oauth2_proxy: 5.1.1 -> 6.0.0 (#93121)

The new release fixes one of the outstanding CVEs against oauth2_proxy: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv. In addition, rename the owner and the project name to reflect the changes upstream (it now belongs to the oauth2-proxy organization, and the name is oauth2-proxy)
2020-07-20 07:08:33 +02:00 · 2020-07-20 07:08:33 +02:00 · 53f42f245a
commit 53f42f245a
parent 902987d23d
2 changed files with 11 additions and 9 deletions
--- a/nixos/modules/services/security/oauth2_proxy.nix
+++ b/nixos/modules/services/security/oauth2_proxy.nix
@ -99,7 +99,7 @@ in

    ##############################################
    # PROVIDER configuration
-    # Taken from: https://github.com/pusher/oauth2_proxy/blob/master/providers/providers.go
+    # Taken from: https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/providers.go
    provider = mkOption {
      type = types.enum [
        "google"
@ -346,7 +346,9 @@ in
        type = types.nullOr types.str;
        default = null;
        description = ''
-          An optional cookie domain to force cookies to.
+          Optional cookie domains to force cookies to (ie: `.yourcompany.com`).
+          The longest domain matching the request's host will be used (or the shortest
+          cookie domain if there is no match).
        '';
        example = ".yourcompany.com";
      };
@ -537,7 +539,7 @@ in
    extraConfig = mkOption {
      default = {};
      description = ''
-        Extra config to pass to oauth2_proxy.
+        Extra config to pass to oauth2-proxy.
      '';
    };

@ -545,7 +547,7 @@ in
      type = types.nullOr types.path;
      default = null;
      description = ''
-        oauth2_proxy allows passing sensitive configuration via environment variables.
+        oauth2-proxy allows passing sensitive configuration via environment variables.
        Make a file that contains lines like
        OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com
        and specify the path here.
@ -577,7 +579,7 @@ in
      serviceConfig = {
        User = "oauth2_proxy";
        Restart = "always";
-        ExecStart = "${cfg.package}/bin/oauth2_proxy ${configString}";
+        ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}";
        EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile;
      };
    };
--- a/pkgs/servers/oauth2_proxy/default.nix
+++ b/pkgs/servers/oauth2_proxy/default.nix
@ -2,16 +2,16 @@

 buildGoModule rec {
  pname = "oauth2-proxy";
-  version = "5.1.1";
+  version = "6.0.0";

  src = fetchFromGitHub {
    repo = pname;
-    owner = "pusher";
-    sha256 = "190k1v2c1f6vp9waqs01rlzm0jc3vrmsq1w1n0c2q2nfqx76y2wz";
+    owner = "oauth2-proxy";
+    sha256 = "0mbjg0d0w173xpq69frjdvgyx5k74pkrfx3phc3lq8snvhnf1c2n";
    rev = "v${version}";
  };

-  vendorSha256 = "01lf7xbhgn5l42ahym12vr1w00zx1qzy6sgwgcbvvxp48k0b271d";
+  vendorSha256 = "1hrk3h729kcc77fq44kiywmyzk5a78v7bm5d2yl76lfxxdcdric7";

  doCheck = true;