From a2c379d4b6df39bb5a0355bb4bb68cc3f75f4cc7 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 30 Mar 2022 20:39:55 +0200
Subject: [PATCH] dhcp: make client and relay component optional

and mark the package with knownVulnerabilities when they are enabled.

Closes: #163472
---
 pkgs/tools/networking/dhcp/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/tools/networking/dhcp/default.nix b/pkgs/tools/networking/dhcp/default.nix
index b2d33d0fe3e..1d1a01d17cf 100644
--- a/pkgs/tools/networking/dhcp/default.nix
+++ b/pkgs/tools/networking/dhcp/default.nix
@@ -1,6 +1,10 @@
 { stdenv, fetchurl, fetchpatch, perl, file, nettools, iputils, iproute2, makeWrapper
 , coreutils, gnused, openldap ? null
 , buildPackages, lib
+
+# client and relay are end of life, remove after 4.4.3
+, withClient ? false
+, withRelay ? false
 }:
 
 stdenv.mkDerivation rec {
@@ -63,6 +67,10 @@ stdenv.mkDerivation rec {
         --replace /sbin/ip ${iproute2}/sbin/ip
       wrapProgram "$out/sbin/dhclient-script" --prefix PATH : \
         "${nettools}/bin:${nettools}/sbin:${iputils}/bin:${coreutils}/bin:${gnused}/bin"
+    '' + lib.optionalString (!withClient) ''
+      rm $out/sbin/{dhclient,dhclient-script,.dhclient-script-wrapped}
+    '' + lib.optionalString (!withRelay) ''
+      rm $out/sbin/dhcrelay
     '';
 
   preConfigure =
@@ -89,5 +97,6 @@ stdenv.mkDerivation rec {
     homepage = "https://www.isc.org/dhcp/";
     license = licenses.mpl20;
     platforms = platforms.unix;
+    knownVulnerabilities = lib.optional (withClient || withRelay) "The client and relay component of the dhcp package have reached their end of life";
   };
 }