polyunfill: remove unix_chkpwd from /run/wrappers
This commit is contained in:
parent
2c0b725573
commit
3353add4dd
|
@ -3,18 +3,30 @@
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
# remove a few items from /run/wrappers we don't need.
|
# remove a few items from /run/wrappers we don't need.
|
||||||
# these were populated by <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
|
|
||||||
options.security.wrappers = lib.mkOption {
|
options.security.wrappers = lib.mkOption {
|
||||||
apply = lib.filterAttrs (name: _: !(builtins.elem name [
|
apply = lib.filterAttrs (name: _: !(builtins.elem name [
|
||||||
|
# wrappers from <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
|
||||||
"newgidmap"
|
"newgidmap"
|
||||||
"newgrp"
|
"newgrp"
|
||||||
"newuidmap"
|
"newuidmap"
|
||||||
# "sg"
|
# "sg"
|
||||||
# "su"
|
# "su"
|
||||||
|
# wrappers from <repo:nixos/nixpkgs:nixos/modules/security/pam.nix>
|
||||||
|
# may need to patch e.g. `pam` package (pam_unix) to not refer to unix_chkpwd by path
|
||||||
|
"unix_chkpwd"
|
||||||
]));
|
]));
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
nixpkgs.overlays = [(self: super: {
|
||||||
|
pam = super.pam.overrideAttrs (upstream: {
|
||||||
|
postPatch = (if upstream.postPatch != null then upstream.postPatch else "") + ''
|
||||||
|
substituteInPlace modules/pam_unix/Makefile.am --replace-fail \
|
||||||
|
"/run/wrappers/bin/unix_chkpwd" "$out"
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
})];
|
||||||
|
|
||||||
# disable non-required packages like nano, perl, rsync, strace
|
# disable non-required packages like nano, perl, rsync, strace
|
||||||
environment.defaultPackages = [];
|
environment.defaultPackages = [];
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user