1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
nixpkgs/pkgs/development/libraries/polkit/default.nix
Nikolay Amiantov e7fa6220d6 polkit: add patches from Fedora
This fixes few leaks and adds ITS description files which are needed for some
reverse dependencies.
2017-05-25 19:07:21 +03:00

97 lines
3.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, glib, expat, pam
, intltool, spidermonkey_17 , gobjectIntrospection, libxslt, docbook_xsl
, docbook_xml_dtd_412, gtk_doc
, useSystemd ? stdenv.isLinux, systemd
}:
let
system = "/var/run/current-system/sw";
setuid = "/run/wrappers/bin"; #TODO: from <nixos> config.security.wrapperDir;
foolVars = {
SYSCONF = "/etc";
DATA = "${system}/share"; # to find share/polkit-1/actions of other apps at runtime
};
in
stdenv.mkDerivation rec {
name = "polkit-0.113";
src = fetchurl {
url = "http://www.freedesktop.org/software/polkit/releases/${name}.tar.gz";
sha256 = "109w86kfqrgz83g9ivggplmgc77rz8kx8646izvm2jb57h4rbh71";
};
patches = [
(fetchpatch {
url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-agent-leaks.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760";
sha256 = "1cxnhj0y30g7ldqq1y6zwsbdwcx7h97d3mpd3h5jy7dhg3h9ym91";
})
(fetchpatch {
url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-polkitpermission-leak.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760";
sha256 = "1h1rkd4avqyyr8q6836zzr3w10jf521gcqnvhrhzwdpgp1ay4si7";
})
(fetchpatch {
url = "http://pkgs.fedoraproject.org/cgit/rpms/polkit.git/plain/polkit-0.113-itstool.patch?id=fa6fd575804de92886c95d3bc2b7eb2abcd13760";
sha256 = "0bxmjwp8ahy1y5g1l0kxmld0l3mlvb2l0i5n1qabia3d5iyjkyfh";
})
];
outputs = [ "bin" "dev" "out" ]; # small man pages in $bin
nativeBuildInputs =
[ gtk_doc pkgconfig autoreconfHook ]
++ [ libxslt docbook_xsl docbook_xml_dtd_412 ]; # man pages
buildInputs =
[ glib expat pam intltool spidermonkey_17 gobjectIntrospection ]
++ stdenv.lib.optional useSystemd systemd;
# Ugly hack to overwrite hardcoded directories
# TODO: investigate a proper patch which will be accepted upstream
# After update it's good to check the sources via:
# grep '\<PACKAGE_' '--include=*.[ch]' -R
CFLAGS = stdenv.lib.concatStringsSep " "
( map (var: ''-DPACKAGE_${var}_DIR=\""${builtins.getAttr var foolVars}"\"'')
(builtins.attrNames foolVars) );
preConfigure = ''
patchShebangs .
'' + stdenv.lib.optionalString useSystemd /* bogus chroot detection */ ''
sed '/libsystemd autoconfigured/s/.*/:/' -i configure
''
# libpolkit-agent-1.so should call the setuid wrapper on
# NixOS. Hard-coding the path is kinda ugly. Maybe we can just
# call through $PATH, but that might have security implications.
+ ''
substituteInPlace src/polkitagent/polkitagentsession.c \
--replace 'PACKAGE_PREFIX "/lib/polkit-1/' '"${setuid}/'
'';
configureFlags = [
#"--libexecdir=$(out)/libexec/polkit-1" # this and localstatedir are ignored by configure
"--with-systemdsystemunitdir=$(out)/etc/systemd/system"
"--with-polkitd-user=polkituser" #TODO? <nixos> config.ids.uids.polkituser
"--with-os-type=NixOS" # not recognized but prevents impurities on non-NixOS
"--enable-introspection"
];
makeFlags = "INTROSPECTION_GIRDIR=$(out)/share/gir-1.0 INTROSPECTION_TYPELIBDIR=$(out)/lib/girepository-1.0";
# The following is required on grsecurity/PaX due to spidermonkey's JIT
postBuild = ''
paxmark mr src/polkitbackend/.libs/polkitd
paxmark mr test/polkitbackend/.libs/polkitbackendjsauthoritytest
'';
#doCheck = true; # some /bin/bash problem that isn't auto-solved by patchShebangs
meta = with stdenv.lib; {
homepage = http://www.freedesktop.org/wiki/Software/polkit;
description = "A toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes";
platforms = platforms.linux;
maintainers = [ ];
};
}