diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-08-04 10:43:07 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-08-04 10:43:07 +0000 |
commit | 62614cbef7da005c1eda8c9400160f6bcd6546b8 (patch) | |
tree | c2630f69080637987b68acb1ee8676d2681fe304 /pkgs/os-specific/linux/pam | |
parent | d9c82ed3044c72cecf01c6ea042489d30914577c (diff) | |
parent | e24069138dfec3ef94f211f1da005bb5395adc11 (diff) | |
download | nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.gz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.bz2 nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.lz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.xz nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.tar.zst nixpkgs-62614cbef7da005c1eda8c9400160f6bcd6546b8.zip |
Merge branch 'nixpkgs-update' into master
Diffstat (limited to 'pkgs/os-specific/linux/pam')
-rw-r--r-- | pkgs/os-specific/linux/pam/default.nix | 39 | ||||
-rw-r--r-- | pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch | 33 |
2 files changed, 17 insertions, 55 deletions
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index fb969d7574a..fb993699494 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,34 +1,25 @@ -{ stdenv, buildPackages, fetchurl, fetchpatch, flex, cracklib, db4 }: +{ lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext +, nixosTests +, withLibxcrypt ? false, libxcrypt +}: stdenv.mkDerivation rec { pname = "linux-pam"; - version = "1.3.1"; + version = "1.5.1"; src = fetchurl { - url = "https://github.com/linux-pam/linux-pam/releases/download/v1.3.1/Linux-PAM-${version}.tar.xz"; - sha256 = "1nyh9kdi3knhxcbv5v4snya0g3gff0m671lnvqcbygw3rm77mx7g"; + url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz"; + sha256 = "sha256-IB1AcwsRNbGzzeoJ8sKKxjTXMYHM0Bcs7d7jZJxXkvw="; }; - patches = stdenv.lib.optionals (stdenv.hostPlatform.libc == "musl") [ - (fetchpatch { - url = "https://git.alpinelinux.org/aports/plain/main/linux-pam/fix-compat.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc"; - sha256 = "1h5yp5h2mqp1fcwiwwklyfpa69a3i03ya32pivs60fd7g5bqa7sf"; - }) - (fetchpatch { - url = "https://git.alpinelinux.org/aports/plain/main/linux-pam/libpam-fix-build-with-eglibc-2.16.patch?id=05a62bda8ec255d7049a2bd4cf0fdc4b32bdb2cc"; - sha256 = "1ib6shhvgzinjsc603k2x1lxh9dic6qq449fnk110gc359m23j81"; - }) - # From adelie's package repo, using local copy since it seems to be currently offline. - # (we previously used similar patch from void, but stopped working with update to 1.3.1) - ./musl-fix-pam_exec.patch - ]; - outputs = [ "out" "doc" "man" /* "modules" */ ]; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ flex ]; + nativeBuildInputs = [ flex ] + ++ lib.optional stdenv.buildPlatform.isDarwin gettext; - buildInputs = [ cracklib db4 ]; + buildInputs = [ cracklib db4 ] + ++ lib.optional withLibxcrypt libxcrypt; enableParallelBuilding = true; @@ -44,7 +35,7 @@ stdenv.mkDerivation rec { # which is done by dlopening $out/lib/security/pam_foo.so # $out/etc was also missed: pam_env(login:session): Unable to open config file - preConfigure = stdenv.lib.optionalString (stdenv.hostPlatform.libc == "musl") '' + preConfigure = lib.optionalString (stdenv.hostPlatform.libc == "musl") '' # export ac_cv_search_crypt=no # (taken from Alpine linux, apparently insecure but also doesn't build O:)) # disable insecure modules @@ -63,7 +54,11 @@ stdenv.mkDerivation rec { doCheck = false; # fails - meta = with stdenv.lib; { + passthru.tests = { + inherit (nixosTests) pam-oath-login pam-u2f shadow; + }; + + meta = with lib; { homepage = "http://www.linux-pam.org/"; description = "Pluggable Authentication Modules, a flexible mechanism for authenticating user"; platforms = platforms.linux; diff --git a/pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch b/pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch deleted file mode 100644 index 194e47b9e5b..00000000000 --- a/pkgs/os-specific/linux/pam/musl-fix-pam_exec.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- ./modules/pam_exec/pam_exec.c.orig -+++ ./modules/pam_exec/pam_exec.c -@@ -103,11 +103,14 @@ - int optargc; - const char *logfile = NULL; - const char *authtok = NULL; -+ char authtok_buf[PAM_MAX_RESP_SIZE+1]; -+ - pid_t pid; - int fds[2]; - int stdout_fds[2]; - FILE *stdout_file = NULL; - -+ memset(authtok_buf, 0, sizeof(authtok_buf)); - if (argc < 1) { - pam_syslog (pamh, LOG_ERR, - "This module needs at least one argument"); -@@ -180,12 +183,12 @@ - if (resp) - { - pam_set_item (pamh, PAM_AUTHTOK, resp); -- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); -+ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf)); - _pam_drop (resp); - } - } - else -- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); -+ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf)); - - if (pipe(fds) != 0) - { - |