colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

polyunfill: remove unix_chkpwd from /run/wrappers

Browse Source
This commit is contained in:
Colin 2024-05-25 22:25:58 +00:00
parent 2c0b725573
commit 3353add4dd
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/common/polyunfill.nix
View File

@ -3,18 +3,30 @@
{ lib, ... }: { lib, ... }:
{ {
# remove a few items from /run/wrappers we don't need. # remove a few items from /run/wrappers we don't need.
# these were populated by <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
options.security.wrappers = lib.mkOption { options.security.wrappers = lib.mkOption {
apply = lib.filterAttrs (name: _: !(builtins.elem name [ apply = lib.filterAttrs (name: _: !(builtins.elem name [
# wrappers from <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
"newgidmap" "newgidmap"
"newgrp" "newgrp"
"newuidmap" "newuidmap"
# "sg" # "sg"
# "su" # "su"
# wrappers from <repo:nixos/nixpkgs:nixos/modules/security/pam.nix>
# may need to patch e.g. `pam` package (pam_unix) to not refer to unix_chkpwd by path
"unix_chkpwd"
])); ]));
}; };
config = { config = {
nixpkgs.overlays = [(self: super: {
pam = super.pam.overrideAttrs (upstream: {
postPatch = (if upstream.postPatch != null then upstream.postPatch else "") + ''
substituteInPlace modules/pam_unix/Makefile.am --replace-fail \
"/run/wrappers/bin/unix_chkpwd" "$out"
'';
});
})];
# disable non-required packages like nano, perl, rsync, strace # disable non-required packages like nano, perl, rsync, strace
environment.defaultPackages = []; environment.defaultPackages = [];