polyunfill: remove unix_chkpwd from /run/wrappers
This commit is contained in:
parent
2c0b725573
commit
3353add4dd
|
@ -3,18 +3,30 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
# remove a few items from /run/wrappers we don't need.
|
||||
# these were populated by <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
|
||||
options.security.wrappers = lib.mkOption {
|
||||
apply = lib.filterAttrs (name: _: !(builtins.elem name [
|
||||
# wrappers from <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
|
||||
"newgidmap"
|
||||
"newgrp"
|
||||
"newuidmap"
|
||||
# "sg"
|
||||
# "su"
|
||||
# wrappers from <repo:nixos/nixpkgs:nixos/modules/security/pam.nix>
|
||||
# may need to patch e.g. `pam` package (pam_unix) to not refer to unix_chkpwd by path
|
||||
"unix_chkpwd"
|
||||
]));
|
||||
};
|
||||
|
||||
config = {
|
||||
nixpkgs.overlays = [(self: super: {
|
||||
pam = super.pam.overrideAttrs (upstream: {
|
||||
postPatch = (if upstream.postPatch != null then upstream.postPatch else "") + ''
|
||||
substituteInPlace modules/pam_unix/Makefile.am --replace-fail \
|
||||
"/run/wrappers/bin/unix_chkpwd" "$out"
|
||||
'';
|
||||
});
|
||||
})];
|
||||
|
||||
# disable non-required packages like nano, perl, rsync, strace
|
||||
environment.defaultPackages = [];
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user