3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/os-specific/linux/shadow/default.nix

94 lines
2.6 KiB
Nix
Raw Normal View History

{ stdenv, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt, libxml2
, docbook_xml_dtd_412, docbook_xsl, gnome-doc-utils, flex, bison
2017-06-28 21:42:27 +01:00
, pam ? null, glibcCross ? null
, buildPlatform, hostPlatform
}:
let
glibc =
2017-06-28 21:42:27 +01:00
if hostPlatform != buildPlatform
then glibcCross
else assert hostPlatform.libc == "glibc"; stdenv.cc.libc;
dots_in_usernames = fetchpatch {
url = http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch;
sha256 = "1fj3rg6x3jppm5jvi9y7fhd2djbi4nc5pgwisw00xlh4qapgz692";
};
in
stdenv.mkDerivation rec {
2017-02-03 12:07:38 +00:00
name = "shadow-${version}";
version = "4.5";
2017-02-03 12:07:38 +00:00
src = fetchFromGitHub {
owner = "shadow-maint";
repo = "shadow";
rev = "${version}";
sha256 = "1aj7s2arnsfqf34ak40is2zmwm666l28pay6rv1ffx46j0wj4hws";
};
buildInputs = stdenv.lib.optional (pam != null && stdenv.isLinux) pam;
nativeBuildInputs = [autoreconfHook libxslt libxml2
docbook_xml_dtd_412 docbook_xsl gnome-doc-utils flex bison
2017-02-03 12:07:38 +00:00
];
patches =
[ ./keep-path.patch
dots_in_usernames
];
# The nix daemon often forbids even creating set[ug]id files.
postPatch =
''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
'';
outputs = [ "out" "su" "man" ];
enableParallelBuilding = true;
# Assume System V `setpgrp (void)', which is the default on GNU variants
# (`AC_FUNC_SETPGRP' is not cross-compilation capable.)
preConfigure = ''
export ac_cv_func_setpgrp_void=yes
export shadow_cv_logdir=/var/log
2017-02-03 12:07:38 +00:00
(
head -n -1 "${docbook_xml_dtd_412}/xml/dtd/docbook/catalog.xml"
2017-02-03 12:07:38 +00:00
tail -n +3 "${docbook_xsl}/share/xml/docbook-xsl/catalog.xml"
) > xmlcatalog
configureFlags="$configureFlags --with-xml-catalog=$PWD/xmlcatalog ";
'';
Increase max group name length to 32 characters With #36556, a check was introduced to make sure the user and group names do not exceed their respective maximum length. This is in part because systemd also enforces that length, but only at runtime. So in general it's a good idea to catch as much as we can during evaluation time, however the maximum length of the group name was set to 16 characters according groupadd(8). The maximum length of the group names however is a compile-time option and even systemd allows more than 16 characters. In the mentioned pull request (#36556) there was already a report that this has broken evaluation for people out there. I have also checked what other distributions are doing and they set the length to either 31 characters or 32 characters, the latter being more common. Unfortunately there is a difference between the maximum length enforced by the shadow package and systemd, both for user name lengths and group name lengths. However, systemd enforces both length to have a maximum of 31 characters and I'm not sure if this is intended or just a off-by-one error in systemd. Nevertheless, I choose 32 characters simply to bring it in par with the maximum user name length. For the NixOS assertion however, I use a maximum length of 31 to make sure that nobody accidentally creates services that contain group names that systemd considers invalid because of a length of 32 characters. Signed-off-by: aszlig <aszlig@nix.build> Closes: #38548 Cc: @vcunat, @fpletz, @qknight
2018-04-07 14:14:47 +01:00
configureFlags = [
"--enable-man"
"--with-group-name-max-length=32"
] ++ stdenv.lib.optional (hostPlatform.libc != "glibc") "--disable-nscd";
2017-02-03 12:07:38 +00:00
preBuild = stdenv.lib.optionalString (hostPlatform.libc == "glibc")
''
substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd
'';
postInstall =
''
# Don't install groups, since coreutils already provides it.
rm $out/bin/groups
rm $man/share/man/man1/groups.*
# Move the su binary into the su package
mkdir -p $su/bin
mv $out/bin/su $su/bin
'';
meta = {
homepage = http://pkg-shadow.alioth.debian.org/;
description = "Suite containing authentication-related tools such as passwd and su";
platforms = stdenv.lib.platforms.linux;
};
passthru = {
shellPath = "/bin/nologin";
};
}