diff options
author | obadz <dav-github@odav.org> | 2015-03-05 00:33:05 +0000 |
---|---|---|
committer | William A. Kennington III <william@wkennington.com> | 2015-03-08 16:03:51 -0700 |
commit | e5d4624420346b78c7e95588675a4d8ed56884e5 (patch) | |
tree | abc1a408297016b19b0ce934f26836b229482a27 /pkgs/tools | |
parent | b452bd40e15517fcfea3c233a85934f1a181c029 (diff) |
PAM/eCryptfs now able to mount ecryptfs'd home directories on login
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/security/ecryptfs/default.nix | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index 13046aa0b2d1..e0f27b5d732e 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchurl, pkgconfig, perl, keyutils, nss, nspr, python, pam -, intltool, makeWrapper, coreutils, gettext, cryptsetup, lvm2, rsync, which }: +{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python, pam +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which }: stdenv.mkDerivation { name = "ecryptfs-104"; @@ -9,16 +9,33 @@ stdenv.mkDerivation { sha256 = "0f3lzpjw97vcdqzzgii03j3knd6pgwn1y0lpaaf46iidaiv0282a"; }; + #TODO: replace wrapperDir below with from <nixos> config.security.wrapperDir; + preConfigure = '' + FILES="$(grep -r '/bin/sh' src/utils -l; find src -name \*.c)" + for file in $FILES; do + substituteInPlace "$file" \ + --replace /sbin/mount.ecryptfs_private /var/setuid-wrappers/mount.ecryptfs_private \ + --replace /sbin/umount.ecryptfs_private /var/setuid-wrappers/umount.ecryptfs_private \ + --replace /sbin/mount.ecryptfs $out/sbin/mount.ecryptfs \ + --replace /sbin/umount.ecryptfs $out/sbin/umount.ecryptfs \ + --replace /usr/bin/ecryptfs-rewrite-file $out/bin/ecryptfs-rewrite-file \ + --replace /usr/bin/ecryptfs-mount-private $out/bin/ecryptfs-mount-private \ + --replace /usr/bin/ecryptfs-setup-private $out/bin/ecryptfs-setup-private \ + --replace /sbin/cryptsetup ${cryptsetup}/sbin/cryptsetup \ + --replace /sbin/dmsetup ${lvm2}/sbin/dmsetup \ + --replace /bin/mount ${utillinux}/bin/mount \ + --replace /bin/umount ${utillinux}/bin/umount \ + --replace /sbin/unix_chkpwd /var/setuid-wrappers/unix_chkpwd \ + --replace /bin/bash ${bash}/bin/bash + done + ''; + buildInputs = [ pkgconfig perl nss nspr python pam intltool makeWrapper ]; propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; postInstall = '' - FILES="$(grep -r '/bin/sh' $out/bin | sed 's,:.*,,' | uniq)" + FILES="$(grep -r '/bin/sh' $out/bin -l)" for file in $FILES; do - sed -i $file -e "s,\(/sbin/u\?mount.ecryptfs\(_private\)\?\),$out\1," \ - -e "s,\(/sbin/cryptsetup\),${cryptsetup}\1," \ - -e "s,\(/sbin/dmsetup\),${lvm2}\1," \ - -e 's,/sbin/\(unix_chkpwd\),\1,' wrapProgram $file \ --prefix PATH ":" "${coreutils}/bin" \ --prefix PATH ":" "${gettext}/bin" \ @@ -32,6 +49,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { description = "Enterprise-class stacked cryptographic filesystem"; license = licenses.gpl2Plus; + maintainers = [ lib.maintainers.obadz ]; platforms = platforms.linux; }; } |