about summary refs log tree commit diff
path: root/pkgs/tools/security/tcb/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/tcb/default.nix')
-rw-r--r--pkgs/tools/security/tcb/default.nix51
1 files changed, 51 insertions, 0 deletions
diff --git a/pkgs/tools/security/tcb/default.nix b/pkgs/tools/security/tcb/default.nix
new file mode 100644
index 0000000000000..63b252be95214
--- /dev/null
+++ b/pkgs/tools/security/tcb/default.nix
@@ -0,0 +1,51 @@
+{ lib, stdenv, fetchFromGitHub, pkg-config
+, linux-pam, libxcrypt
+}:
+
+stdenv.mkDerivation rec {
+  pname = "tcb";
+  version = "1.2";
+
+  src = fetchFromGitHub {
+    owner = "openwall";
+    repo = pname;
+    rev = "070cf4aa784de13c52788ac22ff611d7cbca0854";
+    sha256 = "sha256-Sp5u7iTEZZnAqKQXoPO8eWpSkZeBzQqZI82wRQmgU9A=";
+  };
+
+  outputs = [ "out" "bin" "dev" "man" ];
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs = [ linux-pam libxcrypt ];
+
+  patches = [ ./fix-makefiles.patch ];
+
+  postPatch = ''
+    substituteInPlace Make.defs \
+      --replace "PREFIX = /usr" "PREFIX = $out" \
+      --replace "SBINDIR = /sbin" "SBINDIR = $bin/bin" \
+      --replace "INCLUDEDIR = \$(PREFIX)/include" "INCLUDEDIR = $dev/include"
+  '';
+
+  meta = with lib; {
+    description = "Alternative password shadowing scheme";
+    longDescription = ''
+      The tcb package contains core components of our tcb suite implementing the alternative
+      password shadowing scheme on Openwall GNU Linux (Owl). It is being made available
+      separately from Owl primarily for use by other distributions.
+
+      The package consists of three components: pam_tcb, libnss_tcb, and libtcb.
+
+      pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password
+      shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being
+      the primary example) to operate with little privilege. libnss_tcb is the accompanying
+      NSS module. libtcb contains code shared by the PAM and NSS modules and is also used
+      by user management tools on Owl due to our shadow suite patches.
+    '';
+    homepage = "https://www.openwall.com/tcb/";
+    license = licenses.bsd3;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ izorkin ];
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-09 05:34:16 +0000