diff options
Diffstat (limited to 'pkgs/development/libraries/spice-gtk/default.nix')
| -rw-r--r-- | pkgs/development/libraries/spice-gtk/default.nix | 62 |
1 files changed, 38 insertions, 24 deletions
diff --git a/pkgs/development/libraries/spice-gtk/default.nix b/pkgs/development/libraries/spice-gtk/default.nix index 05ddde9ddef..05fd952eb2e 100644 --- a/pkgs/development/libraries/spice-gtk/default.nix +++ b/pkgs/development/libraries/spice-gtk/default.nix @@ -1,8 +1,29 @@ { stdenv, fetchurl, pkgconfig, spice-protocol, gettext, celt_0_5_1 , openssl, libpulseaudio, pixman, gobjectIntrospection, libjpeg_turbo, zlib , cyrus_sasl, python2Packages, autoreconfHook, usbredir, libsoup -, polkit, acl, usbutils, vala -, gtk3, epoxy }: +, withPolkit ? true, polkit, acl, usbutils +, vala, gtk3, epoxy, libdrm }: + +# If this package is built with polkit support (withPolkit=true), +# usb redirection reqires spice-client-glib-usb-acl-helper to run setuid root. +# The helper confirms via polkit that the user has an active session, +# then adds a device acl entry for that user. +# Example NixOS config to create a setuid wrapper for the helper: +# security.wrappers.spice-client-glib-usb-acl-helper.source = +# "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper"; +# On non-NixOS installations, make a setuid copy of the helper +# outside the store and adjust PATH to find the setuid version. + +# If this package is built without polkit support (withPolkit=false), +# usb redirection requires read-write access to usb devices. +# This can be granted by adding users to a custom group like "usb" +# and using a udev rule to put all usb devices in that group. +# Example NixOS config: +# users.groups.usb = {}; +# users.users.dummy.extraGroups = [ "usb" ]; +# services.udev.extraRules = '' +# KERNEL=="*", SUBSYSTEMS=="usb", MODE="0664", GROUP="usb" +# ''; with stdenv.lib; @@ -11,41 +32,34 @@ let in stdenv.mkDerivation rec { name = "spice-gtk-0.34"; + outputs = [ "out" "dev" ]; + src = fetchurl { url = "http://www.spice-space.org/download/gtk/${name}.tar.bz2"; sha256 = "1vknp72pl6v6nf3dphhwp29hk6gv787db2pmyg4m312z2q0hwwp9"; }; - buildInputs = [ - spice-protocol celt_0_5_1 openssl libpulseaudio pixman gobjectIntrospection - libjpeg_turbo zlib cyrus_sasl python pygtk usbredir gtk3 epoxy - polkit acl usbutils - ]; + postPatch = '' + # get rid of absolute path to helper in store so we can use a setuid wrapper + substituteInPlace src/usb-acl-helper.c \ + --replace 'ACL_HELPER_PATH"/' '"' + ''; - nativeBuildInputs = [ pkgconfig gettext libsoup autoreconfHook vala ]; + buildInputs = [ + spice-protocol celt_0_5_1 openssl libpulseaudio pixman + libjpeg_turbo zlib cyrus_sasl python pygtk usbredir gtk3 epoxy libdrm + ] ++ optionals withPolkit [ polkit acl usbutils ] ; - NIX_CFLAGS_COMPILE = "-fno-stack-protector"; + nativeBuildInputs = [ pkgconfig gettext libsoup autoreconfHook vala gobjectIntrospection ]; - # put polkit action in the $out/share/polkit-1/actions - preAutoreconf = '' - substituteInPlace configure.ac \ - --replace 'POLICYDIR=`''${PKG_CONFIG} polkit-gobject-1 --variable=policydir`' "POLICYDIR=$out/share/polkit-1/actions" - ''; + PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "$(out)/share/polkit-1/actions"; configureFlags = [ "--with-gtk3" + "--enable-introspection" + "--enable-vala" ]; - # usb redirection needs spice-client-glib-usb-acl-helper to run setuid root - # the helper then uses polkit to check access - # in nixos, enable this with - # security.wrappers.spice-client-glib-usb-acl-helper.source = - # "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper.real"; - postFixup = '' - mv $out/bin/spice-client-glib-usb-acl-helper $out/bin/spice-client-glib-usb-acl-helper.real - ln -sf /run/wrappers/bin/spice-client-glib-usb-acl-helper $out/bin/spice-client-glib-usb-acl-helper - ''; - dontDisableStatic = true; # Needed by the coroutine test enableParallelBuilding = true; |