tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 stdenv,
4 fetchurl,
5 fetchpatch,
6 libcap,
7 libseccomp,
8 openssl,
9 pam,
10 libxcrypt,
11 nixosTests,
12}:
13
14stdenv.mkDerivation (finalAttrs: {
15 pname = "vsftpd";
16 version = "3.0.5";
17
18 src = fetchurl {
19 url = "https://security.appspot.com/downloads/vsftpd-${finalAttrs.version}.tar.gz";
20 hash = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM=";
21 };
22
23 buildInputs = [
24 libcap
25 openssl
26 libseccomp
27 pam
28 libxcrypt
29 ];
30
31 patches = [
32 ./CVE-2015-1419.patch
33
34 # Fix build with gcc15
35 (fetchpatch {
36 name = "vsftpd-correct-the-definition-of-setup_bio_callbacks-in-ssl.patch";
37 url = "https://src.fedoraproject.org/rpms/vsftpd/raw/c31087744900967ff4d572706a296bf6c8c4a68e/f/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch";
38 hash = "sha256-eYiY2eKQ+qS3CiRZYGuRHcnAe32zLDdb/GwF6NyHch4=";
39 })
40 ];
41
42 postPatch = ''
43 sed -i "/VSF_BUILD_SSL/s/^#undef/#define/" builddefs.h
44
45 substituteInPlace Makefile \
46 --replace -dirafter "" \
47 --replace /usr $out \
48 --replace /etc $out/etc \
49 --replace "-Werror" ""
50
51
52 mkdir -p $out/sbin $out/man/man{5,8}
53 '';
54
55 makeFlags = [
56 "CC=${stdenv.cc.targetPrefix}cc"
57 ];
58
59 NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap -lseccomp";
60
61 enableParallelBuilding = true;
62
63 passthru = {
64 tests = { inherit (nixosTests) vsftpd; };
65 };
66
67 meta = {
68 description = "Very secure FTP daemon";
69 mainProgram = "vsftpd";
70 license = lib.licenses.gpl2Only;
71 maintainers = with lib.maintainers; [ peterhoeg ];
72 platforms = lib.platforms.linux;
73 };
74})