diff options
| author | Stefan Majewsky <majewsky@gmx.net> | 2023-12-27 17:55:09 +0100 |
|---|---|---|
| committer | Stefan Majewsky <majewsky@gmx.net> | 2023-12-27 18:30:32 +0100 |
| commit | 9ecbdfb5bd127b1c4fcea2bd325b19271f07b5a3 (patch) | |
| tree | 953eadb3f72e8408a079732a9d43d68d519a6920 | |
| parent | 260a9311a61bfbb89b408559d9f4272aa9846dad (diff) | |
portunus: 1.1.0 -> 2.0.0
Changelog: <https://github.com/majewsky/portunus/releases/tag/v2.0.0>
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 5 | ||||
| -rw-r--r-- | nixos/modules/services/misc/portunus.nix | 4 | ||||
| -rw-r--r-- | pkgs/servers/portunus/default.nix | 7 |
3 files changed, 13 insertions, 3 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index fe088bb9d9b00..eff579bbb3693 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -86,6 +86,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m The `nimPackages` and `nim2Packages` sets have been removed. See https://nixos.org/manual/nixpkgs/unstable#nim for more information. +- [Portunus](https://github.com/majewsky/portunus) has been updated to 2.0. + This version of Portunus supports strong password hashes, but the legacy hash SHA-256 is also still supported to ensure a smooth migration of existing user accounts. + After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes. + Support for weak password hashes will be removed in NixOS 24.11. + - `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. - The Yama LSM is now enabled by default in the kernel, which prevents ptracing diff --git a/nixos/modules/services/misc/portunus.nix b/nixos/modules/services/misc/portunus.nix index 3299b6404c2b5..58dd3591172ce 100644 --- a/nixos/modules/services/misc/portunus.nix +++ b/nixos/modules/services/misc/portunus.nix @@ -102,7 +102,9 @@ in ldap = { package = mkOption { type = types.package; - # needs openldap built with a libxcrypt that support crypt sha256 until https://github.com/majewsky/portunus/issues/2 is solved + # needs openldap built with a libxcrypt that support crypt sha256 until users have had time to migrate to newer hashes + # Ref: <https://github.com/majewsky/portunus/issues/2> + # TODO: remove in NixOS 24.11 (cf. same note on pkgs/servers/portunus/default.nix) default = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }; defaultText = lib.literalExpression "pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }"; description = lib.mdDoc "The OpenLDAP package to use."; diff --git a/pkgs/servers/portunus/default.nix b/pkgs/servers/portunus/default.nix index b2cd17f016d25..f42888cbd32a9 100644 --- a/pkgs/servers/portunus/default.nix +++ b/pkgs/servers/portunus/default.nix @@ -1,19 +1,22 @@ { lib , buildGoModule , fetchFromGitHub +, libxcrypt-legacy # TODO: switch to libxcrypt for NixOS 24.11 (cf. same note on nixos/modules/services/misc/portunus.nix) }: buildGoModule rec { pname = "portunus"; - version = "1.1.0"; + version = "2.0.0"; src = fetchFromGitHub { owner = "majewsky"; repo = "portunus"; rev = "v${version}"; - sha256 = "sha256-+sq5Wja0tVkPZ0Z++K2A6my9LfLJ4twxtoEAS6LHqzE="; + sha256 = "sha256-jicqH31Q+kDkOvtCg+HStQ4LUUzKm5ZO4utnAkCOLvY="; }; + buildInputs = [ libxcrypt-legacy ]; + vendorHash = null; postInstall = '' |