From 2d78f55438ee1d5d7683c0572ddc79dc3cd62a2a Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Mon, 30 Oct 2023 15:37:56 +0100
Subject: [PATCH] pam_usb, nixos/pam-usb: drop

`security.pam.usb` is broken anyway and upstream has abandoned the software.
---
 nixos/modules/module-list.nix              |  1 -
 nixos/modules/security/pam.nix             | 12 ----
 nixos/modules/security/pam_usb.nix         | 51 --------------
 pkgs/os-specific/linux/pam_usb/default.nix | 81 ----------------------
 pkgs/top-level/aliases.nix                 |  5 +-
 pkgs/top-level/all-packages.nix            |  2 -
 6 files changed, 3 insertions(+), 149 deletions(-)
 delete mode 100644 nixos/modules/security/pam_usb.nix
 delete mode 100644 pkgs/os-specific/linux/pam_usb/default.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 2996da3c2d55..1384c7c6dfa2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -317,7 +317,6 @@
   ./security/oath.nix
   ./security/pam.nix
   ./security/pam_mount.nix
-  ./security/pam_usb.nix
   ./security/please.nix
   ./security/polkit.nix
   ./security/rngd.nix
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index f809848fd428..ed03254cb5ee 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -205,17 +205,6 @@ let
         };
       };
 
-      usbAuth = mkOption {
-        default = config.security.pam.usb.enable;
-        defaultText = literalExpression "config.security.pam.usb.enable";
-        type = types.bool;
-        description = lib.mdDoc ''
-          If set, users listed in
-          {file}`/etc/pamusb.conf` are able to log in
-          with the associated USB key.
-        '';
-      };
-
       otpwAuth = mkOption {
         default = config.security.pam.enableOTPW;
         defaultText = literalExpression "config.security.pam.enableOTPW";
@@ -665,7 +654,6 @@ let
             authfile = u2f.authFile;
             appid = u2f.appId;
           }; })
-          { name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; }
           (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = {
             ca_file = ussh.caFile;
             authorized_principals = ussh.authorizedPrincipals;
diff --git a/nixos/modules/security/pam_usb.nix b/nixos/modules/security/pam_usb.nix
deleted file mode 100644
index 4275c26c6bda..000000000000
--- a/nixos/modules/security/pam_usb.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.security.pam.usb;
-
-  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
-
-in
-
-{
-  options = {
-
-    security.pam.usb = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = lib.mdDoc ''
-          Enable USB login for all login systems that support it.  For
-          more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>.
-        '';
-      };
-
-    };
-
-  };
-
-  config = mkIf (cfg.enable || anyUsbAuth) {
-
-    # Make sure pmount and pumount are setuid wrapped.
-    security.wrappers = {
-      pmount =
-        { setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount.out}/bin/pmount";
-        };
-      pumount =
-        { setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount.out}/bin/pumount";
-        };
-    };
-
-    environment.systemPackages = [ pkgs.pmount ];
-
-  };
-}
diff --git a/pkgs/os-specific/linux/pam_usb/default.nix b/pkgs/os-specific/linux/pam_usb/default.nix
deleted file mode 100644
index 1264894ad0c9..000000000000
--- a/pkgs/os-specific/linux/pam_usb/default.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-{ lib, stdenv, fetchurl, makeWrapper, dbus, libxml2, pam, pkg-config, pmount, python2Packages, writeScript, runtimeShell }:
-
-let
-
-  # Search in the environment if the same program exists with a set uid or
-  # set gid bit.  If it exists, run the first program found, otherwise run
-  # the default binary.
-  useSetUID = drv: path:
-    let
-      name = baseNameOf path;
-      bin = "${drv}${path}";
-    in assert name != "";
-      writeScript "setUID-${name}" ''
-        #!${runtimeShell}
-        inode=$(stat -Lc %i ${bin})
-        for file in $(type -ap ${name}); do
-          case $(stat -Lc %a $file) in
-            ([2-7][0-7][0-7][0-7])
-              if test -r "$file".real; then
-                orig=$(cat "$file".real)
-                if test $inode = $(stat -Lc %i "$orig"); then
-                  exec "$file" "$@"
-                fi
-              fi;;
-          esac
-        done
-        exec ${bin} "$@"
-      '';
-
-  pmountBin = useSetUID pmount "/bin/pmount";
-  pumountBin = useSetUID pmount "/bin/pumount";
-  inherit (python2Packages) python dbus-python;
-in
-
-stdenv.mkDerivation rec {
-  pname = "pam_usb";
-  version = "0.5.0";
-
-  src = fetchurl {
-    url = "mirror://sourceforge/pamusb/pam_usb-${version}.tar.gz";
-    sha256 = "1g1w0s9d8mfld8abrn405ll5grv3xgs0b0hsganrz6qafdq9j7q1";
-  };
-
-  nativeBuildInputs = [
-    makeWrapper
-    pkg-config
-  ];
-
-  buildInputs = [
-    # pam_usb dependencies
-    dbus libxml2 pam pmount
-    # pam_usb's tools dependencies
-    python
-    # cElementTree is included with python 2.5 and later.
-  ];
-
-  preBuild = ''
-    makeFlagsArray=(DESTDIR=$out)
-    substituteInPlace ./src/volume.c \
-      --replace 'pmount' '${pmountBin}' \
-      --replace 'pumount' '${pumountBin}'
-  '';
-
-  # pmount is append to the PATH because pmounts binaries should have a set uid bit.
-  postInstall = ''
-    mv $out/usr/* $out/. # fix color */
-    rm -rf $out/usr
-    for prog in $out/bin/pamusb-conf $out/bin/pamusb-agent; do
-      substituteInPlace $prog --replace '/usr/bin/env python' '/bin/python'
-      wrapProgram $prog \
-        --prefix PYTHONPATH : "$(toPythonPath ${dbus-python})"
-    done
-  '';
-
-  meta = {
-    homepage = "http://pamusb.org/";
-    description = "Authentication using USB Flash Drives";
-    license = lib.licenses.gpl2;
-    platforms = lib.platforms.linux;
-  };
-}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 7b5c94d9a9e6..f73fe2674795 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -799,12 +799,13 @@ mapAliases ({
 
   ### P ###
 
-  packet-cli = metal-cli; # Added 2021-10-25
   PageEdit = pageedit; # Added 2024-01-21
+  packet-cli = metal-cli; # Added 2021-10-25
   palemoon = throw "palemoon has been dropped due to python2 being EOL and marked insecure. Use 'palemoon-bin' instead"; # Added 2023-05-18
+  pam_usb = throw "'pam_usb' has been removed: abandoned by upstream since 2015."; # Added 2023-10-30
+  paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03
   paperless = paperless-ngx; # Added 2021-06-06
   paperless-ng = paperless-ngx; # Added 2022-04-11
-  paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03
   parity = openethereum; # Added 2020-08-01
   partition-manager = libsForQt5.partitionmanager; # Added 2024-01-08
   pash = throw "'pash' has been removed: abandoned by upstream. Use 'powershell' instead"; # Added 2023-09-16
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 366091870825..8b6967be929e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -28389,8 +28389,6 @@ with pkgs;
 
   pam_u2f = callPackage ../os-specific/linux/pam_u2f { };
 
-  pam_usb = callPackage ../os-specific/linux/pam_usb { };
-
   pam_ussh = callPackage ../os-specific/linux/pam_ussh { };
 
   paxctl = callPackage ../os-specific/linux/paxctl { };