nixpkgs/pkgs/tools/security/super/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

57 lines
1.8 KiB
Nix
Raw Normal View History

2022-09-29 23:47:35 +00:00
{ lib, stdenv, fetchurl, fetchpatch, libxcrypt }:
stdenv.mkDerivation rec {
pname = "super";
version = "3.30.0";
src = fetchurl {
name = "super-${version}.tar.gz";
url = "https://www.ucolick.org/~will/RUE/super/super-${version}-tar.gz";
sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy";
};
prePatch = ''
2017-06-17 09:43:50 +00:00
# do not set sticky bit in nix store
substituteInPlace Makefile.in \
--replace "-o root" "" \
--replace 04755 755
'';
patches = [
2020-08-10 19:48:12 +00:00
./0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch
(fetchpatch {
name = "CVE-2014-0470.patch";
url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch";
sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh";
})
];
# -fcommon: workaround build failure on -fno-common toolchains like upstream
# gcc-10. Otherwise build fails as:
# ld: pam.o:/build/super-3.30.0/super.h:293: multiple definition of
# `Method'; super.o:/build/super-3.30.0/super.h:293: first defined here
env.NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -fcommon";
2018-07-25 21:44:21 +00:00
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
];
2022-09-29 23:47:35 +00:00
buildInputs = [ libxcrypt ];
2019-11-05 01:10:31 +00:00
installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ];
meta = {
homepage = "https://www.ucolick.org/~will/#super";
description = "Allows users to execute scripts as if they were root";
longDescription =
''
This package provides two commands: 1) super, which allows
users to execute commands under a different uid/gid (specified
in /etc/super.tab); and 2) setuid, which allows root to
execute a command under a different uid.
'';
2021-01-15 09:19:50 +00:00
platforms = lib.platforms.linux;
2016-08-02 15:51:05 +00:00
};
}