Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doas: add enablePAM option #94040

Merged
merged 1 commit into from Oct 15, 2020
Merged

doas: add enablePAM option #94040

merged 1 commit into from Oct 15, 2020

Conversation

KAction
Copy link
Contributor

@KAction KAction commented Jul 27, 2020

New option "enablePAM" controls whether to build support for pluggable
authetincation modules. Default value is "true", which correspond to
existing behaviour. Futhermore, with default configuration, this change
do not cause rebuild.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@KAction
Copy link
Contributor Author

KAction commented Oct 7, 2020

@cole-h @cstrahan Can you please review and merge this change?

cole-h
cole-h requested changes Oct 7, 2020
View reviewed changes
pkgs/tools/security/doas/default.nix Outdated
, enablePAM ? true

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keeping with the established style of the file:

Suggested change
, enablePAM ? true
, withPAM ? true

pkgs/tools/security/doas/default.nix Outdated
@@ -24,7 +25,7 @@ stdenv.mkDerivation rec {
configureFlags = [
(lib.optionalString withTimestamp "--with-timestamp") # to allow the "persist" setting
"--pamdir=${placeholder "out"}/etc/pam.d"
];
] ++ lib.optional (!enablePAM) "--without-pam";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer this went inside the configureFlags list, just as withTimestamp above.

@KAction
doas: add enablePAM option
99de53b 
New option "withPAM" controls whether to build support for pluggable
authetincation modules. Default value is "true", which correspond to
existing behaviour. Futhermore, with default configuration, this change
do not cause rebuild.
@KAction
Copy link
Contributor Author

KAction commented Oct 9, 2020

@cole-h Applied your suggestions.

cole-h
cole-h approved these changes Oct 9, 2020
View reviewed changes
Copy link
Member

@cole-h cole-h left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks. One minor question below, but approval stands either way.

[2 built, 1 copied (0.1 MiB), 0.0 MiB DL]
https://github.com/NixOS/nixpkgs/pull/94040
1 package built:
doas

pkgs/tools/security/doas/default.nix
@@ -23,6 +24,7 @@ stdenv.mkDerivation rec {

configureFlags = [
(lib.optionalString withTimestamp "--with-timestamp") # to allow the "persist" setting
(lib.optionalString (!withPAM) "--without-pam")
"--pamdir=${placeholder "out"}/etc/pam.d"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also gate this with lib.optionalString withPAM "..."?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, upstream build system defaults to "--with-pam", so it is not strictly necessary.

@KAction
Copy link
Contributor Author

KAction commented Oct 10, 2020
edited

Ofborg seems unhappy, but I don't understand why: attribute 'providerSourceAddress' missing. What should I do about it?

@cole-h
Copy link
Member

cole-h commented Oct 10, 2020

@ofborg eval

Master was broken a few times yesterday, causing this issue.

@ofborg ofborg bot requested review from cstrahan and cole-h October 10, 2020 17:03
@KAction
Copy link
Contributor Author

KAction commented Oct 14, 2020

@cole-h Looks like everything is ready now.

@samueldr samueldr merged commit f3e4fc9 into NixOS:master Oct 15, 2020
@KAction KAction deleted the doas-nopam branch October 29, 2021 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cole-h cole-h cole-h approved these changes

@cstrahan cstrahan Awaiting requested review from cstrahan

@adisbladis adisbladis Awaiting requested review from adisbladis

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@KAction @cole-h @samueldr