diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-25 11:08:05 -0800 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-25 11:08:05 -0800 |
commit | bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e (patch) | |
tree | 56abaf30f11ad2f24b9fb7729f74c5fff50fbd93 /pkgs/os-specific/linux/util-linux/default.nix | |
parent | 1f9494b752082ec3ac048e56d1c6364a2e23a675 (diff) | |
parent | 104c3db6594043dbb81005303f055b02145305a5 (diff) | |
download | nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.gz nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.bz2 nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.lz nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.xz nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.tar.zst nixlib-bae00e8aa8f3faff90e28e19cd5074b8c26d0d0e.zip |
setcap-wrapper: Merging with upstream master and resolving conflicts
Diffstat (limited to 'pkgs/os-specific/linux/util-linux/default.nix')
-rw-r--r-- | pkgs/os-specific/linux/util-linux/default.nix | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 11444c57f9a4..e808eaf52162 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,9 +1,9 @@ -{ stdenv, fetchurl, pkgconfig, zlib, ncurses ? null, perl ? null, pam, systemd }: +{ lib, stdenv, fetchurl, pkgconfig, zlib, libseccomp, fetchpatch, autoreconfHook, ncurses ? null, perl ? null, pam, systemd, minimal ? false }: stdenv.mkDerivation rec { name = "util-linux-${version}"; - version = stdenv.lib.concatStringsSep "." ([ majorVersion ] - ++ stdenv.lib.optional (patchVersion != "") patchVersion); + version = lib.concatStringsSep "." ([ majorVersion ] + ++ lib.optional (patchVersion != "") patchVersion); majorVersion = "2.28"; patchVersion = "1"; @@ -14,12 +14,13 @@ stdenv.mkDerivation rec { patches = [ ./rtcwake-search-PATH-for-shutdown.patch - ]; - - outputs = [ "bin" "out" "man" ]; # TODO: $bin is kept the first for now - # due to lots of ${utillinux}/bin occurences and headers being rather small - outputDev = "bin"; + (fetchpatch { + name = "CVE-2016-2779.diff"; + url = https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2.patch; + sha256 = "0kmigkq4s1b1ijrq8vcg2a5cw4qnm065m7cb1jn1q1f4x99ycy60"; + })]; + outputs = [ "bin" "dev" "out" "man" ]; #FIXME: make it also work on non-nixos? postPatch = '' @@ -53,20 +54,24 @@ stdenv.mkDerivation rec { makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin"; - nativeBuildInputs = [ pkgconfig ]; + # autoreconfHook is required for CVE-2016-2779 + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + # libseccomp is required for CVE-2016-2779 buildInputs = - [ zlib pam ] - ++ stdenv.lib.optional (ncurses != null) ncurses - ++ stdenv.lib.optional (systemd != null) [ systemd pkgconfig ] - ++ stdenv.lib.optional (perl != null) perl; + [ zlib pam libseccomp ] + ++ lib.optional (ncurses != null) ncurses + ++ lib.optional (systemd != null) systemd + ++ lib.optional (perl != null) perl; postInstall = '' rm "$bin/bin/su" # su should be supplied by the su package (shadow) + '' + lib.optionalString minimal '' + rm -rf $out/share/{locale,doc,bash-completion} ''; enableParallelBuilding = true; - meta = with stdenv.lib; { + meta = with lib; { homepage = https://www.kernel.org/pub/linux/utils/util-linux/; description = "A set of system utilities for Linux"; license = licenses.gpl2; # also contains parts under more permissive licenses |