From 2d17a968053a968667457f06971577fe002385c0 Mon Sep 17 00:00:00 2001
From: Garry Filakhtov <filakhtov@gmail.com>
Date: Tue, 21 Feb 2023 18:30:26 +1100
Subject: systemd: make PAM integration optional

Expose a new `withPam` option to allow enabling and disabling
integration with PAM stack, including the `systemd-user-sessions` daemon
and the associated `.service` file, as well as `pam_systemd.so` PAM
module for integration with `systemd-logind` and user session
registration with the systemd cgroup hierarchy.
---
 pkgs/os-specific/linux/systemd/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'pkgs/os-specific/linux/systemd/default.nix')

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index f8f2375a150..9b119c10f5f 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -106,6 +106,7 @@
 , withNetworkd ? true
 , withNss ? !stdenv.hostPlatform.isMusl
 , withOomd ? true
+, withPam ? true
 , withPCRE2 ? true
 , withPolkit ? true
 , withPortabled ? !stdenv.hostPlatform.isMusl
@@ -132,6 +133,7 @@
 assert withImportd -> withCompression;
 assert withCoredump -> withCompression;
 assert withHomed -> withCryptsetup;
+assert withHomed -> withPam;
 
 let
   wantCurl = withRemote || withImportd;
@@ -384,7 +386,6 @@ stdenv.mkDerivation (finalAttrs: {
       libcap
       libuuid
       linuxHeaders
-      pam
       bashInteractive # for patch shebangs
     ]
 
@@ -402,6 +403,7 @@ stdenv.mkDerivation (finalAttrs: {
     ++ lib.optional withLibidn2 libidn2
     ++ lib.optional withLibseccomp libseccomp
     ++ lib.optional withNetworkd iptables
+    ++ lib.optional withPam pam
     ++ lib.optional withPCRE2 pcre2
     ++ lib.optional withSelinux libselinux
     ++ lib.optional withRemote libmicrohttpd
@@ -427,6 +429,7 @@ stdenv.mkDerivation (finalAttrs: {
     "-Ddbuspolicydir=${placeholder "out"}/share/dbus-1/system.d"
     "-Ddbussessionservicedir=${placeholder "out"}/share/dbus-1/services"
     "-Ddbussystemservicedir=${placeholder "out"}/share/dbus-1/system-services"
+    "-Dpam=${lib.boolToString withPam}"
     "-Dpamconfdir=${placeholder "out"}/etc/pam.d"
     "-Drootprefix=${placeholder "out"}"
     "-Dpkgconfiglibdir=${placeholder "dev"}/lib/pkgconfig"
-- 
cgit 1.4.1