From 172522e153b9601c86bb4eacc46ca1cc934d90b5 Mon Sep 17 00:00:00 2001 From: obadz Date: Wed, 19 Aug 2015 12:14:18 +0100 Subject: [PATCH] ecryptfs: - upgrade 106 -> 108 - fix passphrase rewrapper (password changing should now work fine) as discussed on https://bugs.launchpad.net/ecryptfs/+bug/1486470 - add lsof dependency so ecryptfs-migrate-home should work out of the box --- nixos/modules/security/pam.nix | 2 +- pkgs/tools/security/ecryptfs/default.nix | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 02520fb88cd..0aa8ee0da82 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -251,9 +251,9 @@ let ${optionalString (!(config.security.pam.enableEcryptfs || cfg.pamMount)) "auth required pam_deny.so"} # Password management. + password requisite pam_unix.so nullok sha512 ${optionalString config.security.pam.enableEcryptfs "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} - password requisite pam_unix.so nullok sha512 ${optionalString cfg.pamMount "password optional ${pkgs.pam_mount}/lib/security/pam_mount.so"} ${optionalString config.users.ldap.enable diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index 590e6071b52..0ea5bc62fd4 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python, pam -, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which }: +, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: stdenv.mkDerivation rec { name = "ecryptfs-${version}"; - version = "106"; + version = "108"; src = fetchurl { url = "http://launchpad.net/ecryptfs/trunk/${version}/+download/ecryptfs-utils_${version}.orig.tar.gz"; - sha256 = "1d5nlzcbl8ch639zi3lq6d14gkk4964j6dqhfs87i67867fhlghp"; + sha256 = "1pfpzc907m4qi5h2rxmkqq072c6g22pik2rilj4bl4qishd8p0sj"; }; #TODO: replace wrapperDir below with from config.security.wrapperDir; @@ -43,6 +43,7 @@ stdenv.mkDerivation rec { --prefix PATH ":" "${rsync}/bin" \ --prefix PATH ":" "${keyutils}/bin" \ --prefix PATH ":" "${which}/bin" \ + --prefix PATH ":" "${lsof}/bin" \ --prefix PATH ":" "$out/bin" done '';