`allowKeysForGroup` is no longer available so this drops
```
security.acme.certs."example.com".allowKeysForGroup = true;
```
line. `SupplementaryGroups` should be enough for
allowing access to certificates.
According to the ABNF grammar for PEM files described in [RFC
7468][1], an eol character (i.e. a newline) is not mandatory after the
posteb line (i.e. "-----END CERTIFICATE-----" in the case of
certificates).
This commit makes our CA certificate bundler expression account for
the possibility that files in config.security.pki.certificateFiles
might not have final newlines, by using `awk` instead of `cat` to
concatenate them. (`awk` prints a final newline from each input file
even if the file doesn't end with a newline.)
[1]: https://datatracker.ietf.org/doc/html/rfc7468#section-3
While looking at the sphinx package I noticed it was heavily
undermaintained, which is when we noticed nand0p has been inactive for
roughly 18 months. It is therefore prudent to assume they will not be
maintaining their packages, modules and tests.
- Their last contribution to nixpkgs was in 2019/12
- On 2021/05/08 I wrote them an email to the address listed in the
maintainer-list, which they didn't reply to.
- Thunderbird 68 has been dropped on master.
- gccCrossLibcStdenv has been factored out on staging-next in all-packages.nix, while the file has been re-formatted on master.
Most programs already run natively under Wayland so extraSessionCommands
isn't as important anymore. XWayland is already covered by
"programs.xwayland.enable = mkDefault true;" in the module.
This should make it easier to get started.
The xdg-desktop-portal backend for wlroots is required and one needs to
"make sure WAYLAND_DISPLAY and XDG_CURRENT_DESKTOP are imported into
D-Bus." [0]
[0]: efcbcb60aa/README.md (running)
This reverts commit 6f6b2cdc98.
Version wasn't updated, and apparently a patch didn't apply. Let's do
this upgrade properly, in a PR, but for now I'm reverting so we don't
have a broken nix package in master.
Well, this should test if the database is encrypted but currently it is
still unencrypted and we need to notice if this behaviour changes in the
future (as it will cause data loss, see e.g. #108772).
Anyway, this doesn't really matter for security reasons but we need this
test to prevent data loss (unfortunately Signal-Desktop and SQLCipher
handle this badly... :o).
This test is important to confirm that $WAYLAND_DISPLAY is correctly
imported via "dbus-update-activation-environment --systemd" which is
done by default since #122605 (00e8e5b123).
It ensures that the gnome3-pinentry pop-ups work as expected to avoid
regressions like #119445 (which also broke screen sharing).