ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkgs/by-name/sh/shadow/fix-install-with-tcb.patch Normal file
View File

@@ -0,0 +1,28 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index a1a2e4e..fa17f9d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -74,10 +74,6 @@ suidubins += newgidmap newuidmap
endif
endif
-if WITH_TCB
-shadowsgidubins = passwd
-endif
-
LDADD = $(INTLLIBS) \
$(top_builddir)/libmisc/libmisc.la \
$(top_builddir)/lib/libshadow.la \
@@ -146,12 +142,6 @@ install-am: all-am
set -e; for i in $(suidusbins); do \
chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
done
-if WITH_TCB
- set -e; for i in $(shadowsgidubins); do \
- chown root:shadow $(DESTDIR)$(ubindir)/$$i; \
- chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
- done
-endif
if ENABLE_SUBIDS
if FCAPS
setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap

19
pkgs/by-name/sh/shadow/keep-path.patch Normal file
View File

@@ -0,0 +1,19 @@
diff -ru shadow-4.1.5.1-orig/src/su.c shadow-4.1.5.1/src/su.c
--- shadow-4.1.5.1-orig/src/su.c 2012-05-25 07:51:55.000000000 -0400
+++ shadow-4.1.5.1/src/su.c 2012-07-25 17:22:57.013547930 -0400
@@ -879,6 +879,7 @@
}
}
+#if 0
cp = getdef_str ((pw->pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
if (NULL == cp) {
addenv ((pw->pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
@@ -887,6 +888,7 @@
} else {
addenv ("PATH", cp);
}
+#endif
if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */

130
pkgs/by-name/sh/shadow/package.nix Normal file
View File

@@ -0,0 +1,130 @@
{
lib,
stdenv,
fetchFromGitHub,
nixosTests,
autoreconfHook,
bison,
flex,
docbook_xml_dtd_45,
docbook_xsl,
itstool,
libxml2,
libxslt,
libxcrypt,
pkg-config,
glibc ? null,
pam ? null,
withLibbsd ? lib.meta.availableOn stdenv.hostPlatform libbsd,
libbsd,
withTcb ? lib.meta.availableOn stdenv.hostPlatform tcb,
tcb,
}:
let
glibc' =
if stdenv.hostPlatform != stdenv.buildPlatform then
glibc
else
assert stdenv.hostPlatform.libc == "glibc";
stdenv.cc.libc;
in
stdenv.mkDerivation rec {
pname = "shadow";
version = "4.18.0";
src = fetchFromGitHub {
owner = "shadow-maint";
repo = "shadow";
rev = version;
hash = "sha256-M7We3JboNpr9H0ELbKcFtMvfmmVYaX9dYcsQ3sVX0lM=";
};
outputs = [
"out"
"su"
"dev"
"man"
];
nativeBuildInputs = [
autoreconfHook
bison
flex
docbook_xml_dtd_45
docbook_xsl
itstool
libxml2
libxslt
pkg-config
];
buildInputs = [
libxcrypt
]
++ lib.optional (pam != null && (lib.meta.availableOn stdenv.hostPlatform pam)) pam
++ lib.optional withLibbsd libbsd
++ lib.optional withTcb tcb;
patches = [
./keep-path.patch
# Obtain XML resources from XML catalog (patch adapted from gtk-doc)
./respect-xml-catalog-files-var.patch
./fix-install-with-tcb.patch
];
postPatch = ''
# The nix daemon often forbids even creating set[ug]id files
sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am
# The default shell is not defined at build time of the package. It is
# decided at build time of the NixOS configration. Thus, don't decide this
# here but just point to the location of the shell on the system.
substituteInPlace configure.ac --replace-fail '$SHELL' /bin/sh
'';
# `AC_FUNC_SETPGRP' is not cross-compilation capable.
preConfigure = ''
export ac_cv_func_setpgrp_void=${if stdenv.hostPlatform.isBSD then "no" else "yes"}
export shadow_cv_logdir=/var/log
'';
configureFlags = [
"--enable-man"
"--with-group-name-max-length=32"
"--with-bcrypt"
"--with-yescrypt"
(lib.withFeature withLibbsd "libbsd")
]
++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"
++ lib.optional withTcb "--with-tcb";
preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") ''
substituteInPlace lib/nscd.c --replace /usr/sbin/nscd ${glibc'.bin}/bin/nscd
'';
postInstall = ''
# Move the su binary into the su package
mkdir -p $su/bin
mv $out/bin/su $su/bin
'';
enableParallelBuilding = true;
disallowedReferences = lib.optional (
stdenv.buildPlatform != stdenv.hostPlatform
) stdenv.shellPackage;
meta = with lib; {
homepage = "https://github.com/shadow-maint/shadow";
description = "Suite containing authentication-related tools such as passwd and su";
license = licenses.bsd3;
platforms = platforms.linux;
};
passthru = {
shellPath = "/bin/nologin";
tests = { inherit (nixosTests) shadow; };
};
}

30
pkgs/by-name/sh/shadow/respect-xml-catalog-files-var.patch Normal file
View File

@@ -0,0 +1,30 @@
diff --git a/acinclude.m4 b/acinclude.m4
index dd01f165..e23160ee 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -46,9 +46,21 @@ AC_DEFUN([JH_CHECK_XML_CATALOG],
ifelse([$3],,,[$3
])dnl
else
- AC_MSG_RESULT([not found])
- ifelse([$4],,
- [AC_MSG_ERROR([could not find ifelse([$2],,[$1],[$2]) in XML catalog])],
- [$4])
+ jh_check_xml_catalog_saved_ifs="$IFS"
+ IFS=' '
+ for f in $XML_CATALOG_FILES; do
+ if [[ -f "$f" ]] && \
+ AC_RUN_LOG([$XMLCATALOG --noout "$f" "$1" >&2]); then
+ jh_found_xmlcatalog=true
+ AC_MSG_RESULT([found])
+ ifelse([$3],,,[$3])
+ break
+ fi
+ done
+ IFS="$jh_check_xml_catalog_saved_ifs"
+ if ! $jh_found_xmlcatalog; then
+ AC_MSG_RESULT([not found])
+ ifelse([$4],,[AC_MSG_ERROR([could not find ifelse([$2],,[$1],[$2]) in XML catalog])],[$4])
+ fi
fi
])