tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / tools / security / sudo / default.nix
at netboot-syslinux-multiplatform 2.3 kB view raw
1{ lib 2, stdenv 3, fetchurl 4, buildPackages 5, coreutils 6, pam 7, groff 8, sssd 9, nixosTests 10, sendmailPath ? "/run/wrappers/bin/sendmail" 11, withInsults ? false 12, withSssd ? false 13}: 14 15stdenv.mkDerivation rec { 16 pname = "sudo"; 17 version = "1.9.13p3"; 18 19 src = fetchurl { 20 url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; 21 hash = "sha256-kjNKEruT4MBWsJ9T4lXMt9b2fGNQ4oE82Vk87sp4Vgs="; 22 }; 23 24 prePatch = '' 25 # do not set sticky bit in nix store 26 substituteInPlace src/Makefile.in --replace 04755 0755 27 ''; 28 29 configureFlags = [ 30 "--with-env-editor" 31 "--with-editor=/run/current-system/sw/bin/nano" 32 "--with-rundir=/run/sudo" 33 "--with-vardir=/var/db/sudo" 34 "--with-logpath=/var/log/sudo.log" 35 "--with-iologdir=/var/log/sudo-io" 36 "--with-sendmail=${sendmailPath}" 37 "--enable-tmpfiles.d=no" 38 ] ++ lib.optionals withInsults [ 39 "--with-insults" 40 "--with-all-insults" 41 ] ++ lib.optionals withSssd [ 42 "--with-sssd" 43 "--with-sssd-lib=${sssd}/lib" 44 ]; 45 46 configureFlagsArray = [ 47 "--with-passprompt=[sudo] password for %p: " # intentional trailing space 48 ]; 49 50 postConfigure = 51 '' 52 cat >> pathnames.h <<'EOF' 53 #undef _PATH_MV 54 #define _PATH_MV "${coreutils}/bin/mv" 55 EOF 56 makeFlags="install_uid=$(id -u) install_gid=$(id -g)" 57 installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" 58 ''; 59 60 depsBuildBuild = [ buildPackages.stdenv.cc ]; 61 nativeBuildInputs = [ groff ]; 62 buildInputs = [ pam ]; 63 64 enableParallelBuilding = true; 65 66 doCheck = false; # needs root 67 68 postInstall = '' 69 rm $out/share/doc/sudo/ChangeLog 70 ''; 71 72 passthru.tests = { inherit (nixosTests) sudo; }; 73 74 meta = { 75 description = "A command to run commands as root"; 76 77 longDescription = 78 '' 79 Sudo (su "do") allows a system administrator to delegate 80 authority to give certain users (or groups of users) the ability 81 to run some (or all) commands as root or another user while 82 providing an audit trail of the commands and their arguments. 83 ''; 84 85 homepage = "https://www.sudo.ws/"; 86 87 license = "https://www.sudo.ws/sudo/license.html"; 88 89 maintainers = with lib.maintainers; [ eelco delroth ]; 90 91 platforms = lib.platforms.linux; 92 }; 93}