tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1{
2 lib,
3 stdenv,
4 fetchFromGitHub,
5 pkg-config,
6 linux-pam,
7 libxcrypt,
8}:
9
10stdenv.mkDerivation {
11 pname = "tcb";
12 version = "1.2";
13
14 src = fetchFromGitHub {
15 owner = "openwall";
16 repo = "tcb";
17 rev = "070cf4aa784de13c52788ac22ff611d7cbca0854";
18 sha256 = "sha256-Sp5u7iTEZZnAqKQXoPO8eWpSkZeBzQqZI82wRQmgU9A=";
19 };
20
21 outputs = [
22 "out"
23 "bin"
24 "dev"
25 "man"
26 ];
27
28 nativeBuildInputs = [ pkg-config ];
29
30 buildInputs = [
31 linux-pam
32 libxcrypt
33 ];
34
35 patches = [ ./fix-makefiles.patch ];
36
37 postPatch = ''
38 substituteInPlace Make.defs \
39 --replace "PREFIX = /usr" "PREFIX = $out" \
40 --replace "SBINDIR = /sbin" "SBINDIR = $bin/bin" \
41 --replace "INCLUDEDIR = \$(PREFIX)/include" "INCLUDEDIR = $dev/include"
42
43 # Override default 'CC=gcc'
44 makeFlagsArray+=("CC=$CC")
45 '';
46
47 meta = with lib; {
48 description = "Alternative password shadowing scheme";
49 longDescription = ''
50 The tcb package contains core components of our tcb suite implementing the alternative
51 password shadowing scheme on Openwall GNU Linux (Owl). It is being made available
52 separately from Owl primarily for use by other distributions.
53
54 The package consists of three components: pam_tcb, libnss_tcb, and libtcb.
55
56 pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password
57 shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being
58 the primary example) to operate with little privilege. libnss_tcb is the accompanying
59 NSS module. libtcb contains code shared by the PAM and NSS modules and is also used
60 by user management tools on Owl due to our shadow suite patches.
61 '';
62 homepage = "https://www.openwall.com/tcb/";
63 license = licenses.bsd3;
64 platforms = systems.inspect.patterns.isGnu;
65 maintainers = with maintainers; [ izorkin ];
66 };
67}