pkgs/tools/security/sudo/default.nix at 20.03

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / sudo / default.nix
at 20.03 83 lines 2.2 kB view raw
wrap content
 1{ stdenv, fetchurl, coreutils, pam, groff, sssd
 2, sendmailPath ? "/run/wrappers/bin/sendmail"
 3, withInsults ? false
 4, withSssd ? false
 5}:
 6
 7stdenv.mkDerivation rec {
 8  pname = "sudo";
 9  version = "1.8.31";
10
11  src = fetchurl {
12    url = "ftp://ftp.sudo.ws/pub/sudo/${pname}-${version}.tar.gz";
13    sha256 = "0ks5mm9hda5idivncyfpiz4lrd8fv0dpmsl711788k7f7ixdka3y";
14  };
15
16  prePatch = ''
17    # do not set sticky bit in nix store
18    substituteInPlace src/Makefile.in --replace 04755 0755
19  '';
20
21  configureFlags = [
22    "--with-env-editor"
23    "--with-editor=/run/current-system/sw/bin/nano"
24    "--with-rundir=/run/sudo"
25    "--with-vardir=/var/db/sudo"
26    "--with-logpath=/var/log/sudo.log"
27    "--with-iologdir=/var/log/sudo-io"
28    "--with-sendmail=${sendmailPath}"
29    "--enable-tmpfiles.d=no"
30  ] ++ stdenv.lib.optional withInsults [
31    "--with-insults"
32    "--with-all-insults"
33  ] ++ stdenv.lib.optional withSssd [
34    "--with-sssd"
35    "--with-sssd-lib=${sssd}/lib"
36  ];
37
38  configureFlagsArray = [
39    "--with-passprompt=[sudo] password for %p: "  # intentional trailing space
40  ];
41
42  postConfigure =
43    ''
44    cat >> pathnames.h <<'EOF'
45      #undef _PATH_MV
46      #define _PATH_MV "${coreutils}/bin/mv"
47    EOF
48    makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
49    installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/"
50    '';
51
52  nativeBuildInputs = [ groff ];
53  buildInputs = [ pam ];
54
55  enableParallelBuilding = true;
56
57  doCheck = false; # needs root
58
59  postInstall =
60    ''
61    rm -f $out/share/doc/sudo/ChangeLog
62    '';
63
64  meta = {
65    description = "A command to run commands as root";
66
67    longDescription =
68      ''
69      Sudo (su "do") allows a system administrator to delegate
70      authority to give certain users (or groups of users) the ability
71      to run some (or all) commands as root or another user while
72      providing an audit trail of the commands and their arguments.
73      '';
74
75    homepage = https://www.sudo.ws/;
76
77    license = https://www.sudo.ws/sudo/license.html;
78
79    maintainers = [ stdenv.lib.maintainers.eelco ];
80
81    platforms = stdenv.lib.platforms.linux;
82  };
83}