diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-04-03 13:10:53 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-04-03 13:15:38 +0200 |
commit | 91ff5e33cc046494f983ae301b5d24ca5c9632ce (patch) | |
tree | dba9082b8c495351bba1f27e243c79a76404fd5b /pkgs/tools/security | |
parent | 8ad8eb6ee013f4729feb62c6da39b0ba0f0aafd1 (diff) | |
download | nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.tar nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.tar.gz nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.tar.bz2 nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.tar.lz nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.tar.xz nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.tar.zst nixlib-91ff5e33cc046494f983ae301b5d24ca5c9632ce.zip |
sudo: Update to 1.8.7p7
Ouch, our sudo was criminally outdated. CVE-2013-1775, CVE-2013-1776, CVE-2012-2337, CVE-2011-0010.
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/sudo/default.nix | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index e84fb50b3599..9206a5e44520 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -1,37 +1,45 @@ -{stdenv, fetchurl, coreutils, pam, groff}: +{ stdenv, fetchurl, coreutils, pam, groff }: stdenv.mkDerivation rec { - name = "sudo-1.7.2"; + name = "sudo-1.8.6p7"; src = fetchurl { - urls = + urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "02hhvwxj7gnsvmq3cjh592g2xdjpkfcp1jjvwb64nxsz2kbccwy1"; + sha256 = "0djh2b14d1b1knah46v971x940rz63hvnskz16fzami3nbnqj41h"; }; - # `--with-stow' allows /etc/sudoers to be a symlink. Only it - # doesn't really help because the target still has to have mode 0440, - # while files in the Nix store all have mode 0444. - #configureFlags = "--with-stow"; + postConfigure = '' + cat >> pathnames.h <<EOF + #undef _PATH_SUDO_LOGFILE + #define _PATH_SUDO_LOGFILE "/var/log/sudo.log" + #undef _PATH_SUDO_TIMEDIR + #define _PATH_SUDO_TIMEDIR "/run/sudo" + #undef _PATH_VI + #define _PATH_VI "/run/current-system/sw/bin/nano" + #undef _PATH_MV + #define _PATH_MV "${coreutils}/bin/mv" + EOF - postConfigure = " - sed -e '/_PATH_MV/d; /_PATH_VI/d' -i config.h - echo '#define _PATH_SUDO_LOGFILE \"/var/log/sudo.log\"' >> config.h - echo '#define _PATH_SUDO_TIMEDIR \"/var/run/sudo\"' >> config.h - echo '#define _PATH_MV \"/var/run/current-system/sw/bin/mv\"' >> config.h - echo '#define _PATH_VI \"/var/run/current-system/sw/bin/nano\"' >> config.h - echo '#define EDITOR _PATH_VI' >>config.h + makeFlags="install_uid=$(id -u) install_gid=$(id -g)" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc" + ''; - makeFlags=\"install_uid=$(id -u) install_gid=$(id -g)\" - installFlags=\"sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc\" - "; + buildInputs = [ coreutils pam groff ]; - buildInputs = [coreutils pam groff]; + enableParallelBuilding = true; + + postInstall = '' + # ‘visudo’ does not make sense on NixOS. + rm $out/sbin/visudo $out/share/man/man8/visudo.8 + + rm $out/share/doc/sudo/ChangeLog + ''; meta = { - description = "sudo, a command to run commands as root"; + description = "A command to run commands as root"; longDescription = '' Sudo (su "do") allows a system administrator to delegate @@ -43,5 +51,7 @@ stdenv.mkDerivation rec { homepage = http://www.sudo.ws/; license = http://www.sudo.ws/sudo/license.html; + + maintainers = [ stdenv.lib.maintainers.eelco ]; }; } |