pam_gnupg: init at fbd75b7 #77002
pam_gnupg: init at fbd75b7 #77002
Conversation
| { stdenv, fetchgit, autoreconfHook, gnupg, pam } : | ||
|
|
||
| stdenv.mkDerivation rec { | ||
| name = "pam_gnupg-fbd75b7"; |
There was a problem hiding this comment.
Use this instead of name
pname = "pam_gnupg";
version = "unstable-2019-12-06";
nixos/modules/security/pam.nix
Outdated
| @@ -438,6 +441,8 @@ let | |||
| "session optional ${pkgs.otpw}/lib/security/pam_otpw.so"} | |||
| ${optionalString cfg.startSession | |||
| "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"} | |||
| ${optionalString config.security.pam.enableGnupg | |||
There was a problem hiding this comment.
It seems you are mixing tabs and spaces here because the columns do not align.
nixos/modules/security/pam.nix
Outdated
| || cfg.pamMount | ||
| || cfg.enableKwallet | ||
| || cfg.enableGnomeKeyring | ||
| || cfg.googleAuthenticator.enable | ||
| || cfg.duoSecurity.enable)) '' | ||
| auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth | ||
| ${optionalString config.security.pam.enableGnupg |
There was a problem hiding this comment.
It seems you are mixing tabs and spaces here because the columns do not align.
nixos/modules/security/pam.nix
Outdated
| @@ -361,12 +361,15 @@ let | |||
| # We use try_first_pass the second time to avoid prompting password twice | |||
| (optionalString (cfg.unixAuth && | |||
| (config.security.pam.enableEcryptfs | |||
| || config.security.pam.enableGnupg | |||
There was a problem hiding this comment.
It seems you are mixing tabs and spaces here because the columns do not align.
nixos/pam: add support for new pam_gnupg package in pam configs
Replace tabs with spaces and change unstable version numbering
|
@prusnak Thanks for the feedback; the requested changes have been made. |
| configurePhase = '' | ||
| ./configure --prefix=$out --with-moduledir=$out/lib/security | ||
| ''; |
There was a problem hiding this comment.
replace with:
configureFlags = [ "--with-moduledir=$out/lib/security" ];
There was a problem hiding this comment.
I tried this originally, but the build failed because the shell somehow expanded "$o" to an empty string and made moduledir "ut/lib/security". The configurePhase redefinition didn't cause the same problem. It turns out that using quoted braces around "out" when using configureFlags also solves the problem, so the latest commit adopts the correct form.
| preAutoreconf = '' | ||
| mkdir m4 | ||
| ''; |
There was a problem hiding this comment.
It silenced a warning during the build phase, but I removed it because it doesn't cause the build to fail.
|
I no longer have a NixOS installation and will be unable to respond meaningfully to further requests for changes. |
Motivation for this change
The pam_gnupg module allows GPG keys to be unlocked during user authentication and session creation in PAM. This request adds a new package for pam_gnupg to nix, and modifies the PAM module in NixOS to add optional support for pam_gnupg to the system PAM configuration.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @prusnak