diff options
Diffstat (limited to 'pkgs/os-specific/linux/pam/default.nix')
-rw-r--r-- | pkgs/os-specific/linux/pam/default.nix | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index fb993699494..a35f40be595 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,40 +1,45 @@ -{ lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext +{ lib, stdenv, buildPackages, fetchurl +, fetchpatch +, flex, cracklib, db4, gettext, audit, libxcrypt , nixosTests -, withLibxcrypt ? false, libxcrypt +, autoreconfHook269, pkg-config-unwrapped }: stdenv.mkDerivation rec { pname = "linux-pam"; - version = "1.5.1"; + version = "1.5.2"; src = fetchurl { url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; - sha256 = "sha256-IB1AcwsRNbGzzeoJ8sKKxjTXMYHM0Bcs7d7jZJxXkvw="; + sha256 = "sha256-5OxxMakdpEUSV0Jo9JPG2MoQXIcJFpG46bVspoXU+U0="; }; + patches = [ + ./suid-wrapper-path.patch + # Pull support for localization on non-default --prefix: + # https://github.com/NixOS/nixpkgs/issues/249010 + # https://github.com/linux-pam/linux-pam/pull/604 + (fetchpatch { + name = "bind-locales.patch"; + url = "https://github.com/linux-pam/linux-pam/commit/77bd338125cde583ecdfb9fd69619bcd2baf15c2.patch"; + hash = "sha256-tlc9RcLZpEH315NFD4sdN9yOco8qhC6+bszl4OHm+AI="; + }) + ]; + outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ flex ] + # autoreconfHook269 is needed for `suid-wrapper-path.patch` and + # `bind-locales.patch` above. + # pkg-config-unwrapped is needed for `AC_CHECK_LIB` and `AC_SEARCH_LIBS` + nativeBuildInputs = [ flex autoreconfHook269 pkg-config-unwrapped ] ++ lib.optional stdenv.buildPlatform.isDarwin gettext; - buildInputs = [ cracklib db4 ] - ++ lib.optional withLibxcrypt libxcrypt; + buildInputs = [ cracklib db4 libxcrypt ] + ++ lib.optional stdenv.buildPlatform.isLinux audit; enableParallelBuilding = true; - postInstall = '' - mv -v $out/sbin/unix_chkpwd{,.orig} - ln -sv /run/wrappers/bin/unix_chkpwd $out/sbin/unix_chkpwd - ''; /* - rm -rf $out/etc - mkdir -p $modules/lib - mv $out/lib/security $modules/lib/ - '';*/ - # don't move modules, because libpam needs to (be able to) find them, - # which is done by dlopening $out/lib/security/pam_foo.so - # $out/etc was also missed: pam_env(login:session): Unable to open config file - preConfigure = lib.optionalString (stdenv.hostPlatform.libc == "musl") '' # export ac_cv_search_crypt=no # (taken from Alpine linux, apparently insecure but also doesn't build O:)) @@ -55,7 +60,7 @@ stdenv.mkDerivation rec { doCheck = false; # fails passthru.tests = { - inherit (nixosTests) pam-oath-login pam-u2f shadow; + inherit (nixosTests) pam-oath-login pam-u2f shadow sssd-ldap; }; meta = with lib; { |