tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / tools / security / sudo / default.nix
at release-19.03 85 lines 2.2 kB view raw
1{ stdenv, fetchurl, coreutils, pam, groff, sssd 2, sendmailPath ? "/run/wrappers/bin/sendmail" 3, withInsults ? false 4, withSssd ? false 5}: 6 7stdenv.mkDerivation rec { 8 name = "sudo-1.8.28"; 9 10 src = fetchurl { 11 urls = 12 [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" 13 "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" 14 ]; 15 sha256 = "188k3w67aflbmi4b5z23pxrvzfcfndi22b84w86gzjh8b9sglaci"; 16 }; 17 18 prePatch = '' 19 # do not set sticky bit in nix store 20 substituteInPlace src/Makefile.in --replace 04755 0755 21 ''; 22 23 configureFlags = [ 24 "--with-env-editor" 25 "--with-editor=/run/current-system/sw/bin/nano" 26 "--with-rundir=/run/sudo" 27 "--with-vardir=/var/db/sudo" 28 "--with-logpath=/var/log/sudo.log" 29 "--with-iologdir=/var/log/sudo-io" 30 "--with-sendmail=${sendmailPath}" 31 "--enable-tmpfiles.d=no" 32 ] ++ stdenv.lib.optional withInsults [ 33 "--with-insults" 34 "--with-all-insults" 35 ] ++ stdenv.lib.optional withSssd [ 36 "--with-sssd" 37 "--with-sssd-lib=${sssd}/lib" 38 ]; 39 40 configureFlagsArray = [ 41 "--with-passprompt=[sudo] password for %p: " # intentional trailing space 42 ]; 43 44 postConfigure = 45 '' 46 cat >> pathnames.h <<'EOF' 47 #undef _PATH_MV 48 #define _PATH_MV "${coreutils}/bin/mv" 49 EOF 50 makeFlags="install_uid=$(id -u) install_gid=$(id -g)" 51 installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy" 52 ''; 53 54 nativeBuildInputs = [ groff ]; 55 buildInputs = [ pam ]; 56 57 enableParallelBuilding = true; 58 59 doCheck = false; # needs root 60 61 postInstall = 62 '' 63 rm -f $out/share/doc/sudo/ChangeLog 64 ''; 65 66 meta = { 67 description = "A command to run commands as root"; 68 69 longDescription = 70 '' 71 Sudo (su "do") allows a system administrator to delegate 72 authority to give certain users (or groups of users) the ability 73 to run some (or all) commands as root or another user while 74 providing an audit trail of the commands and their arguments. 75 ''; 76 77 homepage = https://www.sudo.ws/; 78 79 license = https://www.sudo.ws/sudo/license.html; 80 81 maintainers = [ stdenv.lib.maintainers.eelco ]; 82 83 platforms = stdenv.lib.platforms.linux; 84 }; 85}