2017-05-08 14:07:50 +01:00
|
|
|
|
{ stdenv, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt, libxml2
|
2018-02-25 02:23:58 +00:00
|
|
|
|
, docbook_xml_dtd_412, docbook_xsl, gnome-doc-utils, flex, bison
|
2017-06-28 21:42:27 +01:00
|
|
|
|
, pam ? null, glibcCross ? null
|
|
|
|
|
, buildPlatform, hostPlatform
|
|
|
|
|
}:
|
2011-11-19 18:28:16 +00:00
|
|
|
|
|
|
|
|
|
let
|
2012-07-25 22:30:01 +01:00
|
|
|
|
|
|
|
|
|
glibc =
|
2017-06-28 21:42:27 +01:00
|
|
|
|
if hostPlatform != buildPlatform
|
2012-07-25 22:30:01 +01:00
|
|
|
|
then glibcCross
|
2018-02-04 16:55:31 +00:00
|
|
|
|
else assert hostPlatform.libc == "glibc"; stdenv.cc.libc;
|
2012-07-25 22:30:01 +01:00
|
|
|
|
|
2017-05-08 14:07:50 +01:00
|
|
|
|
dots_in_usernames = fetchpatch {
|
2012-09-18 22:56:51 +01:00
|
|
|
|
url = http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/shadow/files/shadow-4.1.3-dots-in-usernames.patch;
|
|
|
|
|
sha256 = "1fj3rg6x3jppm5jvi9y7fhd2djbi4nc5pgwisw00xlh4qapgz692";
|
|
|
|
|
};
|
|
|
|
|
|
2011-11-19 18:28:16 +00:00
|
|
|
|
in
|
2012-07-25 22:30:01 +01:00
|
|
|
|
|
2010-06-02 17:45:14 +01:00
|
|
|
|
stdenv.mkDerivation rec {
|
2017-02-03 12:07:38 +00:00
|
|
|
|
name = "shadow-${version}";
|
2017-08-16 14:10:50 +01:00
|
|
|
|
version = "4.5";
|
2011-11-19 18:28:16 +00:00
|
|
|
|
|
2017-02-03 12:07:38 +00:00
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
|
owner = "shadow-maint";
|
|
|
|
|
repo = "shadow";
|
|
|
|
|
rev = "${version}";
|
2017-08-16 14:10:50 +01:00
|
|
|
|
sha256 = "1aj7s2arnsfqf34ak40is2zmwm666l28pay6rv1ffx46j0wj4hws";
|
2004-08-30 12:44:51 +01:00
|
|
|
|
};
|
2006-11-28 15:45:41 +00:00
|
|
|
|
|
2011-11-19 18:28:16 +00:00
|
|
|
|
buildInputs = stdenv.lib.optional (pam != null && stdenv.isLinux) pam;
|
2017-05-08 14:07:50 +01:00
|
|
|
|
nativeBuildInputs = [autoreconfHook libxslt libxml2
|
2018-02-25 02:23:58 +00:00
|
|
|
|
docbook_xml_dtd_412 docbook_xsl gnome-doc-utils flex bison
|
2017-02-03 12:07:38 +00:00
|
|
|
|
];
|
2010-06-04 12:32:42 +01:00
|
|
|
|
|
2017-05-08 14:07:50 +01:00
|
|
|
|
patches =
|
|
|
|
|
[ ./keep-path.patch
|
|
|
|
|
dots_in_usernames
|
|
|
|
|
];
|
2010-07-14 13:10:26 +01:00
|
|
|
|
|
2017-06-07 13:21:04 +01:00
|
|
|
|
# The nix daemon often forbids even creating set[ug]id files.
|
|
|
|
|
postPatch =
|
|
|
|
|
''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
|
|
|
|
|
'';
|
|
|
|
|
|
2016-09-05 13:46:41 +01:00
|
|
|
|
outputs = [ "out" "su" "man" ];
|
2014-04-05 19:41:23 +01:00
|
|
|
|
|
2017-05-08 14:07:50 +01:00
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
|
2011-11-19 18:28:16 +00:00
|
|
|
|
# Assume System V `setpgrp (void)', which is the default on GNU variants
|
|
|
|
|
# (`AC_FUNC_SETPGRP' is not cross-compilation capable.)
|
2014-05-09 12:48:27 +01:00
|
|
|
|
preConfigure = ''
|
|
|
|
|
export ac_cv_func_setpgrp_void=yes
|
|
|
|
|
export shadow_cv_logdir=/var/log
|
2017-02-03 12:07:38 +00:00
|
|
|
|
(
|
2017-05-08 14:07:50 +01:00
|
|
|
|
head -n -1 "${docbook_xml_dtd_412}/xml/dtd/docbook/catalog.xml"
|
2017-02-03 12:07:38 +00:00
|
|
|
|
tail -n +3 "${docbook_xsl}/share/xml/docbook-xsl/catalog.xml"
|
|
|
|
|
) > xmlcatalog
|
|
|
|
|
configureFlags="$configureFlags --with-xml-catalog=$PWD/xmlcatalog ";
|
2014-05-09 12:48:27 +01:00
|
|
|
|
'';
|
2011-11-19 18:28:16 +00:00
|
|
|
|
|
Increase max group name length to 32 characters
With #36556, a check was introduced to make sure the user and group
names do not exceed their respective maximum length. This is in part
because systemd also enforces that length, but only at runtime.
So in general it's a good idea to catch as much as we can during
evaluation time, however the maximum length of the group name was set to
16 characters according groupadd(8).
The maximum length of the group names however is a compile-time option
and even systemd allows more than 16 characters. In the mentioned pull
request (#36556) there was already a report that this has broken
evaluation for people out there.
I have also checked what other distributions are doing and they set the
length to either 31 characters or 32 characters, the latter being more
common.
Unfortunately there is a difference between the maximum length enforced
by the shadow package and systemd, both for user name lengths and group
name lengths. However, systemd enforces both length to have a maximum of
31 characters and I'm not sure if this is intended or just a off-by-one
error in systemd.
Nevertheless, I choose 32 characters simply to bring it in par with the
maximum user name length.
For the NixOS assertion however, I use a maximum length of 31 to make
sure that nobody accidentally creates services that contain group names
that systemd considers invalid because of a length of 32 characters.
Signed-off-by: aszlig <aszlig@nix.build>
Closes: #38548
Cc: @vcunat, @fpletz, @qknight
2018-04-07 14:14:47 +01:00
|
|
|
|
configureFlags = [
|
|
|
|
|
"--enable-man"
|
|
|
|
|
"--with-group-name-max-length=32"
|
|
|
|
|
] ++ stdenv.lib.optional (hostPlatform.libc != "glibc") "--disable-nscd";
|
2017-02-03 12:07:38 +00:00
|
|
|
|
|
2018-01-09 23:39:54 +00:00
|
|
|
|
preBuild = stdenv.lib.optionalString (hostPlatform.libc == "glibc")
|
2010-07-14 13:10:26 +01:00
|
|
|
|
''
|
2015-04-26 18:54:51 +01:00
|
|
|
|
substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc.bin}/bin/nscd
|
2010-07-14 13:10:26 +01:00
|
|
|
|
'';
|
2011-11-19 18:28:16 +00:00
|
|
|
|
|
2012-07-25 22:36:34 +01:00
|
|
|
|
postInstall =
|
|
|
|
|
''
|
2014-04-05 19:41:23 +01:00
|
|
|
|
# Don't install ‘groups’, since coreutils already provides it.
|
2016-11-29 23:44:28 +00:00
|
|
|
|
rm $out/bin/groups
|
|
|
|
|
rm $man/share/man/man1/groups.*
|
2014-04-05 19:41:23 +01:00
|
|
|
|
|
|
|
|
|
# Move the su binary into the su package
|
|
|
|
|
mkdir -p $su/bin
|
|
|
|
|
mv $out/bin/su $su/bin
|
2012-07-25 22:36:34 +01:00
|
|
|
|
'';
|
|
|
|
|
|
2010-06-02 17:45:14 +01:00
|
|
|
|
meta = {
|
|
|
|
|
homepage = http://pkg-shadow.alioth.debian.org/;
|
|
|
|
|
description = "Suite containing authentication-related tools such as passwd and su";
|
2016-08-02 18:50:55 +01:00
|
|
|
|
platforms = stdenv.lib.platforms.linux;
|
2016-07-04 15:06:13 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
passthru = {
|
|
|
|
|
shellPath = "/bin/nologin";
|
2010-06-02 17:45:14 +01:00
|
|
|
|
};
|
2004-08-30 12:44:51 +01:00
|
|
|
|
}
|