nixpkgs/pkgs/os-specific/linux/shadow/default.nix
Rickard Nilsson 5f8a45c136 shadow: 4.4 -> 4.5
Fixes CVE-2017-12424
2017-08-17 13:23:56 +02:00

91 lines
2.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt, libxml2
, docbook_xml_dtd_412, docbook_xsl, gnome_doc_utils, flex, bison
, pam ? null, glibcCross ? null
, buildPlatform, hostPlatform
}:
let
glibc =
if hostPlatform != buildPlatform
then glibcCross
else assert stdenv ? glibc; stdenv.glibc;
dots_in_usernames = fetchpatch {
url = http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch;
sha256 = "1fj3rg6x3jppm5jvi9y7fhd2djbi4nc5pgwisw00xlh4qapgz692";
};
in
stdenv.mkDerivation rec {
name = "shadow-${version}";
version = "4.5";
src = fetchFromGitHub {
owner = "shadow-maint";
repo = "shadow";
rev = "${version}";
sha256 = "1aj7s2arnsfqf34ak40is2zmwm666l28pay6rv1ffx46j0wj4hws";
};
buildInputs = stdenv.lib.optional (pam != null && stdenv.isLinux) pam;
nativeBuildInputs = [autoreconfHook libxslt libxml2
docbook_xml_dtd_412 docbook_xsl gnome_doc_utils flex bison
];
patches =
[ ./keep-path.patch
dots_in_usernames
];
# The nix daemon often forbids even creating set[ug]id files.
postPatch =
''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
'';
outputs = [ "out" "su" "man" ];
enableParallelBuilding = true;
# Assume System V `setpgrp (void)', which is the default on GNU variants
# (`AC_FUNC_SETPGRP' is not cross-compilation capable.)
preConfigure = ''
export ac_cv_func_setpgrp_void=yes
export shadow_cv_logdir=/var/log
(
head -n -1 "${docbook_xml_dtd_412}/xml/dtd/docbook/catalog.xml"
tail -n +3 "${docbook_xsl}/share/xml/docbook-xsl/catalog.xml"
) > xmlcatalog
configureFlags="$configureFlags --with-xml-catalog=$PWD/xmlcatalog ";
'';
configureFlags = " --enable-man ";
preBuild = assert glibc != null;
''
substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd
'';
postInstall =
''
# Don't install groups, since coreutils already provides it.
rm $out/bin/groups
rm $man/share/man/man1/groups.*
# Move the su binary into the su package
mkdir -p $su/bin
mv $out/bin/su $su/bin
'';
meta = {
homepage = http://pkg-shadow.alioth.debian.org/;
description = "Suite containing authentication-related tools such as passwd and su";
platforms = stdenv.lib.platforms.linux;
};
passthru = {
shellPath = "/bin/nologin";
};
}