nixpkgs/pkgs/os-specific/linux/shadow/default.nix

106 lines
2.9 KiB
Nix
Raw Normal View History

2022-12-17 05:09:41 +00:00
{ lib, stdenv, fetchFromGitHub
, runtimeShell, nixosTests, fetchpatch
, autoreconfHook, bison, flex
, docbook_xml_dtd_45, docbook_xsl
, itstool , libxml2, libxslt
, libxcrypt
, glibcCross ? null
, pam ? null
, withTcb ? lib.meta.availableOn stdenv.hostPlatform tcb, tcb
2017-06-28 20:42:27 +00:00
}:
let
glibc =
2022-12-17 05:09:41 +00:00
if stdenv.hostPlatform != stdenv.buildPlatform then glibcCross
else assert stdenv.hostPlatform.libc == "glibc"; stdenv.cc.libc;
in
stdenv.mkDerivation rec {
pname = "shadow";
2022-12-05 10:15:08 +00:00
version = "4.13";
2017-02-03 12:07:38 +00:00
src = fetchFromGitHub {
owner = "shadow-maint";
2022-12-05 10:15:08 +00:00
repo = pname;
rev = version;
sha256 = "sha256-L54DhdBYthfB9436t/XWXiqKhW7rfd0GLS7pYGB32rA=";
};
2022-12-17 05:09:41 +00:00
outputs = [ "out" "su" "dev" "man" ];
RUNTIME_SHELL = runtimeShell;
nativeBuildInputs = [
autoreconfHook bison flex
docbook_xml_dtd_45 docbook_xsl
itstool libxml2 libxslt
];
2022-09-24 18:38:09 +00:00
buildInputs = [ libxcrypt ]
2022-12-06 18:23:56 +00:00
++ lib.optional (pam != null && stdenv.isLinux) pam
++ lib.optional withTcb tcb;
2022-12-05 10:15:08 +00:00
patches = [
./keep-path.patch
# Obtain XML resources from XML catalog (patch adapted from gtk-doc)
./respect-xml-catalog-files-var.patch
./runtime-shell.patch
2022-12-06 18:23:56 +00:00
./fix-install-with-tcb.patch
2022-12-05 10:15:08 +00:00
# Fix HAVE_SHADOWGRP configure check
(fetchpatch {
url = "https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef.patch";
sha256 = "sha256-GJWg/8ggTnrbIgjI+HYa26DdVbjTHTk/IHhy7GU9G5w=";
})
];
# The nix daemon often forbids even creating set[ug]id files.
2022-12-17 05:09:41 +00:00
postPatch = ''
sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
'';
# Assume System V `setpgrp (void)', which is the default on GNU variants
# (`AC_FUNC_SETPGRP' is not cross-compilation capable.)
preConfigure = ''
export ac_cv_func_setpgrp_void=yes
export shadow_cv_logdir=/var/log
'';
Increase max group name length to 32 characters With #36556, a check was introduced to make sure the user and group names do not exceed their respective maximum length. This is in part because systemd also enforces that length, but only at runtime. So in general it's a good idea to catch as much as we can during evaluation time, however the maximum length of the group name was set to 16 characters according groupadd(8). The maximum length of the group names however is a compile-time option and even systemd allows more than 16 characters. In the mentioned pull request (#36556) there was already a report that this has broken evaluation for people out there. I have also checked what other distributions are doing and they set the length to either 31 characters or 32 characters, the latter being more common. Unfortunately there is a difference between the maximum length enforced by the shadow package and systemd, both for user name lengths and group name lengths. However, systemd enforces both length to have a maximum of 31 characters and I'm not sure if this is intended or just a off-by-one error in systemd. Nevertheless, I choose 32 characters simply to bring it in par with the maximum user name length. For the NixOS assertion however, I use a maximum length of 31 to make sure that nobody accidentally creates services that contain group names that systemd considers invalid because of a length of 32 characters. Signed-off-by: aszlig <aszlig@nix.build> Closes: #38548 Cc: @vcunat, @fpletz, @qknight
2018-04-07 13:14:47 +00:00
configureFlags = [
"--enable-man"
"--with-group-name-max-length=32"
2022-09-24 18:38:09 +00:00
"--with-bcrypt"
"--with-yescrypt"
2022-12-06 18:23:56 +00:00
] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"
++ lib.optional withTcb "--with-tcb";
2017-02-03 12:07:38 +00:00
2022-12-17 05:09:41 +00:00
preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") ''
substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd
'';
postInstall = ''
# Don't install groups, since coreutils already provides it.
rm $out/bin/groups
rm $man/share/man/man1/groups.*
# Move the su binary into the su package
mkdir -p $su/bin
mv $out/bin/su $su/bin
'';
enableParallelBuilding = true;
disallowedReferences = lib.optional (stdenv.buildPlatform != stdenv.hostPlatform) stdenv.shellPackage;
meta = with lib; {
homepage = "https://github.com/shadow-maint";
description = "Suite containing authentication-related tools such as passwd and su";
2018-08-17 22:28:13 +00:00
license = licenses.bsd3;
platforms = platforms.linux;
};
passthru = {
shellPath = "/bin/nologin";
2020-12-23 18:28:30 +00:00
tests = { inherit (nixosTests) shadow; };
};
}