tjh.dev
1{ lib
2, stdenv
3, buildPackages
4, autoreconfHook
5, fetchurl
6, fetchpatch
7, libedit
8, runCommand
9, dash
10}:
11
12stdenv.mkDerivation rec {
13 pname = "dash";
14 version = "0.5.11.5";
15
16 src = fetchurl {
17 url = "http://gondor.apana.org.au/~herbert/dash/files/${pname}-${version}.tar.gz";
18 sha256 = "sha256-23eBEIkfeTeYXym/I0EP4cXWaVAnYPWE5U4OeynhI70=";
19 };
20
21 hardeningDisable = [ "format" ];
22
23 patches = [
24 (fetchpatch {
25 # Dash executes code when noexec ("-n") is specified
26 # https://www.openwall.com/lists/oss-security/2020/11/11/3
27 url = "https://git.kernel.org/pub/scm/utils/dash/dash.git/patch/?id=29d6f2148f10213de4e904d515e792d2cf8c968e";
28 sha256 = "0aadb7aaaan6jxmi6icv4p5gqx7k510yszaqsa29b5giyxz5l9i1";
29 })
30
31 # aarch64-darwin fix from upstream; remove on next release
32 (fetchpatch {
33 url = "https://git.kernel.org/pub/scm/utils/dash/dash.git/patch/?id=6f6d1f2da03468c0e131fdcbdcfa9771ffca2614";
34 sha256 = "16iz2ylkyhpxqq411ns8pjk8rizh6afhavvsf052wvzsnmmlvfbw";
35 })
36 ];
37
38 strictDeps = true;
39 # configure.ac patched; remove on next release
40 nativeBuildInputs = [ autoreconfHook ];
41
42 depsBuildBuild = [ buildPackages.stdenv.cc ];
43 buildInputs = [ libedit ];
44
45 configureFlags = [ "--with-libedit" ];
46
47 enableParallelBuilding = true;
48
49 meta = with lib; {
50 homepage = "http://gondor.apana.org.au/~herbert/dash/";
51 description = "A POSIX-compliant implementation of /bin/sh that aims to be as small as possible";
52 platforms = platforms.unix;
53 license = with licenses; [ bsd3 gpl2 ];
54 };
55
56 passthru = {
57 shellPath = "/bin/dash";
58 tests = {
59 "execute-simple-command" = runCommand "${pname}-execute-simple-command" { } ''
60 mkdir $out
61 ${dash}/bin/dash -c 'echo "Hello World!" > $out/success'
62 [ -s $out/success ]
63 grep -q "Hello World" $out/success
64 '';
65 };
66 };
67}