Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pam_gnupg: init at fbd75b7 #77002

Closed
wants to merge 3 commits into from
Closed

pam_gnupg: init at fbd75b7 #77002

wants to merge 3 commits into from
+38 −0

Conversation

ahesford
Copy link

@ahesford ahesford commented Jan 6, 2020
edited
Loading

Motivation for this change

The pam_gnupg module allows GPG keys to be unlocked during user authentication and session creation in PAM. This request adds a new package for pam_gnupg to nix, and modifies the PAM module in NixOS to add optional support for pam_gnupg to the system PAM configuration.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @prusnak

Sorry, something went wrong.

@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jan 6, 2020
@ahesford ahesford mentioned this pull request Jan 9, 2020
Closed
10 tasks
prusnak
prusnak requested changes Jan 9, 2020
View reviewed changes
pkgs/os-specific/linux/pam_gnupg/default.nix Outdated
{ stdenv, fetchgit, autoreconfHook, gnupg, pam } :

stdenv.mkDerivation rec {
name = "pam_gnupg-fbd75b7";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use this instead of name

pname = "pam_gnupg";
version = "unstable-2019-12-06";

nixos/modules/security/pam.nix Outdated
@@ -438,6 +441,8 @@ let
"session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.startSession
"session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
${optionalString config.security.pam.enableGnupg
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems you are mixing tabs and spaces here because the columns do not align.

nixos/modules/security/pam.nix Outdated
|| cfg.pamMount
|| cfg.enableKwallet
|| cfg.enableGnomeKeyring
|| cfg.googleAuthenticator.enable
|| cfg.duoSecurity.enable)) ''
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth
${optionalString config.security.pam.enableGnupg
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems you are mixing tabs and spaces here because the columns do not align.

nixos/modules/security/pam.nix Outdated
@@ -361,12 +361,15 @@ let
# We use try_first_pass the second time to avoid prompting password twice
(optionalString (cfg.unixAuth &&
(config.security.pam.enableEcryptfs
|| config.security.pam.enableGnupg
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems you are mixing tabs and spaces here because the columns do not align.

@ahesford
pam_gnupg: init at fbd75b7

Verified

This commit was signed with the committer’s verified signature. The key has expired.
infinisil Silvan Mosberger
GPG key ID: E8F1E9EAD284E17D
Expired
Verified
Learn about vigilant mode
e4e0510 
nixos/pam: add support for new pam_gnupg package in pam configs
@ahesford
pam_gnupg: fbd75b7 -> unstable-2019-12-06

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
12faef6 
Replace tabs with spaces and change unstable version numbering
@ahesford
Copy link
Author

ahesford commented Jan 9, 2020

@prusnak Thanks for the feedback; the requested changes have been made.

prusnak
prusnak requested changes Jan 9, 2020
View reviewed changes
pkgs/os-specific/linux/pam_gnupg/default.nix Outdated
Comment on lines 20 to 22
configurePhase = ''
./configure --prefix=$out --with-moduledir=$out/lib/security
'';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace with:

configureFlags = [ "--with-moduledir=$out/lib/security" ];

Copy link
Author

@ahesford ahesford Jan 9, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried this originally, but the build failed because the shell somehow expanded "$o" to an empty string and made moduledir "ut/lib/security". The configurePhase redefinition didn't cause the same problem. It turns out that using quoted braces around "out" when using configureFlags also solves the problem, so the latest commit adopts the correct form.

pkgs/os-specific/linux/pam_gnupg/default.nix Outdated
Comment on lines 16 to 18
preAutoreconf = ''
mkdir m4
'';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really necessary?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It silenced a warning during the build phase, but I removed it because it doesn't cause the build to fail.

@ahesford
Copy link
Author

I no longer have a NixOS installation and will be unable to respond meaningfully to further requests for changes.

@ahesford ahesford closed this Feb 10, 2020
@ahesford ahesford deleted the pam_gnupg branch February 10, 2020 17:17
@Janik-Haag Janik-Haag added the 12. first-time contribution This PR is the author's first one; please be gentle! label Jun 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prusnak prusnak

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 12. first-time contribution This PR is the author's first one; please be gentle!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ahesford @prusnak @Janik-Haag