diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 530304b497ae..b1fcb0b461fd 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -492,7 +492,7 @@ let auth ${ussh.control} ${pkgs.pam_ussh}/lib/security/pam_ussh.so ${optionalString (ussh.caFile != null) "ca_file=${ussh.caFile}"} ${optionalString (ussh.authorizedPrincipals != null) "authorized_principals=${ussh.authorizedPrincipals}"} ${optionalString (ussh.authorizedPrincipalsFile != null) "authorized_principals_file=${ussh.authorizedPrincipalsFile}"} ${optionalString (ussh.group != null) "group=${ussh.group}"} '') + (let oath = config.security.pam.oath; in optionalString cfg.oathAuth '' - auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits} + auth requisite ${pkgs.oath-toolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits} '') + (let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth '' auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so mode=${toString yubi.mode} ${optionalString (yubi.challengeResponsePath != null) "chalresp_path=${yubi.challengeResponsePath}"} ${optionalString (yubi.mode == "client") "id=${toString yubi.id}"} ${optionalString yubi.debug "debug"} @@ -1131,7 +1131,7 @@ in ++ optional config.services.sssd.enable pkgs.sssd ++ optionals config.krb5.enable [pam_krb5 pam_ccreds] ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ] - ++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ] + ++ optionals config.security.pam.oath.enable [ pkgs.oath-toolkit ] ++ optionals config.security.pam.p11.enable [ pkgs.pam_p11 ] ++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ]; @@ -1221,7 +1221,7 @@ in mr ${pkgs.pam_ussh}/lib/security/pam_ussh.so, '' + optionalString (isEnabled (cfg: cfg.oathAuth)) '' - "mr ${pkgs.oathToolkit}/lib/security/pam_oath.so, + "mr ${pkgs.oath-toolkit}/lib/security/pam_oath.so, '' + optionalString (isEnabled (cfg: cfg.yubicoAuth)) '' mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so, diff --git a/nixos/tests/pam/pam-oath-login.nix b/nixos/tests/pam/pam-oath-login.nix index 8fb7553de907..c532e81e674d 100644 --- a/nixos/tests/pam/pam-oath-login.nix +++ b/nixos/tests/pam/pam-oath-login.nix @@ -7,7 +7,7 @@ let # how many passwords have been made. In this env, we'll always be on # the 0th counter, so the password is static. # - # Generated in nix-shell -p oathToolkit + # Generated in nix-shell -p oath-toolkit # via: oathtool -v -d6 -w10 cdd4083ef8ff1fa9178c6d46bfb1a3 # and picking a the first 4: oathSnakeOilPassword1 = "143349"; diff --git a/pkgs/servers/web-apps/sogo/default.nix b/pkgs/servers/web-apps/sogo/default.nix index 8af14f109a3b..f94436c1f372 100644 --- a/pkgs/servers/web-apps/sogo/default.nix +++ b/pkgs/servers/web-apps/sogo/default.nix @@ -1,6 +1,6 @@ { gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python3, lndir , openssl, openldap, sope, libmemcached, curl, libsodium, libytnef, libzip, pkg-config, nixosTests -, oathToolkit }: +, oath-toolkit }: gnustep.stdenv.mkDerivation rec { pname = "SOGo"; version = "5.5.0"; @@ -13,7 +13,7 @@ gnustep.stdenv.mkDerivation rec { }; nativeBuildInputs = [ gnustep.make makeWrapper python3 ]; - buildInputs = [ gnustep.base sope openssl libmemcached curl libsodium libytnef libzip pkg-config openldap oathToolkit ]; + buildInputs = [ gnustep.base sope openssl libmemcached curl libsodium libytnef libzip pkg-config openldap oath-toolkit ]; patches = [ # TODO: take a closer look at other patches in https://sources.debian.org/patches/sogo/ and https://github.com/Skrupellos/sogo-patches diff --git a/pkgs/tools/filesystems/ceph/default.nix b/pkgs/tools/filesystems/ceph/default.nix index 1162c4e69b12..678835bf7bf8 100644 --- a/pkgs/tools/filesystems/ceph/default.nix +++ b/pkgs/tools/filesystems/ceph/default.nix @@ -9,7 +9,7 @@ , gtest , cunit, snappy , makeWrapper -, leveldb, oathToolkit +, leveldb, oath-toolkit , libnl, libcap_ng , rdkafka , nixosTests @@ -161,7 +161,7 @@ in rec { buildInputs = cryptoLibsMap.${cryptoStr} ++ [ boost ceph-python-env libxml2 optYasm optLibatomic_ops optLibs3 malloc zlib openldap lttng-ust babeltrace gperf gtest cunit - snappy lz4 oathToolkit leveldb libnl libcap_ng rdkafka + snappy lz4 oath-toolkit leveldb libnl libcap_ng rdkafka cryptsetup sqlite lua icu bzip2 ] ++ lib.optionals stdenv.isLinux [ linuxHeaders util-linux libuuid udev keyutils liburing optLibaio optLibxfs optZfs diff --git a/pkgs/tools/security/oath-toolkit/update.sh b/pkgs/tools/security/oath-toolkit/update.sh index 3502a541fa8c..9f56ae412323 100755 --- a/pkgs/tools/security/oath-toolkit/update.sh +++ b/pkgs/tools/security/oath-toolkit/update.sh @@ -5,7 +5,7 @@ set -euo pipefail nixfile='default.nix' release_url='https://download.savannah.nongnu.org/releases/oath-toolkit/' -attr='oathToolkit' +attr='oath-toolkit' command='oathtool --version' color() { diff --git a/pkgs/tools/security/pass/extensions/otp.nix b/pkgs/tools/security/pass/extensions/otp.nix index 8d9b350543dc..15f075ccec40 100644 --- a/pkgs/tools/security/pass/extensions/otp.nix +++ b/pkgs/tools/security/pass/extensions/otp.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, oathToolkit }: +{ lib, stdenv, fetchFromGitHub, oath-toolkit }: stdenv.mkDerivation rec { pname = "pass-otp"; @@ -11,12 +11,12 @@ stdenv.mkDerivation rec { sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; }; - buildInputs = [ oathToolkit ]; + buildInputs = [ oath-toolkit ]; dontBuild = true; patchPhase = '' - sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oath-toolkit}/bin/oathtool|' otp.bash ''; installFlags = [ "PREFIX=$(out)" diff --git a/pkgs/tools/security/plasma-pass/default.nix b/pkgs/tools/security/plasma-pass/default.nix index 20f64b725f11..2ff2ab38cefb 100644 --- a/pkgs/tools/security/plasma-pass/default.nix +++ b/pkgs/tools/security/plasma-pass/default.nix @@ -1,7 +1,7 @@ { mkDerivation, lib, fetchFromGitLab, cmake, extra-cmake-modules , ki18n , kitemmodels -, oathToolkit +, oath-toolkit , qgpgme , plasma-framework , qt5 }: @@ -21,7 +21,7 @@ mkDerivation rec { buildInputs = [ ki18n kitemmodels - oathToolkit + oath-toolkit qgpgme plasma-framework qt5.qtbase diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 2ae688dc1b8f..f304e4ca4ebd 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -882,6 +882,7 @@ mapAliases ({ ### O ### + oathToolkit = oath-toolkit; # Added 2022-04-04 oracleXE = throw "oracleXE has been removed, as it's heavily outdated and unmaintained"; # Added 2020-10-09 OVMF-CSM = throw "OVMF-CSM has been removed in favor of OVMFFull"; # Added 2021-10-16 OVMF-secureBoot = throw "OVMF-secureBoot has been removed in favor of OVMFFull"; # Added 2021-10-16 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7335ad812740..3c074c3a8edb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8827,7 +8827,7 @@ with pkgs; oapi-codegen = callPackage ../tools/networking/oapi-codegen { }; - oathToolkit = callPackage ../tools/security/oath-toolkit { }; + oath-toolkit = callPackage ../tools/security/oath-toolkit { }; oatpp = callPackage ../development/libraries/oatpp { };