mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 08:31:59 +00:00
3cd8ce3bce
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
48 lines
1 KiB
Nix
48 lines
1 KiB
Nix
{ stdenv, fetchFromGitHub, cmake, pkg-config, gettext, libcsptr, dyncall
|
|
, nanomsg, python37Packages }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
version = "unstable-2019-09-19";
|
|
pname = "boxfort";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "Snaipe";
|
|
repo = "BoxFort";
|
|
rev = "926bd4ce968592dbbba97ec1bb9aeca3edf29b0d";
|
|
sha256 = "0mzy4f8qij6ckn5578y3l4rni2470pdkjy5xww7ak99l1kh3p3v6";
|
|
};
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
nativeBuildInputs = [ cmake pkg-config ];
|
|
|
|
buildInputs = [
|
|
dyncall
|
|
gettext
|
|
libcsptr
|
|
nanomsg
|
|
];
|
|
|
|
checkInputs = with python37Packages; [ cram ];
|
|
|
|
cmakeFlags = [ "-DBXF_FORK_RESILIENCE=OFF" ];
|
|
|
|
doCheck = true;
|
|
preCheck = ''
|
|
export LD_LIBRARY_PATH=`pwd`''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
|
|
'';
|
|
|
|
outputs = [ "dev" "out" ];
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "Convenient & cross-platform sandboxing C library";
|
|
homepage = "https://github.com/Snaipe/BoxFort";
|
|
license = licenses.mit;
|
|
maintainers = with maintainers; [
|
|
thesola10
|
|
Yumasi
|
|
];
|
|
platforms = platforms.unix;
|
|
};
|
|
}
|