movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 20:55:31 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/{sudo, terminfo}: Adjust defaults for compatibility with sudo-rs

Browse source
This commit is contained in:
nicoo 2023-09-07 14:55:33 +00:00
parent f0107b4f63
commit 914bf58369
3 changed files with 18 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -10,6 +10,16 @@
- The `nixos-rebuild` command has been given a `list-generations` subcommand. See `man nixos-rebuild` for more details. - The `nixos-rebuild` command has been given a `list-generations` subcommand. See `man nixos-rebuild` for more details.
- [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported.
Switching to it (via `security.sudo.package = pkgs.sudo-rs;`) introduces
slight changes in default behaviour, due to `sudo-rs`' current limitations:
- terminfo-related environment variables aren't preserved for `root` and `wheel`;
- `root` and `wheel` are not given the ability to set (or preserve)
arbitrary environment variables.
[`sudo-rs`]: https://github.com/memorysafety/sudo-rs/
## New Services {#sec-release-23.11-new-services} ## New Services {#sec-release-23.11-new-services}
- [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable). - [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable).

5
nixos/modules/config/terminfo.nix
View file

@ -16,7 +16,10 @@ with lib;
}; };
security.sudo.keepTerminfo = mkOption { security.sudo.keepTerminfo = mkOption {
default = true; default = config.security.sudo.package.pname != "sudo-rs";
defaultText = literalMD ''
`true` unless using `sudo-rs`
'';
type = types.bool; type = types.bool;
description = lib.mdDoc '' description = lib.mdDoc ''
Whether to preserve the `TERMINFO` and `TERMINFO_DIRS` Whether to preserve the `TERMINFO` and `TERMINFO_DIRS`

10
nixos/modules/security/sudo.nix
View file

@ -40,7 +40,10 @@ in
defaultOptions = mkOption { defaultOptions = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = [ "SETENV" ]; default = optional usingMillersSudo "SETENV";
defaultText = literalMD ''
`[ "SETENV" ]` if using the default `sudo` implementation
'';
description = mdDoc '' description = mdDoc ''
Options used for the default rules, granting `root` and the Options used for the default rules, granting `root` and the
`wheel` group permission to run any command as any user. `wheel` group permission to run any command as any user.
@ -204,11 +207,6 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{ assertion = usingMillersSudo;
message = "The NixOS `sudo` module does not yet work with other implementations."; }
];
security.sudo.extraRules = security.sudo.extraRules =
let let
defaultRule = { users ? [], groups ? [], opts ? [] }: [ { defaultRule = { users ? [], groups ? [], opts ? [] }: [ {