The configure script that comes with doas does not understand
`--disable-shared`, which nixpkgs sometimes adds to
`configureFlags`.
Previously, doas included a patch that would cause its configure
script to ignore this flag instead of rejecting it. This commit
drops that patch and instead uses
`dontAddStaticConfigureFlags=false` (introduced in
b0b5ef7286) to prevent nixpkgs addingn
`--disable-shared` to doas' configureFlags.
* Patch configure script to not die on --disable-shared
* Pass -laudit when building statically with PAM support. Upstream buiild
system does not use pkg-config, unfortunately.
Previously, for processes launched by doas the unwrapped doas binary preceded the
setuid-wrapped doas binary in PATH.
This caused error `doas: not installed setuid` when running doas from
processes launched by doas.
doas seems to short-circuit the PATH lookup when called like
`doas -u myuser doas -u myuser ...` so the error doesn't appear in this case.
New option "withPAM" controls whether to build support for pluggable
authetincation modules. Default value is "true", which correspond to
existing behaviour. Futhermore, with default configuration, this change
do not cause rebuild.
I recently tried to give myself passwordless `doas` for `virsh` commands
(starting, stopping, and editing VMs), but `doas` was complaining that
it didn't know what `virsh` was.
This patch adds `/run/current-system/sw/{s,}bin` and `/run/wrappers/bin`
to the safe path, allowing system binaries to be discovered and executed
properly.
* `--with-timestamp` enables the usage of the `persist` setting in
`doas.conf`. It is possible some people might not want this, so the flag
`withTimestamp` was added to control this.
* `--pamdir` copies the PAM files to `$out/etc/pam.d`. This may or may
not have a use in the future, but it removes a some errors from the
build (when it tries to copy these files to /etc/pam.d).
https://github.com/Duncaen/OpenDoas/compare/v6.0...v6.6.1
There are a decent chunk of changes in there. I'm mostly interested in
5debef098b7ebba67da5db9fbb020a7cd0f90a7f, which fixes the parsing of
/proc/$pid/stat that is used to implement timestamping.