| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit d0c42dfa "pam: bind Linux-PAM locales from pam-specific folder
(upstream patch)" added autoreconfHook269 into one of the postPatch
phases.
This clobbered the change applied by `suid-wrapper-path.patch` as it was
patching Makefile.in.
As a result `nixosTests.sway` test started failing as:
check pass; user unknown
Running `swaylock` on real system exhibited the same result.
As `suid-wrapper-path.patch` is clobbered we were running non-suid
version of `unix_chkpwd`:
/nix/store/...-linux-pam-1.5.2/sbin/unix_chkpwd
instead of SUID-wrapped
/run/wrappers/bin/unix_chkpw
The fix is trivial: move the patch from auto-generated file to
`Makefile.am`.
Discovered-by: Yureka
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without the change `pam` packa looks up locales already registered via
`bindtextdomain()`:
- shadow: /nix/store/ymcln55n92xm25sk2pipqbcp5xghwc3j-shadow-4.13/share/locale/
- glibc: /nix/store/ibp4camsx1mlllwzh32yyqcq2r2xsy1a-glibc-2.37-8/share/locale
Note that there is no `pam` pne in the list.
The change adds extra lookup location:
- linux-pam: /nix/store/k1lvsb3vyw2ijk9naamnay5nwc4mibda-linux-pam-1.5.2/share/locale
Before the change:
$ LANGUAGE=fi su
Password:
su: Authentication failure
After the change:
$ LANGUAGE=fi ./result-su/bin/su
Salasana:
su: Tunnistautumisvirhe
|
| |
|
|
|
|
|
| |
Our PAM configuration now defaults to yescrypt, which requires
libxcrypt.
|
| |
|
|
|
|
|
|
| |
audit requires running linux-specific code during the build,
so it cannot be cross-compiled from darwin hosts. So we can only
enable audit support in pam when the buildPlatform is linux.
|
|\ |
|
| | |
|
|/ |
|
| |
|
|
|
|
| |
This allows building the pam_tty_audit module, among others
|
|
|
|
|
|
| |
This enables support for new password hashing functions in PAM.
A part of #112371.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See https://github.com/NixOS/nixpkgs/pull/109906#issuecomment-775630916.
These Alpine patches:
libpam-fix-build-with-eglibc-2.16.patch
fix-compat.patch
were removed in:
https://git.alpinelinux.org/aports/commit/main/linux-pam?id=9ba93cf3f515b4f0b9b3802b84d42c4e436afe8b
|
|\
| |
| | |
linux-pam: fix cross compilation on Darwin
|
| |
| |
| |
| |
| | |
A build-time tool is created, which requires libintl.h.
On Linux, libintl.h comes with glibc, but on Darwin, gettext is needed.
|
| |
| |
| |
| |
| |
| |
| | |
it looks like this build wasn't tested with musl-libc after upgrading to
1.5.1, and has been broken in this configuration since, as the removed
patch does not apply cleanly. the good news is it's been fixed upstream,
rendering it unnecessary.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of: https://github.com/NixOS/nixpkgs/issues/108938
meta = with stdenv.lib;
is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.
This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.
The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
So users don’t need to override the $out/etc/security files, we need
to manually set this to /etc. Override it in the install phase so that
we still get the example $out/etc/security files .
Fixes #76713
|
|
|
|
|
|
|
|
|
| |
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
|
|\
| |
| | |
libpam: fix w/musl after update to 1.3.1
|
| | |
|
|/
|
|
| |
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
|
|
|
|
|
| |
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It turns out none of this stuff is needed. The docs aren't evenly built
properly anyways so the build trivially succeeds either way, due to what
looks like upstream misunderstanding automake. If I try to build the
docs manually in a cross shell (before and after this change), there's a
make rule error such that some HTML files aren't even attempted to be
built and then a copy fails.
Even if this was all fixed, these been a good number of cross fixes
upstream getting them to use CC_FOR_BUILD and other good stuff, so I
doubt such hacks would be needed.
Progress towards #40531 and #33302.
|
| | |
|
|/
|
|
| |
trivial part)
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Ensure that we use the correct `ar` and add explicit dependency on the build CC.
(cherry picked from commit 5efb768011f6bce870f4ce814295a399d5a89c10)
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| | |
Many non-conflict problems weren't (fully) resolved in this commit yet.
|
| |
| |
| |
| | |
Fixes CVE-2015-3238
|
| | |
|
| |
| |
| |
| | |
libpam seems to need a reference to the modules anyway.
|
| | |
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
pkgs/applications/audio/flac/default.nix
pkgs/build-support/gcc-wrapper/builder.sh
pkgs/development/libraries/apr-util/default.nix
pkgs/development/libraries/apr/default.nix
pkgs/development/libraries/atk/default.nix
pkgs/development/libraries/freetype/default.nix
pkgs/development/libraries/gdk-pixbuf/default.nix
pkgs/development/libraries/glib/default.nix
pkgs/development/libraries/glibc/2.17/builder.sh
pkgs/development/libraries/glibc/2.17/locales.nix
pkgs/development/libraries/libjpeg/default.nix
pkgs/development/libraries/libogg/default.nix
pkgs/development/libraries/libsamplerate/default.nix
pkgs/development/libraries/libtiff/default.nix
pkgs/development/libraries/libvorbis/default.nix
pkgs/development/libraries/mesa/default.nix
pkgs/development/libraries/pango/default.nix
pkgs/development/web/nodejs/default.nix
pkgs/os-specific/linux/pam/default.nix
pkgs/os-specific/linux/systemd/default.nix
pkgs/stdenv/generic/setup.sh
pkgs/stdenv/linux/default.nix
pkgs/top-level/all-packages.nix
pkgs/top-level/release-small.nix
|
| | |
|
| | |
|
|/
|
|
| |
Clients of PAM can find the modules via /etc/pam.d.
|