diff options
Diffstat (limited to 'pkgs/tools/security/tcb')
-rw-r--r-- | pkgs/tools/security/tcb/default.nix | 51 | ||||
-rw-r--r-- | pkgs/tools/security/tcb/fix-makefiles.patch | 52 |
2 files changed, 103 insertions, 0 deletions
diff --git a/pkgs/tools/security/tcb/default.nix b/pkgs/tools/security/tcb/default.nix new file mode 100644 index 0000000000000..63b252be95214 --- /dev/null +++ b/pkgs/tools/security/tcb/default.nix @@ -0,0 +1,51 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config +, linux-pam, libxcrypt +}: + +stdenv.mkDerivation rec { + pname = "tcb"; + version = "1.2"; + + src = fetchFromGitHub { + owner = "openwall"; + repo = pname; + rev = "070cf4aa784de13c52788ac22ff611d7cbca0854"; + sha256 = "sha256-Sp5u7iTEZZnAqKQXoPO8eWpSkZeBzQqZI82wRQmgU9A="; + }; + + outputs = [ "out" "bin" "dev" "man" ]; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ linux-pam libxcrypt ]; + + patches = [ ./fix-makefiles.patch ]; + + postPatch = '' + substituteInPlace Make.defs \ + --replace "PREFIX = /usr" "PREFIX = $out" \ + --replace "SBINDIR = /sbin" "SBINDIR = $bin/bin" \ + --replace "INCLUDEDIR = \$(PREFIX)/include" "INCLUDEDIR = $dev/include" + ''; + + meta = with lib; { + description = "Alternative password shadowing scheme"; + longDescription = '' + The tcb package contains core components of our tcb suite implementing the alternative + password shadowing scheme on Openwall GNU Linux (Owl). It is being made available + separately from Owl primarily for use by other distributions. + + The package consists of three components: pam_tcb, libnss_tcb, and libtcb. + + pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password + shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being + the primary example) to operate with little privilege. libnss_tcb is the accompanying + NSS module. libtcb contains code shared by the PAM and NSS modules and is also used + by user management tools on Owl due to our shadow suite patches. + ''; + homepage = "https://www.openwall.com/tcb/"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/pkgs/tools/security/tcb/fix-makefiles.patch b/pkgs/tools/security/tcb/fix-makefiles.patch new file mode 100644 index 0000000000000..9ea82605d5572 --- /dev/null +++ b/pkgs/tools/security/tcb/fix-makefiles.patch @@ -0,0 +1,52 @@ +diff --git a/Make.defs b/Make.defs +index a961f7d..9e8d59b 100644 +--- a/Make.defs ++++ b/Make.defs +@@ -19,7 +19,7 @@ LDFLAGS += $(DBGFLAG) -L../libs + + PREFIX = /usr + SBINDIR = /sbin +-SLIBDIR = /lib ++SLIBDIR = $(PREFIX)/lib + INCLUDEDIR = $(PREFIX)/include + LIBDIR = $(PREFIX)/lib + LIBEXECDIR = $(PREFIX)/libexec +diff --git a/libs/Makefile b/libs/Makefile +index 0083b13..27238f6 100644 +--- a/libs/Makefile ++++ b/libs/Makefile +@@ -7,7 +7,7 @@ LIBTCB_A = libtcb.a + LIB_MAP = libtcb.map + NSS_MAP = libnss_tcb.map + +-all: $(LIBTCB_LONG) $(LIBNSS) $(LIBTCB_A) ++all: $(LIBTCB_LONG) $(LIBNSS) + + $(LIBTCB_A): libtcb_a.o + ar -cr $@ $< +@@ -36,9 +36,8 @@ install: + $(MKDIR) -p -m 755 $(DESTDIR)$(LIBDIR) + $(INSTALL) -m $(SHLIBMODE) $(LIBTCB_LONG) $(DESTDIR)$(SLIBDIR)/ + ln -sf $(LIBTCB_LONG) $(DESTDIR)$(SLIBDIR)/$(LIBTCB) +- ln -sf ../..$(SLIBDIR)/$(LIBTCB) $(DESTDIR)$(LIBDIR)/libtcb.so ++ ln -sf $(LIBTCB) $(DESTDIR)$(LIBDIR)/libtcb.so + $(INSTALL) -m $(SHLIBMODE) $(LIBNSS) $(DESTDIR)$(SLIBDIR)/ +- $(INSTALL) -m 644 $(LIBTCB_A) $(DESTDIR)$(LIBDIR)/ + + clean: + rm -f *.o *~ $(LIBTCB)* libtcb.so $(LIBNSS) *.a +diff --git a/progs/Makefile b/progs/Makefile +index c3a6879..e24f74b 100644 +--- a/progs/Makefile ++++ b/progs/Makefile +@@ -23,8 +23,8 @@ install-non-root: install-common + $(INSTALL) -m 700 $(CHKPWD) $(DESTDIR)$(LIBEXECDIR)/chkpwd/ + + install: install-common +- $(INSTALL) -d -o root -g chkpwd -m 710 $(DESTDIR)$(LIBEXECDIR)/chkpwd +- $(INSTALL) -m 2711 -o root -g shadow $(CHKPWD) \ ++ $(INSTALL) -d $(DESTDIR)$(LIBEXECDIR)/chkpwd ++ $(INSTALL) $(CHKPWD) \ + $(DESTDIR)$(LIBEXECDIR)/chkpwd/ + + install-common: |