Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pam_rssh: init at unstable-2023-01-09 #209962

Closed
wants to merge 1 commit into from
Closed

pam_rssh: init at unstable-2023-01-09 #209962

wants to merge 1 commit into from
+50 −0

Conversation

JamieMagee
Copy link
Member

Description of changes

An alternative to pam_ssh_agent_auth that offers support for FIDO2/U2F keys (ECDSA-SK + ED25519-SK). Support in pam_ssh_agent_auth has stalled jbeverly/pam_ssh_agent_auth#23

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@woffs
Copy link
Contributor

woffs commented Jan 26, 2023

would be great if we had this!
but building fails with

error: hash mismatch in fixed-output derivation '/nix/store/xpv5x9xs4x1fsphzqvh8n1zdy0f6bg7f-pam_rssh-unstable-2023-01-09-vendor.tar.gz.drv':
         specified: sha512-V0g0Fb30ejbfTFg5+0j2B9TGRqooyrGIZqOfCeqJSdS8VbeF5j0JkuHRICwGuWvAv5ieRVDF+ITgGd+Iuq+KnQ==
            got:    sha512-fvYjJvXKLEy1DRzY4iB2fkM863AV0UskA4mUVZgTzxL48P6eSThJt7RShRC75yoGLVvhcsU/xOcxs7NPmkwkVA==

@JamieMagee
Copy link
Member Author

@woffs I updated the hashes and dropped the cargo patch as it's merged upstream.

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/1920

SuperSandro2000
SuperSandro2000 reviewed Mar 9, 2023
View reviewed changes
pkgs/os-specific/linux/pam_rssh/default.nix
Comment on lines +32 to +40
doCheck = false;
# How do disable specific tests?
# checkFlags = [
# # Expects $USER and $SSH_AUTH_SOCK
# "--skip=lib::tests::sshagent_list_identities"
# "--skip=lib::tests::sshagent_auth"
# "--skip=lib::tests::sshagent_more_auth"
# "--skip=lib::tests::parse_user_authorized_keys"
# ];
Copy link
Member

@SuperSandro2000 SuperSandro2000 Mar 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
doCheck = false;
# How do disable specific tests?
# checkFlags = [
# # Expects $USER and $SSH_AUTH_SOCK
# "--skip=lib::tests::sshagent_list_identities"
# "--skip=lib::tests::sshagent_auth"
# "--skip=lib::tests::sshagent_more_auth"
# "--skip=lib::tests::parse_user_authorized_keys"
# ];
checkFlags = [
# Expects $USER and $SSH_AUTH_SOCK
"--skip=test_sshagent_list_identities"
"--skip=test_sshagent_auth"
"--skip=test_sshagent_more_auth"
"--skip=test_parse_user_authorized_keys"
];

that does not work?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, I get the following error:

Details 
error: environment variable `SSH_AUTH_SOCK` not defined
   --> src/lib.rs:198:42
    |
198 |         let mut agent = AgentClient::new(env!("SSH_AUTH_SOCK"));
    |                                          ^^^^^^^^^^^^^^^^^^^^^
    |
    = note: this error originates in the macro `env` (in Nightly builds, run with -Z macro-backtrace for more info)

error: environment variable `SSH_AUTH_SOCK` not defined
   --> src/lib.rs:213:42
    |
213 |         let mut agent = AgentClient::new(env!("SSH_AUTH_SOCK"));
    |                                          ^^^^^^^^^^^^^^^^^^^^^
    |
    = note: this error originates in the macro `env` (in Nightly builds, run with -Z macro-backtrace for more info)

error: environment variable `SSH_AUTH_SOCK` not defined
   --> src/lib.rs:235:42
    |
235 |         let mut agent = AgentClient::new(env!("SSH_AUTH_SOCK"));
    |                                          ^^^^^^^^^^^^^^^^^^^^^
    |
    = note: this error originates in the macro `env` (in Nightly builds, run with -Z macro-backtrace for more info)

error: environment variable `USER` not defined
   --> src/lib.rs:252:24
    |
252 |         let username = env!("USER");
    |                        ^^^^^^^^^^^^
    |
    = note: this error originates in the macro `env` (in Nightly builds, run with -Z macro-backtrace for more info)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you prefixing the tests with test_?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same error message ☹️

pkgs/os-specific/linux/pam_rssh/default.nix Show resolved Hide resolved
pkgs/os-specific/linux/pam_rssh/default.nix Show resolved Hide resolved
@JamieMagee JamieMagee mentioned this pull request Apr 8, 2023
Closed
@JamieMagee
Copy link
Member Author

@SuperSandro2000 I think this is ready for re-review, minus the tests.

@Kranzes Kranzes mentioned this pull request Jun 13, 2023
Merged
12 tasks
@Kranzes
Copy link
Member

Kranzes commented Jun 13, 2023

Implemented in ##237579

@Kranzes Kranzes closed this Jun 13, 2023
@JamieMagee JamieMagee deleted the pam_rssh branch June 13, 2023 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000

Assignees
No one assigned
Labels
8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer This PR was created by the maintainer of the package it changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@JamieMagee @woffs @nixos-discourse @Kranzes @SuperSandro2000