ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-10-13 16:07:30 +03:00
Code Issues Projects Releases Wiki Activity
ff036cf726
nixpkgs/pkgs/by-name/gi
History
Maximilian Bosch b39569222b
gitea: drop PAM support 
Strongly inspired by the forgejo counterpart[1], for the following
reasons:

* The feature is broken with the current module and crashes on
  authentication with the following stacktrace (with a PAM service
  `gitea` added):

      server # Stack trace of thread 1008:
      server # #0  0x00007f3116917dfb __nptl_setxid (libc.so.6 + 0x8ddfb)
      server # #1  0x00007f3116980ae6 setuid (libc.so.6 + 0xf6ae6)
      server # #2  0x00007f30cc80f420 _unix_run_helper_binary (pam_unix.so + 0x5420)
      server # #3  0x00007f30cc8108c9 _unix_verify_password (pam_unix.so + 0x68c9)
      server # #4  0x00007f30cc80e1b5 pam_sm_authenticate (pam_unix.so + 0x41b5)
      server # #5  0x00007f3116a84e5b _pam_dispatch (libpam.so.0 + 0x3e5b)
      server # #6  0x00007f3116a846a3 pam_authenticate (libpam.so.0 + 0x36a3)
      server # #7  0x00000000029b1e7a n/a (.gitea-wrapped + 0x25b1e7a)
      server # #8  0x000000000047c7e4 n/a (.gitea-wrapped + 0x7c7e4)
      server # ELF object binary architecture: AMD x86-64
      server #
      server # [   42.420827] gitea[897]: pam_unix(gitea:auth): unix_chkpwd abnormal exit: 159
      server # [   42.423142] gitea[897]: pam_unix(gitea:auth): authentication failure; logname= uid=998 euid=998 tty= ruser= rhost=  user=snenskek

  It only worked after turning off multiple sandbox settings and adding
  `shadow` as supplementary group to `gitea.service`.

  I'm not willing to maintain additional multiple sandbox settings for
  different features, especially given that it was probably not used for
  quite a long time:

  * There was no PR or bugreport about sandboxing issues related to
    PAM.

  * Ever since the module exists, it used the user `gitea`, i.e. it had
    never read-access to `/etc/shadow`.

* Upstream has it disabled by default[2].

If somebody really needs it, it can still be brought back by an overlay
updating `tags` accordingly and modifying the systemd service config.

[1] 07641a91c9
[2] https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module
2024-08-24 13:40:58 +02:00
..
gickup gickup: 0.10.30 -> 0.10.31 2024-08-05 13:39:24 +00:00
gifgen
gifsicle treewide: change ${pname} to string literal, pt2 (#336195) 2024-08-20 17:23:37 -07:00
girouette
gist gist: move to by-name 2024-07-31 09:10:29 +02:00
git-agecrypt treewide: Remove ending period from meta.description 2024-06-09 23:04:51 +02:00
git-autoshare git-autoshare: init at 1.0.0b6 2024-08-05 07:50:58 +01:00
git-backup-go git-backup-go: init at 1.6.0 2024-07-17 00:07:53 +08:00
git-codeowners git-codeowners: move to by-name 2024-07-31 09:10:31 +02:00
git-fixup git-fixup: init at 1.6.1 2024-05-27 07:55:38 +02:00
git-gamble git-gamble: init at 2.9.0 2024-08-12 20:51:17 +02:00
git-get pkgs/by-name: remove unused arguments 2024-07-26 10:11:07 +02:00
git-gr git-gr: 1.4.1 -> 1.4.2 2024-08-07 11:23:40 -07:00
git-igitt git-igitt: package is built from source 2024-08-11 16:11:37 +02:00
git-instafix pkgs/by-name: remove unused arguments 2024-07-26 10:11:07 +02:00
git-my treewide: remove bb010g from maintainers 2024-07-04 02:41:05 -07:00
git-pw treewide: Remove indefinite article from meta.description 2024-06-09 23:07:45 +02:00
git-releaser
git-run git-run: remove from nodePackages 2024-06-26 21:14:49 -04:00
git-spice git-spice: 0.3.1 -> 0.4.0 2024-08-09 21:21:34 -04:00
git-standup treewide: set meta.changelog 2024-07-07 15:20:06 +02:00
git-together treewide: set meta.changelog 2024-07-07 15:20:06 +02:00
git-toolbelt git-toolbelt: 1.9.2 -> 1.9.3 2024-07-05 13:46:05 +00:00
git-upstream treewide: set meta.changelog 2024-07-07 15:20:06 +02:00
gitbutler gitbutler: add techknowlogick as maintainer 2024-07-31 16:16:34 -04:00
gitcs gitcs: init at 1.2.0 2024-08-07 20:35:08 +05:30
gitea gitea: drop PAM support 2024-08-24 13:40:58 +02:00
gitg treewide: change ${pname} to string literal (#336172) 2024-08-20 15:56:55 -07:00
githooks treewide: Remove indefinite article from meta.description 2024-06-09 23:07:45 +02:00
github-desktop github-desktop: 3.3.12 -> 3.4.2 2024-07-10 21:19:33 +02:00
github-runner github-runner: 2.319.0 -> 2.319.1 2024-08-18 03:16:38 +00:00
gitlab-ci-local gitlab-ci-local: 4.52.1 -> 4.52.2 2024-08-03 13:50:53 +00:00
gitlab-release-cli gitlab-release-cli: init at 0.18.0 2024-07-05 11:32:53 +02:00
gitlab-runner gitlab-runner: move to by-name 2024-07-31 09:10:33 +02:00
gitmoji-cli
gitprompt-rs
gittuf gittuf: 0.5.1 -> 0.5.2 2024-07-19 09:20:38 +02:00
gitu gitu: 0.23.1 -> 0.24.0 2024-08-09 21:32:23 +00:00
gitui gitui: 0.26.2 -> 0.26.3 2024-06-03 02:54:27 +00:00
gitversion treewide: set meta.changelog 2024-07-07 15:20:06 +02:00