pkgs/os-specific/linux/tcp-wrappers/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

{ fetchurl, stdenv, libnsl }:

let
  vanillaVersion = "7.6.q";
  patchLevel = "26";
in stdenv.mkDerivation rec {
  pname = "tcp-wrappers";
  version = "${vanillaVersion}-${patchLevel}";

  src = fetchurl {
    url = "mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_${vanillaVersion}.orig.tar.gz";
    sha256 = "0p9ilj4v96q32klavx0phw9va21fjp8vpk11nbh6v2ppxnnxfhwm";
  };

  debian = fetchurl {
    url = "mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_${version}.debian.tar.xz";
    sha256 = "1dcdhi9lwzv7g19ggwxms2msq9fy14rl09rjqb10hwv0jix7z8j8";
  };

  prePatch = ''
    tar -xaf $debian
    patches="$(cat debian/patches/series | sed 's,^,debian/patches/,') $patches"

    substituteInPlace Makefile --replace STRINGS STRINGDEFS
    substituteInPlace debian/patches/13_shlib_weaksym --replace STRINGS STRINGDEFS
  '';

  # Fix __BEGIN_DECLS usage (even if it wasn't non-standard, this doesn't include sys/cdefs.h)
  patches = [ ./cdecls.patch ];

  postPatch = stdenv.lib.optionalString stdenv.hostPlatform.isMusl ''
    substituteInPlace Makefile \
      --replace '-DNETGROUP' '-DUSE_GETDOMAIN'
  '';

  buildInputs = [ libnsl ];

  makeFlags = [ "REAL_DAEMON_DIR=$(out)/bin" "linux" "AR:=$(AR)" ];

  installPhase = ''
    mkdir -p "$out/bin"
    cp -v safe_finger tcpd tcpdchk tcpdmatch try-from "$out/bin"

    mkdir -p "$out/lib"
    cp -v shared/lib*.so* "$out/lib"

    mkdir -p "$out/include"
    cp -v *.h "$out/include"

    for i in 3 5 8;
    do
      mkdir -p "$out/man/man$i"
      cp *.$i "$out/man/man$i" ;
    done
  '';

  meta = {
    description = "TCP Wrappers, a network logger, also known as TCPD or LOG_TCP";

    longDescription = ''
      Wietse Venema's network logger, also known as TCPD or LOG_TCP.
      These programs log the client host name of incoming telnet, ftp,
      rsh, rlogin, finger etc. requests.  Security options are: access
      control per host, domain and/or service; detection of host name
      spoofing or host address spoofing; booby traps to implement an
      early-warning system.  The current version supports the System
      V.4 TLI network programming interface (Solaris, DG/UX) in
      addition to the traditional BSD sockets.
    '';

    homepage = ftp://ftp.porcupine.org/pub/security/index.html;
    license = "BSD-style";
    platforms = stdenv.lib.platforms.linux;
  };
}