tpm2-tss: remove shadow dependency

Fixes pkgsLinux.tpm2-tss build on macOS since shadow package is
Linux-specific.

pkgs/development/libraries/tpm2-tss/default.nix

@@ -1,8 +1,8 @@
-{ stdenv, lib, fetchFromGitHub
+{ stdenv, lib, fetchFromGitHub, runCommand
 , autoreconfHook, autoconf-archive, pkg-config, doxygen, perl
 , openssl, json_c, curl, libgcrypt
 , cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
-, shadow, libuuid
+, libuuid
 }:
 let
   # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss,
@@ -11,6 +11,20 @@ let
   # might not support the withSystemd option.
   procpsWithoutSystemd = procps.override { withSystemd = false; };
   procps_pkg = if stdenv.isLinux then procpsWithoutSystemd else procps;
+
+  # Configure script expects tools from shadow but we are not actually using
+  # them. Instead of patching the build scripts, just add fake executables
+  # to native build inputs. These would fail the build if called from both POSIX
+  # shell and via native exec system call (albeit for different reasons).
+  # https://github.com/tpm2-software/tpm2-tss/blob/6c46325b466f35d40c2ed1043bfdfcfb8a367a34/configure.ac#L666-L675
+  # https://github.com/tpm2-software/tpm2-tss/blob/6c46325b466f35d40c2ed1043bfdfcfb8a367a34/Makefile.am#L880-L898
+  fakeShadow = runCommand "fake-shadow" { } ''
+    mkdir -p -- "$out"/bin
+    for executable in "$out"/bin/{useradd,groupadd}; do
+      printf '#!/bin/sh -\nexit 1' >"$executable"
+      chmod +x -- "$executable"
+    done
+  '';
 in
 
 stdenv.mkDerivation rec {
@@ -28,7 +42,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [
     autoreconfHook autoconf-archive pkg-config doxygen perl
-    shadow
+    fakeShadow
   ];
 
   buildInputs = [