Commit Graph

17 Commits

Author SHA1 Message Date
stuebinm
ff1a94e523 treewide: add meta.mainProgram to packages with a single binary
The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
2024-03-19 03:14:51 +01:00
Anderson Torres
a9d73dea16 treewide: remove cstrahan from meta.maintainers - part 2
19 files modified with this removal
2023-10-04 22:20:58 -03:00
Adam Joseph
e2c555799c doas: drop patch, use dontAddStaticConfigureFlags instead
The configure script that comes with doas does not understand
`--disable-shared`, which nixpkgs sometimes adds to
`configureFlags`.

Previously, doas included a patch that would cause its configure
script to ignore this flag instead of rejecting it.  This commit
drops that patch and instead uses
`dontAddStaticConfigureFlags=false` (introduced in
b0b5ef7286) to prevent nixpkgs addingn
`--disable-shared` to doas' configureFlags.
2023-06-06 12:24:14 -07:00
Dmitry Bogatov
6fd104a8ad pkgsStatic.doas: fix build
* Patch configure script to not die on --disable-shared
 * Pass -laudit when building statically with PAM support. Upstream buiild
   system does not use pkg-config, unfortunately.
2022-11-08 15:55:02 -08:00
Cole Helbling
aaef5af8b9 doas: fix no-pam build with libxcrypt 2022-11-02 08:54:07 -07:00
Brian McKenna
cf74f5d089 doas: fix cross-compilation 2022-05-28 08:02:31 -05:00
Cole Helbling
7a75977e06 doas: 6.8.1 -> 6.8.2
https://github.com/Duncaen/OpenDoas/compare/v6.8.1...v6.8.2
2022-01-26 08:52:33 -08:00
Erik Arvstedt
781ab443c2
nixos/doas: fix recursive calls to doas
Previously, for processes launched by doas the unwrapped doas binary preceded the
setuid-wrapped doas binary in PATH.

This caused error `doas: not installed setuid` when running doas from
processes launched by doas.

doas seems to short-circuit the PATH lookup when called like
`doas -u myuser doas -u myuser ...` so the error doesn't appear in this case.
2021-08-12 14:40:22 +02:00
Cole Helbling
408b107b0c
doas: don't configure pamdir
In the future, doas won't ship PAM files (see
cfa9f0d3b3),
and we already configure PAM in the doas module. Configuring the pamdir
serves no purpose.
2021-02-04 11:19:56 -08:00
Cole Helbling
5a1c008bae doas: 6.8 -> 6.8.1
Most notably, addresses CVE-2019-25016.

https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1

https://github.com/Duncaen/OpenDoas/compare/v6.8...v6.8.1
2021-01-28 16:02:50 -08:00
Cole Helbling
caad9aba5a
doas: 6.6.1 -> 6.8
https://github.com/duncaen/opendoas/compare/v6.6.1...v6.8
2020-11-14 19:14:54 -08:00
Dmitry Bogatov
99de53b79b doas: add enablePAM option
New option "withPAM" controls whether to build support for pluggable
authetincation modules. Default value is "true", which correspond to
existing behaviour. Futhermore, with default configuration, this change
do not cause rebuild.
2020-10-08 23:20:37 -04:00
Cole Helbling
82f897333a
doas: add NixOS binary dirs to safe PATH
I recently tried to give myself passwordless `doas` for `virsh` commands
(starting, stopping, and editing VMs), but `doas` was complaining that
it didn't know what `virsh` was.

This patch adds `/run/current-system/sw/{s,}bin` and `/run/wrappers/bin`
to the safe path, allowing system binaries to be discovered and executed
properly.
2020-05-27 08:11:30 -07:00
Cole Helbling
0f8e972f01
doas: enable timestamp by default and set pamdir
* `--with-timestamp` enables the usage of the `persist` setting in
`doas.conf`. It is possible some people might not want this, so the flag
`withTimestamp` was added to control this.
* `--pamdir` copies the PAM files to `$out/etc/pam.d`. This may or may
not have a use in the future, but it removes a some errors from the
build (when it tries to copy these files to /etc/pam.d).
2020-05-17 11:42:50 -07:00
Cole Helbling
cf9a8bcc99
doas: 6.0 -> 6.6.1
https://github.com/Duncaen/OpenDoas/compare/v6.0...v6.6.1

There are a decent chunk of changes in there. I'm mostly interested in
5debef098b7ebba67da5db9fbb020a7cd0f90a7f, which fixes the parsing of
/proc/$pid/stat that is used to implement timestamping.
2020-05-02 11:31:44 +01:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Charles Strahan
4ca7f46863
doas: init at 6.0
Portable version of the OpenBSD `doas` command.
2017-11-07 16:34:50 -05:00