tjh.dev
1{ stdenv, lib, buildPackages, fetchurl, attr, runtimeShell
2, usePam ? !isStatic, pam ? null
3, isStatic ? stdenv.hostPlatform.isStatic
4}:
5
6assert usePam -> pam != null;
7
8stdenv.mkDerivation rec {
9 pname = "libcap";
10 version = "2.69";
11
12 src = fetchurl {
13 url = "mirror://kernel/linux/libs/security/linux-privs/libcap2/${pname}-${version}.tar.xz";
14 sha256 = "sha256-8xH489rYRpnQVm0db37JQ6kpiyj3FMrjyTHf1XSS1+s=";
15 };
16
17 outputs = [ "out" "dev" "lib" "man" "doc" ]
18 ++ lib.optional usePam "pam";
19
20 depsBuildBuild = [ buildPackages.stdenv.cc ];
21
22 buildInputs = lib.optional usePam pam;
23
24 propagatedBuildInputs = [ attr ];
25
26 makeFlags = [
27 "lib=lib"
28 "PAM_CAP=${if usePam then "yes" else "no"}"
29 "BUILD_CC=$(CC_FOR_BUILD)"
30 "CC:=$(CC)"
31 "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
32 ] ++ lib.optional isStatic "SHARED=no";
33
34 postPatch = ''
35 patchShebangs ./progs/mkcapshdoc.sh
36
37 # use full path to bash
38 substituteInPlace progs/capsh.c --replace "/bin/bash" "${runtimeShell}"
39
40 # set prefixes
41 substituteInPlace Make.Rules \
42 --replace 'prefix=/usr' "prefix=$lib" \
43 --replace 'exec_prefix=' "exec_prefix=$out" \
44 --replace 'lib_prefix=$(exec_prefix)' "lib_prefix=$lib" \
45 --replace 'inc_prefix=$(prefix)' "inc_prefix=$dev" \
46 --replace 'man_prefix=$(prefix)' "man_prefix=$doc"
47 '';
48
49 installFlags = [ "RAISE_SETFCAP=no" ];
50
51 postInstall = ''
52 ${lib.optionalString (!isStatic) ''rm "$lib"/lib/*.a''}
53 mkdir -p "$doc/share/doc/${pname}-${version}"
54 cp License "$doc/share/doc/${pname}-${version}/"
55 '' + lib.optionalString usePam ''
56 mkdir -p "$pam/lib/security"
57 mv "$lib"/lib/security "$pam/lib"
58 '';
59
60 meta = {
61 description = "Library for working with POSIX capabilities";
62 homepage = "https://sites.google.com/site/fullycapable";
63 platforms = lib.platforms.linux;
64 license = lib.licenses.bsd3;
65 };
66}