diff options
| author | Luke Granger-Brown <git@lukegb.com> | 2023-06-25 14:32:01 +0000 |
|---|---|---|
| committer | Luke Granger-Brown <git@lukegb.com> | 2023-06-25 17:35:16 +0000 |
| commit | c4abac1cffae620573a78ab1593d0a6d667de6ca (patch) | |
| tree | c3230a64b1552c3fc8b8de25d4395d8f8dee2f89 /pkgs/servers/mail | |
| parent | 01b8cd44fcaf2087dd0d60f6b888ddb98b4b5b52 (diff) | |
| download | nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.tar nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.tar.gz nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.tar.bz2 nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.tar.lz nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.tar.xz nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.tar.zst nixpkgs-c4abac1cffae620573a78ab1593d0a6d667de6ca.zip | |
spamassassin: enable taint mode
Diffstat (limited to 'pkgs/servers/mail')
| -rw-r--r-- | pkgs/servers/mail/spamassassin/default.nix | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/pkgs/servers/mail/spamassassin/default.nix b/pkgs/servers/mail/spamassassin/default.nix index ef6917397de..95b613f0b47 100644 --- a/pkgs/servers/mail/spamassassin/default.nix +++ b/pkgs/servers/mail/spamassassin/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, perlPackages, makeWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, openssl, coreutils, poppler_utils, tesseract, iana-etc }: +{ lib, fetchurl, perlPackages, makeBinaryWrapper, gnupg, re2c, gcc, gnumake, libxcrypt, openssl, coreutils, poppler_utils, tesseract, iana-etc }: perlPackages.buildPerlPackage rec { pname = "SpamAssassin"; @@ -14,7 +14,7 @@ perlPackages.buildPerlPackage rec { ./sa_compile-use-perl5lib.patch ]; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeBinaryWrapper ]; buildInputs = (with perlPackages; [ HTMLParser NetCIDRLite NetDNS NetAddrIP DBFile HTTPDate MailDKIM LWP LWPProtocolHttps IOSocketSSL DBI EncodeDetect IPCountry NetIdent @@ -25,9 +25,7 @@ perlPackages.buildPerlPackage rec { openssl ]; - # Enabling 'taint' mode is desirable, but that flag disables support - # for the PERL5LIB environment variable. Needs further investigation. - makeFlags = [ "PERL_BIN=${perlPackages.perl}/bin/perl" "PERL_TAINT=no" "ENABLE_SSL=yes" ]; + makeFlags = [ "PERL_BIN=${perlPackages.perl}/bin/perl" "ENABLE_SSL=yes" ]; makeMakerFlags = [ "SYSCONFDIR=/etc LOCALSTATEDIR=/var/lib/spamassassin" ]; @@ -56,7 +54,18 @@ perlPackages.buildPerlPackage rec { mv "rules/"* $out/share/spamassassin/ for n in "$out/bin/"*; do - wrapProgram "$n" --prefix PERL5LIB : "$PERL5LIB" --prefix PATH : ${lib.makeBinPath [ gnupg re2c gcc gnumake ]} --prefix C_INCLUDE_PATH : ${lib.makeSearchPathOutput "include" "include" [ libxcrypt ]} + # Skip if this isn't a perl script + if ! head -n1 "$n" | grep -q bin/perl; then + continue + fi + echo "Wrapping $n for taint mode" + orig="$out/bin/.$(basename "$n")-wrapped" + mv "$n" "$orig" + # We don't inherit argv0 so that $^X works properly in e.g. sa-compile + makeWrapper "${perlPackages.perl}/bin/perl" "$n" \ + --add-flags "-T $perlFlags $orig" \ + --prefix PATH : ${lib.makeBinPath [ gnupg re2c gcc gnumake ]} \ + --prefix C_INCLUDE_PATH : ${lib.makeSearchPathOutput "include" "include" [ libxcrypt ]} done ''; |