pyrox.dev / nixpkgs
lol
fork atom

bind: disable seccomp by default

Fixes #25645 & #23431.

Franz Pletz eb796494 326efe5f

options
unified split
Changed files
+5 -3
pkgs
servers
dns
bind
default.nix
+5 -3
pkgs/servers/dns/bind/default.nix 
···

       
1

       
 

       
{ stdenv, lib, fetchurl, openssl, libtool, perl, libxml2


     

       
2

       
-

       
, libseccomp ? null }:


     

       

       

       
     

       

       

       
     

       
3

       
 

       



     

       
4

       
 

       
let version = "9.10.4-P6"; in


     

       
5

       
 

       



     
···

       
17

       
 

       
    stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;


     

       
18

       
 

       



     

       
19

       
 

       
  buildInputs = [ openssl libtool perl libxml2 ] ++


     

       
20

       
-

       
    stdenv.lib.optional stdenv.isLinux libseccomp;


     

       
21

       
 

       



     

       
22

       
 

       
  STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase


     

       
23

       
 

       



     
···

       
35

       
 

       
    "--without-pkcs11"


     

       
36

       
 

       
    "--without-purify"


     

       
37

       
 

       
    "--without-python"


     

       
38

       
-

       
  ] ++ lib.optional (stdenv.isi686 || stdenv.isx86_64) "--enable-seccomp";


     

       
39

       
 

       



     

       
40

       
 

       
  postInstall = ''


     

       
41

       
 

       
    moveToOutput bin/bind9-config $dev


     
···

       
1

       
 

       
{ stdenv, lib, fetchurl, openssl, libtool, perl, libxml2


     

       
2

       
+

       
, enableSeccomp ? false, libseccomp ? null }:


     

       
3

       
+

       



     

       
4

       
+

       
assert enableSeccomp -> libseccomp != null;


     

       
5

       
 

       



     

       
6

       
 

       
let version = "9.10.4-P6"; in


     

       
7

       
 

       



     
···

       
19

       
 

       
    stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;


     

       
20

       
 

       



     

       
21

       
 

       
  buildInputs = [ openssl libtool perl libxml2 ] ++


     

       
22

       
+

       
    stdenv.lib.optional enableSeccomp libseccomp;


     

       
23

       
 

       



     

       
24

       
 

       
  STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase


     

       
25

       
 

       



     
···

       
37

       
 

       
    "--without-pkcs11"


     

       
38

       
 

       
    "--without-purify"


     

       
39

       
 

       
    "--without-python"


     

       
40

       
+

       
  ] ++ lib.optional enableSeccomp "--enable-seccomp";


     

       
41

       
 

       



     

       
42

       
 

       
  postInstall = ''


     

       
43

       
 

       
    moveToOutput bin/bind9-config $dev