b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

shadow: add tcb support

Browse source
This commit is contained in:
Izorkin 2022-12-06 21:23:56 +03:00
parent 4804305f6e
commit 0e32191623
No known key found for this signature in database
GPG key ID: 1436C1B3F3679F09
2 changed files with 34 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkgs/os-specific/linux/shadow/default.nix
View file

@ -1,6 +1,7 @@
{ lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt
, libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell
, libxcrypt, pam ? null, glibcCross ? null
, withTcb ? stdenv.isLinux, tcb
}:
let
@ -24,7 +25,8 @@ stdenv.mkDerivation rec {
};
buildInputs = [ libxcrypt ]
++ lib.optional (pam != null && stdenv.isLinux) pam;
++ lib.optional (pam != null && stdenv.isLinux) pam
++ lib.optional withTcb tcb;
nativeBuildInputs = [autoreconfHook libxslt libxml2
docbook_xml_dtd_45 docbook_xsl flex bison itstool
];
@ -34,6 +36,7 @@ stdenv.mkDerivation rec {
# Obtain XML resources from XML catalog (patch adapted from gtk-doc)
./respect-xml-catalog-files-var.patch
./runtime-shell.patch
./fix-install-with-tcb.patch
# Fix HAVE_SHADOWGRP configure check
(fetchpatch {
url = "https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef.patch";
@ -64,7 +67,8 @@ stdenv.mkDerivation rec {
"--with-group-name-max-length=32"
"--with-bcrypt"
"--with-yescrypt"
] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd";
] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"
++ lib.optional withTcb "--with-tcb";
preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc")
''

28
pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch Normal file
View file

@ -0,0 +1,28 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index a1a2e4e..fa17f9d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -74,10 +74,6 @@ suidubins += newgidmap newuidmap
endif
endif
-if WITH_TCB
-shadowsgidubins = passwd
-endif
-
LDADD = $(INTLLIBS) \
$(top_builddir)/libmisc/libmisc.la \
$(top_builddir)/lib/libshadow.la \
@@ -146,12 +142,6 @@ install-am: all-am
set -e; for i in $(suidusbins); do \
chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
done
-if WITH_TCB
- set -e; for i in $(shadowsgidubins); do \
- chown root:shadow $(DESTDIR)$(ubindir)/$$i; \
- chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
- done
-endif
if ENABLE_SUBIDS
if FCAPS
setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap