diff options
Diffstat (limited to 'pkgs/development/libraries/polkit/default.nix')
| -rw-r--r-- | pkgs/development/libraries/polkit/default.nix | 67 |
1 files changed, 38 insertions, 29 deletions
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix index 9d1f0d18c1a..6da928a6a23 100644 --- a/pkgs/development/libraries/polkit/default.nix +++ b/pkgs/development/libraries/polkit/default.nix @@ -1,61 +1,70 @@ -{ stdenv, fetchurl, pkgconfig, glib, expat, pam, intltool, gettext -, gobjectIntrospection +{ stdenv, fetchurl, pkgconfig, glib, expat, pam, intltool, spidermonkey +, gobjectIntrospection, libxslt, docbook_xsl , useSystemd ? stdenv.isLinux, systemd }: let system = "/var/run/current-system/sw"; + setuid = "/var/setuid-wrappers"; #TODO: from <nixos> config.security.wrapperDir; foolVars = { - LOCALSTATE = "/var"; SYSCONF = "/etc"; - LIB = "${system}/lib"; - DATA = "${system}/share"; + DATA = "${system}/share"; # to find share/polkit-1/actions of other apps at runtime }; in stdenv.mkDerivation rec { - name = "polkit-0.105"; + name = "polkit-0.112"; src = fetchurl { url = "http://www.freedesktop.org/software/polkit/releases/${name}.tar.gz"; - sha256 = "1pz1hn4z0f1wk4f7w8q1g6ygwan1b6kxmfad3b7gql27pb47rp4g"; + sha256 = "1xkary7yirdcjdva950nqyhmsz48qhrdsr78zciahj27p8yg95fn"; }; buildInputs = - [ pkgconfig glib expat pam intltool gobjectIntrospection ] + [ pkgconfig glib expat pam intltool spidermonkey gobjectIntrospection ] + ++ [ libxslt docbook_xsl ] # man pages ++ stdenv.lib.optional useSystemd systemd; - configureFlags = "--libexecdir=$(out)/libexec/polkit-1"; - # Ugly hack to overwrite hardcoded directories # TODO: investigate a proper patch which will be accepted upstream + # After update it's good to check the sources via: + # grep '\<PACKAGE_' '--include=*.[ch]' -R CFLAGS = stdenv.lib.concatStringsSep " " ( map (var: ''-DPACKAGE_${var}_DIR=\""${builtins.getAttr var foolVars}"\"'') (builtins.attrNames foolVars) ); - preBuild = - '' - # ‘libpolkit-agent-1.so’ should call the setuid wrapper on - # NixOS. Hard-coding the path is kinda ugly. Maybe we can just - # call through $PATH, but that might have security implications. - substituteInPlace src/polkitagent/polkitagentsession.c \ - --replace PACKAGE_LIBEXEC_DIR '"/var/setuid-wrappers"' - ''; + preConfigure = '' + patchShebangs . + '' + stdenv.lib.optionalString useSystemd /* bogus chroot detection */ '' + sed '/libsystemd-login autoconfigured, but system does not appear to use systemd/s/.*/:/' -i configure + '' + # ‘libpolkit-agent-1.so’ should call the setuid wrapper on + # NixOS. Hard-coding the path is kinda ugly. Maybe we can just + # call through $PATH, but that might have security implications. + + '' + substituteInPlace src/polkitagent/polkitagentsession.c \ + --replace 'PACKAGE_PREFIX "/lib/polkit-1/' '"${setuid}/' + ''; + + configureFlags = [ + #"--libexecdir=$(out)/libexec/polkit-1" # this and localstatedir are ignored by configure + "--with-systemdsystemunitdir=$(out)/etc/systemd/system" + "--with-polkitd-user=polkituser" #TODO? <nixos> config.ids.uids.polkituser + "--with-os-type=NixOS" # not recognized but prevents impurities on non-NixOS + "--enable-introspection" + ]; + + makeFlags = "INTROSPECTION_GIRDIR=$(out)/share/gir-1.0 INTROSPECTION_TYPELIBDIR=$(out)/lib/girepository-1.0"; - makeFlags = - '' - INTROSPECTION_GIRDIR=$(out)/share/gir-1.0 - INTROSPECTION_TYPELIBDIR=$(out)lib/girepository-1.0 - ''; + # The following is required on grsecurity/PaX due to spidermonkey's JIT + postBuild = '' + paxmark mr src/polkitbackend/.libs/polkitd + paxmark mr test/polkitbackend/.libs/polkitbackendjsauthoritytest + ''; - postInstall = - '' - # Allow some files with paranoid permissions to be stripped in - # the fixup phase. - chmod a+rX -R $out - ''; + #doCheck = true; # some /bin/bash problem that isn't auto-solved by patchShebangs meta = with stdenv.lib; { homepage = http://www.freedesktop.org/wiki/Software/polkit; |