commit d91dd6b8a4a89776f3dfba7a99bd93cf7fb7b66c · pyrox.dev/nixpkgs

+51

pkgs/tools/security/tcb/default.nix

··· 1 + { lib, stdenv, fetchFromGitHub, pkg-config 2 + , linux-pam, libxcrypt 3 + }: 4 + 5 + stdenv.mkDerivation rec { 6 + pname = "tcb"; 7 + version = "1.2"; 8 + 9 + src = fetchFromGitHub { 10 + owner = "openwall"; 11 + repo = pname; 12 + rev = "070cf4aa784de13c52788ac22ff611d7cbca0854"; 13 + sha256 = "sha256-Sp5u7iTEZZnAqKQXoPO8eWpSkZeBzQqZI82wRQmgU9A="; 14 + }; 15 + 16 + outputs = [ "out" "bin" "dev" "man" ]; 17 + 18 + nativeBuildInputs = [ pkg-config ]; 19 + 20 + buildInputs = [ linux-pam libxcrypt ]; 21 + 22 + patches = [ ./fix-makefiles.patch ]; 23 + 24 + postPatch = '' 25 + substituteInPlace Make.defs \ 26 + --replace "PREFIX = /usr" "PREFIX = $out" \ 27 + --replace "SBINDIR = /sbin" "SBINDIR = $bin/bin" \ 28 + --replace "INCLUDEDIR = \$(PREFIX)/include" "INCLUDEDIR = $dev/include" 29 + ''; 30 + 31 + meta = with lib; { 32 + description = "Alternative password shadowing scheme"; 33 + longDescription = '' 34 + The tcb package contains core components of our tcb suite implementing the alternative 35 + password shadowing scheme on Openwall GNU Linux (Owl). It is being made available 36 + separately from Owl primarily for use by other distributions. 37 + 38 + The package consists of three components: pam_tcb, libnss_tcb, and libtcb. 39 + 40 + pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password 41 + shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being 42 + the primary example) to operate with little privilege. libnss_tcb is the accompanying 43 + NSS module. libtcb contains code shared by the PAM and NSS modules and is also used 44 + by user management tools on Owl due to our shadow suite patches. 45 + ''; 46 + homepage = "https://www.openwall.com/tcb/"; 47 + license = licenses.bsd3; 48 + platforms = platforms.linux; 49 + maintainers = with maintainers; [ izorkin ]; 50 + }; 51 + }

+52

pkgs/tools/security/tcb/fix-makefiles.patch

··· 1 + diff --git a/Make.defs b/Make.defs 2 + index a961f7d..9e8d59b 100644 3 + --- a/Make.defs 4 + +++ b/Make.defs 5 + @@ -19,7 +19,7 @@ LDFLAGS += $(DBGFLAG) -L../libs 6 + 7 + PREFIX = /usr 8 + SBINDIR = /sbin 9 + -SLIBDIR = /lib 10 + +SLIBDIR = $(PREFIX)/lib 11 + INCLUDEDIR = $(PREFIX)/include 12 + LIBDIR = $(PREFIX)/lib 13 + LIBEXECDIR = $(PREFIX)/libexec 14 + diff --git a/libs/Makefile b/libs/Makefile 15 + index 0083b13..27238f6 100644 16 + --- a/libs/Makefile 17 + +++ b/libs/Makefile 18 + @@ -7,7 +7,7 @@ LIBTCB_A = libtcb.a 19 + LIB_MAP = libtcb.map 20 + NSS_MAP = libnss_tcb.map 21 + 22 + -all: $(LIBTCB_LONG) $(LIBNSS) $(LIBTCB_A) 23 + +all: $(LIBTCB_LONG) $(LIBNSS) 24 + 25 + $(LIBTCB_A): libtcb_a.o 26 + ar -cr $@ $< 27 + @@ -36,9 +36,8 @@ install: 28 + $(MKDIR) -p -m 755 $(DESTDIR)$(LIBDIR) 29 + $(INSTALL) -m $(SHLIBMODE) $(LIBTCB_LONG) $(DESTDIR)$(SLIBDIR)/ 30 + ln -sf $(LIBTCB_LONG) $(DESTDIR)$(SLIBDIR)/$(LIBTCB) 31 + - ln -sf ../..$(SLIBDIR)/$(LIBTCB) $(DESTDIR)$(LIBDIR)/libtcb.so 32 + + ln -sf $(LIBTCB) $(DESTDIR)$(LIBDIR)/libtcb.so 33 + $(INSTALL) -m $(SHLIBMODE) $(LIBNSS) $(DESTDIR)$(SLIBDIR)/ 34 + - $(INSTALL) -m 644 $(LIBTCB_A) $(DESTDIR)$(LIBDIR)/ 35 + 36 + clean: 37 + rm -f *.o *~ $(LIBTCB)* libtcb.so $(LIBNSS) *.a 38 + diff --git a/progs/Makefile b/progs/Makefile 39 + index c3a6879..e24f74b 100644 40 + --- a/progs/Makefile 41 + +++ b/progs/Makefile 42 + @@ -23,8 +23,8 @@ install-non-root: install-common 43 + $(INSTALL) -m 700 $(CHKPWD) $(DESTDIR)$(LIBEXECDIR)/chkpwd/ 44 + 45 + install: install-common 46 + - $(INSTALL) -d -o root -g chkpwd -m 710 $(DESTDIR)$(LIBEXECDIR)/chkpwd 47 + - $(INSTALL) -m 2711 -o root -g shadow $(CHKPWD) \ 48 + + $(INSTALL) -d $(DESTDIR)$(LIBEXECDIR)/chkpwd 49 + + $(INSTALL) $(CHKPWD) \ 50 + $(DESTDIR)$(LIBEXECDIR)/chkpwd/ 51 + 52 + install-common:

+2

pkgs/top-level/all-packages.nix

··· 12057 12057 12058 12058 tayga = callPackage ../tools/networking/tayga { }; 12059 12059 12060 + tcb = callPackage ../tools/security/tcb { }; 12061 + 12060 12062 tcpcrypt = callPackage ../tools/security/tcpcrypt { }; 12061 12063 12062 12064 tcptraceroute = callPackage ../tools/networking/tcptraceroute { };