdater {
 81      versionLister = writeShellScript "sudo-versionLister" ''
 82        ${lib.getExe curl} -sL https://www.sudo.ws/dist | grep -Po 'href="sudo-\K[\w.]*(?=\.tar\.gz")'
 83      '';
 84    };
 85  };
 86
 87  meta = with lib; {
 88    description = "Command to run commands as root";
 89    longDescription = ''
 90      Sudo (su "do") allows a system administrator to delegate
 91      authority to give certain users (or groups of users) the ability
 92      to run some (or all) commands as root or another user while
 93      providing an audit trail of the commands and their arguments.
 94    '';
 95    homepage = "https://www.sudo.ws/";
 96    # From https://www.sudo.ws/about/license/
 97    license = with licenses; [
 98      sudo
 99      bsd2
100      bsd3
101      zlib
102    ];
103    maintainers = with maintainers; [ rhendric ];
104    platforms = platforms.linux ++ platforms.freebsd ++ platforms.openbsd;
105    mainProgram = "sudo";
106  };
107})