about summary refs log tree commit diff
path: root/pkgs/tools/security/doas
AgeCommit message (Collapse)AuthorFilesLines
2022-11-08pkgsStatic.doas: fix buildDmitry Bogatov2-0/+20
* Patch configure script to not die on --disable-shared * Pass -laudit when building statically with PAM support. Upstream buiild system does not use pkg-config, unfortunately.
2022-11-02doas: fix no-pam build with libxcryptCole Helbling1-1/+4
2022-05-28doas: fix cross-compilationBrian McKenna1-1/+2
2022-01-26doas: 6.8.1 -> 6.8.2Cole Helbling1-2/+2
https://github.com/Duncaen/OpenDoas/compare/v6.8.1...v6.8.2
2021-08-12nixos/doas: fix recursive calls to doasErik Arvstedt1-1/+1
Previously, for processes launched by doas the unwrapped doas binary preceded the setuid-wrapped doas binary in PATH. This caused error `doas: not installed setuid` when running doas from processes launched by doas. doas seems to short-circuit the PATH lookup when called like `doas -u myuser doas -u myuser ...` so the error doesn't appear in this case.
2021-02-04doas: don't configure pamdirCole Helbling1-1/+0
In the future, doas won't ship PAM files (see https://github.com/Duncaen/OpenDoas/commit/cfa9f0d3b306d6c1287ec4f2aa42be29de66c9de), and we already configure PAM in the doas module. Configuring the pamdir serves no purpose.
2021-01-28doas: 6.8 -> 6.8.1Cole Helbling1-4/+4
Most notably, addresses CVE-2019-25016. https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1 https://github.com/Duncaen/OpenDoas/compare/v6.8...v6.8.1
2020-11-14doas: 6.6.1 -> 6.8Cole Helbling1-3/+3
https://github.com/duncaen/opendoas/compare/v6.6.1...v6.8
2020-10-08doas: add enablePAM optionDmitry Bogatov1-0/+2
New option "withPAM" controls whether to build support for pluggable authetincation modules. Default value is "true", which correspond to existing behaviour. Futhermore, with default configuration, this change do not cause rebuild.
2020-05-27doas: add NixOS binary dirs to safe PATHCole Helbling2-0/+30
I recently tried to give myself passwordless `doas` for `virsh` commands (starting, stopping, and editing VMs), but `doas` was complaining that it didn't know what `virsh` was. This patch adds `/run/current-system/sw/{s,}bin` and `/run/wrappers/bin` to the safe path, allowing system binaries to be discovered and executed properly.
2020-05-17doas: enable timestamp by default and set pamdirCole Helbling1-0/+7
* `--with-timestamp` enables the usage of the `persist` setting in `doas.conf`. It is possible some people might not want this, so the flag `withTimestamp` was added to control this. * `--pamdir` copies the PAM files to `$out/etc/pam.d`. This may or may not have a use in the future, but it removes a some errors from the build (when it tries to copy these files to /etc/pam.d).
2020-05-02doas: 6.0 -> 6.6.1Cole Helbling1-5/+9
https://github.com/Duncaen/OpenDoas/compare/v6.0...v6.6.1 There are a decent chunk of changes in there. I'm mostly interested in 5debef098b7ebba67da5db9fbb020a7cd0f90a7f, which fixes the parsing of /proc/$pid/stat that is used to implement timestamping.
2019-08-15treewide: name -> pname (easy cases) (#66585)volth1-1/+1
treewide replacement of stdenv.mkDerivation rec { name = "*-${version}"; version = "*"; to pname
2017-11-07doas: init at 6.0Charles Strahan1-0/+31
Portable version of the OpenBSD `doas` command.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-05 10:27:00 +0000