sudo-rs: init at 0.2.0

Closes: #252193
2023-08-30 15:49:34 +00:00 · 2023-08-30 15:49:34 +00:00 · a6616e7d71
parent d9b0d4b741
commit a6616e7d71
2 changed files with 75 additions and 0 deletions
--- a/pkgs/tools/security/sudo-rs/default.nix
+++ b/pkgs/tools/security/sudo-rs/default.nix
@ -0,0 +1,73 @@
+{ lib
+, bash
+, fetchFromGitHub
+, installShellFiles
+, pam
+, pandoc
+, rustPlatform
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "sudo-rs";
+  version = "0.2.0";
+
+  src = fetchFromGitHub {
+    owner = "memorysafety";
+    repo = "sudo-rs";
+    rev = "v${version}";
+    hash = "sha256-Kk5D3387hdl6eGWTSV003r+XajuDh6YgHuqYlj9NnaQ=";
+  };
+  cargoHash = "sha256-yeMK37tOgJcs9pW3IclpR5WMXx0gMDJ2wcmInxJYbQ8=";
+
+  nativeBuildInputs = [ installShellFiles pandoc ];
+
+  buildInputs = [ pam ];
+
+  # Don't attempt to generate the docs in a (pan)Docker container
+  postPatch = ''
+    substituteInPlace util/generate-docs.sh \
+      --replace "/usr/bin/env bash" ${lib.getExe bash} \
+      --replace util/pandoc.sh pandoc
+  '';
+
+  postInstall = ''
+    ./util/generate-docs.sh
+    installManPage target/docs/man/*
+  '';
+
+  checkFlags = map (t: "--skip=${t}") [
+    # Those tests make path assumptions
+    "common::command::test::test_build_command_and_args"
+    "common::context::tests::test_build_context"
+    "common::resolve::test::canonicalization"
+    "common::resolve::tests::test_resolve_path"
+    "system::tests::kill_test"
+
+    # Assumes $SHELL is an actual shell
+    "su::context::tests::su_to_root"
+
+    # Attempts to access /etc files from the build sandbox
+    "system::audit::test::secure_open_is_predictable"
+
+    # Assume there is a `daemon` user and group
+    "system::interface::test::test_unix_group"
+    "system::interface::test::test_unix_user"
+    "system::tests::test_get_user_and_group_by_id"
+
+    # This expects some PATH_TZINFO environment var
+    "env::environment::tests::test_tzinfo"
+
+    # Unsure why those are failing
+    "env::tests::test_environment_variable_filtering"
+    "su::context::tests::invalid_shell"
+  ];
+
+  meta = with lib; {
+    description = "A memory safe implementation of sudo and su.";
+    homepage = "https://github.com/memorysafety/sudo-rs";
+    changelog = "${meta.homepage}/blob/v${version}/CHANGELOG.md";
+    license = with licenses; [ asl20 mit ];
+    maintainers = with maintainers; [ nicoo ];
+    platforms = platforms.linux;
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -13460,6 +13460,8 @@ with pkgs;

  sudo = callPackage ../tools/security/sudo { };

+  sudo-rs = callPackage ../tools/security/sudo-rs { };
+
  suidChroot = callPackage ../tools/system/suid-chroot { };

  sundtek = callPackage ../misc/drivers/sundtek { };