3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/tools/admin/salt/default.nix
Martin Weinelt a6540325f4
salt: 3002 -> 3002.1
Fixes: CVE-2020-16846, CVE-2020-17490, CVE-2020-25592
2020-11-03 19:04:53 +01:00

49 lines
1.3 KiB
Nix

{ lib
, python3
, openssl
# Many Salt modules require various Python modules to be installed,
# passing them in this array enables Salt to find them.
, extraInputs ? []
}:
python3.pkgs.buildPythonApplication rec {
pname = "salt";
version = "3002.1";
src = python3.pkgs.fetchPypi {
inherit pname version;
sha256 = "0pp7qcfwsvg4419hzfka1180pw3saa9mrhl0z9951zn9fw2nllsc";
};
propagatedBuildInputs = with python3.pkgs; [
distro
jinja2
markupsafe
msgpack
pycryptodomex
pyyaml
pyzmq
requests
tornado
] ++ extraInputs;
patches = [ ./fix-libcrypto-loading.patch ];
postPatch = ''
substituteInPlace "salt/utils/rsax931.py" \
--subst-var-by "libcrypto" "${openssl.out}/lib/libcrypto.so"
'';
# The tests fail due to socket path length limits at the very least;
# possibly there are more issues but I didn't leave the test suite running
# as is it rather long.
doCheck = false;
meta = with lib; {
homepage = "https://saltstack.com/";
changelog = "https://docs.saltstack.com/en/latest/topics/releases/${version}.html";
description = "Portable, distributed, remote execution and configuration management system";
maintainers = with maintainers; [ Flakebi ];
license = licenses.asl20;
};
}