| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
This gets the right shell in the closure.
By default, shadow wants to pull in the bash we are building it with,
while we would prefer it used the runtime bash.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of: https://github.com/NixOS/nixpkgs/issues/108938
meta = with stdenv.lib;
is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.
This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.
The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
|
| |
|
|
|
|
| |
https://nvd.nist.gov/vuln/detail/CVE-2019-19882
|
| |
|
| |
|
|
|
|
| |
gnome-doc-utils is no longer supported and requires Python 2.
|
|
|
|
| |
https://github.com/shadow-maint/shadow/releases/tag/4.7
|
| |
|
|
|
|
|
|
|
|
|
| |
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
|
|
|
|
|
|
|
| |
shadow uses a copy of m4 from gtk-doc so we need to apply the same
fix as in 407db7b0196417296677f2a4ef929bb092ec382b.
Also patch it to use the correct DocBook version.
|
|
|
|
|
| |
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With #36556, a check was introduced to make sure the user and group
names do not exceed their respective maximum length. This is in part
because systemd also enforces that length, but only at runtime.
So in general it's a good idea to catch as much as we can during
evaluation time, however the maximum length of the group name was set to
16 characters according groupadd(8).
The maximum length of the group names however is a compile-time option
and even systemd allows more than 16 characters. In the mentioned pull
request (#36556) there was already a report that this has broken
evaluation for people out there.
I have also checked what other distributions are doing and they set the
length to either 31 characters or 32 characters, the latter being more
common.
Unfortunately there is a difference between the maximum length enforced
by the shadow package and systemd, both for user name lengths and group
name lengths. However, systemd enforces both length to have a maximum of
31 characters and I'm not sure if this is intended or just a off-by-one
error in systemd.
Nevertheless, I choose 32 characters simply to bring it in par with the
maximum user name length.
For the NixOS assertion however, I use a maximum length of 31 to make
sure that nobody accidentally creates services that contain group names
that systemd considers invalid because of a length of 32 characters.
Signed-off-by: aszlig <aszlig@nix.build>
Closes: #38548
Cc: @vcunat, @fpletz, @qknight
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixes CVE-2017-12424
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This caused "useradd xyzzy" to produce a user with no shell:
xyzzy:x:1002:100::/home/xyzzy:
https://github.com/shadow-maint/shadow/pull/33
|
| |
|
|
|
|
|
|
|
|
|
| |
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.
It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
|
|
|
|
| |
This removes ~2 MiB from the minimal config.
|
|
|
|
| |
Build-tested on x86_64 Linux & Mac.
|
|
|
|
|
|
| |
The shadow package's shellPath wasn't detected properly
Fixes #16428
|
|
|
|
| |
This one is a bit special, it's used to deny users from logging in.
|
|
|
|
|
| |
Done mostly without any verification.
I didn't bother with libc}/include, as the path is still correct.
|
| |
|
|
|
|
| |
Fixes #2575 and closes #2586.
|
|
|
|
|
| |
Additionally, provide su with the base system and remove su from the
util-linux package as it is now provided by shadow.
|
| |
|
|
|
|
| |
Coreutils already provides this command.
|
|
|
|
| |
Fixes CVE-2005-4890 and CVE-2011-0721.
|
| |
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=30505
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=30482
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=29564
|
|
|
|
|
|
|
| |
prevented the nscd cache from being properly invalidated after a
change, so that e.g. `useradd x; id x' would fail.
svn path=/nixpkgs/trunk/; revision=22599
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
coreutils:
- Don't remove variables such as $PATH and $SHELL from the calling
environment (from upstream).
- When su is invoked with command line arguments for the shell
(e.g. "su - -c 'cmd'"), set argv[0] in the shell to "-su" or
"-<basename>" (as determined by the SU_NAME option in
/etc/login.defs). This is necessary to make Bash compiled with
the NON_INTERACTIVE_LOGIN_SHELLS option to read startup files.
- Don't set $PATH to /bin:/usr/bin but inherit the $PATH of the
caller.
svn path=/nixpkgs/trunk/; revision=22140
|
|
|
|
|
|
| |
might replace the pwdutils, pam_login and su packages in NixOS.
svn path=/nixpkgs/trunk/; revision=22103
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=7159
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=5535
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=4335
|
|
|
|
| |
svn path=/nixpkgs/trunk/; revision=3660
|
|
|
|
|
|
| |
gazillion different servers. Resurrected some 25 missing files.
svn path=/nixpkgs/trunk/; revision=2237
|
|
|
|
|
|
| |
files, whatever...
svn path=/nixpkgs/trunk/; revision=1729
|