tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / su / sudo / package.nix
at python-updates 2.6 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchurl, 5 buildPackages, 6 coreutils, 7 pam, 8 groff, 9 sssd, 10 nixosTests, 11 sendmailPath ? "/run/wrappers/bin/sendmail", 12 withInsults ? false, 13 withSssd ? false, 14}: 15 16stdenv.mkDerivation (finalAttrs: { 17 pname = "sudo"; 18 # be sure to check if nixos/modules/security/sudo.nix needs updating when bumping 19 # e.g. links to man pages, value constraints etc. 20 version = "1.9.17p2"; 21 22 __structuredAttrs = true; 23 24 src = fetchurl { 25 url = "https://www.sudo.ws/dist/sudo-${finalAttrs.version}.tar.gz"; 26 hash = "sha256-SjihqzrbEZklftwqfEor1xRmXrYFsENohDsG2tos/Ps="; 27 }; 28 29 prePatch = '' 30 # do not set sticky bit in nix store 31 substituteInPlace src/Makefile.in --replace 04755 0755 32 ''; 33 34 configureFlags = [ 35 "--with-env-editor" 36 "--with-editor=/run/current-system/sw/bin/nano" 37 "--with-rundir=/run/sudo" 38 "--with-vardir=/var/db/sudo" 39 "--with-logpath=/var/log/sudo.log" 40 "--with-iologdir=/var/log/sudo-io" 41 "--with-sendmail=${sendmailPath}" 42 "--enable-tmpfiles.d=no" 43 "--with-passprompt=[sudo] password for %p: " # intentional trailing space 44 ] 45 ++ lib.optionals withInsults [ 46 "--with-insults" 47 "--with-all-insults" 48 ] 49 ++ lib.optionals withSssd [ 50 "--with-sssd" 51 "--with-sssd-lib=${sssd}/lib" 52 ]; 53 54 postConfigure = '' 55 cat >> pathnames.h <<'EOF' 56 #undef _PATH_MV 57 #define _PATH_MV "${coreutils}/bin/mv" 58 EOF 59 makeFlags="install_uid=$(id -u) install_gid=$(id -g)" 60 installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" 61 ''; 62 63 depsBuildBuild = [ buildPackages.stdenv.cc ]; 64 nativeBuildInputs = [ groff ]; 65 buildInputs = lib.optionals (!stdenv.hostPlatform.isOpenBSD) [ pam ]; 66 67 enableParallelBuilding = true; 68 69 doCheck = false; # needs root 70 71 postInstall = '' 72 rm $out/share/doc/sudo/ChangeLog 73 ''; 74 75 passthru.tests = { inherit (nixosTests) sudo; }; 76 77 meta = with lib; { 78 description = "Command to run commands as root"; 79 longDescription = '' 80 Sudo (su "do") allows a system administrator to delegate 81 authority to give certain users (or groups of users) the ability 82 to run some (or all) commands as root or another user while 83 providing an audit trail of the commands and their arguments. 84 ''; 85 homepage = "https://www.sudo.ws/"; 86 # From https://www.sudo.ws/about/license/ 87 license = with licenses; [ 88 sudo 89 bsd2 90 bsd3 91 zlib 92 ]; 93 maintainers = with maintainers; [ rhendric ]; 94 platforms = platforms.linux ++ platforms.freebsd ++ platforms.openbsd; 95 mainProgram = "sudo"; 96 }; 97})