tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / li / linux-pam / package.nix
at devShellTools-shell 98 lines 2.4 kB view raw
1{ 2 lib, 3 stdenv, 4 buildPackages, 5 fetchurl, 6 fetchpatch, 7 flex, 8 db4, 9 gettext, 10 audit, 11 libxcrypt, 12 nixosTests, 13 autoreconfHook269, 14 pkg-config-unwrapped, 15}: 16 17stdenv.mkDerivation rec { 18 pname = "linux-pam"; 19 version = "1.6.1"; 20 21 src = fetchurl { 22 url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; 23 hash = "sha256-+JI8dAFZBS1xnb/CovgZQtaN00/K9hxwagLJuA/u744="; 24 }; 25 26 patches = [ 27 ./suid-wrapper-path.patch 28 # required for fixing CVE-2025-6020 29 (fetchpatch { 30 url = "https://github.com/linux-pam/linux-pam/commit/10b80543807e3fc5af5f8bcfd8bb6e219bb3cecc.patch"; 31 hash = "sha256-VS3D3wUbDxDXRriIuEvvgeZixzDA58EfiLygfFeisGg="; 32 }) 33 # Manually cherry-picked from 475bd60c552b98c7eddb3270b0b4196847c0072e 34 ./CVE-2025-6020.patch 35 ]; 36 37 # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569 38 postPatch = 39 lib.optionalString (stdenv.buildPlatform.isDarwin && stdenv.buildPlatform != stdenv.hostPlatform) 40 '' 41 rm CHANGELOG 42 touch ChangeLog 43 ''; 44 45 outputs = [ 46 "out" 47 "doc" 48 "man" # "modules" 49 ]; 50 51 depsBuildBuild = [ buildPackages.stdenv.cc ]; 52 # autoreconfHook269 is needed for `suid-wrapper-path.patch` above. 53 # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` 54 nativeBuildInputs = [ 55 flex 56 autoreconfHook269 57 pkg-config-unwrapped 58 ] 59 ++ lib.optional stdenv.buildPlatform.isDarwin gettext; 60 61 buildInputs = [ 62 db4 63 libxcrypt 64 ] 65 ++ lib.optional stdenv.buildPlatform.isLinux audit; 66 67 enableParallelBuilding = true; 68 69 configureFlags = [ 70 "--includedir=${placeholder "out"}/include/security" 71 "--enable-sconfigdir=/etc/security" 72 # The module is deprecated. We re-enable it explicitly until NixOS 73 # module stops using it. 74 "--enable-lastlog" 75 ]; 76 77 installFlags = [ 78 "SCONFIGDIR=${placeholder "out"}/etc/security" 79 ]; 80 81 doCheck = false; # fails 82 83 passthru.tests = { 84 inherit (nixosTests) 85 pam-oath-login 86 pam-u2f 87 shadow 88 sssd-ldap 89 ; 90 }; 91 92 meta = with lib; { 93 homepage = "https://github.com/linux-pam/linux-pam"; 94 description = "Pluggable Authentication Modules, a flexible mechanism for authenticating user"; 95 platforms = platforms.linux; 96 license = licenses.bsd3; 97 }; 98}