diff options
author | Philip Potter <philip.g.potter@gmail.com> | 2021-04-16 16:19:18 +0100 |
---|---|---|
committer | Philip Potter <philip.g.potter@gmail.com> | 2021-04-16 20:45:55 +0100 |
commit | dfb0999f7355c9caa40eee45b87bfc9071e09fdc (patch) | |
tree | 8092cc6989aa7833b1561a8c2801ce8b2a87e39f /pkgs/tools/security/yubikey-agent | |
parent | e019872af81e4013fd518fcacfba74b1de21a50e (diff) |
yubikey-agent: fix systemd unit
I was getting problems with the unit failing to start due to NAMESPACE or CAPABILITIES permissions. Upstream now provides a systemd unit file in the repo, we should use that one, and that one works for me.
Diffstat (limited to 'pkgs/tools/security/yubikey-agent')
-rw-r--r-- | pkgs/tools/security/yubikey-agent/default.nix | 10 | ||||
-rw-r--r-- | pkgs/tools/security/yubikey-agent/yubikey-agent.service | 35 |
2 files changed, 5 insertions, 40 deletions
diff --git a/pkgs/tools/security/yubikey-agent/default.nix b/pkgs/tools/security/yubikey-agent/default.nix index d4f3e1567caaa..305f5a4fe7990 100644 --- a/pkgs/tools/security/yubikey-agent/default.nix +++ b/pkgs/tools/security/yubikey-agent/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "yubikey-agent"; - version = "0.1.3"; + version = "unstable-2021-02-18"; src = fetchFromGitHub { owner = "FiloSottile"; repo = pname; - rev = "v${version}"; - sha256 = "07gix5wrakn4z846zhvl66lzwx58djrfnn6m8v7vc69l9jr3kihr"; + rev = "8cadc13d107757f8084d9d2b93ea64ff0c1748e8"; + sha256 = "1lklgq9qkqil5s0g56wbhs0vpr9c1bd4ir7bkrjwqj75ygxim8ml"; }; buildInputs = @@ -25,7 +25,7 @@ buildGoModule rec { substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send ''; - vendorSha256 = "128mlsagj3im6h0p0ndhzk29ya47g19im9dldx3nmddf2jlccj2h"; + vendorSha256 = "1zx1w2is61471v4dlmr4wf714zqsc8sppik671p7s4fis5vccsca"; doCheck = false; @@ -42,7 +42,7 @@ buildGoModule rec { # See https://github.com/FiloSottile/yubikey-agent/pull/43 + lib.optionalString stdenv.isLinux '' mkdir -p $out/lib/systemd/user - substitute ${./yubikey-agent.service} $out/lib/systemd/user/yubikey-agent.service \ + substitute contrib/systemd/user/yubikey-agent.service $out/lib/systemd/user/yubikey-agent.service \ --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent" ''; diff --git a/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/pkgs/tools/security/yubikey-agent/yubikey-agent.service deleted file mode 100644 index 7a91f902544ec..0000000000000 --- a/pkgs/tools/security/yubikey-agent/yubikey-agent.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Seamless ssh-agent for YubiKeys -Documentation=https://filippo.io/yubikey-agent - -[Service] -ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock -ExecReload=/bin/kill -HUP $MAINPID -ProtectSystem=strict -ProtectKernelLogs=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -ProtectControlGroups=yes -ProtectClock=yes -ProtectHostname=yes -PrivateTmp=yes -PrivateDevices=yes -PrivateUsers=yes -IPAddressDeny=any -RestrictAddressFamilies=AF_UNIX -RestrictNamespaces=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes -LockPersonality=yes -CapabilityBoundingSet= -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -SystemCallErrorNumber=EPERM -SystemCallArchitectures=native -NoNewPrivileges=yes -KeyringMode=private -UMask=0177 -RuntimeDirectory=yubikey-agent - -[Install] -WantedBy=default.target |