| blob | 1c2e9cbd4ab4e04f8d0f29ebfcd34b8251ca0cd9 |
1 { lib, stdenv, fetchurl, fetchpatch, libxcrypt }:
3 stdenv.mkDerivation rec {
4 pname = "super";
5 version = "3.30.0";
7 src = fetchurl {
8 name = "super-${version}.tar.gz";
9 url = "https://www.ucolick.org/~will/RUE/super/super-${version}-tar.gz";
10 sha256 = "0k476f83w7f45y9jpyxwr00ikv1vhjiq0c26fgjch9hnv18icvwy";
11 };
13 prePatch = ''
14 # do not set sticky bit in nix store
15 substituteInPlace Makefile.in \
16 --replace "-o root" "" \
17 --replace 04755 755
18 '';
20 patches = [
21 ./0001-Remove-references-to-dropped-sys_nerr-sys_errlist-fo.patch
22 (fetchpatch {
23 name = "CVE-2014-0470.patch";
24 url = "https://salsa.debian.org/debian/super/raw/debian/3.30.0-7/debian/patches/14-Fix-unchecked-setuid-call.patch";
25 sha256 = "08m9hw4kyfjv0kqns1cqha4v5hkgp4s4z0q1rgif1fnk14xh7wqh";
26 })
27 ];
29 # -fcommon: workaround build failure on -fno-common toolchains like upstream
30 # gcc-10. Otherwise build fails as:
31 # ld: pam.o:/build/super-3.30.0/super.h:293: multiple definition of
32 # `Method'; super.o:/build/super-3.30.0/super.h:293: first defined here
33 NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -fcommon";
35 configureFlags = [
36 "--sysconfdir=/etc"
37 "--localstatedir=/var"
38 ];
40 buildInputs = [ libxcrypt ];
42 installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ];
44 meta = {
45 homepage = "https://www.ucolick.org/~will/#super";
46 description = "Allows users to execute scripts as if they were root";
47 longDescription =
48 ''
49 This package provides two commands: 1) “super”, which allows
50 users to execute commands under a different uid/gid (specified
51 in /etc/super.tab); and 2) “setuid”, which allows root to
52 execute a command under a different uid.
53 '';
54 platforms = lib.platforms.linux;
55 };
56 }