1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 15:11:35 +00:00
Commit graph

37 commits

Author SHA1 Message Date
aszlig 99ba1cb424
Increase max group name length to 32 characters
With #36556, a check was introduced to make sure the user and group
names do not exceed their respective maximum length. This is in part
because systemd also enforces that length, but only at runtime.

So in general it's a good idea to catch as much as we can during
evaluation time, however the maximum length of the group name was set to
16 characters according groupadd(8).

The maximum length of the group names however is a compile-time option
and even systemd allows more than 16 characters. In the mentioned pull
request (#36556) there was already a report that this has broken
evaluation for people out there.

I have also checked what other distributions are doing and they set the
length to either 31 characters or 32 characters, the latter being more
common.

Unfortunately there is a difference between the maximum length enforced
by the shadow package and systemd, both for user name lengths and group
name lengths. However, systemd enforces both length to have a maximum of
31 characters and I'm not sure if this is intended or just a off-by-one
error in systemd.

Nevertheless, I choose 32 characters simply to bring it in par with the
maximum user name length.

For the NixOS assertion however, I use a maximum length of 31 to make
sure that nobody accidentally creates services that contain group names
that systemd considers invalid because of a length of 32 characters.

Signed-off-by: aszlig <aszlig@nix.build>
Closes: #38548
Cc: @vcunat, @fpletz, @qknight
2018-04-08 12:51:33 +02:00
Jan Tojnar a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Will Dietz d9b8f17341 shadow: fix attempt to access 'stdenv.glibc' 2018-02-13 09:45:01 -06:00
Will Dietz b9b57dada7 shadow: disable nscd on non-glibc (musl) 2018-02-13 09:44:28 -06:00
Rickard Nilsson 5f8a45c136 shadow: 4.4 -> 4.5
Fixes CVE-2017-12424
2017-08-17 13:23:56 +02:00
hsloan a291194d2f shadow: Don't use stdenv ? cross 2017-06-28 21:28:34 -04:00
Vladimír Čunát 833bc78dcf
shadow: fixup setuid/setgid build problems, hopefully 2017-06-07 14:21:04 +02:00
Eelco Dolstra e2700861fb
shadow: Fix hash 2017-05-08 16:56:05 +02:00
Eelco Dolstra 7f6abddcd7
shadow: Fix using default shell in useradd
This caused "useradd xyzzy" to produce a user with no shell:

  xyzzy1002💯:/home/xyzzy:

https://github.com/shadow-maint/shadow/pull/33
2017-05-08 15:10:50 +02:00
Michael Raskin d6710e3d66 shadow: 4.2.1 -> 4.4 2017-02-03 13:14:39 +01:00
danbst ac51528df8 shadow: fix collision with coreutils (man groups.1.gz)
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.

It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
2016-11-30 01:44:28 +02:00
Eelco Dolstra e8315cb1ca shadow: Separate man output
This removes ~2 MiB from the minimal config.
2016-09-05 14:53:27 +02:00
Tuomas Tynkkynen 21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
zimbatm c1a202de05 shadow: fix passthru
The shadow package's shellPath wasn't detected properly

Fixes #16428
2016-07-04 15:12:27 +01:00
zimbatm e2413ad5a8 shadow: add shellPath passthru
This one is a bit special, it's used to deny users from logging in.
2016-06-12 20:13:32 +01:00
Vladimír Čunát 3b9ef2c71b fix "libc}/lib" and similar references
Done mostly without any verification.
I didn't bother with libc}/include, as the path is still correct.
2015-05-05 11:52:08 +02:00
Paul Colomiets fb948c4f28 Upgrade shadow package 2014-08-01 21:19:21 +03:00
Luca Bruno 9e7e3978f9 shadow: Fix lastlog and faillog to find logs in /var/log
Fixes #2575 and closes #2586.
2014-05-13 11:32:10 +02:00
William A. Kennington III 28ab3acb58 su: Make the su package a provider of only the su binary
Additionally, provide su with the base system and remove su from the
util-linux package as it is now provided by shadow.
2014-04-05 16:01:52 -05:00
Rob Vermaas 265a0563fa Apply patch to shadow which allows dots (.) in user names. 2012-09-18 23:56:51 +02:00
Eelco Dolstra 60a63886f0 shadow: Don't install ‘groups’
Coreutils already provides this command.
2012-07-25 23:18:40 -04:00
Eelco Dolstra 732ea6382a shadow: Update to 4.1.5.1
Fixes CVE-2005-4890 and CVE-2011-0721.
2012-07-25 23:18:40 -04:00
Eelco Dolstra cf4a0bdce9 svn path=/nixpkgs/trunk/; revision=30506 2011-11-21 14:05:26 +00:00
Eelco Dolstra 7c5f627645 * Sigh. Nixpkgs broken again...
svn path=/nixpkgs/trunk/; revision=30505
2011-11-21 13:58:46 +00:00
Ludovic Courtès 9b2bd7479f Shadow: Make Linux-PAM optional; allow cross-compilation.
svn path=/nixpkgs/trunk/; revision=30482
2011-11-19 18:28:16 +00:00
Shea Levy c073bf9c22 Update the shadow tarball url
svn path=/nixpkgs/trunk/; revision=29564
2011-10-02 14:02:06 +00:00
Eelco Dolstra 7dd76e9ce5 * Fix a hard-coded reference in `shadow' to /usr/sbin/nscd. This
prevented the nscd cache from being properly invalidated after a
  change, so that e.g. `useradd x; id x' would fail.

svn path=/nixpkgs/trunk/; revision=22599
2010-07-14 12:10:26 +00:00
Eelco Dolstra 18f565e290 * Apply a few patches to make su' behave more like the old su' from
coreutils:

  - Don't remove variables such as $PATH and $SHELL from the calling
    environment (from upstream).

  - When su is invoked with command line arguments for the shell
    (e.g. "su - -c 'cmd'"), set argv[0] in the shell to "-su" or
    "-<basename>" (as determined by the SU_NAME option in
    /etc/login.defs).  This is necessary to make Bash compiled with
    the NON_INTERACTIVE_LOGIN_SHELLS option to read startup files.

  - Don't set $PATH to /bin:/usr/bin but inherit the $PATH of the
    caller.

svn path=/nixpkgs/trunk/; revision=22140
2010-06-04 11:32:42 +00:00
Eelco Dolstra e0adbee395 * Updated shadow to 4.1.4.2 (and build it with PAM support). This
might replace the pwdutils, pam_login and su packages in NixOS.

svn path=/nixpkgs/trunk/; revision=22103
2010-06-02 16:45:14 +00:00
Eelco Dolstra 89ba1cba24 * We don't need groups from shadow.
svn path=/nixpkgs/trunk/; revision=7159
2006-11-28 15:45:41 +00:00
Armijn Hemel aeef0073b9 upgrade to 4.0.16, remove builder, since it was just doing a genericBuild
svn path=/nixpkgs/trunk/; revision=5535
2006-06-29 11:32:42 +00:00
Eelco Dolstra 82e678362f * "." -> "source".
svn path=/nixpkgs/trunk/; revision=4335
2005-12-05 14:11:09 +00:00
Eelco Dolstra 454707da23 * catamaran.labs.cs.uu.nl -> nix.cs.uu.nl.
svn path=/nixpkgs/trunk/; revision=3660
2005-08-22 08:39:27 +00:00
Eelco Dolstra e42507d182 * Move tarballs to catamaran so that we are no longer dependent on a
gazillion different servers.  Resurrected some 25 missing files.

svn path=/nixpkgs/trunk/; revision=2237
2005-02-15 14:44:19 +00:00
Armijn Hemel 45a8365946 upgrade to 4.0.6, so it plays nice with other packages, changed header files, whatever...
svn path=/nixpkgs/trunk/; revision=1729
2004-11-09 09:55:59 +00:00
Armijn Hemel 35cf2df53e download URL for shadowutils changed
svn path=/nixpkgs/trunk/; revision=1727
2004-11-09 09:27:50 +00:00
Armijn Hemel 38f6f36889 add shadowutils, with the following limitations:
- tools can only be run as root, because there's no store support for UNIX permissions

svn path=/nixpkgs/trunk/; revision=1361
2004-08-30 11:44:51 +00:00