tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / shadow / default.nix
at netboot-syslinux-multiplatform 105 lines 2.9 kB view raw
1{ lib, stdenv, fetchFromGitHub 2, runtimeShell, nixosTests, fetchpatch 3, autoreconfHook, bison, flex 4, docbook_xml_dtd_45, docbook_xsl 5, itstool , libxml2, libxslt 6, libxcrypt 7, glibcCross ? null 8, pam ? null 9, withTcb ? lib.meta.availableOn stdenv.hostPlatform tcb, tcb 10}: 11let 12 glibc = 13 if stdenv.hostPlatform != stdenv.buildPlatform then glibcCross 14 else assert stdenv.hostPlatform.libc == "glibc"; stdenv.cc.libc; 15 16in 17 18stdenv.mkDerivation rec { 19 pname = "shadow"; 20 version = "4.13"; 21 22 src = fetchFromGitHub { 23 owner = "shadow-maint"; 24 repo = pname; 25 rev = version; 26 sha256 = "sha256-L54DhdBYthfB9436t/XWXiqKhW7rfd0GLS7pYGB32rA="; 27 }; 28 29 outputs = [ "out" "su" "dev" "man" ]; 30 31 RUNTIME_SHELL = runtimeShell; 32 33 nativeBuildInputs = [ 34 autoreconfHook bison flex 35 docbook_xml_dtd_45 docbook_xsl 36 itstool libxml2 libxslt 37 ]; 38 39 buildInputs = [ libxcrypt ] 40 ++ lib.optional (pam != null && stdenv.isLinux) pam 41 ++ lib.optional withTcb tcb; 42 43 patches = [ 44 ./keep-path.patch 45 # Obtain XML resources from XML catalog (patch adapted from gtk-doc) 46 ./respect-xml-catalog-files-var.patch 47 ./runtime-shell.patch 48 ./fix-install-with-tcb.patch 49 # Fix HAVE_SHADOWGRP configure check 50 (fetchpatch { 51 url = "https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef.patch"; 52 sha256 = "sha256-GJWg/8ggTnrbIgjI+HYa26DdVbjTHTk/IHhy7GU9G5w="; 53 }) 54 ]; 55 56 # The nix daemon often forbids even creating set[ug]id files. 57 postPatch = '' 58 sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am 59 ''; 60 61 # Assume System V `setpgrp (void)', which is the default on GNU variants 62 # (`AC_FUNC_SETPGRP' is not cross-compilation capable.) 63 preConfigure = '' 64 export ac_cv_func_setpgrp_void=yes 65 export shadow_cv_logdir=/var/log 66 ''; 67 68 configureFlags = [ 69 "--enable-man" 70 "--with-group-name-max-length=32" 71 "--with-bcrypt" 72 "--with-yescrypt" 73 ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd" 74 ++ lib.optional withTcb "--with-tcb"; 75 76 preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") '' 77 substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd 78 ''; 79 80 postInstall = '' 81 # Don't install groups, since coreutils already provides it. 82 rm $out/bin/groups 83 rm $man/share/man/man1/groups.* 84 85 # Move the su binary into the su package 86 mkdir -p $su/bin 87 mv $out/bin/su $su/bin 88 ''; 89 90 enableParallelBuilding = true; 91 92 disallowedReferences = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) stdenv.shellPackage; 93 94 meta = with lib; { 95 homepage = "https://github.com/shadow-maint"; 96 description = "Suite containing authentication-related tools such as passwd and su"; 97 license = licenses.bsd3; 98 platforms = platforms.linux; 99 }; 100 101 passthru = { 102 shellPath = "/bin/nologin"; 103 tests = { inherit (nixosTests) shadow; }; 104 }; 105}