1 files changed, 20 insertions, 16 deletions

diff --git a/pkgs/os-specific/linux/libcap/default.nix b/pkgs/os-specific/linux/libcap/default.nix
index 174f1be99db..47fa7c05e79 100644
--- a/pkgs/os-specific/linux/libcap/default.nix
+++ b/pkgs/os-specific/linux/libcap/default.nix
@@ -1,36 +1,39 @@
-{ stdenv, buildPackages, fetchurl, attr, perl, pam }:
+{ stdenv, lib, buildPackages, fetchurl, attr, perl, runtimeShell
+, usePam ? !isStatic, pam ? null
+, isStatic ? stdenv.hostPlatform.isStatic
+}:
+
+assert usePam -> pam != null;
 
 stdenv.mkDerivation rec {
   pname = "libcap";
-  version = "2.27";
+  version = "2.48";
 
   src = fetchurl {
     url = "mirror://kernel/linux/libs/security/linux-privs/libcap2/${pname}-${version}.tar.xz";
-    sha256 = "0sj8kidl7qgf2qwxcbw1vadnlb30y4zvjzxswsmfdghq04npkhfs";
+    sha256 = "sha256-TelZDuCah8KC1Vhzf/tbYXXMv9JtWArdEN9E0PBH9sI=";
   };
 
-  outputs = [ "out" "dev" "lib" "man" "doc" "pam" ];
+  outputs = [ "out" "dev" "lib" "man" "doc" ]
+    ++ lib.optional usePam "pam";
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ perl ];
 
-  buildInputs = [ pam ];
+  buildInputs = lib.optional usePam pam;
 
   propagatedBuildInputs = [ attr ];
 
   makeFlags = [
     "lib=lib"
-    "PAM_CAP=yes"
+    "PAM_CAP=${if usePam then "yes" else "no"}"
     "BUILD_CC=$(CC_FOR_BUILD)"
     "CC:=$(CC)"
-  ];
+  ] ++ lib.optional isStatic "SHARED=no";
 
   prePatch = ''
-    # use relative bash path
-    substituteInPlace progs/capsh.c --replace "/bin/bash" "bash"
-
-    # ensure capsh can find bash in $PATH
-    substituteInPlace progs/capsh.c --replace execve execvpe
+    # use full path to bash
+    substituteInPlace progs/capsh.c --replace "/bin/bash" "${runtimeShell}"
 
     # set prefixes
     substituteInPlace Make.Rules \
@@ -44,17 +47,18 @@ stdenv.mkDerivation rec {
   installFlags = [ "RAISE_SETFCAP=no" ];
 
   postInstall = ''
-    rm "$lib"/lib/*.a
+    ${lib.optionalString (!isStatic) ''rm "$lib"/lib/*.a''}
     mkdir -p "$doc/share/doc/${pname}-${version}"
     cp License "$doc/share/doc/${pname}-${version}/"
-  '' + stdenv.lib.optionalString (pam != null) ''
+  '' + lib.optionalString usePam ''
     mkdir -p "$pam/lib/security"
     mv "$lib"/lib/security "$pam/lib"
   '';
 
   meta = {
     description = "Library for working with POSIX capabilities";
-    platforms = stdenv.lib.platforms.linux;
-    license = stdenv.lib.licenses.bsd3;
+    homepage = "https://sites.google.com/site/fullycapable";
+    platforms = lib.platforms.linux;
+    license = lib.licenses.bsd3;
   };
 }