nixpkgs/pkgs/development/libraries/cutelyst/default.nix
Anders Kaseorg 3cd8ce3bce treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-01-15 09:47:03 +01:00

41 lines
1014 B
Nix

{ stdenv, lib, fetchFromGitHub, cmake, pkgconfig, wrapQtAppsHook
, qtbase, libuuid, libcap, uwsgi, grantlee, pcre
}:
stdenv.mkDerivation rec {
pname = "cutelyst";
version = "2.9.0";
src = fetchFromGitHub {
owner = "cutelyst";
repo = "cutelyst";
rev = "v${version}";
sha256 = "13h2sj131s31qdzdwa3hx7ildmvlk8mv9s0j99kvx1ijaq49z79f";
};
nativeBuildInputs = [ cmake pkgconfig wrapQtAppsHook ];
buildInputs = [ qtbase libuuid libcap uwsgi grantlee pcre ];
cmakeFlags = [
"-DPLUGIN_UWSGI=ON"
"-DPLUGIN_STATICCOMPRESSED=ON"
"-DPLUGIN_CSRFPROTECTION=ON"
"-DPLUGIN_VIEW_GRANTLEE=ON"
];
preBuild = ''
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/Cutelyst:`pwd`/EventLoopEPoll"
'';
postBuild = ''
unset LD_LIBRARY_PATH
'';
meta = with lib; {
description = "C++ Web Framework built on top of Qt";
homepage = https://cutelyst.org/;
license = licenses.lgpl21Plus;
maintainers = with maintainers; [ fpletz ];
};
}