duosec: fix module [20.03] #87006
duosec: fix module [20.03] #87006
Conversation
oh dear. how do i go about backporting this module? |
|
@reanimus as long as you only use this on a single user machine with either an encrypted drive (or physically secure) you shouldn't need to worry too much... but in any other scenario see https://nixos.org/nixos/manual/index.html#sec-replace-modules Specifically: Regardless... can I get you to test this so I can merge? 😄 |
|
@aanderse it's an internet-facing server so I'd prefer to be safe. thanks for the heads up. I just tested This looks fine. I'll see about cherry-picking the module now. Thanks! |
| }; | ||
| }; | ||
|
|
||
| pamCfgFile = optional cfg.pam.enable { |
There was a problem hiding this comment.
Uhm, loginCfgFile is an attrset but the optional here is producing a list. It shouldn't be an error yet: loaOf is deprecated but it should just raise a warning, not sure what's going on here.
In any case this is the proper fix for the future removal of loaOf.
There was a problem hiding this comment.
Yeah... wild stab in the dark. Not worth effort as master is different anyways. Thanks for taking a look!
Motivation for this change
#86852
@reanimus I'm looking to you for all testing relating to this. Also a big FYI you probably shouldn't be using this module from
20.03or before as it leaks sensitive data into the nix store. I would highly suggest cherry picking this module from20.09(currentunstable).If I had to guess I would wonder if #63103 was the culprit for the error you experienced... but I'm not going to spend any time investigating or thinking about it as this is a non issue in
master🤷♂️Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)