alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
164174 commits 217 branches 121 tags 4.5 GiB
Commit graph

164174 commits

This branch
This branch
All branches
Author SHA1 Message Date
Florian Klink d180bf3862 security.pam: make pam_unix.so required, not sufficient 
Having pam_unix set to "sufficient" means early-succeeding account
management group, as soon as pam_unix.so is succeeding.

This is not sufficient. For example, nixos modules might install nss
modules for user lookup, so pam_unix.so succeeds, and we end the stack
successfully, even though other pam account modules might want to do
more extensive checks.

Other distros seem to set pam_unix.so to 'required', so if there are
other pam modules in that management group, they get a chance to do some
validation too.

For SSSD, @PsyanticY already added a workaround knob in
https://github.com/NixOS/nixpkgs/pull/31969, while stating this should
be the default anyway.

I did some thinking in what could break - after this commit, we require
pam_unix to succeed, means we require `getent passwd $username` to
return something.
This is the case for all local users due to the passwd nss module, and
also the case for all modules installing their nss module to
nsswitch.conf - true for ldap (if not explicitly disabled) and sssd.

I'm not so sure about krb5, cc @eqyiel for opinions. Is there some nss
module loaded? Should the pam account module be placed before pam_unix?

We don't drop the `security.pam.services.<name?>.sssdStrictAccess`
option, as it's also used some lines below to tweak error behaviour
inside the pam sssd module itself (by changing it's 'control' field).

This is also required to get admin login for Google OS Login working
(#51566), as their pam_oslogin_admin accounts module takes care of sudo
configuration.
 2018-12-21 15:31:07 +01:00
Tim Steinbach af6c117fac
linux: 4.19.11 -> 4.19.12 2018-12-21 09:11:02 -05:00
Tim Steinbach dea57f15e9
linux: 4.14.89 -> 4.14.90 2018-12-21 09:10:54 -05:00
Tim Steinbach a5f447e16a
linux: 4.9.146 -> 4.9.147 2018-12-21 09:10:45 -05:00
Tim Steinbach 54ce2e016b
linux: 4.4.168 -> 4.4.169 2018-12-21 09:10:24 -05:00
Tim Steinbach 98ac5710bd
kernel-config: CIFS_POSIX no longer exists 2018-12-21 09:10:17 -05:00
Michael Raskin 35efbedce4 matrix-synapse: 0.33.9 -> 0.34.0 2018-12-21 15:01:45 +01:00
Michael Raskin 13d5941d50 matrix-synapse: fix build by local dependency downgrade 2018-12-21 15:01:45 +01:00
Peter Simons 195f8ac5ac haskell-JuicyPixels: update overrides for the new version 2018-12-21 14:02:57 +01:00
Peter Simons a220b2f370 haskell-appar: drop obsolete override 2018-12-21 14:02:57 +01:00
Peter Simons e6d726e5aa hackage-packages.nix: automatic Haskell package set update 
This update was generated by hackage2nix v2.12-11-gaf7cf68 from Hackage revision
6694c4746f.
 2018-12-21 14:02:57 +01:00
Peter Simons 7f85bfd70d hackage2nix: prefer alsa-mixer 0.2.x by default 
Fixes https://github.com/NixOS/nixpkgs/issues/52516.
 2018-12-21 14:02:56 +01:00
Peter Simons 2018654322 LTS Haskell 12.23 2018-12-21 14:02:56 +01:00
Jörg Thalheim a647b1218b
Merge pull request #52620 from Mic92/collectd-fix-2 
collectd: fix build (take 2)
 2018-12-21 14:02:22 +01:00
Alex Branham a5fc513079 R: 3.5.1 -> 3.5.2 
Closes https://github.com/NixOS/nixpkgs/pull/52571.
 2018-12-21 13:59:36 +01:00
Jörg Thalheim ce2cea80bf
collectd: add comment regarding propagated libraries 2018-12-21 13:43:10 +01:00
Jörg Thalheim 92343831c8
Merge pull request #52618 from hedning/ad-hoc-fix-strongswan 
strongswan: ad-hoc fix build
 2018-12-21 13:41:58 +01:00
Jörg Thalheim 652248e0e5
libcollectdclient: fix evaluation 2018-12-21 13:40:40 +01:00
Jörg Thalheim e7ad85552e
Revert "Revert "collectd: fix build with lm_sensors" (#52619)" 
This reverts commit c5398741e0.
 2018-12-21 13:39:23 +01:00
Jörg Thalheim 3d6e86f77e
Merge pull request #52519 from risicle/ris-cf-cli-platforms 
cloudfoundry-cli: fix build on multiple platforms, notably darwin. also bump -> 6.41.0
 2018-12-21 13:28:45 +01:00
Michael Raskin 02ce974d04 python2Packages.wptserve: fix build 2018-12-21 13:21:50 +01:00
Michael Raskin 14b3e7c004 mozlz4a: 2015-07-24 -> 2018-08-23; fixes compatibility with newer python3Packages.lz4 2018-12-21 13:21:49 +01:00
Timo Kaufmann c5398741e0
Revert "collectd: fix build with lm_sensors" (#52619) 2018-12-21 13:11:22 +01:00
Vincent Laporte e0561cbadd coqPackages.Verdi: fix build 2018-12-21 12:37:04 +01:00
Vincent Laporte 1d5059c5e6 coqPackages.InfSeqExt: fix build 2018-12-21 12:37:04 +01:00
Vincent Laporte 954bc20786 coqPackages.Cheerios: fix build 2018-12-21 12:37:04 +01:00
Vincent Laporte 5a12bedbfa coqPackages.StructTact: fix build 2018-12-21 12:37:04 +01:00
Tor Hedin Brønner ba055b698b strongswan: ad-hoc fix build 
Simply add libpcap to buildInputs until iptables with pruned libtool files lands
in master.
 2018-12-21 12:22:27 +01:00
Jörg Thalheim f2d19d6d7a
Merge pull request #52614 from Mic92/collectd 
collectd: fix build with lm_sensors
 2018-12-21 11:33:34 +01:00
Jörg Thalheim 46b75db767
collectd: fix build with lm_sensors 2018-12-21 11:27:36 +01:00
Michael Weiss 469a36cdb9 gns3-server: Switch to overrideAttrs 2018-12-21 11:07:39 +01:00
Robert Scott 9046038d6c cloudfoundry-cli: 6.37.0 -> 6.41.0 2018-12-21 09:56:15 +00:00
Robert Scott 8e5c4a4c1d cloudfoundry-cli: output to "bin" output, don't "remove-references-to" 2018-12-21 09:56:15 +00:00
Robert Scott 61fad2cdce cloudfoundry-cli: fix build on multiple platforms, notably darwin, to produce correct binary for target 2018-12-21 09:56:14 +00:00
Jörg Thalheim 679e8fa932
nss-pam-ldapd: fix build by disabling kerberos 2018-12-21 10:23:37 +01:00
Ben Wolsieffer 306a07f8d4 pythonPackages.behave: fix build on Python 2.7 2018-12-21 09:59:36 +01:00
Jörg Thalheim 09eeebad26
Merge pull request #52610 from lopsided98/python-github3-cleanup 
pythonPackages.github3_py: cleanup
 2018-12-21 09:42:41 +01:00
Ben Wolsieffer 7c995f1227 pythonPackages.github3_py: cleanup 2018-12-21 00:26:15 -05:00
Matthew Bauer b3ad548f0b
Merge pull request #52604 from volth/patch-296 
CODEOWNERS: add @volth to Perl
 2018-12-20 21:44:05 -06:00
volth a0838372b7
CODEOWNERS: add @volth to Perl 2018-12-21 02:37:39 +00:00
Samuel Dionne-Riel 3c38cc8058
Merge pull request #51813 from samueldr/aarch64/disable-non-arm-builds-part-1 
aarch64: ZHF for aarch64 (1/??)
 2018-12-20 21:06:52 -05:00
Samuel Dionne-Riel 7b2b5b3f47
Merge pull request #52534 from samueldr/aarch64/supported 
nixos/release-combined: adds aarch64-linux as supported
 2018-12-20 20:58:59 -05:00
Maximilian Bosch a2389cc318
Merge pull request #52587 from plapadoo/liquibase-temporary-fix-jars 
liquibase: fix missing dependencies
 2018-12-21 02:19:26 +01:00
Daiderd Jordan 0251d35b76
Merge pull request #52600 from liamdawson/patch-1 
plex: 1.14.0.5470 -> 1.14.1.5488
 2018-12-21 01:33:04 +01:00
Liam Dawson 19a297c099 plex: 1.14.0.5470 -> 1.14.1.5488 2018-12-21 10:35:41 +11:00
Maximilian Bosch 3376dbda24
Merge pull request #52585 from ilikeavocadoes/update/syncthing 
syncthing: 0.14.52 -> 0.14.54
 2018-12-21 00:23:01 +01:00
Timo Kaufmann 64b9df085d
Revert "python: cypari2: 1.3.1 -> 2.0.0" (#52596) 
This reverts commit 7c9ca65480. The
cypari2 update is not ready. The package is pretty much only used for
sage and the update causes problems:
https://trac.sagemath.org/ticket/26442#comment:33
I've already reverted this once before.
 2018-12-20 23:51:48 +01:00
Michael Weiss 0aac84e1c3 gitRepo: 1.13.0 -> 1.13.1 2018-12-20 22:10:57 +01:00
Michael Weiss 7b26a5843e gns3-server: Fix the build 
This solution isn't optimal but it seems like typing has problems with
Python 3.7 and prompt_toolkit 1.0.15 is still required.
 2018-12-20 21:45:09 +01:00
Mario Rodas 0410537561 hyperledger-fabric: init at 1.3.0 2018-12-20 15:16:22 -05:00