diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/sudo/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/security/sudo/default.nix | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix new file mode 100644 index 000000000000..7baf1cf6b815 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -0,0 +1,93 @@ +{ lib +, stdenv +, fetchurl +, buildPackages +, coreutils +, pam +, groff +, sssd +, nixosTests +, sendmailPath ? "/run/wrappers/bin/sendmail" +, withInsults ? false +, withSssd ? false +}: + +stdenv.mkDerivation rec { + pname = "sudo"; + version = "1.9.9"; + + src = fetchurl { + url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; + sha256 = "sha256-bW7oY6O8Jsh2YQk6dOxj4Q/QMc66cUZC0hY23+JePgA="; + }; + + prePatch = '' + # do not set sticky bit in nix store + substituteInPlace src/Makefile.in --replace 04755 0755 + ''; + + configureFlags = [ + "--with-env-editor" + "--with-editor=/run/current-system/sw/bin/nano" + "--with-rundir=/run/sudo" + "--with-vardir=/var/db/sudo" + "--with-logpath=/var/log/sudo.log" + "--with-iologdir=/var/log/sudo-io" + "--with-sendmail=${sendmailPath}" + "--enable-tmpfiles.d=no" + ] ++ lib.optional withInsults [ + "--with-insults" + "--with-all-insults" + ] ++ lib.optional withSssd [ + "--with-sssd" + "--with-sssd-lib=${sssd}/lib" + ]; + + configureFlagsArray = [ + "--with-passprompt=[sudo] password for %p: " # intentional trailing space + ]; + + postConfigure = + '' + cat >> pathnames.h <<'EOF' + #undef _PATH_MV + #define _PATH_MV "${coreutils}/bin/mv" + EOF + makeFlags="install_uid=$(id -u) install_gid=$(id -g)" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" + ''; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ groff ]; + buildInputs = [ pam ]; + + enableParallelBuilding = true; + + doCheck = false; # needs root + + postInstall = '' + rm $out/share/doc/sudo/ChangeLog + ''; + + passthru.tests = { inherit (nixosTests) sudo; }; + + meta = { + description = "A command to run commands as root"; + + longDescription = + '' + Sudo (su "do") allows a system administrator to delegate + authority to give certain users (or groups of users) the ability + to run some (or all) commands as root or another user while + providing an audit trail of the commands and their arguments. + ''; + + homepage = "https://www.sudo.ws/"; + + license = "https://www.sudo.ws/sudo/license.html"; + + maintainers = with lib.maintainers; [ eelco delroth ]; + + platforms = lib.platforms.linux; + }; +} |