blob: 03268bc98479c3a083fe217391040fe1b4a8c72a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
{ lib
, stdenv
, fetchFromGitHub
, bison
, pam
, libxcrypt
, withPAM ? true
, withTimestamp ? true
}:
stdenv.mkDerivation rec {
pname = "doas";
version = "6.8.2";
src = fetchFromGitHub {
owner = "Duncaen";
repo = "OpenDoas";
rev = "v${version}";
sha256 = "9uOQ2Ta5HzEpbCz2vbqZEEksPuIjL8lvmfmynfqxMeM=";
};
# otherwise confuses ./configure
dontDisableStatic = true;
configureFlags = [
(lib.optionalString withTimestamp "--with-timestamp") # to allow the "persist" setting
(lib.optionalString (!withPAM) "--without-pam")
];
patches = [
# Allow doas to discover binaries in /run/current-system/sw/{s,}bin and
# /run/wrappers/bin
./0001-add-NixOS-specific-dirs-to-safe-PATH.patch
];
# ./configure script does not understand `--disable-shared`
dontAddStaticConfigureFlags = true;
postPatch = ''
sed -i '/\(chown\|chmod\)/d' GNUmakefile
'' + lib.optionalString (withPAM && stdenv.hostPlatform.isStatic) ''
sed -i 's/-lpam/-lpam -laudit/' configure
'';
nativeBuildInputs = [ bison ];
buildInputs = [ ]
++ lib.optional withPAM pam
++ lib.optional (!withPAM) libxcrypt;
meta = with lib; {
description = "Executes the given command as another user";
homepage = "https://github.com/Duncaen/OpenDoas";
license = licenses.isc;
platforms = platforms.linux;
maintainers = with maintainers; [ cole-h ];
};
}
|