cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #264369 from RaitoBezarius/drop-pamusb

Browse source 
pam_usb, nixos/pam-usb: drop
This commit is contained in:
Ryan Lahfa 2024-02-08 04:26:23 +01:00 committed by GitHub
commit f5c054af12
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 3 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/module-list.nix
View file

@ -317,7 +317,6 @@
./security/oath.nix ./security/oath.nix
./security/pam.nix ./security/pam.nix
./security/pam_mount.nix ./security/pam_mount.nix
./security/pam_usb.nix
./security/please.nix ./security/please.nix
./security/polkit.nix ./security/polkit.nix
./security/rngd.nix ./security/rngd.nix

12
nixos/modules/security/pam.nix
View file

@ -205,17 +205,6 @@ let
}; };
}; };
usbAuth = mkOption {
default = config.security.pam.usb.enable;
defaultText = literalExpression "config.security.pam.usb.enable";
type = types.bool;
description = lib.mdDoc ''
If set, users listed in
{file}`/etc/pamusb.conf` are able to log in
with the associated USB key.
'';
};
otpwAuth = mkOption { otpwAuth = mkOption {
default = config.security.pam.enableOTPW; default = config.security.pam.enableOTPW;
defaultText = literalExpression "config.security.pam.enableOTPW"; defaultText = literalExpression "config.security.pam.enableOTPW";
@ -665,7 +654,6 @@ let
authfile = u2f.authFile; authfile = u2f.authFile;
appid = u2f.appId; appid = u2f.appId;
}; }) }; })
{ name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; }
(let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = { (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = {
ca_file = ussh.caFile; ca_file = ussh.caFile;
authorized_principals = ussh.authorizedPrincipals; authorized_principals = ussh.authorizedPrincipals;

51
nixos/modules/security/pam_usb.nix
View file

@ -1,51 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.security.pam.usb;
anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
in
{
options = {
security.pam.usb = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable USB login for all login systems that support it. For
more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>.
'';
};
};
};
config = mkIf (cfg.enable || anyUsbAuth) {
# Make sure pmount and pumount are setuid wrapped.
security.wrappers = {
pmount =
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.pmount.out}/bin/pmount";
};
pumount =
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.pmount.out}/bin/pumount";
};
};
environment.systemPackages = [ pkgs.pmount ];
};
}

81
pkgs/os-specific/linux/pam_usb/default.nix
View file

@ -1,81 +0,0 @@
{ lib, stdenv, fetchurl, makeWrapper, dbus, libxml2, pam, pkg-config, pmount, python2Packages, writeScript, runtimeShell }:
let
# Search in the environment if the same program exists with a set uid or
# set gid bit. If it exists, run the first program found, otherwise run
# the default binary.
useSetUID = drv: path:
let
name = baseNameOf path;
bin = "${drv}${path}";
in assert name != "";
writeScript "setUID-${name}" ''
#!${runtimeShell}
inode=$(stat -Lc %i ${bin})
for file in $(type -ap ${name}); do
case $(stat -Lc %a $file) in
([2-7][0-7][0-7][0-7])
if test -r "$file".real; then
orig=$(cat "$file".real)
if test $inode = $(stat -Lc %i "$orig"); then
exec "$file" "$@"
fi
fi;;
esac
done
exec ${bin} "$@"
'';
pmountBin = useSetUID pmount "/bin/pmount";
pumountBin = useSetUID pmount "/bin/pumount";
inherit (python2Packages) python dbus-python;
in
stdenv.mkDerivation rec {
pname = "pam_usb";
version = "0.5.0";
src = fetchurl {
url = "mirror://sourceforge/pamusb/pam_usb-${version}.tar.gz";
sha256 = "1g1w0s9d8mfld8abrn405ll5grv3xgs0b0hsganrz6qafdq9j7q1";
};
nativeBuildInputs = [
makeWrapper
pkg-config
];
buildInputs = [
# pam_usb dependencies
dbus libxml2 pam pmount
# pam_usb's tools dependencies
python
# cElementTree is included with python 2.5 and later.
];
preBuild = ''
makeFlagsArray=(DESTDIR=$out)
substituteInPlace ./src/volume.c \
--replace 'pmount' '${pmountBin}' \
--replace 'pumount' '${pumountBin}'
'';
# pmount is append to the PATH because pmounts binaries should have a set uid bit.
postInstall = ''
mv $out/usr/* $out/. # fix color */
rm -rf $out/usr
for prog in $out/bin/pamusb-conf $out/bin/pamusb-agent; do
substituteInPlace $prog --replace '/usr/bin/env python' '/bin/python'
wrapProgram $prog \
--prefix PYTHONPATH : "$(toPythonPath ${dbus-python})"
done
'';
meta = {
homepage = "http://pamusb.org/";
description = "Authentication using USB Flash Drives";
license = lib.licenses.gpl2;
platforms = lib.platforms.linux;
};
}

5
pkgs/top-level/aliases.nix
View file

@ -799,12 +799,13 @@ mapAliases ({
### P ### ### P ###
packet-cli = metal-cli; # Added 2021-10-25
PageEdit = pageedit; # Added 2024-01-21 PageEdit = pageedit; # Added 2024-01-21
packet-cli = metal-cli; # Added 2021-10-25
palemoon = throw "palemoon has been dropped due to python2 being EOL and marked insecure. Use 'palemoon-bin' instead"; # Added 2023-05-18 palemoon = throw "palemoon has been dropped due to python2 being EOL and marked insecure. Use 'palemoon-bin' instead"; # Added 2023-05-18
pam_usb = throw "'pam_usb' has been removed: abandoned by upstream since 2015."; # Added 2023-10-30
paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03
paperless = paperless-ngx; # Added 2021-06-06 paperless = paperless-ngx; # Added 2021-06-06
paperless-ng = paperless-ngx; # Added 2022-04-11 paperless-ng = paperless-ngx; # Added 2022-04-11
paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03
parity = openethereum; # Added 2020-08-01 parity = openethereum; # Added 2020-08-01
partition-manager = libsForQt5.partitionmanager; # Added 2024-01-08 partition-manager = libsForQt5.partitionmanager; # Added 2024-01-08
pash = throw "'pash' has been removed: abandoned by upstream. Use 'powershell' instead"; # Added 2023-09-16 pash = throw "'pash' has been removed: abandoned by upstream. Use 'powershell' instead"; # Added 2023-09-16

2
pkgs/top-level/all-packages.nix
View file

@ -28385,8 +28385,6 @@ with pkgs;
pam_u2f = callPackage ../os-specific/linux/pam_u2f { }; pam_u2f = callPackage ../os-specific/linux/pam_u2f { };
pam_usb = callPackage ../os-specific/linux/pam_usb { };
pam_ussh = callPackage ../os-specific/linux/pam_ussh { }; pam_ussh = callPackage ../os-specific/linux/pam_ussh { };
paxctl = callPackage ../os-specific/linux/paxctl { }; paxctl = callPackage ../os-specific/linux/paxctl { };