pkgs/by-name/sh/shadow/package.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / by-name / sh / shadow / package.nix
at devShellTools-shell 129 lines 2.8 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  runtimeShell,
  6  nixosTests,
  7  autoreconfHook,
  8  bison,
  9  flex,
 10  docbook_xml_dtd_45,
 11  docbook_xsl,
 12  itstool,
 13  libxml2,
 14  libxslt,
 15  libxcrypt,
 16  pkg-config,
 17  glibc ? null,
 18  pam ? null,
 19  withLibbsd ? lib.meta.availableOn stdenv.hostPlatform libbsd,
 20  libbsd,
 21  withTcb ? lib.meta.availableOn stdenv.hostPlatform tcb,
 22  tcb,
 23}:
 24let
 25  glibc' =
 26    if stdenv.hostPlatform != stdenv.buildPlatform then
 27      glibc
 28    else
 29      assert stdenv.hostPlatform.libc == "glibc";
 30      stdenv.cc.libc;
 31
 32in
 33
 34stdenv.mkDerivation rec {
 35  pname = "shadow";
 36  version = "4.17.4";
 37
 38  src = fetchFromGitHub {
 39    owner = "shadow-maint";
 40    repo = "shadow";
 41    rev = version;
 42    hash = "sha256-HlSO1VCrMJtYlSL9/GvVw4mp/pEtuDju6V+6etrAAEk=";
 43  };
 44
 45  outputs = [
 46    "out"
 47    "su"
 48    "dev"
 49    "man"
 50  ];
 51
 52  RUNTIME_SHELL = runtimeShell;
 53
 54  nativeBuildInputs = [
 55    autoreconfHook
 56    bison
 57    flex
 58    docbook_xml_dtd_45
 59    docbook_xsl
 60    itstool
 61    libxml2
 62    libxslt
 63    pkg-config
 64  ];
 65
 66  buildInputs = [
 67    libxcrypt
 68  ]
 69  ++ lib.optional (pam != null && stdenv.hostPlatform.isLinux) pam
 70  ++ lib.optional withLibbsd libbsd
 71  ++ lib.optional withTcb tcb;
 72
 73  patches = [
 74    ./keep-path.patch
 75    # Obtain XML resources from XML catalog (patch adapted from gtk-doc)
 76    ./respect-xml-catalog-files-var.patch
 77    ./runtime-shell.patch
 78    ./fix-install-with-tcb.patch
 79  ];
 80
 81  # The nix daemon often forbids even creating set[ug]id files.
 82  postPatch = ''
 83    sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
 84  '';
 85
 86  # `AC_FUNC_SETPGRP' is not cross-compilation capable.
 87  preConfigure = ''
 88    export ac_cv_func_setpgrp_void=${if stdenv.hostPlatform.isBSD then "no" else "yes"}
 89    export shadow_cv_logdir=/var/log
 90  '';
 91
 92  configureFlags = [
 93    "--enable-man"
 94    "--with-group-name-max-length=32"
 95    "--with-bcrypt"
 96    "--with-yescrypt"
 97    (lib.withFeature withLibbsd "libbsd")
 98  ]
 99  ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"
100  ++ lib.optional withTcb "--with-tcb";
101
102  preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") ''
103    substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc'.bin}/bin/nscd
104  '';
105
106  postInstall = ''
107    # Move the su binary into the su package
108    mkdir -p $su/bin
109    mv $out/bin/su $su/bin
110  '';
111
112  enableParallelBuilding = true;
113
114  disallowedReferences = lib.optional (
115    stdenv.buildPlatform != stdenv.hostPlatform
116  ) stdenv.shellPackage;
117
118  meta = with lib; {
119    homepage = "https://github.com/shadow-maint/shadow";
120    description = "Suite containing authentication-related tools such as passwd and su";
121    license = licenses.bsd3;
122    platforms = platforms.linux;
123  };
124
125  passthru = {
126    shellPath = "/bin/nologin";
127    tests = { inherit (nixosTests) shadow; };
128  };
129}