summary refs log tree commit diff
path: root/pkgs/tools/security/yubikey-agent
diff options
context:
space:
mode:
authorPhilip Potter <philip.g.potter@gmail.com>2021-04-16 16:19:18 +0100
committerPhilip Potter <philip.g.potter@gmail.com>2021-04-16 20:45:55 +0100
commitdfb0999f7355c9caa40eee45b87bfc9071e09fdc (patch)
tree8092cc6989aa7833b1561a8c2801ce8b2a87e39f /pkgs/tools/security/yubikey-agent
parente019872af81e4013fd518fcacfba74b1de21a50e (diff)
downloadnixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.tar
nixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.tar.gz
nixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.tar.bz2
nixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.tar.lz
nixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.tar.xz
nixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.tar.zst
nixpkgs-dfb0999f7355c9caa40eee45b87bfc9071e09fdc.zip
yubikey-agent: fix systemd unit
I was getting problems with the unit failing to start due to NAMESPACE
or CAPABILITIES permissions.

Upstream now provides a systemd unit file in the repo, we should use that
one, and that one works for me.
Diffstat (limited to 'pkgs/tools/security/yubikey-agent')
-rw-r--r--pkgs/tools/security/yubikey-agent/default.nix10
-rw-r--r--pkgs/tools/security/yubikey-agent/yubikey-agent.service35
2 files changed, 5 insertions, 40 deletions
diff --git a/pkgs/tools/security/yubikey-agent/default.nix b/pkgs/tools/security/yubikey-agent/default.nix
index d4f3e1567ca..305f5a4fe79 100644
--- a/pkgs/tools/security/yubikey-agent/default.nix
+++ b/pkgs/tools/security/yubikey-agent/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "yubikey-agent";
-  version = "0.1.3";
+  version = "unstable-2021-02-18";
 
   src = fetchFromGitHub {
     owner = "FiloSottile";
     repo = pname;
-    rev = "v${version}";
-    sha256 = "07gix5wrakn4z846zhvl66lzwx58djrfnn6m8v7vc69l9jr3kihr";
+    rev = "8cadc13d107757f8084d9d2b93ea64ff0c1748e8";
+    sha256 = "1lklgq9qkqil5s0g56wbhs0vpr9c1bd4ir7bkrjwqj75ygxim8ml";
   };
 
   buildInputs =
@@ -25,7 +25,7 @@ buildGoModule rec {
     substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send
   '';
 
-  vendorSha256 = "128mlsagj3im6h0p0ndhzk29ya47g19im9dldx3nmddf2jlccj2h";
+  vendorSha256 = "1zx1w2is61471v4dlmr4wf714zqsc8sppik671p7s4fis5vccsca";
 
   doCheck = false;
 
@@ -42,7 +42,7 @@ buildGoModule rec {
   # See https://github.com/FiloSottile/yubikey-agent/pull/43
   + lib.optionalString stdenv.isLinux ''
     mkdir -p $out/lib/systemd/user
-    substitute ${./yubikey-agent.service} $out/lib/systemd/user/yubikey-agent.service \
+    substitute contrib/systemd/user/yubikey-agent.service $out/lib/systemd/user/yubikey-agent.service \
       --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent"
   '';
 
diff --git a/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/pkgs/tools/security/yubikey-agent/yubikey-agent.service
deleted file mode 100644
index 7a91f902544..00000000000
--- a/pkgs/tools/security/yubikey-agent/yubikey-agent.service
+++ /dev/null
@@ -1,35 +0,0 @@
-[Unit]
-Description=Seamless ssh-agent for YubiKeys
-Documentation=https://filippo.io/yubikey-agent
-
-[Service]
-ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock
-ExecReload=/bin/kill -HUP $MAINPID
-ProtectSystem=strict
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectControlGroups=yes
-ProtectClock=yes
-ProtectHostname=yes
-PrivateTmp=yes
-PrivateDevices=yes
-PrivateUsers=yes
-IPAddressDeny=any
-RestrictAddressFamilies=AF_UNIX
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-LockPersonality=yes
-CapabilityBoundingSet=
-SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
-SystemCallErrorNumber=EPERM
-SystemCallArchitectures=native
-NoNewPrivileges=yes
-KeyringMode=private
-UMask=0177
-RuntimeDirectory=yubikey-agent
-
-[Install]
-WantedBy=default.target
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-04 18:17:43 +0000