1 files changed, 93 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix
new file mode 100644
index 000000000000..7baf1cf6b815
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/sudo/default.nix
@@ -0,0 +1,93 @@
+{ lib
+, stdenv
+, fetchurl
+, buildPackages
+, coreutils
+, pam
+, groff
+, sssd
+, nixosTests
+, sendmailPath ? "/run/wrappers/bin/sendmail"
+, withInsults ? false
+, withSssd ? false
+}:
+
+stdenv.mkDerivation rec {
+  pname = "sudo";
+  version = "1.9.9";
+
+  src = fetchurl {
+    url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz";
+    sha256 = "sha256-bW7oY6O8Jsh2YQk6dOxj4Q/QMc66cUZC0hY23+JePgA=";
+  };
+
+  prePatch = ''
+    # do not set sticky bit in nix store
+    substituteInPlace src/Makefile.in --replace 04755 0755
+  '';
+
+  configureFlags = [
+    "--with-env-editor"
+    "--with-editor=/run/current-system/sw/bin/nano"
+    "--with-rundir=/run/sudo"
+    "--with-vardir=/var/db/sudo"
+    "--with-logpath=/var/log/sudo.log"
+    "--with-iologdir=/var/log/sudo-io"
+    "--with-sendmail=${sendmailPath}"
+    "--enable-tmpfiles.d=no"
+  ] ++ lib.optional withInsults [
+    "--with-insults"
+    "--with-all-insults"
+  ] ++ lib.optional withSssd [
+    "--with-sssd"
+    "--with-sssd-lib=${sssd}/lib"
+  ];
+
+  configureFlagsArray = [
+    "--with-passprompt=[sudo] password for %p: " # intentional trailing space
+  ];
+
+  postConfigure =
+    ''
+      cat >> pathnames.h <<'EOF'
+        #undef _PATH_MV
+        #define _PATH_MV "${coreutils}/bin/mv"
+      EOF
+      makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
+      installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/"
+    '';
+
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+  nativeBuildInputs = [ groff ];
+  buildInputs = [ pam ];
+
+  enableParallelBuilding = true;
+
+  doCheck = false; # needs root
+
+  postInstall = ''
+    rm $out/share/doc/sudo/ChangeLog
+  '';
+
+  passthru.tests = { inherit (nixosTests) sudo; };
+
+  meta = {
+    description = "A command to run commands as root";
+
+    longDescription =
+      ''
+        Sudo (su "do") allows a system administrator to delegate
+        authority to give certain users (or groups of users) the ability
+        to run some (or all) commands as root or another user while
+        providing an audit trail of the commands and their arguments.
+      '';
+
+    homepage = "https://www.sudo.ws/";
+
+    license = "https://www.sudo.ws/sudo/license.html";
+
+    maintainers = with lib.maintainers; [ eelco delroth ];
+
+    platforms = lib.platforms.linux;
+  };
+}