colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/sudo: Refactor checks for Todd C. Miller's implemetation

Browse Source
This commit is contained in:
nicoo 2023-09-07 12:08:28 +00:00
parent f5aadb56be
commit 8b9e867ac8
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/modules/security/sudo.nix
View File

@ -4,13 +4,15 @@ with lib;
let let
inherit (pkgs) sudo;
cfg = config.security.sudo; cfg = config.security.sudo;
enableSSHAgentAuth = enableSSHAgentAuth =
with config.security; with config.security;
pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth; pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth;
inherit (pkgs) sudo; usingMillersSudo = cfg.package.pname == sudo.pname;
toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}"; toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}";
@ -197,8 +199,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ assertion = cfg.package.pname != "sudo-rs"; { assertion = usingMillersSudo;
message = "The NixOS `sudo` module does not work with `sudo-rs` yet."; } message = "The NixOS `sudo` module does not yet work with other implementations."; }
]; ];
# We `mkOrder 600` so that the default rule shows up first, but there is # We `mkOrder 600` so that the default rule shows up first, but there is