nixpkgs/pkgs/tools/security/sudo/default.nix
Tuomas Tynkkynen 8a985d97a1 sudo: Compile with '--with-iologdir' to improve build purity
Otherwise it will try to guess the log directory, and the guess might
not be the same if chroot builds are enabled or not.

The gruesome details from m4/sudo.m4:

````
dnl
dnl Where the I/O log files go, use /var/log/sudo-io if
dnl /var/log exists, else /{var,usr}/adm/sudo-io
dnl
AC_DEFUN([SUDO_IO_LOGDIR], [
    AC_MSG_CHECKING(for I/O log dir location)
    if test "${with_iologdir-yes}" != "yes"; then
        iolog_dir="$with_iologdir"
    elif test -d "/var/log"; then
        iolog_dir="/var/log/sudo-io"
    elif test -d "/var/adm"; then
        iolog_dir="/var/adm/sudo-io"
    else
        iolog_dir="/usr/adm/sudo-io"
    fi
    if test "${with_iologdir}" != "no"; then
        SUDO_DEFINE_UNQUOTED(_PATH_SUDO_IO_LOGDIR, "$iolog_dir")
    fi
    AC_MSG_RESULT($iolog_dir)
])dnl
````
2016-01-02 18:50:11 +01:00

72 lines
1.9 KiB
Nix

{ stdenv, fetchurl, coreutils, pam, groff
, sendmailPath ? "/var/setuid-wrappers/sendmail"
, withInsults ? false
}:
stdenv.mkDerivation rec {
name = "sudo-1.8.15";
src = fetchurl {
urls =
[ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz"
"ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz"
];
sha256 = "0263gi6i19fyzzc488n0qw3m518i39f6a7qmrfvahk9j10bkh5j3";
};
configureFlags = [
"--with-env-editor"
"--with-editor=/run/current-system/sw/bin/nano"
"--with-rundir=/run/sudo"
"--with-vardir=/var/db/sudo"
"--with-logpath=/var/log/sudo.log"
"--with-iologdir=/var/log/sudo-io"
"--with-sendmail=${sendmailPath}"
] ++ stdenv.lib.optional withInsults [
"--with-insults"
"--with-all-insults"
];
configureFlagsArray = [
"--with-passprompt=[sudo] password for %p: " # intentional trailing space
];
postConfigure =
''
cat >> pathnames.h <<'EOF'
#undef _PATH_MV
#define _PATH_MV "${coreutils}/bin/mv"
EOF
makeFlags="install_uid=$(id -u) install_gid=$(id -g)"
installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy"
'';
buildInputs = [ coreutils pam groff ];
enableParallelBuilding = true;
postInstall =
''
rm -f $out/share/doc/sudo/ChangeLog
'';
meta = {
description = "A command to run commands as root";
longDescription =
''
Sudo (su "do") allows a system administrator to delegate
authority to give certain users (or groups of users) the ability
to run some (or all) commands as root or another user while
providing an audit trail of the commands and their arguments.
'';
homepage = http://www.sudo.ws/;
license = http://www.sudo.ws/sudo/license.html;
maintainers = [ stdenv.lib.maintainers.eelco ];
platforms = stdenv.lib.platforms.linux;
};
}