diff options
| author | Izorkin <izorkin@elven.pw> | 2022-12-06 21:23:56 +0300 |
|---|---|---|
| committer | Izorkin <izorkin@elven.pw> | 2022-12-17 12:10:59 +0300 |
| commit | 0e32191623d9827d58b627a9cb0f2a37756c77ff (patch) | |
| tree | 14091860a258176e6ff0322f02ee06b7ec15dd6b /pkgs | |
| parent | 4804305f6e2a1b69be36dc021acfe8d416e32166 (diff) | |
shadow: add tcb support
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/os-specific/linux/shadow/default.nix | 8 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch | 28 |
2 files changed, 34 insertions, 2 deletions
diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 9ba8984bb0321..96dfd3b4bd8f9 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt , libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell , libxcrypt, pam ? null, glibcCross ? null +, withTcb ? stdenv.isLinux, tcb }: let @@ -24,7 +25,8 @@ stdenv.mkDerivation rec { }; buildInputs = [ libxcrypt ] - ++ lib.optional (pam != null && stdenv.isLinux) pam; + ++ lib.optional (pam != null && stdenv.isLinux) pam + ++ lib.optional withTcb tcb; nativeBuildInputs = [autoreconfHook libxslt libxml2 docbook_xml_dtd_45 docbook_xsl flex bison itstool ]; @@ -34,6 +36,7 @@ stdenv.mkDerivation rec { # Obtain XML resources from XML catalog (patch adapted from gtk-doc) ./respect-xml-catalog-files-var.patch ./runtime-shell.patch + ./fix-install-with-tcb.patch # Fix HAVE_SHADOWGRP configure check (fetchpatch { url = "https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef.patch"; @@ -64,7 +67,8 @@ stdenv.mkDerivation rec { "--with-group-name-max-length=32" "--with-bcrypt" "--with-yescrypt" - ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"; + ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd" + ++ lib.optional withTcb "--with-tcb"; preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") '' diff --git a/pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch b/pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch new file mode 100644 index 0000000000000..ff6166b92f1d3 --- /dev/null +++ b/pkgs/os-specific/linux/shadow/fix-install-with-tcb.patch @@ -0,0 +1,28 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index a1a2e4e..fa17f9d 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -74,10 +74,6 @@ suidubins += newgidmap newuidmap + endif + endif + +-if WITH_TCB +-shadowsgidubins = passwd +-endif +- + LDADD = $(INTLLIBS) \ + $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la \ +@@ -146,12 +142,6 @@ install-am: all-am + set -e; for i in $(suidusbins); do \ + chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ + done +-if WITH_TCB +- set -e; for i in $(shadowsgidubins); do \ +- chown root:shadow $(DESTDIR)$(ubindir)/$$i; \ +- chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \ +- done +-endif + if ENABLE_SUBIDS + if FCAPS + setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap |