Merge branch 'nixpkgs-update' into master

author: Alyssa Ross <hi@alyssa.is> 2021-08-04 10:43:07 +0000
committer: Alyssa Ross <hi@alyssa.is> 2021-08-04 10:43:07 +0000
commit: 62614cbef7da005c1eda8c9400160f6bcd6546b8 (patch)
tree: c2630f69080637987b68acb1ee8676d2681fe304 /pkgs/os-specific/linux/pam
parent: d9c82ed3044c72cecf01c6ea042489d30914577c (diff)
parent: e24069138dfec3ef94f211f1da005bb5395adc11 (diff)
download: nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.gz
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.bz2
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.lz
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.xz
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.zst
nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.zip
2 files changed, 17 insertions, 55 deletions
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index fb969d7574a..fb993699494 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -1,34 +1,25 @@
-{ stdenv, buildPackages, fetchurl, fetchpatch, flex, cracklib, db4 }:
+{ lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext
+, nixosTests
+, withLibxcrypt ? false, libxcrypt
+}:
 
 stdenv.mkDerivation rec {
   pname = "linux-pam";
-  version = "1.3.1";
+  version = "1.5.1";
 
   src = fetchurl {
-    url    = "https://github.com/linux-pam/linux-pam/releases/download/v1.3.1/Linux-PAM-${version}.tar.xz";
-    sha256 = "1nyh9kdi3knhxcbv5v4snya0g3gff0m671lnvqcbygw3rm77mx7g";
+    url    = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz";
+    sha256 = "sha256-IB1AcwsRNbGzzeoJ8sKKxjTXMYHM0Bcs7d7jZJxXkvw=";
   };
 
-  patches = stdenv.lib.optionals (stdenv.hostPlatform.libc == "musl") [
-    (fetchpatch {
-      url = "https://git.alpinelinux.org/aports/plain/main/linux-pam/fix-compat.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc";
-      sha256 = "1h5yp5h2mqp1fcwiwwklyfpa69a3i03ya32pivs60fd7g5bqa7sf";
-    })
-    (fetchpatch {
-      url = "https://git.alpinelinux.org/aports/plain/main/linux-pam/libpam-fix-build-with-eglibc-2.16.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc";
-      sha256 = "1ib6shhvgzinjsc603k2x1lxh9dic6qq449fnk110gc359m23j81";
-    })
-    # From adelie's package repo, using local copy since it seems to be currently offline.
-    # (we previously used similar patch from void, but stopped working with update to 1.3.1)
-    ./musl-fix-pam_exec.patch
-  ];
-
   outputs = [ "out" "doc" "man" /* "modules" */ ];
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
-  nativeBuildInputs = [ flex ];
+  nativeBuildInputs = [ flex ]
+    ++ lib.optional stdenv.buildPlatform.isDarwin gettext;
 
-  buildInputs = [ cracklib db4 ];
+  buildInputs = [ cracklib db4 ]
+    ++ lib.optional withLibxcrypt libxcrypt;
 
   enableParallelBuilding = true;
 
@@ -44,7 +35,7 @@ stdenv.mkDerivation rec {
   # which is done by dlopening $out/lib/security/pam_foo.so
   # $out/etc was also missed: pam_env(login:session): Unable to open config file
 
-  preConfigure = stdenv.lib.optionalString (stdenv.hostPlatform.libc == "musl") ''
+  preConfigure = lib.optionalString (stdenv.hostPlatform.libc == "musl") ''
       # export ac_cv_search_crypt=no
       # (taken from Alpine linux, apparently insecure but also doesn't build O:))
       # disable insecure modules
@@ -63,7 +54,11 @@ stdenv.mkDerivation rec {
 
   doCheck = false; # fails
 
-  meta = with stdenv.lib; {
+  passthru.tests = {
+    inherit (nixosTests) pam-oath-login pam-u2f shadow;
+  };
+
+  meta = with lib; {
     homepage = "http://www.linux-pam.org/";
     description = "Pluggable Authentication Modules, a flexible mechanism for authenticating user";
     platforms = platforms.linux;
diff --git a/pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch b/pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch
deleted file mode 100644
index 194e47b9e5b..00000000000
--- a/pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- ./modules/pam_exec/pam_exec.c.orig
-+++ ./modules/pam_exec/pam_exec.c
-@@ -103,11 +103,14 @@
-   int optargc;
-   const char *logfile = NULL;
-   const char *authtok = NULL;
-+  char authtok_buf[PAM_MAX_RESP_SIZE+1];
-+
-   pid_t pid;
-   int fds[2];
-   int stdout_fds[2];
-   FILE *stdout_file = NULL;
- 
-+  memset(authtok_buf, 0, sizeof(authtok_buf));
-   if (argc < 1) {
-     pam_syslog (pamh, LOG_ERR,
- 		"This module needs at least one argument");
-@@ -180,12 +183,12 @@
- 	      if (resp)
- 		{
- 		  pam_set_item (pamh, PAM_AUTHTOK, resp);
--		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
-+		  authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
- 		  _pam_drop (resp);
- 		}
- 	    }
- 	  else
--	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
-+	    authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));
- 
- 	  if (pipe(fds) != 0)
- 	    {
-
author	Alyssa Ross <hi@alyssa.is>	2021-08-04 10:43:07 +0000
committer	Alyssa Ross <hi@alyssa.is>	2021-08-04 10:43:07 +0000
commit	62614cbef7da005c1eda8c9400160f6bcd6546b8 (patch)
tree	c2630f69080637987b68acb1ee8676d2681fe304 /pkgs/os-specific/linux/pam
parent	d9c82ed3044c72cecf01c6ea042489d30914577c (diff)
parent	e24069138dfec3ef94f211f1da005bb5395adc11 (diff)
download	nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.gz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.bz2 nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.lz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.xz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.zst nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.zip